At Brighter Paths Psychologists we are committed to keeping your personal information safe and being transparent about how we collect your data, how we store it and what we do with it. This is in line with the new laws relating to General Data Protection Regulation (GDPR) that is in effect from 25th May 2018.
Data Controllers: Dr Hannah Cowan
What personal data do we store?
During an initial consultation session, the following personal details will be collected including
- Contact number
- Email address
- GP details
- Emergency contact details
Should further therapy sessions be commenced clinical notes will be completed detailing a summary of the content of the session. Additional documents may include a signed therapy agreement, letters/reports and outcome measures.
If you are referred to us via your health insurance provider, then we will also collect and process personal data provided by this organisation. This may include basic contact information, referral information and health insurance policy/authorisation number for psychological treatment.
Why do we need this personal data?
Brighter Paths Psychologists has a legitimate interest in using the personal and sensitive personal data we collect in order to provide treatment. It is necessary for us in order to provide any psychological treatment to clients.
Will any information be shared?
We hold information about each of our clients and the treatment they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be a need for liaison with other parties:
• If you are referred by your health insurance provider or claiming through a health insurance policy to fund treatment, then we will be required to share appointment schedules and invoices with that organisation for the purposes of billing. We may also share information to provide treatment updates.
In exceptional circumstances we may need to share personal information with relevant authorities:
• Where there is need-to-know information for another health provider, such as your GP
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a court order
• When the information concerns risk of harm to the client or risk of harm to another adult or a child.
How is personal information stored?
Brighter Paths Psychologists will store personal information in a secure locked storage cabinet for paper-based records or through a secure electronic storage system for electronic records. Our office computer is password protected with anti-virus protection enabled.
Personal information is minimised in phone and email communication. Any sensitive personal information being sent via email to clients or third parties will be sent using additional software which allows secure transfer of emails.
Mobile devices are protected with a passcode/fingerprint scanner and encryption is also enabled.
How long will information be stored?
We only hold information for as long as it is required.
Sensitive personal data will be stored for a period of 7 years after the end of therapy. After this the data is deleted at the end of each calendar year.
Sensitive personal information will be disposed of as confidential waste or deleted permanently from electronic systems.
Your right to access the personal information we hold about you:
• You have a right to access the information we hold about you
• We will usually share this with you within 30 days of receiving a request
• There may be an admin fee for supplying the information to you
• We may request further evidence from you to check your identity
• A copy of your personal information will usually be sent you in a permanent, printed form
• You have the right to get your personal information corrected if it is inaccurate
• You can complain to a regulator. If you think we have not complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO).
Brighter Paths Psychologists reserves the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with guidelines and requirements for record keeping by the British Psychological Society (BPS) and The Health and Care Professions Council (HCPC).
Last updated: 16 May 2018