THERAPY CLIENT GDPR FOR NEW AND CURRENT THERAPY CLIENTS
As of 25th May 2018, under the General Data Protection Regulations (GDPR) I am required by law to inform both current and prospective clients about the ways in which I process and keep safe any data I hold that pertains to them. I am also required to gain explicit consent to my holding and processing that data in certain ways (detailed below).
In my roles as a Somatic Experiencing & Internal Family Systems practitioner, I am bound by a code of ethics and take privacy and confidentiality seriously.
If you are thinking about becoming my therapy client, please read the following information. If we start working together, you will be given a paper copy of this document to sign, indicating your consent.
If you do not wish to give your consent, you will have the option to discuss this with me.
You have the right to withdraw your consent at any time. We would need to discuss what this might mean in practice, and there may be some situations that require me to retain certain information. Were this to be the case, I may need to seek legal advice before taking any action.
You have the right to know what client data I hold, why I hold it, and for how long I will hold it. You also have the right to view it, and to ask for changes to be made. When any physical documents need to be destroyed, it will be done through incineration. If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible.
What client data do I hold?
I keep certain data so that I can work safely and professionally, in line with my training and the guidelines of the professional organisation I belong to: Somatic Experiencing Association UK (SEAUK)
The client data I hold may include:
-
Your name and address
-
Your phone number and email address
-
An emergency contact’s name and phone number
-
Your GP name and contact details
-
Relevant medical information
-
Session notes
-
My emails to you, and yours to me
How, why, and for how long is your data held?
To try and make things as clear as I can, I’ve divided the information into seven sections...
1. Your name and address
How I keep this data:
I keep your name and address in paper form in a locked filing cabinet. These are kept separate from your session notes.
Why I keep this data:
This is required by my professional liability insurer and by my professional organisation.
How long I keep this data:
My professional liability insurer advises that I keep this data for seven years following the date after which we finish working together. After that time it will be destroyed.
Who sees the data:
Only me.
2. Your phone number and email address
How I keep this data:
I keep your phone number in my mobile phone under your first name only. My phone is locked with a passcode when I am not using it. I use a separate email account for contact with clients, which is password protected and which I sign out of after use.
Neither my computer nor my phone are accessed by anyone else, unless maintenance is required by a technician.
I also keep your phone number and email address in paper form in a locked filing cabinet. These are kept separate from your session notes.
Why I keep this data:
This is needed in case I have to contact you (for example, for re-scheduling a session).
How long I keep this data:
I will remove this data when we have finished our work together, unless you tell me that you would like me to retain it in case we work together again in the future.
Who sees the data:
Only me.
3. Emergency contact’s name and phone number
How I keep this data:
I keep this data in paper form in a locked filing cabinet along with your name and contact details.
Why I keep this data:
It is unlikely that I would ever need to use this information, but I hold it in case I should become concerned for your welfare and am unable get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare.
How long I keep this data:
Once we have finished working together, I will delete this data, unless you and I decide to make other arrangements.
Who sees the data:
Only me.
4. Your GP name and contact details
How I keep this data:
I keep this data in paper form in a locked filing cabinet along with your name and contact details.
Why I keep this data:
You and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures.
How long I keep this data:
Once we have finished working together I will delete this data.
Who sees the data:
Only me.
5. Relevant medical information
How I keep this data:
I keep this data in paper form in a locked filing cabinet along with your name and contact details.
Why I keep this data:
It may be relevant to share certain medical information when...
(a) Your mental health history, past accidents, medical procedures, etc, may inform my treatment plan to make it more appropriate for you.
(b) There is any risk that health conditions such as seizures, diabetes, etc, may impact a session.
(c) Any medications you are taking may affect our work together.
(d) You have any allergies that I should be aware of in order to keep you safe.
How long I keep this data
When we finish working together, I will delete this data.
Who sees the data:
Only me.
6. Session notes
I make session notes in paper form only. These are not duplicated anywhere else in electronic or other formats. Notes include date and venue of the session, together with what I consider to have been important occurrences or themes that arose during the session.
Why I keep this data:
Notes are there to remind me of important points I may want to bear in mind or bring up in our next session, and/or in supervision. They also help me to keep track of the work we are doing together.
How I keep this data:
After the session, notes are kept with me and not left unattended until they can be placed in a locked filing cabinet. Your name or other identifying details are not kept with your session notes; only your initials are used.
How long I keep this data:
My current policy is to destroy session records seven years after our work finishes. If you would like me to retain them for a longer period, please discuss this with me.
Who sees the data:
Only me.
7. Your emails and texts
How I keep this data:
I may delete emails and texts after I have noted the contents (for example, emails around scheduling sessions). Any emails or texts that I consider it necessary to keep are retained in my email account or phone, both of which are password protected.
Why I keep this data:
I may keep emails or texts if they contain details it would be useful for me to refer back to.
How long I keep this data:
I will delete emails when our work ends, unless they form session notes (in which case, see above).
Who sees the data:
Only me.
This document regarding therapy client data GDPR is subject to regular review and will be updated as needed.
google-site-verification: googleb7addca97e712350.html