GDPR: General Data Protection Regulation Policy. May 2018.
What information is being collected?
As part of visiting me for therapy, I will need to have a record of your personal details, date of birth, address, telephone numbers, email and relevant medical information relating to your session. A unique reference number will also be allocated to you.
Personal data about your presenting symptoms and treatment provided will also be documented in detail. You have access to this information at all times.
All data will be held in a locked filing cabinet or on a computer protected with a password.
No client files are left on surfaces for other clients/staff to read.
All data taken whilst on a mobile treatment will be transported in a locked bag, out of sight in a boot. No notes are left unattended in a vehicle at anytime.
All notes will be kept secure for a period of 8 years for adults and will then be destroyed if you are no longer attending clinic. All children’s notes will be kept until adult age ( 21 ), and then destroyed if no longer attending clinic.
Who is collecting it?
Your practitioner is collecting data at the start of your first session. Some information maybe requested by email or text message to ensure the smooth running of your treatment. On occasion data from relevant medical notes / letters and scans may also form part of the data collected and held by your practitioner.
How is it collected?
Collection of data will happen via pen and paper note taking, secure email, text messages, occasionally photographs, videos, and letters by mail. No personal data will be collected via social media.
Why is it being collected?
Data is collected to record, guide and supervise the your progress and be able to communicate effectively with the you for the best outcomes. It is also used to compare progress week to week and to highlight changes, red flags, yellow flags, action to be taken and a detailed dialogue of treatment provided.
Data also helps us to carry out relevant research from time to time. All clients can opt in or opt out of this. Again unique reference codes will be used to transfer data.
How will it be used?
Data will be used to communicate appointments, session information, progress and relevant referrals
Who will it be shared with?
Data is rarely used to communicate and be shared outside of the clinical environment. On occasion you maybe asked for permission for the information to be shared with another practitioner or medical service for referred treatment:
Full permission will be requested first.
Personal data will be sent by post or email separately to your treatment information and a personal allocated reference code will be used to ensure the individual cannot be identified without the 2 pieces of data recording being put together.
Client experiences can be shared with the public with full consent from the client themselves. This will be taken in on a consent form signed by the client prior to sharing.
What will be the effect of this on the individuals concerned?
There should be no data leakage with regards to clients.
No data is shared with 3rd parties without consented permission.
No data is sold to third parties for business reasons.
No data is held on phones unless encrypted with a pin number/finger print recognition. No phones are left unattended. Lost/stolen phones need to be locked remotely to prevent 3rd parties reading any sensitive information.
No sensitive/identifiable data is sent by email together in the same posting. Unique reference codes are used.
All computers/laptops and tablets are locked with pass codes and not left unattended. Only individuals with permission to read notes can access this data.
Right of subject access
Clients have a right to see what information is being held about them and be given copies of this information if requested at no cost to them.
Right to erasure
Clients have a right to request deletion of data, although this can be overridden in the interest of the client, especially regarding medical matters.
Is the intended use likely to cause individuals to object or complain?
Practitioners take data protection and privacy seriously and promote this philosophy to all the industry in relation to protecting client data.
The data mapping in place should never cause a client to object or complain. Any queries and requirements are taken seriously and honoured.