The Richmond Anxiety Clinic Data Privacy Policy
Summary:
The Richmond Anxiety Clinic will need to keep certain information about you in order to set up initial consultations / assessment and to offer treatment. This document explains why we keep this information, how it is stored, how we keep it safe and what your rights are.
We adhere to the latest General Data Protection Regulation (GDPR) laws and the codes of practice set down by the Health and Care Professions Council (HCPC).
We (all individual therapists working for the Richmond Anxiety Clinic) are registered with the Information Commissioners Office (ICO) as a data controller.
What information we keep:
We collect and keep personal data (basic contact information, such as name, address, email, contact number and GP contact details). We also keep sensitive data (e.g. brief notes from our therapy meetings, questionnaires/outcome measures and any letters or reports). If you compete a web-based enquiry form, we will also collect any information you provide to us this way.
We do not routinely write letters or reports unless requested to do so by our clients.
Why we keep this information:
We are required by our professional body (HCPC) to keep information about clients and our work together. We are not able to work with you unless you allow us to do so.
The lawful basis for processing information:
We have a legitimate interest for processing this information in order to provide you with health treatment. Please see the Information Commissioners Office (ICO) if you would like more information about this: www.ico.org.uk
What we do with the information we have:
We use the information that you have given us in order to provide you with a therapy service, as well as for processing payments and in some cases to help prevent serious harm.
Who we might share personal information with:
We keep the information you give us confidential. This means we do not normally share this information with anyone else. There are exceptional circumstances which mean we may need to share personal information with relevant authorities;
When the need for disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty such as a Court Order.
Where there is risk of harm to yourself, or to another adult or child. If this need arises. We will try to discuss this with you first, unless doing so leads to an increased risk of harm.
As Clinical Psychologists we are required to have clinical supervision in order to ensure we are delivering therapy and treatments appropriately. Supervision involves us discussing aspects of the therapy and work we are doing with an appropriately qualified clinical supervisor who must also adhere to the same codes of conduct as we do. In addition, information may be shared with colleagues with the Richmond Anxiety Clinic for the purposes of supervision.
Emails and initial enquiries to the central email address for The Richmond Anxiety Clinic may be seen by Dr Laura Bowyer and Dr Hendrik Hinrichsen in order to respond to queries and direct these to the appropriate therapist.
How Long we keep Data:
The BABCP and ICO do not mandate a specific time period that personal data and notes are stored for. However, both the ICO and the BABCP along with new General Data Protection Regulation (GDPR) guidelines recommend that no-one should keep personal data for longer than needed. We have therefore decided to keep all notes and contact details for 1 year post the end of any therapy in order to enable patients to contact us for letters or, in case of needing further sessions. After this time all personal information and notes will be deleted.
How we store data:
Information is recorded and stored using an on-line electronic system called ‘bac-pac’ provided by the company ‘Mayden’. This is software which has been specifically designed for counsellors and therapists and Mayden provide the platforms for storing data and notes used by many teams within the NHS.
Mayden and security (taken directly from Mayden’s website):
“We take security very seriously, and Mayden has over 10 years experience in storing confidential medical information for NHS services, voluntary services and the private sector. We have been vetted by both the NHS and Ministry of Defence for hosting confidential medical information and we are currently adding a quarter of a million clinical records to our secure databases every month. Your information is safe and secure with us”.
Please see for further information: https://bac-pac.co.uk/?doing_wp_cron=1594806951.6066749095916748046875
To log onto ‘Bac-Pac’ therapists must have a personalised password and username.
Notes kept will be very brief in detail to avoid storage of unnecessary personal information.
Our email system is GDPR compliant and secured with a password. Any personal information sent via email will be password protected. Laptops used by therapists are password protected and malware and antivirus protection are installed.
Client’s contact numbers and first names only will be stored for the period of 1 year following treatment ending on therapists’ mobile phones. All mobile phones are secure and require either password or finger print authentication to access.
Whilst we will use all reasonable efforts to secure your personal data, much of our work is completed using the internet (e.g. Skype / Zoom / MS Teams / email systems) and we cannot guarantee sharing of any personal data using the internet will be entirely secure.
Your data protection rights:
You have the right to request a copy of the information that we keep about you and to receive this within a month of request
There will be no fee payable for this information.
You have the right to have your personal information corrected if you believe it to be inaccurate.
You have the right to complain to a regulator if you think we have not complied with data protection laws. You can direct any complaints regarding this to ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Consent:
The ICO state that in the UK only children aged 13 or over are able provide their own consent. For any child under this age we will require consent from whoever holds parental responsibility. Parental responsibility for a child means someone who, according to the law in the child’s country of residence, has the legal rights and responsibilities for a child that are normally afforded to parents. This will not always be a child’s ‘natural parents’ and parental responsibility can be held by more than one natural or legal person (ICO, 2018). Please note however that separate to obtaining consent for treatment, that we will make an explicit signed agreement with parents and young people as to how / what information is shared with whom when working with young people directly.