Data Privacy Policy – December 2018

The clinic keeps records about you.
This explains why the clinic keeps your info, where it is kept, how the clinic keeps it safe, and what your rights are.

The basics
•The clinic keeps information about you in order to provide you with a service, and to process payments for the service.
• The clinic cannot work with you unless you allow records to be kept.
• The clinic follows the law and the codes of practice set down by the HCPC and the BABCP.
• The clinic has systems in place to protect your data.
• You are entitled to request a copy of your data free-of-charge, and to have inaccurate information corrected.
• The clinic aspires to the highest data privacy standards. If you have questions, concerns or feedback then please let Dr Kaja know so that they can be addressed.
• You can complain to the Information Commissioners Office (ICO) if you think that the clinic is acting unlawfully: visit www.ico.org.uk/concerns or phone 0303 123 1113.

Why the clinic keeps information
The professional registration body (HCPC) requires clinical psychologists to keep information about clients and the work that completed. The clinic cannot offer you services unless you allow data to be kept about you and the work completed together. The clinic is registered with the Information Commissioners Office (ICO) and is bound by the ethical and practical rules set by the professional regulatory bodies (the Health and Care Professions Council; HCPC, and the British Association for Behavioural and Cognitive Psychotherapies; BABCP).

The kind of information the clinic keeps
The clinic keeps personal data, e.g. your name, address, phone number. It also keeps sensitive data e.g. notes from sessions together, your gender, your social history.

What the clinic does with the information
The clinic uses the data collected for three reasons:
(1) to provide you with services,
(2) for billing and processing payments,
(3) to help prevent serious harm.

Some of clients may feel vulnerable at times in their lives, and be at risk of harming themselves or be at risk of harm to / from others. In these circumstances, the clinic staff need to be able to communicate effectively with other services such as GP surgeries or emergency care services, to keep these clients safe. This involves sharing of personal information on a need to know basis.

Who the clinic staff might share personal information with
The clinic holds information about all clients and the therapy they receive in confidence. This means that personal information will not normally be shared with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then the clinic staff will share appointment schedules with that organisation for the purposes of billing. The clinic staff may also share information with that organisation to provide treatment updates.
• In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
• When there is need-to-know information for another health provider, such as your GP.
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
• When the information concerns risk of harm to the client, or risk of harm to another adult or a child. The clinic staff will discuss such a proposed disclosure with you unless it is believed that to do so could increase the level of risk to you or to someone else.

What the clinic will NOT do with your personal information
The clinic will not share your personal information with third-parties for marketing purposes.

How long the clinic keeps data
The clinic keeps client data throughout the time that active work is occurring and, in line with professional guidance, for 7 years after the work has ended.

Where the clinic keeps data
In online clouds:
in the clinic management software: WriteUpp (writeupp.com)
in my file storage cloud: Tresorit (tresorit.com)
On laptop
In a paper file whilst working with you
In a mobile phone through scanning paper files
In the clinic email systems
The clinic website uses cookies so that it is possible to see how many people have visited and which pages are most popular. Google may send additional cookies if you use the Google map links on the site. Cookies are anonymous and contain no personal data. You can turn cookies off in your website browser if you wish to.

How the clinic keeps data safe
WriteUpp data is encrypted in flight. This means that no one can read data being sent to, or coming from, the WriteUpp account. The clinic accounts are locked with strong passwords.
Tresorit is an end-to-end encrypted file storage cloud. The clinic account is locked with a strong password and two-step verification.
Paper notes are deidentified through the use pseudonymisation rather than full names. These are scanned onto WriteUpp and then the paper copy is shredded once it has been scanned into electronic format.
Mobile phones must be opened with a password each time used.
Accounts within the clinic email system are secured with a strong password.
Access to the analytics on the website are secured with a strong password.

You have the right to:
request details of all the information that is kept by the clinic and to receive it within one month at no fee.

have information corrected if you consider it inaccurate or incomplete. or complain if you think that the clinic staff are acting unlawfully (see The basics, above).

Please do not hesitate to ask if you have any questions.