therapy privacy policy
The General Data Protection Act came into force on May 25th, 2018, and in compliance with this I need to inform you about the personal details I collect from you as my client, as well as how I store, hold, process and destroy them.
As a client, when you attend an initial consultation with me, we begin by setting a working agreement in place that explains my commitment to client confidentiality and data protection, as well as when confidentiality may be breached.
I will collect personal details from you, as listed below:
name
pronouns
date of birth
address
contact number
email address
contact details for your GP, for use with your permission
details of any relevant mental or physical health issues and medication
Storage of Personal Details
The above personal details are scanned and stored on an encrypted USB key, and only I know the password. They are stored separately from any case notes (brief summaries of counselling sessions).
Case notes are also stored on an encrypted USB key, and again only have the password. Within these case notes, you are known only as a code so that your anonymity is preserved.
I keep an online diary to manage my appointments, and you will be referred to within this only by your initials.
I use a mobile phone to receive client phone calls and text messages. I hold your number in my contacts under your code, and my phone is PIN protected.
I use an email account, ProtonMail, for use with clients, which uses end-to-end encryption and zero access encryption to secure emails. This email account is separate from my personal email account.
If you pay directly into my bank account it may store your name. The only reason this information would be shared would be for reasons about me, and would only be shared with other organisations who comply with the General Data Protection Act, such as banks.
Deletion of Your Personal Details
Your personal details, case notes and written communication between us are kept for 7 years in line with the recommendations of my professional body, the British Association for Counselling and Psychotherapy (BACP). They are then deleted.
Sharing of Personal Details
Supervision
In line with BACP requirements, my work is regularly supervised by a qualified supervisor. Their role is to ensure I work effectively, ethically and professionally. You are referred to by your first name only in supervision, and conversations between myself and my supervisor are confidential.
Therapeutic Will
I have appointed a therapeutic executor to attend to my clients in the event of my demise. This executor is a qualified psychotherapist and therefore committed to client confidentiality. They would contact you to let you know of my demise, and to offer you support where appropriate. My executor is also responsible for the deletion of all case notes and personal details in this event.
Exceptions to Confidentiality
If I have reason to believe that you or someone else is at risk of serious harm, I will break confidentiality. I would endeavour to discuss this breach with you first so that we could come to an agreement about who needed to be informed. However, if an agreement is not reached and I still believe that you or someone else is at risk, I will either discuss the situation with my supervisor and decide how to proceed, or contact the relevant assistance. Where a threat of money laundering, terrorism or drug trafficking is disclosed, I am obliged by law to inform the authorities.
Your Rights
In accordance with GDPR, you have the following rights:
To be informed of the information that I store about you.
To ask to see the information that I hold about you. I am legally required to respond to any request from a client to see their personal data within 30 days.
To ask that I rectify any information that you deem inaccurate, unnecessary or incomplete. If I need to keep a record to comply with legal requirements then I may decline this request.