On the 25th of May 2018 the law changed with regard to how organisations protect your ‘data’ (personal details and records), and this is called the General Data Protection Regulation or GDPR. (Access the Information Commissioners Office, (https://ico.org.uk), for further details). The following summary highlights how GDPR is being implemented by explaining why confidential information is held and how this is protected.
The need to Process your Information
In providing you with our services, York & Ryedale Psychology Resource needs to handle your personal information. Personal information is details about you from which you can be identified, such as your name, address and contact details. We may also process additional sensitive data such as information about your psychological and physical health. This information is essential to inform, facilitate and provide therapeutic services and assessment that are appropriate to your needs.
Under the requirements of the Health Care Professions Council (HCPC) and British Psychological Society (BPS), we are obliged, according to the legitimate interests of provision of our services, to keep documentation of your personal data to allow us to provide appropriate services for you.
Information about you will be held in the form of handwritten notes, emails, questionnaires, letters and reports in addition to our practice management software system and invoices. This information may be collected at any point during your contact with us and/or during your receipt of services from us. Your information will be collected, managed and stored solely for the purpose of providing you with psychological and ancillary services.
Use of Your Information
We use your name, your contact details such as your telephone number, email/postal/Skype address:
- To inform you about appointments, practice details and services we provide.
- To create and process your invoice using our accounting package.
- To process your payment - your provided reference details may appear on our accounts/banking statement.
- To carry out remote treatment sessions and communications.
Storage of your Information
- Company computers - We use a personal computer located on our office premises. The computer is password protected and passwords not shared beyond those requiring definitive access. Where cloud services are used, these meet GDPR requirements and all data is securely encrypted when stored there. We also record some aspects of our interaction with you in Microsoft Excel Spreadsheets on a computer in our office.
- Paper copies During appointments we take handwritten notes. These notes may be used to create a report on the services we provide to you or to an approved third party, (e.g. your GP or health insurer). Written notes are a memory aid for your therapist to ensure continuity of treatment. We keep a paper copy of your notes and any invoices in locked filing cabinets in our offices. We provide paper copies of invoices to our accountant to enable her to process our accounts each year.
Length of time information is held
We will hold information about you for as long as you receive services from us and for 8 years following the date of our last contact with you. If the client is a minor, we will hold information for six years past the age of maturity. Some records may be held indefinitely if there were issues of concern that could lead to police/legal investigation in the future. Please note - mental health records are subject to special legislation: www.gov.uk/government/publications/records-management-code-of-practice-for-health-and-social-care
Archived files are held in secure storage on our office premises and finally disposed of in a safe and confidential manner.
Removal of your data
You have the right to request your personal data be erased prior to this time or at any point by contacting our Data Protection Officer, Dr Kay Farquharson, using the email contact: firstname.lastname@example.org
or telephone number: 07967 128916. However, if there were an on-going legal matter related to your case or if your request falls within the timeframe our governing practice body dictates client data be held, (8 years), it may not be possible to erase your data before that period has passed or any legal action is ended. If we decide your data can be deleted this will be carried out without delay.
Access to information
You can access your information by contacting Dr Farquharson via telephone or email to make a Subject Access Request (SAR).You can also ask for your information to be transferred to another provider of psychological services. We will respond to your request within 30 days. Verification of your identity will be required prior to release. These services may involve administration fees.
Correction and updating of held information
Whilst you are receiving services from York & Ryedale Psychology Resource we will aim to keep the information we hold about you up-to-date. Please advice immediately of any changes in your personal data to allow an update of our records.
Protecting your Information
We are committed to holding your personal data in a safe and secure manner. Therefore we comply with professional body guidelines and recommendations, (BPS & HCPC) and those of regulatory bodies such as the Information Commissioners Office. We have physical, electronic, and operational procedures in place to protect your data. In the unlikely event of our security processes being compromised leading to a significant breach of your information, we will endeavour to inform you within 72 hours.
The confidentiality of your personal information is very important to York & Ryedale Psychology Resource. Our services are confidential and your data will only be shared without your consent in the event of serious risk of harm to yourself or when we are legally obliged to do so. Release of confidential information is restricted solely to other professionals who have a definitive need to access it. You may be assured your data will never be used, shared, or processed for the purposes of marketing or research. You have the right to object to the use of your data for any purpose in which case processing will be stopped immediately pending consultation.
Should you have any concerns about the management of your data by York & Ryedale Psychology Resource, please contact our Data Protection Officer, Dr K Farquharson, in the first instance. If we are unable to resolve your concerns, you have a right to complain to the Information Commissioner’s Office: https://ico.org.uk/for-the-public/raisingconcerns/