GDPR: for new and current therapy clients

Therapy client data GDPR: As from 25th May 2018, under the General Data Protection Regulations (GDPR) I, Andrew Watford, Psychotherapist, am required by law to inform you (as my current therapy client, or potential therapy client) about how I process and keep safe the data I hold that pertains to you. I am also required to gain your consent to my holding and processing your data in certain ways (they’re detailed below). As a qualified and experienced Psychotherapist, I take confidentiality and privacy very seriously and am bound by the code of ethics of BACP

If you are my current therapy client, or are about to become my therapy client, here’s what you need to do…

Please read and sign to indicate your consent. You may print a paper copy, or copy and paste digitally. If you do not wish to give your consent, you have the option to discuss with me, and it may be possible to create a bespoke agreement between us.

If you agree to give your consent for me to hold and process your data as stated, please sign, date and return to me by hand, by post, or email to my business account.

  • What therapy client data is held about you?

    I keep certain data so that I can work safely and professionally with you, in line with the guidelines of BACP.

    The therapy client data GDPR I hold may include:

    1. Your name and address
    2. Your phone number and email address
    3. An emergency contact’s name and phone number
    4. Your GP name and contact details
    5. Relevant medical information
    6. Session notes
    7. Payment information
    8. My emails to you, and yours to me
    9. Invoices

    You have the right under GDPR to know what therapy client data I hold, why I hold it, and for how long I hold it. You also have the right to view it, and to ask for changes to be made. When sensitive data is to be destroyed, it is shredded. If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible.

    How, why, and for how long is your data held?

    To try and make things as clear as I can, I’ve divided this into nine sections. You’ll need to consider each section individually, and if you consent then sign and date where indicated at the bottom of the page.

  • 1. Your name and address

    How I keep this data

    I keep your name and address in paper form in a locked filing cabinet. These are kept separate from your session notes.  I use a double index entry system to ensure your name is not directly linked to a client record.

    Why I keep this data

    This is required by my professional liability insurer and by my professional organisation (BACP).

    How long I keep this data

    My professional liability insurer advises that I keep this data for seven years. After that time it is destroyed.

    Who sees the data

    Myself. 

     

  • 2. Your phone number and email address

    How I keep this data

    I keep your phone number in my mobile phone under an identifying code, not your name. My phone is locked with a passcode when I am not using it. Your email address is held in my Gmail account, which is encrypted across all my devices. Neither my computer nor my phone are shared with anyone else, unless it is required by a technician for maintenance. I also keep your phone number and email address in paper form in a locked filing cabinet. These are kept separate from your session notes.

    Why I keep this data

    This is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice). My professional executor keeps this data so that you could be contacted in case I became suddenly incapacitated through a health crisis or other emergency, as required by my clinical will. I also keep your email address in case we agree to work therapeutically via email, either as a regular arrangement or just occasionally.

    How long I keep this data

    I will remove this data when we have finished our work, unless you tell me that you would like me to retain it in case we work together again in the future.

    Who sees the data

    Myself.

  • 3. Emergency contact’s name and phone number

    How I keep this data

    I keep this data in paper form in a locked filing cabinet along with your name and contact details.

    Why I keep this data

    It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you. In addition, you and I may agree together on some other reason that I might contact this person, based on your best welfare.

    How long I keep this data

    When we finish working together, I will delete this data, unless you and I decide to make other arrangements.

    Who sees the data

    Only myself.

  • 4. Your GP name and contact details

    How I keep this data

    I keep this data in paper form in a locked filing cabinet along with your name and contact details.

    Why I keep this data

    In many cases I would never need to use this information. However, you and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures. If I were to become concerned for your safety I may decide to contact your GP or emergency services.

    How long I keep this data

    When we finish working together, I will delete this data.

    Who sees the data

    Only myself.

  • 5. Relevant medical information

    How I keep this data

    I keep this data in paper form in a locked filing cabinet along with your name and contact details.

    Why I keep this data

    It may be relevant to share certain medical information when:

    (a) Your mental health history, diagnoses etc may inform my treatment plan to make it more appropriate for you

    (b) There is any risk that health conditions (e.g. seizures, diabetes, etc) may impact a session

    (c) Your medications may affect our work

    (d) You have any allergies that I should be aware of in order to keep you safe

    How long I keep this data

    When we finish working together, I will delete this data.

    Who sees the data

    Only myself.

  • 6. Session notes

    Notes may include dates and times of attendance, and brief notes on important themes from the session. I do not keep detailed session notes. I keep a ‘clear desk’ policy, which means that session notes and other information are not left unattended.

    How I keep this data

    I keep brief session notes in paper form in a locked filing cabinet. Your name or other identifying details are not kept with your session notes; only a code is used.

    Why I keep this data

    Brief notes may remind me of important points I want to be sure to remember to discuss in our next session, and/or in supervision.

    How long I keep this data

    After the work has been discussed in supervision, I may destroy any notes (or parts of notes) that my supervisor and I do not consider necessary to keep for longer. My current policy is to destroy session records seven years after our work finishes. If you would like me to retain them for a longer period, please discuss this with me.

    Who sees the data

    Only myself.

  • 7. Payment information

    How I keep this data

    I make a note of payments you have made, on a password-protected financial spreadsheet for my business. I may also outline invoices and record payments in my paper diary, but under a code rather than your name.

    Why I keep this data

    As a small business owner, I am required by law to retain certain financial information, primarily for tax purposes.

    How long I keep this data

    I keep financial information for 7 years as advised by HMRC.

    Who sees the data

    Payment by cheque will be processed by my bank, but your account name will not be visible on my bank statements. Banking transactions may be viewed by employees of the bank, my accountant, my financial advisor, and tax officers (HMRC). When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.

  • 8. Your emails and texts

    How I keep this data

    I may delete emails after I have noted the contents (for example, emails around scheduling). Any emails that I consider it necessary to keep are retained in my ProtonMail email account, which is encrypted.

    I advise that you and I use an encrypted email system called ProtonMail.  This ensures end-to-end encryption. ProtonMail is easy to install and use, and it has a free version.

    If you would like to communicate via text, for example regarding rescheduling appointments, you will need to do this via an app called Signal. This can be downloaded to your mobile phone, it’s free and is straightforward to use.

    Please note that normal emails and texts, and related applications such as WhatsApp and Messenger, are not recommended due to confidentiality and privacy issues.

    Why I keep this data

    I may keep emails if I consider it clinically necessary.

    How long I keep this data

    I will delete emails when our work ends, unless they form session notes (in which case, see above).

    Who sees the data

    Only myself.

  • 9. Invoices

    How I keep this data

    In most cases, I do not create an invoice for clients who are paying weekly, but you may request that I invoice you if you wish. I create invoices on my laptop using Pages, and then export as pdf. Invoices are kept as password protected documents on my computer, and are sent via ProtonMail.

    Why I keep this data

    I use the invoice to create the next one (in the case of ongoing work) so that I can revise and update it with new information.

    How long I keep this data

    I keep the invoice for a short time whilst I monitor payments (usually this is one month). Once payment has been made, and any further invoice has been created, I delete the invoice.

    Who sees the data

    Only myself.

  • Further Questions

    If you have any other questions regarding how your therapy client data GDPR is processed and handled, please  contact me.

    This document regarding therapy client data GDPR is subject to regular review and will be updated as I see fit.

    All rights reserved ©Feel Better Therapy 2018, 2021. The contents of this page may not be copied or reproduced for publication without permission of the author. If you have your own website, you may not copy and use this text without obtaining consent from Feel Better Therapy.

Other Menu