On 25 May 2018 the law changed with regard to how organisations have to protect your ‘data’ (personal details and records) and this is called the General Data Protection Regulation or GDPR. The following summary highlights how GDPR is being implemented, by explaining why confidential information is held and how this is protected. https://ico.org.uk The basics
I keep information about you in order to provide you with a service, and to process payments.
I cannot work with you unless you allow me to keep records.
I follow the law, and the codes of practice set down by the HCPC and the BPS
I have systems in place to protect your data.
You are entitled to request a copy of your data free-of-charge, and to have inaccurate information corrected.
I aspire to the highest data privacy standards. If you have questions, concerns or feedback then please let me know so that I can address them.
You can complain to the Information Commissioners Office (ICO) if you think that I am acting unlawfully: visit ico.org.uk/concerns or phone 0303 123 1113.
Why I keep information My professional registration requires me to keep information about my clients and the work that I do. I cannot offer you services unless you allow me to keep data about you and our work together.
The legal basis I have what is known as a legitimate interest for keeping data. I am registered with the Information Commissioners Office (ICO) to do so. I follow the rules set down by my professional regulator (the Health and Care Professions Council; HCPC), and the British Psychological Society (BPS).
The information that I keep
I keep personal data e.g. your name, address, phone number. I also keep sensitive data e.g. notes about our meetings, your gender, social history.
If you complete a web-based enquiry form, I will also collect any information you provide to us as well as your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. All web services used by Renfrewshire Psychology are verified by themselves as GDPR compliant.
If you are referred by your health insurance provider, then I may also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
What I do with the information I use the data I collect for three reasons: (1) to provide you with services, (2) for billing and processing payments (3) to help prevent serious harm.
How long I keep data I keep client data throughout the time I work with my clients and, in line with professional guidance, for 7 years after the work has ended.
Client data e.g. telephone number/email address will be deleted from my mobile phone and computer systems 6 months following the completion of our work.
Where I keep data
In my clinic management software: WriteUpp (writeupp.com)
On my iPad and desktop computer
In a paper file
In my mobile phone
In my email systems
How I keep data safe
WriteUpp data is encrypted in flight. This means that no one can read data being sent to, or coming from, my WriteUpp account. My account is locked with a strong password and two-step verification.
My desktop computer is encrypted using Apple’s full-disk FireVault; I use Apple’s Firewall to prevent others gaining access to my computer.
My iPad is encrypted, and must be opened with a password or fingerprint each time I use it.
My paper notes are stored in a locked cabinet.
My mobile phone is encrypted, and must be opened with a password or fingerprint each time I use it.
My email systems are secured with a password and two-step verification.
I use Google Authenticator on my phone to generate two-step verification codes.
You have the right to:
Request details of all the information that I keep and to receive it within one month at no fee.
Have information corrected if you consider it inaccurate or incomplete.
Complain if you think that I am acting unlawfully (see The basics, above).