Our responsibilities to keep and store information securely
As an organisation we are required to inform you, under Data Protection Laws, about the information we collect and store about individuals, and what we are likely to do with this information. We are required to collect and store personal information as part of health records required for psychological assessment and treatment, which are kept in accordance with legal requirements set out in Regulation 20 of the Health and Social Care Act 2008 (Regulated Activities) 2010.
What information do we store and how is it kept secure?
When people enquire about our service we will keep contact details of the person enquiring on a secure database, including name of person enquiring and email and/ or email address. This data will not be shared with any other agencies, and will be used only to monitor and communicate with enquiries.
When people access our services, we collect information that is essential to our provision of psychological services, including the names of the individual client, their home address and contact details (telephone numbers, email addresses), and assessment information relevant to formulation and treatment planning. We may also, with permission, obtain information from other agencies, including GP’s and other health or social care professionals.
This information is stored securely in paper files, electronic files and memory sticks; confidential paper files and memory sticks are kept in locked filing cabinets in secure premises, and electronic files are kept on password protected personal computers kept in secure premises.
Sharing of information
The information is stored solely for the purpose of providing effective psychological treatment for the individuals concerned, and will not be used for any other purpose, or shared with anyone without the individual’s permission. Information is accessible only to the Clinical Psychologists working within the service. The exception to this is if there are serious safeguarding issues and the sharing of information is necessary to ensure the safety of the individual or other people.
Information may be communicated with the individual by telephone, post and email, and consent for the sharing of information in these ways will be gained during the assessment process. By emailing an enquiry, we assume consent to receive a reply by email even if this includes personal information.
Individuals can choose to withdraw their consent for the storing and sharing of information, but this may impact on the feasibility of continuing to provide psychological treatment. There is a legal requirement for us to keep health records during treatment, and for a period of time following treatment (usually 7 years) after which they will be disposed of securely. The client has a right to request access to their records via a formal process.
Please contact us if you have any queries or objections about how your data is being stored. All individuals have a right to complain to the Information Commissioning Office if they think there is a problem with how an organisation is handling their data.