Updated Privacy Notice
You may be aware of the new data protection laws that are in effect from the 25th May 2018; the General Data Protection Regulation (GDPR). The purpose of the GDPR is to provide a set of standardised data protection laws across all EU member countries. This document sets out how SKCPS will comply with these laws.
The basics
Data Controller
Dr. Sara Katsukunya is the Data Controller for SKCPS. Associates will be additional data controllers for the clients they work with directly.
Why we keep information
Our professional registration requires that we keep information about clients and the work that is carried out. We cannot offer a service if we cannot keep a record of the work that we do together.
The legal basis
We have what is known as legitimate interest for keeping data. We are registered with the ICO in order to do so. We follow the rules outlined by our professional regulators, the HCPC and the BPS.
The information that is kept
We keep personal data e.g. your name, address, date of birth, GP and phone number. We also keep sensitive data e.g. notes from assessment and subsequent sessions, outcome measures and reports. If you are referred by your insurance provider, then we will also collect, and process data provided by that organisation. This includes basic contact information, referral information, health insurance policy number and authorisation for psychological treatment.
The data that is collected is used for three reasons: (1) to provide you with a service, (2) for billing and processing payments, (3) to prevent serious harm.
How long the information is kept
As healthcare professionals, we are required to keep any medical data for up to seven years after your last appointment, or up to seven years after your 18th birthday. Notes are then destroyed by incineration. Information both during and following treatment can only be accessed by your Clinical Psychologist (or at your request).
You are able to have access to the full file, subject to a data request (triggering withdrawal of the notes from secure storage) and review of notes by your Clinical Psychologist to remove any third party information.
Who we may share your information with
We hold information about each of our clients and the therapy they receive in confidence, complying with all laws and regulations. We will not normally share your personal information with anyone else. However, there are exceptions to this, when there may be a need for liaison with other parties:
What we will not do with your data
We will not share your personal information with third parties for marketing purposes.
Where data is stored
How is data kept safely?
Personal information is minimised in phone and email communication. Sensitive personal information will be sent in a password protected document, via email. SKCPS will never use unsecure or open Wi-Fi to send emails.
At SKCPS, we always respect your personal information and comply with all data protection laws, including the new GDPR, effective from 25th May 2018.
You may be aware of the new data protection laws that are in effect from the 25th May 2018; the General Data Protection Regulation (GDPR). The purpose of the GDPR is to provide a set of standardised data protection laws across all EU member countries. This document sets out how SKCPS will comply with these laws.
The basics
- SKCPS will need to keep information about you in order to provide you with a service, and to process payments.
- We cannot work with you, unless we keep records.
- SKCPS follow the law and codes of practice set down by the Health and Care Professionals Council; HCPC, and the British Psychological Society; BPS.
- We have systems in place to protect your data.
- You are entitled to request a copy of your data, free of charge, and to have inaccurate information corrected.
- We aspire to the highest data privacy standards. If you have any questions, concerns or feedback, please let us know so that we can address them.
- You can complain to the Information Commissioners Office (ICO) if you think that we have acted unlawfully: visit ico.org.uk/concerns, or telephone 0303 123 1113.
Data Controller
Dr. Sara Katsukunya is the Data Controller for SKCPS. Associates will be additional data controllers for the clients they work with directly.
Why we keep information
Our professional registration requires that we keep information about clients and the work that is carried out. We cannot offer a service if we cannot keep a record of the work that we do together.
The legal basis
We have what is known as legitimate interest for keeping data. We are registered with the ICO in order to do so. We follow the rules outlined by our professional regulators, the HCPC and the BPS.
The information that is kept
We keep personal data e.g. your name, address, date of birth, GP and phone number. We also keep sensitive data e.g. notes from assessment and subsequent sessions, outcome measures and reports. If you are referred by your insurance provider, then we will also collect, and process data provided by that organisation. This includes basic contact information, referral information, health insurance policy number and authorisation for psychological treatment.
The data that is collected is used for three reasons: (1) to provide you with a service, (2) for billing and processing payments, (3) to prevent serious harm.
How long the information is kept
As healthcare professionals, we are required to keep any medical data for up to seven years after your last appointment, or up to seven years after your 18th birthday. Notes are then destroyed by incineration. Information both during and following treatment can only be accessed by your Clinical Psychologist (or at your request).
You are able to have access to the full file, subject to a data request (triggering withdrawal of the notes from secure storage) and review of notes by your Clinical Psychologist to remove any third party information.
Who we may share your information with
We hold information about each of our clients and the therapy they receive in confidence, complying with all laws and regulations. We will not normally share your personal information with anyone else. However, there are exceptions to this, when there may be a need for liaison with other parties:
- If you are referred by your health insurance provider, or otherwise claiming through a health insurance provider to fund therapy, then we will share appointment dates with that organisation for the purpose of billing. We may also need to provide treatment updates / progress reports, for the purpose of continuation of funding, or authorising subsequent sessions.
- In exceptional circumstances, we may need to share personal information with relevant authorities:
- When there is need to know information for another healthcare provider, such as your GP.
- When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
- When the information concerns risk of harm to the client, or risk of harm to another adult or child. We will discuss such a proposed disclosure with you, unless we believe that to do so could increase the risk to you or someone else.
What we will not do with your data
We will not share your personal information with third parties for marketing purposes.
Where data is stored
- On a laptop, backed up with an external hard drive.
- In paper files.
- In mobile phones.
- In email systems.
- In an online cloud: Microsoft Office, OneDrive 365
How is data kept safely?
Personal information is minimised in phone and email communication. Sensitive personal information will be sent in a password protected document, via email. SKCPS will never use unsecure or open Wi-Fi to send emails.
- Paper notes, laptops and external hard drives are stored at all times in a locked cupboard, when not in use.
- Laptops are encrypted; password protected and kept up to date with firewalls and antivirus software.
- Mobile phones are encrypted, have mobile security, anti virus software, and are only accessed with a thumbprint scanner.
- Emails are secure, with password protection.
- Cloud data is encrypted and accessed via passwords.
At SKCPS, we always respect your personal information and comply with all data protection laws, including the new GDPR, effective from 25th May 2018.