DATA PROTECTION POLICY
Introduction:
The EU General Data Protection Regulation (GDPR) requires that if anybody processes your information, they must let you know why they are doing it (under what legal basis), who has access to it, and how they process it. When you arrend therapy, you share a lot of information about yourself, and in this section we explain why we need to process the information you give us, how we do it and who does it.
(For information on how this website processes your data, please refer to the Privacy Policy section and the Cookie Policy at the bottom of the page)
Why is information processed?
Under the GDPR, your therapist is the ‘data processor’. The type of information processed in a psychotherapy/counselling setting is of a personal and medical nature, and is referred to as ‘Special Category Data’ There must be a legal basis for anyone to process Special Category Data, and our legal basis is that it is “necessary for the purposes of preventative or occupational medicine”.
See the full paragraph, in Article 9(2) of the GDPR:
“(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3”
What kind of information is processed?
In the practice, I have process three types of information:
1. Paper files that contain your consent form, and information such as consultation notes, mental health history or self-reported questionnaires. I do not keep notes of our sessions.
2. Electronic data, such as email and WhatsApp communication, session receipts,
and letters you may have asked me to write for you.
Other than the electronic data above, I do not keep any client records or notes digitally, on any device. All of your data is confidential and cannot be shared with anyone. Only your therapist has access to it. There are exceptions to confidentiality by law, and these will be clearly explained to you when your therapist meets you first.
1. Forms with your name:
When you begin therapy, you will be asked to complete a Consent Form with your name, address, email address, contact number, next of kin, etc. This information is necessary for your therapist to contact you and carry out your treatment. In the case of a next of kin, by giving me their name and number, you are giving me permission to contact them ONLY in the case of an emergency during the session (ie: fainting, medical emergency or psychotic episode during the session, or if I become seriously concerned for your wellbeing). I will never contact a next of kin unless there was a serious emergency. There might be other forms containing your name (such as no self-harm agreement forms, forms giving permission to break confidentiality if they want me to talk to another help professional about them).
2. Client Files:
Your file is a paper file with some information necessary for your therapy. It might contains the information you gave me about yourself in the assessment (such as brief family history, medical or mental health history, whether you are on medication, the current issue you need help with, your therapeutic goals, etc.). Any questionnaires you complete during your treatment to assess your level of distress, self-compassion, or your satisfaction with the services will also be in this file.
3. Electronic Data:
I don’t keep any client information or notes digitally, except for any letters you have asked your therapist to write for you (such as a referral letter), and our text, email or WhatsApp correspondence. Other than these, and email and text message correspondence with you, no other data belonging to you is kept electronically.
EMAILS: Care will be taken not to write any sensitive information in the body of an email, but be aware we cannot guarantee the security of any sensitive information you decide to email us.
PHONE: Your therapist has a separate work phone (password protected) that is used only for the purpose of work, therefore reducing the risk of any mistaken breach of confidentiality.
Where and how is all this information kept?
Any paperwork with client information is kept in a secured locked cabinet. Only your therapist has access to the key.
Who has access to the information?
Apart from the legal limits to confidentiality, only your therapist (the data processor) has access to your information. In the case of minors, important information the minor shares is passed on their parents/guardians. This will be explained clearly in the assessment. In the case of adults, information cannot be shared with third parties, such as family members, parents or spouses. If a family member makes contact with your therapist, your therapist will not engage with them or even let them know whether you are attending or not.
Your therapist is obliged to attend clinical supervision and cases are discussed in order to make sure your therapist is being effective, but the notes are never taken to supervision, and care is taken to protect confidentiality.
How long is the information kept for?
The two accrediting bodies that your therapist is a member of (the IACP and the IAHIP) recommend that your data is retained for a minimum of 7 years after the last session, then shredded.
What are clients’ rights in relation to their information?
You can find all the information you need about your data protection rights on www.dataprotection.ie and www.gdprandme.ie