General Data Protection Regulations
From the 25th May 2018, new laws regarding data protection came into effect across the EU. The General Data Protection Regulation (GDPR) provides a set of standardised data protection laws, which oblige all those who hold personal and sensitive information to have effective policies and procedures protect clients’ information. This document sets out how Seaways Psychology Services complies with the GDPR.
About Dr Rachel Glynn-Williams, Clinical Director,
Seaways Psychology Services, Glynn-Williams & Associates Ltd
Dr Glynn-Williams is a Chartered Consultant Clinical Psychologist in independent practice. She is an associate fellow of the British Psychological Society. She is registered as a Practitioner Psychologist (Clinical) with the Health and Care Professions Council (HCPC).
As a Practitioner Psychologist, Dr Glynn-Williams’s statutory registration with the HCPC holds her to clear standards of conduct, performance and ethics. Specifically:
Standard 2: Communicate appropriately and effectively
“You must share relevant information, where appropriate, with colleagues involved with the care, treatment or other services provided to a service user.”
Standard 10:Keep Records of your work
“You must keep full, clear and accurate records for everyone you care for, treat or provide other services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access.”
Dr Glynn-Williams is registered with the Information Commissioner’s Office as the data controller for the business. She is responsible for ensuring that all data processes are compliant with GDPR and that any data processing within and on behalf of the business is also able to demonstrate such compliance.
What information is being collected?
As part of providing a service to clients, it is necessary for Seaways Psychology Services to obtain and hold certain personal and sensitive personal data.
Personal data held and processed includes: basic contact information: name, address, email, contact number, and GP contact details, any health insurance reference, policy number and authorization code.
Special category personal data held and processed includes: information sent via post or email from a third party, (such as solicitor, health insurance firm, GP) relating to your difficulties and other personal circumstances; therapy notes, letters, reports and outcome measures generated through our face to face discussions, as part of providing you with an agreed service.
Lawful Basis for Processing Personal and Special Category Information
Under GDPR, the lawful basis for processing and storing personal and special category information is one of Legitimate Interest. Dr Glynn-Williams need to receive, process and store your information in order to provide the requested and agreed clinical psychology service to the highest standard. Without such information, Seaways Psychology Services cannot provide a safe nor effective service.
The GDPR classifies health-related data as “Special Category Data”, under article 9. This regulation specifies that processing of data is necessary for the provision of health treatment by health professionals who are legally bound to professional secrecy.
How data is stored
All data received, generated and processed as part of the service provided is stored securely.
Paper: written notes, and other materials generated from discussions in session, and any written materials sent to Seaways Psychology Services from a third party, are stored in a locked secure filing cabinet. Only Dr Glynn-Williams has access to the key.
Computer-based: Seaways Psychology Services uses Writeupp, which is a secure cloud-based case management system, which has the facilities to allow practitioners to be compliant with GDPR. This is accessed this via iPhone and Laptop, both of which are only accessible via a password. Only Dr Glynn-Williams has access to any information stored on the Writeupp system. After clinical sessions, written notes are transcribed or scanned into individual subject’s file on Writeupp, and the written material is then shredded.
Smartphone: Dr Glynn-Williams has access to Writeupp via password protected iPhone, and further password to access Writeupp.
Email/SMS: Your email address and correspondence will be stored in Seaways Psychology Service’s email account by nature of your making contact. Your telephone number may be stored in SMS or on phone call list should communication happen via these routes. They will not be stored with your name or any identifying details.
Therapy notes will be kept until 8 years after completion of the service provided. Interview materials, questionnaires and observational material generated through medico-legal assessments will be kept indefinitely.
The security and confidentiality of your data are extremely important to Seaways Psychology Servcies. Therefore, your data will never be used, sold or shared for any purpose other than for providing the agreed clinical or medico-legal service.
HCPC professional code of practice requires all practitioners to share information appropriately. Should someone we work with disclose that they or someone else is at serious risk of harm, we may need to contact other agencies such as their GP and/or employer, as is consistent with professional obligation to place safety first.
For clients who are engaged in therapy as part of a civil claim, we may be asked to provide a summary or up-date report. Clients are always welcome to see this report before it is sent to the solicitor and/or receive a copy.
Clients have the right to have a copy of the records held for them by Seaways Psychology Services, under GDPR. Copies of records will only be released to the client where there has been a signed, addressed and dated request for such from the client.
Administrative and financial with Seaways Psychology Services are under a data sharing contract which agrees the terms and conditions of engagement of services under GDPR. The non-clinical director does not have access to clinical data.
Data Subjects’ Rights under GDPR
Clients who make use of Seaways Psychology Services have a number of rights under the GDPR. Importantly:
- to be informed about how their data is being held and processed.
- to access the information held about them – Subject Access Requests (SARs) can be made to the data controller in writing.
- to get their personal information corrected if it is inaccurate.
- to request that data is erased – such requests are balanced against legal and professional responsibilities as regards record keeping.
- to complain to a regulator; If they think that Seaways Psychology Services have not complied with data protection laws, they have a right to lodge a complaint with the Information Commissioner’s Office.
Changes to this Privacy Notice
Seaways Psychology Services may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if changes in business affect personal data protection.
Information relating to any changes will be made available on the website – www.seawayspsychology.com
Dr Rachel Glynn-Williams
9th September 2019