This document outlines how your data is protected in line with the General Data Protection Regulation (GDPR; 2018). Dr Georgina Heath is the data controller for Treating Disorders.
What personal data we process
Treating Disorders collects and processes the following personal data from therapy clients:
Personal data: basic contact information: name, address, email, date of birth, contact number, and GP contact details.
Sensitive personal data: Signed Therapy Client Agreement, therapy records (therapist notes, letters, reports and/or outcome measures).
If you complete a web-based enquiry form, we will also collect any information you provide to us. All web services used by Treating Disorders are GDPR compliant.
If you are referred by your health insurance provider, then we will collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
The lawful basis for processing personal data
Treating Disorders collects the data outlined above in order to provide psychological therapy. No information you provide is passed on without your consent. We will never sell your information to others.
What we do with your personal information
Your personal information is only used to provide the services you have requested from us. We will only use personal contact details to respond to requests for psychological treatment, they will never be used for marketing purposes. If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.
You will be invoiced for the sessions via the invoicing software Zoho Invoice - this software will store your name and email address to send you invoices.
How long we store personal information
We will only store your personal information for as long as it is required. Basic contact information is deleted within 6 months of the end of therapy.
The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.
How your personal information is used
We use the information we collect to provide psychological therapy to you. Personal data is used to respond to requests for therapy by booking in appointments. Sensitive personal data such as therapy notes are collected as a means to provide effective therapy.
You have the right to opt-out at any time, and request that your personal contact information is deleted to prevent future contact from ourselves.
Who we might share personal information with
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
When there is need-to-know information for another health provider, such as your GP.
When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
What we will NOT do with your personal information
We will not share your personal information with third-parties for marketing purposes.
How we ensure the security of personal information
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Treating Disorders will never use open or unsecure Wi-Fi networks to send any personal data.
Personal information is also stored on an Apple Mac computer and on a secure server owned by Dr Georgina Heath. These are password protected. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner, mobile security and antivirus software. Any written therapy notes are stored in two separately locked containers.
Your right to access the personal information we hold about you
You have a right to access the information we hold about you.
We will usually share this with you within 30 days of receiving a written request.
We may request further evidence from you to check your identity.
A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
You have a right to get your personal information corrected if it is inaccurate.
If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
Treating Disorders reserves the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017).
Dr Georgina Heath
Chartered and Clinical Psychologist & Owner
The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.