General Data Protection Regulation Statement (GDPR)
The General Data Protection Regulation (GDPR) is concerned with the personal information about you and how it is collected, stored and shared. This is the GDPR statement of by Joanna Harris, Healing After Loss a BACP registered counsellor offering talking therapy in person, online and via telephone. Here you find information on how I collect, store, and share information collected.
Web access and collection of information online
When you contact me to request any services, I collect information about you. I also collect information about you when you voluntarily book for a free 30 min consultation, telephone, complete contact forms or email email@example.com. Information is also collected about you when you visit my website www.healingafterloss.co.uk by using Google Analytics and cookies.
Storing pre-consultation information (collected when booking a consultation online): When you book online, you are asked to provide some details about you and what you are looking for. The details collected are name, whether seeking online/in-person therapy, reasons for seeking therapy, current coping strategies, whether able to commit to weekly sessions and whether you approve being sent emails relating to therapy sessions.
Health record collection and confidentiality (for the use of therapeutic work only)
Your health record is kept confidential within the service and all information is stored securely. I follow the ethical guidelines of the British Association for Counselling and Psychotherapy (BACP) and ICO to ensure that your information about you is collected and stored securely.
When you contact me to access talking therapy with me, I collect your personal information including: your name, date of birth, address, phone number, email address, family relationships, occupation, previous psychological therapy, medical history, and medication. I keep records of your appointments, brief notes on the topics covered during the sessions and your concerns, and any letters and/or psychometric testing concerning you.
Session related information attendance and topics covered in the sessions will be initially stored electronically and on paper without identifying details and protected by using initials only. Your personal details and any information collected during the initial intake session (including possible referral letters, questionnaires) are stored in paper format in a locked cabinet. Once you have finished working with me, I store hard copies of the sessions notes in your file that is in a locked cabinet. The information is kept up to 7 years after you have completed working with me for legal reasons.
As part of the intake process, I collect information about whether you are happy for your GP to be informed about your contact with me and if additional support is required from them. At times I may seek further consent for sharing information if necessary.
Storage Methods for clinical services:
Paper written notes as described above
Electronic storage: unidentifiable, brief session notes covering the topics covered are held stored electronically and protected with a password until we stop working together. Then the notes are printed out and placed in your hard copy file which stored in a locked cabinet.
Phone: I use a very basic mobile phone for communication. Contact details are stored using initials only. SMS may be used for brief communication regarding appointments/payments.
Email: I used GMAIL based email. Your email address and our correspondence will be stored in my email account.
Website: your personal information is not stored on my website, other than to momentarily collect & send it to my Gmail account for the purposes of our initial contact.
As part of ethical practice, I am required to seek regular consultation with another therapist who is qualified in this process. This is to ensure that I am able to work to my best ability and offer an ethical service that is helpful to you. The consultation process is also protected by confidentiality and my consultant will not know you personally nor professionally. It takes place verbally and I refer to you by your first name. This process is to ensure my professional development.
You may be asked to sign a consent form if your information is necessary or requested to be shared with a third party. I will ask you about sharing information with your GP during the first session. As discussed above the exceptions to sharing information about you may take place if there was a danger to yourself or others.
In case of emergency
If I have a reason to believe that you are at risk to you self, to someone else or there are child protection issues I am required to act upon these concerns. In that case I am obliged to breach confidentiality by speaking to e.g. a crisis team (harm to self) or the police (harm to others / an organisation e.g. in case of terrorism) or child protection services / NCPCC. If I have to breach confidentiality, wherever possible I aim to discuss this with you first.
If I was to encounter an emergency myself and was unable to contact you myself, your name and contact details might be shared with a trusted person to inform you about the changes in our meetings. No other personal information would be shared.
Complaints should be addressed to the BACP. However, to prevent matters from escalating, I hope we can establish a therapeutic relationship, which includes open communication and you are able to raise any concerns in the session. I also hold a Professional Indemnity Insurance.
You have the following rights…
To be informed what information is collected and how it is stored
To see the information I hold about you
To rectify any inaccurate or incomplete personal information
To withdraw consent to me using your personal information
To request your personal information be erased (although if the information is needed for me to practice lawfully and ethically I can decline)