On 25 May 2018 the law changed with regard to how organisations have to protect your ‘data’ (personal details and records) and this is called the General Data Protection Regulation or GDPR. The following summary highlights how GDPR is being implemented, by explaining why confidential information is held and how this is protected. See https://ico.org.uk for more information.
It is assumed that by engaging with the service you are consenting to records being kept
- Keeping records is an essential component of healthcare, which helps in understanding how best to help and forms the basis of any reports needed
- Confidentiality is maintained at all times (i.e. your information is not shared) unless there are exceptional circumstances such as risk to yourself or others, when other services such as your GP or police may be contacted without your consent as this is a professional obligation
- Consultation notes and questionnaires will be held for varying lengths of time depending on the content (and then carefully disposed of)
E.g. some records may be held indefinitely if there were any issues of concern that could lead to police investigation in the future
E.g. mental health records are subject to special legislation e.g. children’s records are kept until age 26 and adult records for 8 years after the last contact with the service https://www.gov.uk/government/publications/records-management-code-of-practice-for-health-and-social-care
- All information recorded on paper will be securely stored in a locked filing cabinet
- Confidential digital information will be stored in a secure cloud service offering high levels of security
- Confidential information sent by the psychologist via the internet will be encrypted and password protected, with this sent separately by text
- Letters sent to professionals such as GP’s, by surface mail, will be clearly marked Confidential
- All electronic devices (e.g. computer, laptop and phone) and used to access stored information will themselves be password protected
- Right of access; a ‘subject access request’ or SAR can be made for copies of records but there may be an admin charge and these will be provided within 1 calendar month of the request being made.
- In the event of death or incapacity of the therapist, arrangements have been made for records to be held by a named professional colleague who will continue with the above obligations