Data collection
All data will be used, stored and protected in line with General Data Protection Regulation (2018). For business purposes I am required to collect personally identifiable information such as your name, address and contact details. I am required to keep clinical notes which may contain sensitive information. Reports and other clinical letters will also by their nature contain sensitive information.
Data sharing
With a few exceptions, the information you share with me is confidential. These exceptions are laid out in my Terms and Conditions form, which you will be required to read and sign before any work can begin. I will only share information when you give explicit consent to do so, or when I have concerns about your safety or the safety of someone else, particularly when there are children involved. I may also share information during professional supervision, but this information will not identify you.
Data storage
Any information stored digitally will be password protected. Hard copies of documents containing personal, identifiable or sensitive information will be secured in locked storage. As per professional guidelines, your information will be destroyed no more than 7 years after discharge.
Right to access
You have the right to request copies of personal information held about you, and to ask me to correct or change any incorrect information held about you.
Right to be forgotten
According to GDPR, there are some circumstances under which you have the right to ask an organisation to delete information held about you. This is not an absolute right, and health professionals are unlikely to be able to fully comply with such a request because of the legal basis upon which we store and process data (to provide a contracted service, establish or defend against legal claims, provide health or social care). However, as mentioned above, you do have a right to ask me to correct or change any incorrect information I hold about you.