Therapy client data & GDPR

Under the General Data Protection Regulations, (GDPR) I, Lizzie Elliott of Calming Light Counselling, am required by law to inform you about how I process and keep safe the data I hold that pertains to you.

If you are a current therapy client of Calming Light Counselling, or are about to become a therapy client, here’s what you need to know:

What therapy client data is held about you if you decide to become a client?

I keep certain data so that I can work safely and professionally with you, in line with the guidelines of professional organisations that I belong to, including the BACP.

The therapy client data I hold may include:

  1. Your name and address

  2. Your phone number and email address

  3. An emergency contact’s name and phone number

  4. Your GP name and contact details

  5. Relevant medical information

  6. Session notes

  7. Payment information

  8. My emails to you, and yours to me

  9. Invoices

You have the right to know what therapy client data I hold, why I hold it, and for how long I hold it.

You also have the right to view it, and to ask for changes to be made.

When sensitive data is to be destroyed, it is shredded. If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible.

How, why, and for how long is your data held?

To try and make things as clear as I can, I’ve divided this into nine sections. You’ll need to consider each section individually.

 1. Your name and address

How I keep this data

I keep your name and address in paper form in a locked filing cabinet. These are kept separate from your session notes.  My clinical supervisor has your first name, their notes are kept in paper form, kept in their locked filing cabinet.

Why I keep this data

This is required by my professional liability insurer and by my professional organisations (BACP).

How long I keep this data

My professional liability insurer advises that I keep this data for seven years. After that time it is destroyed.  My clinical supervisor will destroy the data when you and I finish our work.

Who sees the data

Myself.

2. Your phone number and email address

How I keep this data

I keep your phone number in my mobile phone. My phone is locked with a passcode when I am not using it. Your email address is held in my Email, which is encrypted.  Neither my computer nor my phone are shared with anyone else, unless it is required by a technician for maintenance.

I also keep your phone number and email address in paper form in a locked filing cabinet. These are kept separate from your session notes.

Why I keep this data

This is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice).

I also keep your email address in case we agree to work therapeutically via email, either as a regular arrangement or just occasionally.

How long I keep this data

I will remove this data when we have finished our work, unless you tell me that you would like me to retain it in case we work together again in the future.

Who sees the data

Only myself.

3. Emergency contact’s name and phone number

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare.

How long I keep this data

When we finish working together, I will delete this data, unless you and I decide to make other arrangements.

Who sees the data

Only myself.

4. Your GP name and contact details

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

You and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures.

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only myself.

5. Relevant medical information

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

It may be relevant to share certain medical information when:

(a) Your mental health history, diagnoses etc may inform my treatment plan to make it more appropriate for you

(b) There is any risk that health conditions such as seizures, diabetes, etc may impact a session

(c) Your medications may affect our work

(d) You have any allergies that I should be aware of in order to keep you safe

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only myself.

6. Session notes

Notes may include dates and times of attendance, and brief notes on important themes from the session. I do not keep detailed session notes. I keep a ‘clear desk’ policy, which means that session notes and other information are not left unattended.

How I keep this data

I keep brief session notes in paper form in a locked filing cabinet. Your name or other identifying details are not kept with your session notes; only a code is used.

Why I keep this data

Brief notes may remind me of important points I want to be sure to remember to discuss in our next session, and/or in supervision.

How long I keep this data

After the work has been discussed in supervision, I may destroy any notes (or parts of notes) that my supervisor and I do not consider necessary to keep for longer.  My current policy is to destroy after session records seven in line with my liability insurance requirements.

Who sees the data

Only myself.

7. Payment information

How I keep this data

I make a note of payments you have made in paper form kept in a book for my business accounts. they are coded rather than named.

Why I keep this data

As a small business owner, I am required by law to retain certain financial information, primarily for tax purposes.

How long I keep this data

I keep financial information for 7 years as advised by HMRC.

Who sees the data

Banking transactions may be viewed by employees of the bank, my accountant and tax officers (HMRC).

When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online bank statements. You have the right to discuss alternative payment options with me such as cash.

8. Your emails and texts

How I keep this data

I may delete emails after I have noted the contents (for example, emails around scheduling). Any emails that I consider it necessary to keep are retained in my email account, which is encrypted.

Why I keep this data

I may keep emails if I consider it clinically necessary.

How long I keep this data

I will delete emails when our work ends, unless they form session notes (in which case, see above).

Who sees the data

Only myself.

9. Invoices

How I keep this data

If you require an invoice I create invoices on my laptop using windows. Invoices are kept as password protected documents on my computer.

Why I keep this data

I use the invoice to create the next one (in the case of ongoing work) so that I can revise and update it with new information.

How long I keep this data

Once payment has been made, and any further invoice has been created, I delete the invoice.

Who sees the data

Only myself.