Karen Hastings Therapy GPDR policy
My name is Karen Hastings and I am a mental health occupational therapist and manage my own therapy practice in Dunfermline Fife. I work alone and therefore it is me who decides how your personal data is processed and shared. I take protecting your privacy seriously. On this page I explain how I use and protect any information that you give me when you visit my website and when you use my therapy services. I will never share your information with a third party for marketing purposes. If you have any questions or concerns about how your data is processed or shared, you can contact me on 07895 430160 or by email at firstname.lastname@example.org
I process your personal data in line with GDPR legislation (General Data Protection Regulation) (EU) 2016/679 and according to what is in “legitimate interests”. I have a professional obligation to take notes in each session, which are stored in your file. My notes allow me to reflect on our sessions, track your treatment plan and plan for future sessions. Notes are retained once you finish your therapy treatment. I store your data for six years. According to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore necessary that I store your data for this period of time. Once you are discharged from my service, your file is stored securely in a locked, secure area on site and after the six years, your file is shredded.
When you visit my website
Contacting me via email or over the phone
When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email, or my reply is 100% secure as is the nature of data sharing over the Internet. If you wish to send me any documents via email then you may choose to password protect your document. If you choose to contact with me over the phone, I may collect information from you in order to decide wether to invite you for an assessment. Sometimes you may choose to have your initial assessment carried out over the phone. Information I collect will be stored in notes in your file. If you choose not to begin therapy sessions, I will use a shredder to dispose of this initial information I have collected. I process your personal data in line with GDPR legislation (EU) 2016/679, and take the appropriate measures to keep it secure. You must be aware that no data sharing over the Internet can be guaranteed to be 100% secure. Its important that you acknowledge and agree that you share and transmit the information at your own risk.
Face to face
When you attend therapy sessions, I collect and record data from you in order to get to know you, understand your difficulties and help you overcome your problems. I will ask you to complete a Client intake Form-this form will ask you to provide me with personal information, including your name, date of birth and address and GP details. Its typical that I will collect some or all of the following personal information from you, either at the pre-assessment stage, initial consultation or throughout the therapy process (on the phone/via email/via my website): Name, address, telephone number, email. date of birth, GP contact details, gender, IP address and webpages visited on my website, health insurance details if applicable. The client intake form may also involve the collection of special category data (sensitive) such as mental health history, medication history, physical health history. During the course of therapy other healthcare data that may be collected that falls under the class of Sensitive data may include sexual orientation, sexual behaviour, mental health symptoms such as suicide risk, alcohol and drug use, religion, relationship history, offences or alleged offences, and scores from mental health assessments (questionnaires that measure the severity of your symptoms such as OCD, depression or anxiety scales, attachment questionnaires). The above data is collected so that I can provide you with therapy sessions that are adequate and that in conjunction with you, we can track your progress and measure improvements. It also allows me to monitor the effectiveness of treatment I provide to ensure best practice, make referrals if required, liase with other health professionals who may be involved in your care and account for clinical decisions.
From Third-Parties and to Third parties
I may receive information about you from third parties, usually family members or other health professionals. I will never knowingly obtain data about you from any third party without your knowledge or consent. There may be occasions when I need to share the personal information I process about you with third parties, usually insurance company or other health professionals involved in your care. When I do so, I comply with all aspects of the Data Protection Act 1998 (DPA). There rare situations where I would share your information with third parties, without your consent: a court order, if there is a child protection issue, risk to self or others, i.e., you have expressed an intent to kill yourself, or someone else. In line with the Health and Care Profession Council (HCPCC) codes of conduct – I must take appropriate action to protect the rights of children and vulnerable adults if I believe they are at risk.
You have a number of rights (including Right to be informed, Right to access, and Right to lodge a formal complaint) when it comes to your personal data. Please refer to the ICO’s website for full details of your rights. Right of Access – You may request details of personal information which we hold about you under the Data Protection Act 1998 and in line with GDPR legislation (EU) 2016/679. Right to lodge a formal complaint with a supervisory authority. If you believe that your rights under the GDPR regulation have been infringed, or I’ve not processed your data in line with GDPR Regulation, you can inform the ICO (Information Commissioner’s Office).
Facebook: Fife Occupational Therapist Supporting Women’s Mental Health