Charlotte provides clinical psychology services, including psychological therapy, assessment, ASC assessments, supervision and training.
Charlotte will use your information to provide you with psychological assessment and treatment.
Charlotte needs to collect information about you so that she can:
If you do not provide the personal information requested then Charlotte will not be able to provide a therapy or ASC assessment service to you.
In order to provide you with the best possible care and to ensure safety of her practice Charlotte will routinely ask for and keep personal information. Charlotte may collect this from you directly and sometimes also from third parties such as GPs, insurance companies or other referring agencies.
This information may include:
Personal Data: basic contact information (name, address, email and contact number, GP and emergency contact details) date of birth, health insurance details. Personal data in invoices and copy receipts, accounting records, tax and VAT returns and related information. Charlotte will collect this information from you.
Sensitive Data: referral information, presenting difficulties and current circumstances; Signed therapy terms and conditions, signed GDPR agreement; therapy records (therapist session notes, letters, reports and/or outcome measures), Developmental, school and family history medical conditions relevant to therapy and assessment for ASC if appropriate, Prescribed medication, any illicit substance use, if appropriate.
If you are referred by your health insurance provider, or another health professional, then Charlotte may also, with your consent, collect and process personal and/ or sensitive data provided by them. This could include basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
If you are seeking an ASC assessment for your child, with your consent, relevant assessment information will be shared with the multi disciplinary team to enable a truly multi disciplinary assessment to be completed. Information may be shared verbally in confidence, through access to a shared secure drop box and via highly secure password protected emails.
If you choose to pay Charlotte by electronic bank transfer then she may hold a record of this transfer through her bank.
Charlotte uses the data she collects from you in the following ways:
To communicate with you so that she can inform you about your appointments with her. Charlotte will collect personally identifying information such as your name, your contact details such as your telephone number, email address or postal address.
To deliver the correct service to you Charlotte will use your name, your contact details and may use information from third parties, such as referral from GP or insurance companies.
To create your invoice Charlotte will use your name and email address and health insurance identifiers where appropriate. Charlotte will send data by email using your identifier provided by the company, password protect this document, use online encrypted system where this is provided, or send by post.
Charlotte may store information about you in the form of written or electronic notes from our sessions or telephone calls, paper or electronic copies of reports. Email correspondence between you will be stored in Charlotte's email account (including your email address and anything you disclose in emails). Charlotte regularly deletes emails. Your telephone number may be stored in Charlotte's SMS if you have communicated in this way, but your full name will not be listed in the contacts.
All information you provide Charlotte and ASDDocs with is stored on Charlotte's secure server, password protected computer, password protected mobile device or in a locked filing cabinet.
With your written consent Charlotte may record our meeting (video or audio) for CPD purposes. These will be kept on password protected mobile device and shared with relevant persons in a secure way. They will be deleted as soon as practically possible.
Data is only used for the purpose it was originally collected and for business purposes, including tax and accounting purposes. This means that Charlotte will not share information about you with anyone else without your prior consent. The only exceptions to this would be those dictated by law and professional regulatory bodies, for example in the case of a safeguarding issue, significant risk or when a crime has been reported to Charlotte. In these instances Charlotte may be required to share information with third parties without seeking your prior permission.
To ensure best possible clinical practice Charlotte adheres to regulatory standards and engage in clinical supervision. Notes from clinical supervision are kept securely in the same way as other information about you and Charlotte does not share any identifiable details with her supervisor (although they may have access to these in the case of Charlotte's death to ensure ongoing security of your data).
For ASDDocs clients, information will be kept secure but other members of the team involved in the Multi disciplinary assessments will have access to the identifiable details and will be meeting you your child for their part of the multi disciplinary assessment. Their part of the assessment will be kept securely in the way set out in this policy.
When Charlotte needs to share special category data electronically with a third party this will be encrypted or done through a password protected document. Alternatively data may be physically posted to a named individual at a specific address.
Charlotte will send invoices and reports to health insurance companies and other professionals as required professionally and abide by confidentiality as stated on her terms and conditions. Invoices to health insurance companies are sent electronically and pseudonymised with company codes. Where this is not possible or practical all documents are password protected.
Cloud storage providers will have information shared with them in compliance with GDPR.
Unfortunately the transmission of information via the internet is not completely secure. Although Charlotte will do her best to protect your personal data, she cannot guarantee the security of your data emailed to her. If you wish to share very personal information with Charlotte it is recommended that you do so via telephone or in person if this is preferable. Once Charlotte has received your information, she will use strict procedures and security features to try to prevent unauthorised access. Routine emails are deleted as soon as possible. Any documentation that is relevant for clinical files is uploaded to an electronic file or printed and stored securely.
Professional and HMRC guidelines recommend that data about you is held for 7 years following completion of therapy or 7 years from the date you turn 18 if you were seen as a child. This is so that Charlotte has reference to our work should you return to therapy or should Charlotte be required to provide information in the event of legal action / court instruction. Charlotte will then delete electronically held reports and shred written information. When information about you is no longer needed this period Charlotte shreds paper documents and securely delete all electronic data held about you. Under the GDPR you have a 'right to be forgotten' and if you wish your data to be deleted prior to the 7 years please let Charlotte know and you can discuss whether this right can over-ride the requirement to retain data.
You have the right to access information held about you. You can make a subject access request to Charlotte to see information held about you and Charlotte will respond to such requests within 30 days as per GDPR guidance. This does not need to be in writing and may be made in person or by phone. Charlotte may require further additional verification that you are who you say you are to process this request. Charlotte may withhold personal information to the extent permitted by law. In practice, this means that Charlotte may not provide information if she considers that providing the information will violate your vital interests.
If you wish to have your information corrected then please contact Charlotte. She may require additional verification that you are who you say you are to process this request. You must provide her with the correct data and after Charlotte has corrected the data in her systems she will send you a copy of the updated information in the same form as the subject access request in section.
If you do not wish to receive information through these means, please let me know.
Should there be any breaches with regard to your personal data this will be reported to the ICO within 72 hours together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The individuals affected will also be informed if this occurs.
All personal data breaches, however minor, and whether reportable or not are recorded.
If you are not satisfied with my response to complaints or queries you can raise a complaint with the Information Commissioner's Office (ICO).
Telephone: 0303 1231113
To continue to ensure that your information is protected in accordance with the most recent guidelines and standards, Charlotte may change this policy from time to time. You are advised to regularly check this page to ensure that you continue to be comfortable with the measures that Charlotte is taking to protect your privacy. This policy is effective from 9th February 2020