DATA PROTECTION POLICY
The EU General Data Protection Regulation (GDPR) requires that if anybody processes your information, they must let you know why they are doing it (under what legal basis), who has access to it, and how they process it. When you arrend therapy, you share a lot of information about yourself, and in this section we explain why we need to process the information you give us, how we do it and who does it.
Why is information processed?
Under the GDPR, your therapist is the ‘data processor’. The type of information processed in a psychotherapy/counselling setting is of a personal and medical nature, and is referred to as ‘Special Category Data’ There must be a legal basis for anyone to process Special Category Data, and our legal basis is that it is “necessary for the purposes of preventative or occupational medicine”.
See the full paragraph, in Article 9(2) of the GDPR:
“(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3”
What kind of information is processed?
In our practice, we have process three types of information:
1. Forms that contain your name or identifying information,
2. Anonymous coded files with information such as session notes, mental health history, and any homework, art materials or self-reported questionnaires.
(These are kept in two separate files and cannot be linked with one another).
3. Electronic data
All of your data is confidential and cannot be shared with anyone. Only your therapist has access to it. There are exceptions to confidentiality by law, and these will be clearly explained to you when your therapist meets you first.
1. Forms with your name:
When you begin therapy, you will be asked to complete an Intake Form with your name, address, email address, contact number, next of kin, etc. This information is necessary for your therapist to contact you and carry out your treatment. In the case of a next of kin, by giving us their name and number, you are giving us permission to contact them in the case of an emergency during the session ONLY (ie: fainting, medical emergency). We will never contact a next of kin unless there was an emergency. There might be other forms containing your name (such as no self-harm agreement forms, parental consent forms, forms giving permission to break confidentiality if they want us to talk to another help professional about them). Any forms with your name are kept together and separate to your anonymous file.
2. Anonymous File:
Your file is a paper file with information on your therapy, it is identified by a code, and does not contain identifying information. This means that if anyone were to read it, they would not know who it belonged to. It might contains the information you gave us about yourself in the assessment (such as brief family history, medical or mental health history, whether you are on medication, the current issue you need help with, your therapeutic goals, etc.), Any questionnaires you complete during your treatment to assess your level of distress, self-compassion, or your satisfaction with the service; or very brief notes, if necessary, on therapy progress. Again, none of the information in your file contains your name.
3. Electronic Data:
We don’t keep any client information on our computers, except for any letters you have asked your therapist to write for you (such as a referral letter), and these are password-protected. We also have a password-protected document where client names are linked with anonymous codes. Other than these, and email and text message correspondence with you, no other data belonging to you is kept electronically.
EMAILS: Care will be taken not to write any sensitive information in the body of an email, but be aware we cannot guarantee the security of any sensitive information you decide to email us.
PHONE: Your therapist has a separate work phone (password protected) that is used only for the purpose of work, therefore reducing the risk of any mistaken breach of confidentiality.
Where and how is all this information kept?
Any paperwork with client information is kept in a secured locked cabinet. Only your therapist has access to the key. Any paperwork with your data never leaves the premises.
Who has access to the information?
Apart from the legal limits to confidentiality, only your therapist (the data processor) has access to your information. In the case of minors, important information the minor shares is passed on their parents/guardians. This will be explained clearly in the assessment. In the case of adults, information cannot be shared with third parties, such as family members, parents or spouses. If a family member makes contact with your therapist, your therapist will not engage with them or even let them know whether you are attending or not.
Your therapist is obliged to attend clinical supervision and cases are discussed in order to make sure your therapist is being effective, but the notes are never taken to supervision, and care is taken to protect confidentiality.
How long is the information kept for?
The two accrediting bodies that your therapist is a member of (the IACP and the IAHIP) recommend that your data is retained for a minimum of 7 years after the last session, then shredded.
What are clients’ rights in relation to their information?
You can find all the information you need about your data protection rights on www.dataprotection.ie and www.gdprandme.ie