All correspondence and therapies are undertaken in the strictest confidence.
This privacy statement sets out how I use and protect any personally identifiable information that you disclose to me ether online, by phone, in writing and/or verbally during therapy sessions from the first time you make contact with me. The data controller/data processor for Dr Ruth Henderson Psychological Services is Dr Ruth Henderson.
I seek to ensure the highest standards of compliance with United Kingdom data protection laws and regulations (GDPR - General Data Protection Regulation, 2018). I am also ICO - Information commissioner's Office - registered.
Any information provided by you during therapy sessions will be regarded as medically sensitive information. Such information will not be disclosed to third parties without your prior written consent in accordance with the provisions of the Access to Medical Reports Act, 1988 and 1990. I may be obligated to disclose data to the police, regulatory bodies or legal advisers in connection with any alleged criminal offence where required by law and/or if it is in the public interest - in accordance with the HCPC regulatory requirements.
Storing your personal data
I take all steps reasonably necessary to ensure that your data is treated securely. Paper files are anonymized, coded and stored in a locked filing cabinet in a secure location. Electronic data is stored using a web-based storage facility, also coded, and access to all data is password-protected. Unfortunately, the transmission of information via the internet is not completely secure. Although I will do my best to protect your personal data, for example by sending password protected documents, I cannot guarantee the security of your data transmitted.
How long your data is stored for
I comply with the BPS and HCPC regulatory requirements for psychologists in terms of data storage and usage. This means that due to legal obligations I am not able to delete personal data and need to keep it - the 'right to be forgotten' does not apply to psychology and medical notes (GDPR, 2018). The BMA (British Medical Association) suggests GP notes to be kept for 20 years and indefinitely in criminal cases or where the armed forces are involved. The APA, American Psychological Association suggests note keeping for 7 years and the BPS, the British Psychological Society recommends notes to be kept for 7 to 10 years from the last contact - this is the advice I follow. Finally, you have the right to access the data that is stored about you.