I take the privacy of your data seriously. I want to fulfil the spirit of the General Data Protection Regulation (GDPR) which is about protecting your right to privacy, not just the laws relating to data protection. This includes everyone who comes into contact with me. This is a working document which I endeavour to update regularly.
Here is a list of what I do to protect your personal information:
- Your clinical notes are handwritten and stored safely or held on files that are password protected. I alone have access to these files.
- I require all other parties working with me (such as my clinical supervisor or accountant) to sign a confidentiality agreement.
- Where possible, any specific files containing your personal details are password protected implementing a two-step authentication.
- Emails are confidential. Wherever emails are sent to more than one person all recipients of emails are blind copied, as “bcc”.
- I only use software where data security is fully implemented and where their adherence to GDPR compliance is confirmed in their Terms and Conditions. In particular I use Zoom for online therapy sessions: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance
- Files of a personal nature are sent using a specific web-based encrypted service, WeTransfer.com. Alternatively, I may send them using a password-protected file attached to an email. If I use this second method I will send the password via a different method (mobile phone message).
- I will never share or sell your information.
- If you would like to have your details removed from my system, partially or entirely, I will be happy to do so, providing that there is no adverse reason (such as a complaint or legal reason) preventing me from so doing.
- If you want your information removed, I invite you to send me an email at email@example.com putting “right to erasure” in the email subject field.
- I will review my data protection policy annually to ensure it is still fit for purpose and complies with current regulations.