My name is Suzy Carter and I am registered as a data controller with the Information Commissioner’s Office (ICO).
My record keeping is compliant with EU GDPR (General Data Protection Regulation), 2018 and I am committed to ensuring that the records I keep are secure, accurate and appropriate.
In order to provide the most appropriate therapy and to comply with the requirements of my professional registrations with the BACP (British Association for Counselling and Psychotherapy), the AoR (Association of Reflexologists), the CNHC (Complementary and Natural Healthcare Council); and my insurers, I need to record and retain your medical history as well as your personal details and contact information.
I will only use this information in relation to my work, with you, as a healthcare practitioner.
Your consent provides the legal basis for me to carry this out. You may revoke your consent at any time and request that your details are erased from my records; however, professional requirements mean that I am still obliged to retain your information for certain periods of time (see below).
It is your choice how much information you share with me and, if you choose not to share certain information, it should not affect your ability to access therapy in general but it may compromise my ability to work with you, due to the requirements of my professional registrations and insurance.
I make brief notes of our meetings, which are anonymised for counselling clients, in order to keep track of our work together and to satisfy professional registration and insurance requirements. I store these notes safely and securely in a locked metal filing cabinet. Personal details are stored separately for counselling clients. I will ensure that the information I record is accurate and up-to-date but it is your responsibility to inform me of any change to this information.
I do not share notes or personal details with anyone else or organisation or store notes electronically but they can be supplied on paper or in a standard electronic format, if requested and if it is appropriate. If I need to refer you to another professional, I will seek your permission before sharing any of your details.
If you contact me via my mobile phone, your telephone number will be stored on my work mobile, which is passcode protected.
I will hold your information for at least seven years, which is a requirement of my insurance company. CNHC registration requires that I retain records for eight years. The law regarding children’s records state that records are to be kept until the child is 25 years old or, if 17 years old at the start of therapy, until they are 26 years old. Records will be safely destroyed once the appropriate time has elapsed. It is your right to request that your information is destroyed at any time but I may not be able to comply, due to these professional constraints.
Our work will be confidential, unless I observe or you tell me something that I am legally obliged to report - for example, information about a crime such as an act of terrorism, money laundering or drug dealing, where the balance is in favour of the public interest. I might have to hand over my notes, if I am ordered by a court to do so. If possible, I would explore the situation with you first. Circumstances like this do happen but are rare.
I do use some social media platforms, for example a Facebook business page and LinkedIn but would never download information about you via these platforms, for any purpose.
Should a data breach occur, it is my responsibility to inform you and the ICO within 72 hours.
Should anything happen to me, I have a formal arrangement with an experienced colleague, who will contact you and take responsibility for my records, in accordance with this notice.
GDPR gives you certain rights in relation to the recording and storage of your personal information. Full details of these may be found here