Data Protection & Privacy Policy
Dr Abbie Kirkham (HCPC Registered Counselling Psychologist) specializes in delivering psychological therapy to clients on behalf of individuals and organisations and clinical supervision for other healthcare professionals. Although I need to collect and hold certain personal data in order to deliver services to you I am committed to protecting and respecting your privacy. This policy provides an overview of how I comply with General Data Protection Regulation (GDPR) in regard to any personal data I hold in relation to clients.
How I obtain personal information:
If you contact me, whether by telephone, email, website, or other means, I may keep a record of that correspondence. I may ask you to complete various questionnaires and other forms that I will use to tailor my services to your needs. I may keep records of any meetings and sessions in the form of written notes, electronic notes and very occasionally audio or visual recordings. I may receive correspondence from you or from other healthcare professionals relating to your case. I may also produce notes, assessments or reports outside of sessions, requested by third parties such as your insurance company if they have referred you to my service.
What personal information I collect and how I use it:
Contact information: I hold contact information that you have provided which I use to contact you about appointments or your treatment. This information may include:
Your full name including title,
- Your address,
- Your telephone number(s),
- Your email address, and
- Online IDs for services like Skype (where relevant).
If you are a supervision client, and you have agreed that I may do so, I may use this information to send you details of services that I believe may be of interest to you. If you are a personal therapy client, then I will not send you any correspondence that does not directly relate to your treatment unless you have specifically requested that I do so.
General information: I hold general information that you have provided which I use to manage the delivery of my service to you. Some of this information also enables me to comply with my legal or regulatory obligations. This information may include:
- The individual or organisation that referred you to me (where relevant),
- Your date of birth,
- A record of appointment dates and attendance,
- General and admin correspondence, and
- Information on the type and location of sessions
Familial relationships: I will always ask for a nominated ’emergency contact’ to ensure that I am able to comply with sensible health and safety arrangements. If I require consent from a parent or guardian to deliver services to you, or if a family member, guardian, or other agreed person is directly involved in your case, then I will need to hold contact and general information about those individuals.
Special Category data: Due to the nature of my service I may need to process data relating to your physical and mental health. The General Data Protection Regulations deem data concerning health as a special category of personal data which means that I need specific reasons for processing this data. These reasons relate to the type of services that I deliver to you, but I believe it is also important to get your informed consent to holding this data. This information may include:
- Your reasons for contacting me.
- The name and contact details for your GP.
- The name and contact details for other healthcare professionals involved in your care.
- Significant physical or mental health details, including medication.
- The type of therapeutic service that is being provided to you.
- Completed questionnaires and scores.
- Correspondence from or to you about your case.
- Correspondence from or to other healthcare professionals about your referral and treatment.
- Correspondence from third parties about your referral.
- Mobile communications from or to you about your case.
- Completed consent forms
- Session notes
- Audio or video recordings of sessions
Payment Information
I am required to hold information on payments received for my financial records. This information may include:
- Your full name and title,
- The date and amount of the transaction
- If payment is made on your behalf, we will need to record the details of the person or organisation making the payment.
Who I share your data with: I may share your data with other healthcare professionals involved in your case on a need to know basis, but I will make sure you are aware of this. I am required to undergo formal supervision. As part of these sessions it may be necessary to discuss your data with the supervisor who will be a qualified healthcare professional operating under terms of confidentiality. Your information will not be shared with other third parties.
Your rights under data protection legislation: You have various rights under the relevant data protection legislation. Here is a summary of those rights:
Subject Access: You have the right to see what information I hold about you within 30 days of making the request. A request may be subject to a small fee to meet my costs in providing you with details of the information I hold about you.
Rectification You have the right to ask me to correct any personal data I hold about you that is wrong. If you feel this is the case, then please let me know.
Erasure You have the right to ask that I erase any information I hold about you. However, this right may be limited by my need to comply with statutory or regulatory requirements for retaining data. The BPS guidelines recommend retaining clinical notes for 7 years post treatment at which point they will be destroyed. Basic information like contact details held on my phone or email will be deleted after 6 months.
Communications You have the right to ask me not to contact you. This may be for specific purposes or you may not wish to be contacted at all. Obviously, I will need permission to contact you if you are an active client so that I can continue to deliver the agreed services to you.
How I keep your data secure:
The personal data I hold on you is either stored physically or electronically. All Physical data (personal details, therapy notes) are secured in locked storage when not in use.
All sensitive electronic data will be sent to clients in an email attachment that is password protected. Electronic data is held on a computer owned by Claire Money and is password protected. Mobile devices are also password protected.
Data retention and destruction:
I do not keep any information about you longer than necessary. The length of time I keep your data may be determined by statutory or regulatory requirements. I delete or destroy all personal data when it is no longer required.
If you would like any further information, then please get in touch:
Data Controller: Dr Abbie Kirkham
Email: info@abbiekirkhampsychology.com
Address: 62 The Strand, Walmer, Deal, CT14 7NR
You also have the right to raise any concerns with the Information Commissioners office (ICO).