Privacy Policy

WHO WE ARE AND WHAT SERVICE WE'RE PROVIDING
Poole Autism Practice is a sole trader. It consists of a Clinical Psychologist registered with the Health and Care Professions Council (HCPC) providing specialist assessment and therapy online and face to face at the Consulting Centre in Branksome, Poole.



DATA PROTECTION AND PRIVACY
We are registered with the Information Commissioners Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. As a member of the public, you can complain to the ICO if you are unhappy with how an organisation has handled your information. For example, if your information is wrong, lost or has been disclosed to someone else, or if you have not been given access to your personal data.In addition, we respect and comply with the EU General Data Protection Regulations (GDPR) enacted under the UK Data Protection Act 2018. This document outlines how I comply with these regulations.



HOW YOU CONSENT TO US STORING YOUR DATA
In order to gain your consent, we will explain what you are consenting to and ask that you explicitly consent to contact from us. When you provide us with personal information, we ask you to explicitly consent to us collecting it and using it for that specific reason only.



WHY WE NEED YOUR PERSONAL DATA

As health professionals we are required to keep records of the work we do. We only collect and store information, which is relevant to our therapeutic work together, and which will enhance your care. We are permitted to collect and keep this information by law.

 

WHAT INFORMATION WE WILL STORE

When you agree to participate in assessment or therapy sessions with us, we will ask you to complete a personal information form. This includes details such as name, age, contact details, next of kin and GP. This is the only document where your full name and contact will appear. In all subsequent documentation your initials will be used, except for diagnostic reports. At assessment and during subsequent sessions you will be sharing information with us about your life experiences, thoughts and feelings. These will be recorded in note form and any reference to you is made by using your initials. These records will also include our shared understanding of your difficulties (a formulation) and our plans for treatment. We implement appropriate technical and organisational measures, in an effective way in order to meet regulation requirements and protect your rights. We hold and process only the data that’s absolutely necessary for the completion of our duties (data minimisation). We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.



HOW WE WILL USE YOUR DATA WITHIN OUR PRACTICE
We use the data we hold about you to contact you about appointments and to take notes about what we have covered together. This ensures continuity of care and means we are able to provide you a better service. How we will store and protect your data within our practice. Although no method of transmission over the Internet or electronic storage is 100% secure, in order to protect your personal information we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.



YOUR DATA IS STORED IN THE FOLLOWING WAYS:

  • Electronic storage of client material: All electronic records that contain personal information are password protected and stored on a password protected computer, so that they can only be opened and amended by your clinician.
  • Storage of paper notes: Paper notes taken during sessions will not contain any identifiable personal information. These notes will be stored in a locked filing system which only we have access to and which is stored at my private residence.
  • Questionnaires: We may agree to use questionnaires as outcome measures during treatment. We will ask that you do not add personal information to these documents. These will be stored as documents on a password protected computer, so they can only be accessed by your clinician.
  • Video calls: We use a variety of video conferencing software such as Teams, Zoom, and Google Meet to conduct our therapy or supervision sessions online. All calls are encrypted.
  • Emails: All our email contact will be via our publicly advertised email address hello@pooleautismpractice.com . Or another encrypted email service.
  • Appointment scheduling: Initial appointments will be arranged via the email address you provided us when you first got in contact or via telephone.



WHO ELSE CAN SEE YOUR INFORMATION
  • We must treat all your information as confidential. I can only disclose confidential information if:
  •  We have your permission
  • The law allows it
  • It is in your best interests, such as preventing you from seriously harming yourself.
  • It is in the public interest, such as if it is necessary to protect public safety or prevent harm to other people.
  • 
This means that we cannot share your information unless there is a specific and valid reason for doing so. In all the above scenario’s we would endeavour to notify you and discuss this with you first. However, there may be instances where due to risk issues this is not possible or practical to do so.

As clinical psychologists and therapists we participate in supervision, which involves discussion of clinical cases with another practitioner. This is to ensure we are continuing to practice to the best of our abilities and in accordance with professional guidelines. During supervision, we will use your first name only to describe clinical involvement and treatment plans in your case. This information will be verbally exchanged. Our supervisor(s) will not hold any clinical notes containing your personal details and will not be provided with access to the clinical records that we hold about you. Our supervisor(s) are also bound by the same rules of confidentiality and information sharing. If you object to us using your first name for this purpose then please discuss this with me.



HOW LONG IS YOUR INFORMATION STORED FOR
In addition to the ICO rules, we are also bound by the professional guidelines of the Health and Care Professions Council (HCPC) and by The British Psychological Society (BPS). These guidelines state that we must keep full, clear and accurate records for everyone that we care for, treat, or provide services to. As these records form part of your medical history and may be required by you, your doctor(s) or health care team in the future we will keep all patient electronic records for a full 8 years after your treatment has ended.



HOW CAN YOU MODIFY THE DATA WE HOLD ABOUT YOU
You have the right to make amendments to the data we hold for you where necessary. You may withdraw your permission for me to hold your personal data at any time. However, this must be done in a written format. We routinely share with our clients any letters or reports before they are finalised. There is an opportunity to request amendments at that point.



HOW CAN YOU ACCESS THE DATA WE HOLD ABOUT YOU
You have a right to request to see the data we hold about you, including how it is being processed, where and for what purpose. Legally we are required to respond within 30 days. Please contact us if you would like to access your data. In instances where we provide you with access to your data, we will provide it in a ‘commonly used and machine readable format’ free of charge. You have the right to transmit the data you receive to another, provided permission has been authorised in writing from any other party connected with the recording.



HOW YOU CAN RETRACT CONSENT TO HOLD AND PROCESS YOUR RECORDS
We retain your personal information and health record for 8 years and thereafter they are destroyed. This is in line with UK best practice for adult health and social care records (IGA, 2016). You have a right to retract consent to hold and process your records before that time if you wish. Please let us know if you wish to do so.



WHAT HAPPENS IF THERE IS A BREACH OF SECURITY

If for any reason, there is a breach in the way your information is stored or shared then we must take immediate corrective action and also inform the ICO of this breach within 72hours. We would also inform you that a breach has taken place, how that breach occurred, what information was mistakenly disclosed and the steps made to rectify the situation. If you believe we have breached data security in any way, then please notify us immediately via email.

The most frequent type of data breach occurs when an email is sent to somebody else by mistake. In order to reduce the likelihood of this happening we ensure we check each email address before sending an email or where practical reply to an email that you have already sent. Generally, we will only use email to correspond about appointment times or to send widely available information sheets that may be useful to you. It is not usual for sensitive personal information to be contained in any emails. An exception to this may be prior arrangement to use email to provide additional personal information within letters or reports. Any reports or letters containing personal information will be sent from a secure email address or password protected.

In the unlikely event that we send an email to the wrong email address we will:
Email the recipient as soon as possible and ask them to delete the email
Refer to ICO within 72hours and follow their guidance
Notify the intended recipient of the breach as soon as possible and within 72hours

CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time and changes and clarifications will take effect immediately. If we make material changes to this policy, we will notify you via email that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.



HOW CAN YOU RAISE A COMPLAINT

Please note that the work being undertaken is in accordance with the law of England and Wales and any disputes will be subject to it. If you are concerned about the care we have provided to you, we encourage you to speak to us immediately. If you feel we have done something harmful or unethical and you do not feel comfortable discussing it with us, please contact the Health and Care Professions Council here.

Complaints relating to the holding of your personal data should also be directed to us in the first instance as the Compliance Officer, via email hello@pooleautismpractice.com We aim to respond to all complaints within 30 days. To make a complaint directly to the ICO please do so here.



QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you or simply want more information contact us by email: hello@pooleautismpractice.com