What is GDPR?
On 25 May 2018, the law changed with regard to how organisations have to protect your ‘data’ (personal details and records) and this is called the General Data Protection Regulation or GDPR. The following summary highlights how GDPR is being implemented, by explaining why confidential information is held and how this is protected. https://www.ico.org.uk
It is assumed that by engaging with the service you are consenting to records being kept.
Why do we need to collect data?
Keeping records is an essential component of healthcare, which helps in understanding how best to help and forms the basis of any reports needed.
How will your information be stored and used?
At MaxiMinds, we take your privacy very seriously.
We are committed to taking reasonable steps to protect any individual identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.
All information recorded on paper will be securely stored in a locked filing cabinet. In the event of paper notes needing to be transported, this will be done in a locked case.
Confidential digital information will be stored in a secure cloud service offering high levels of security. Digital information that needs to be transported will be stored on a secure, encrypted, and robust USB stick.
Confidential information sent by MaxiMinds via the internet will be encrypted and password protected, with the password being sent separately by text or phone call.
Letters sent to professionals such as GPs, by surface mail, will be clearly marked Confidential
All electronic devices (e.g. computer, laptop, tablet, and phone) used to access stored information will themselves be password protected, and have up-to-date security software installed.
How long do you keep my information?
At MaxiMinds, we do not keep your for longer than is necessary
Consultation notes, received correspondence, and questionnaires can be held for varying lengths of time depending on the content (and then carefully disposed of) and requirements.
Usually, we will retain your information for a period of 7 years if you are an adult, and if you are a child, for 7 years after your 18th birthday.
Some records may be held indefinitely if there were any issues of concern that could lead to police investigation in the future.
Marketing
MaxiMinds will not share or sell your information, or willingly pass it on to third parties. We will not send you e-mails marketing our service. The only email you will receive from us will be to confirm your appointment, or any correspondence in relation to the service you are receiving from MaxiMinds.
How can you access your information and correct it, if necessary?
MaxiMinds tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. This will incur an administration fee and will information will be provided within one calendar month of the request being made. To make a request to MAXIMINDS for any personal information we may hold, you need to put the request in writing.
In the event of death or incapacity of the therapist, arrangements have been made for records to be held by a named professional colleague who will continue with the above obligation.
Consent and Confidentiality
When we first meet each other I will ask you to sign a consent form with my Terms and Conditions. I will request consent to contact you via email / telephone to confirm appointments.
Most of what is discussed in sessions is kept confidential between the Clinical Psychologist and the client. We will need to report back to the referrer about the outcome of the assessment/intervention, though precise details of what is included in those reports can be negotiated. If it would help the assessment or intervention to seek information from others, or share information with others, whether they are professionals or significant others, we would usually ask permission or consent from the client.
It is, however, standard practice to consider sharing information with either a next of kin or other statutory agencies should we be concerned about either a risk to yourself, others or if there is a crime that has not yet been reported to the Police. This is a professional obligation and cannot be negotiated.