Adherence to privacy
Data protection policy and processes
Data Protection information
We keep minimal possible information on our clients and colleagues.
Email software may store contact details and emails until deleted, this is basic correspondence to enable clinical service. We need this to arrange support.
Initial assessment forms and other assessment forms will be kept in hard copy format in a locked filing cabinet. Clients may refuse to complete these but this may prevent service.
All out of date or non essential data will be deleted (digital) and or shredded (hard copy). we use encryption built into Gmail, encrypted deletion, extra security password protection and a full software suite of firewall and security protection on all computer and smartphone equipment.
Our legal basis for holding data is: clinical care, regulatory requirement and insurance coverage requirements in case of a complaint.
At present regulator requirement for data holding is 8 years. Insurance requirement is less unless the person is of vulnerable mental state, in which case it is 5 years after that state ends.
Nominated person
Person responsible for data security is Stuart Morgan-Ayrs, Senior Partner
Age verification
Under adult age persons are not normally clients of our company, and then only if data is secured and signed by an adult and guardian.
Consent
Initial assessment forms set out how we handle and store data. Clients are informed as to use, handling and reason for that data. Clients are signposted to this resource in information files and emails.
Access
The only information held (apart from correspondence with the client) about the client are the assessment forms, already seen by the client. Emergency data from crisis situations is stored digitally and is available within 30 day limit. it is stored in secured and encrypted manner (see above) for the clinical safety and care of the client. Thus the client has sight of all materials about them naturally. The held material can be retrieved within the 30 day limit.
Scotlandtherapy Partners are ISO registered. Initial assessment and agreement forms updated in line with revised standards 03.10.2017
Data is only collected or used for the provision of therapy including psychotherapy, counselling, hypnotherapy, psychoanalysis, coaching, mindfulness, complementary therapies and psycho-education. Provision in Edinburgh, Falkirk, wider Scotland and by remote video calling.