Harley Street Wellbeing Clinic

View Original

Confidentiality and Data Protection

Harley Street Wellbeing Clinic

Harley Street Wellbeing Clinic (“HSWC”) respects your right to privacy and is committed to protecting the privacy of users of www.harleystreetwellbeingclinic.co.uk (the “Website”) and complying with our obligations under the General Data Protection Regulation (the “GDPR”). 

We are aware that as a user of this Website you care about the security and privacy of your information. The purpose of this Privacy Notice (the “Notice”) is to outline how we deal with any personal data you provide to us while visiting this Website. You should not use this Website if you are not happy with this Notice. By visiting this Website, you are accepting the terms of this Notice. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of those other websites. When we link to another website it does not constitute an endorsement of that website by Harley Street Wellbeing Clinic.

Harley Street Wellbeing Clinic offers live training events and one to one private sessions. All parts of the website, events and one to one private sessions are considered part of Harley Street Wellbeing Clinic and are covered by this policy here. 

1. One to one private sessions.

Both confidentiality and data protection are complex issues. This document addresses them both in detail. In addition, any therapist / psychologist can discuss matters further with you. However most people want no more than a quick overview of our professional practice. This page provides just that.

Your one-to-one session records with us

Part I is a handwritten brief note of each visit to us. 

Part II is a computer database containing email exchanges

Paper records are normally kept for up to 6 years and then destroyed. 

All computer data is erased within 3 years.

Your right to Confidentiality

We will not normally disclose any information about you to anyone without your consent.

We may do so in exceptional circumstances:

  • Where not to do so would break the law
  • Where you have put yourself or others in serious danger

If we have to disclose information we will strive to disclose the least information necessary in the circumstances and we will inform you.

Introduction - We want you to get the best service possible from the Harley Street Wellbeing Clinic. This document aims to make as explicit as we can what happens to the personal information you give us.

We keep a confidential record of all our transactions with you. The record is kept in two parts.

Your Confidential Record Part 1 - A record on paper. This contains: Your signed consent for us to keep your records under the conditions specified. The' intake data' form you fill in on your first visit in which you tell us your name, address, etc. A list of dates on which you consulted. Also in your record are sheets of paper on which we make notes. These notes will often be no more than a few lines per consultation, but could exceptionally run to several pages, especially for an initial assessment of the problem. Your record might also contain material such as: a letter from your GP, etc., where you have asked them to supply us with information, or refer you to us. Any additional form or survey we might ask you to complete.

Your Confidential Record Part 2 - A record on computer - This contains any email communication between you and us from the date you first contacted us. Your name and address are not held on this record. The computer record is firewall protected. 

Why do we keep records? - To protect you: To treat you professionally requires us to identify problems, record what we do to help you alleviate them, and monitor effectiveness.To protect us: In the event of query we need facts – whom we have seen, what we have done, etc. You might also want us to write to someone to provide them with information regarding your treatment. We are unlikely to remember precise details without a record.   

Will we see you without keeping a record?

No. However, we are really happy to provide you information and clarify your understanding of confidentiality. 

To what standards do we keep records? We operate according to the Data Protection Act, and our Service operates according to the Ethics of the British Association for Counselling and Psychotherapy with regard to records. Normally, no information about you will be given to anyone without your signed consent. Paper records are kept for up to 6 years, and then destroyed. All computer data is erased within 3 years.

Can you see your own record?

Yes; we operate an open access policy. You would need to make your request in writing to the Personal assistant. Before anyone is allowed to see any record we have to fulfil a duty of care to:

a. Ensure the person making the request for access is entitled to access.

b. Review the record itself to ensure anyone else’s right to confidentiality will not be compromised by such access.

c. Ensure access is granted in a professional manner.

You may view the record but not alter it, so normally your therapist will accompany you while you view this, as witness. You may request alterations to correct any factual inaccuracy on our part. You may make notes if you wish. You may not remove the file from the room in which access is provided.

Professional Manner - What does "to ensure access is granted in a professional manner," mean? Exercising a duty of care means ensuring that seeing any information in the file is not likely to traumatise the client. An example: Personal details have been changed to protect our client‟s confidentiality. Fred consults about a phobia, and tells his Mum he has done so. She writes to the therapist saying he had an older brother who died as a baby but he doesn't know this and could it be relevant? It is not. However, Fred asks to see his record. The letter from his Mum cannot be destroyed; it is part of the record. The therapist delays access, explains the situation to Mum, and ensures Fred has heard about his brother direct from his Mum and Dad before granting access. Our duty of care also means ensuring your therapist or in default another therapist, is on hand to clarify the record should you wish.

Duty to Third Parties. What does "to ensure anyone else's right to confidentiality will not be compromised by such access" mean? The same duty of care applies to information about third parties. Any data about third parties within the record will be withheld to preserve the confidentiality of the third party unless the consent of the third party has been obtained for you to see this.

Confidentiality

The written information you give us and what you discuss with your therapist is confidential. Your file may be seen by our Personal Assistant. Therapists are also at times required to discuss a sample of their caseload with an external expert consultant as a matter of good practice in quality assurance, but this is always done anonymously. Your therapist will not contact anyone about you without your written consent. We will not respond to an questions from friends or family concerning you or indicate that you are using the service.

However, confidentiality is a qualified right, not an absolute one and there are certain circumstances in which a therapist may break confidentiality without the client’s express permission. No therapist will do this without a great deal of reflection, assuming time is available for that. To break confidentiality a therapist must act within the law and have a legitimate objective, such as the protection of life and health, or the prevention of a serious crime. A therapist will normally consult a colleague and may also take independent professional advice before proceeding. Every effort is made to ensure the action is both reasonable and proportional. Professional codes (e.g. the BACP or BPsS Code of Ethics and Practice) help to inform such actions. In almost all cases of disclosure the client is aware of it immediately, but should that not be the case we will seek to inform the client in a manner appropriate to the particular situation.

The circumstances in which a therapist would make such a disclosure include:

Where the therapist believes the client or a third party is in serious danger. The most common cause for our disclosure is when in our view a client is in serious danger of suicide or death from self-harm. Considering whether life is worth living, and despairing that it may not be, is a common and important task of late adolescence. We seek to persuade people to engage in treatment which reduces the risk to them and others but we cannot enforce treatment or the seeking of it nor insist that our clients inform others about their state of mind. We have particular concern in these circumstances when a client, due perhaps to misuse of drugs or alcohol, may act in an unstable or impulsive way and therefore be at additional risk of temporarily losing the ability to take responsibility for their actions. If we believe someone to be in imminent danger or particularly unstable we will seek to persuade them to see their GP immediately, or as soon as possible if we believe the danger not to be so acute. We will also normally write to or otherwise contact a client‟s GP in these circumstances to flag up our concern. Where the therapist would be subject to civil or criminal legal proceedings if the information were not disclosed to a court (i.e. a therapist cannot be required by an employment contract to break the law for you). Our principles of disclosure are to disclose the least information necessary in the circumstances, to the person most likely to be professionally helpful, whether as an individual or as a gateway to further resources, but someone who is also bound by professional ethics which safeguard the client’s interests.

Duty of care to the community- It is perhaps obvious by now that it is not always easy to make decisions about breaking confidentiality. However, some of the most complex decisions relate to a therapist's duty of care to the community, as well as the immediate client.

Attendance - Will you tell anyone I attend the clinic? No, not normally. However, we may disclose to a referrer (such as a GP etc.) the attendance of a client they referred depending on the circumstances and the client will be always informed of this.

Attendance - Will you tell anyone I do not attend the clinic? No, not normally. We do not follow up non-attendances as a matter of routine. However, disclosing to a referrer (such as a GP etc.) the non-attendance of a client may be appropriate risk management in certain circumstances.

Compensation Claims - Will you provide Reports for the purpose of Compensation Claims, etc.? No, not normally. If you consult us about, say, post-traumatic stress disorder, or depression, or something similar following a trauma (say, a car accident) we will do a routine clinical assessment for the purpose of treatment. This is not intended for the purpose of any claim, which you may eventually decide to make against others for financial compensation. Assessment for compensation requires a different and time-consuming approach. Should you wish the latter, numerous outside psychologists and psychiatrists specialise in providing evidence for compensation. You should consult them. We will not therefore normally supply your solicitor or representative or claims organisation with such information, nor enter into correspondence with them.

Data Disposal - Paper records are burnt or shredded as confidential waste. Should a computer reach the end of its life, hard drives are ‘overwritten' prior to disposal, rather than data just being 'deleted'. This ensures the data is permanently destroyed.

Questions - If you have any questions, any therapist will be pleased to clarify the issues for you. Your assurance of the highest possible quality of professional care is that every case is dealt with on an individual basis, informed by the factors outlined. This information is revised periodically to take account of recommendations on 'good practice' by professional bodies. We reserve the right to make minor updates to practice in between updates to this information. 

2. What information do we collect

2.1 We retain two types of information:

(a) “Non-Personal Data”

You can browse the Website without telling us who you are or revealing any personal information about yourself. Like most websites, we gather statistical and other analytical information collected on an aggregate and anonymous basis from all visitors to our Website. This “Non-Personal Data” comprises information that cannot be used to identify or contact you, such as your domain name, browser type, operating system, and information such as the website that referred you to us, the files you downloaded, the pages you visit, and the dates/times of those visits, and other anonymous statistical data involving the use of our Website.

(b) “Personal Data”

“Personal Data” is data that identifies you or can be used to identify or contact you. Personal Data is collected only with your knowledge and permission and is retained by Harley Street Wellbeing Clinic in a secure manner.

2.2 If you choose not to provide Personal Data, you can still browse and use the Website, but certain functions/services may not be available without providing the necessary Personal Data.

2.3 This Website does not use cookies to hold personally identifying information.

3. Purposes and lawful basis for which we hold and use your Information, including the retention periods

3.1 Non-Personal Data:

This information is used in an aggregate form to get a better understanding of how people use the website, e.g. which pages are most popular, which links people find most useful, etc. This helps us to improve the website and provide better information and support for those who use it. We also use cookies.

3.2 Personal Data:

(a) If you register with Harley Street Wellbeing Clinic for our newsletter or download an ebook/course you will be asked to provide personal data such as your e-mail address. Harley Street Wellbeing Clinic is relying on your consent (opt-in) as the legal basis for processing this data.

We use information you provide to us to provide you with regular content, offers and information on products, services and seminars.

If you choose to opt-out, we will not retain any personal data relating to you. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each mailing.

(b) If you complete the “contact for further information” option on our website, you will be asked to provide personal data such as your name, email address and phone number. HSWC is relying on legitimate interest as the legal basis for processing this data, and we will retain your details.

(c) If you have purchased a product or service from us or attended an event / training or seminar, you will be asked to provide personal data such as your name and email address. HSWC is relying on legitimate interest as the legal basis for processing this data, and we will retain your details.

3.3 Personal Data is only collected from you if you voluntarily submit it to us.

4. Disclosure of Information to Third Parties

4.1 We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as part of their contract with Harley Street Wellbeing Clinic and keep the information confidential.

4.2 We may also release your personal data where compliance with legal requirements is a necessity. We also reserve the right to enforce our site policies in order to protect our rights and the rights of other individuals in a manner that is safe and compliant with the law.

4.3 We may transfer your data outside the EEA. We use Squarespace for web hosting. Squarespace is a company based in the USA but are a member of the EU-US Privacy Shield, which is recognised by the EU as providing adequate safeguards for the transfer of personal data. Please refer to the Squarespace Privacy Policy for further reference. We use Mailchimp for email marketing. Please refer to the Mailchimp Privacy Policy for further reference. 

5. Your Rights

5.1 Unless subject to an exemption (under the GDPR), you have the following rights with respect to your personal data: 

the right to find out, if Harley Street Wellbeing Clinic holds personal information about you. You have the right to be given a description of the personal data and to be told the purpose(s) for holding your information;

The right to request a copy of your personal data which Harley Street Wellbeing Clinic holds about you;

The right to request that Harley Street Wellbeing Clinic corrects any personal data if it is found to be inaccurate or out of date;

The right to request your personal data is erased where it is no longer necessary for Harley Street Wellbeing Clinic to retain such data;

The right to withdraw your consent to the processing at any time, if consent is the condition for processing;

The right to request that Harley Street Wellbeing Clinic provides the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable);

The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]

the right not to be subject to a decision based solely on automated processing, including profiling

The right to lodge a complaint with the Data Protection Commission.

You can request any of this information by writing to the Harley Street Wellbeing Clinic (clinic@harleystreetwellbeingclinic.co.uk). When we confirmed your identity and specific information in order to assist us, Harley Street Wellbeing Clinic will reply within one month.

6. Cookies

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information.

We use cookies to track your usage of the Website and compile anonymous data about site traffic and site interaction so that we can offer better site experiences and tools in the future. This website uses Google Analytics to gather anonymous statistics about visitors to the site and which pages are visited.

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly.

7. Security

Harley Street Wellbeing Clinic takes its security responsibilities very seriously, including by employing appropriate physical and technical security measures, and generating awareness, and regular reviews of these responsibilities. We will take all reasonable precautions to prevent the loss, misuse or alteration of Personal Data you volunteer. Our website uses HTTPS to transmit information. You should note however, that Internet transmissions are never completely private or secure.

“The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication.[4] In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor”. Wikipedia definition of HTTPS

You accept that any information or message you send to the Website may be intercepted or read by others. You hereby acknowledge and accept that we have no responsibility and shall accept no liability whatsoever for loss, injury or damage occasioned by the interception by third parties of your transmissions, or the disclosure of information, nor do we offer any guarantees, warranties or indemnities as to the security or otherwise of any information which you volunteer.

Online payments are processed by Eventbrite, Stripe and PayPal. Please review their own privacy statement.

8. Sale of Business

We reserve the right to transfer information (including your Personal Data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company provided that the third party agrees to adhere to the terms of the Website Privacy Notice and provided that the third party only uses your Personal Data for the purposes that you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.

9. Changes to our Privacy Policy

This Privacy Notice will be the subject of change and the use of information that we gather shall be subject to the privacy notice in effect.

Contacting Us

If you have any questions regarding this privacy notice or any other matters relating to our privacy policy generally, you may contact us using the information below:

Data Protection Contact 

clinic@harleystreetwellbeingclinic.co.uk