Code of Ethics:
I abide by the ethical frameworks of the two professional organisations to which I belong. These are the British Psychological Society and the Health and Care Professions Council.
You can read the BPS Code of Ethics (20198) here: https://www.bps.org.uk/guideline/code-ethics-and-conduct.
Record Keeping and Data Protection:
I process your data in line with the General Data Protection Regulation 2018 and professional practice guidelines.
Any electronic client records, and/or the devices on which they are kept, are encrypted and/or password protected. I will obtain your consent to use email and/or SMS to correspond with you. My mobile device is both password and fingerprint protected and no identifying details are kept on this device, other than from our email contact. My client notes are contained within a password protected file on my IPad (which is also password protected) and only client initials are used. From my main computer, if I need to email you or your insurance provider (for example for invoicing purposes) and thereby reveal your name, I will do so from my password protected email account. I will also never use your name in the subject strip of an email.
I do not transport paper material with identifying information. I take steps to ensure that no one else can access your personal data without your specific consent. In the unlikely event of a data breach, I will report this to you and to the Information Commissioner's Office within 72 hours. Any written or printed identifiable information about you is kept within a locked filing cabinet within my office at home.
You are able to request copies of the data I hold about you. I will respond within 30 calendar days. There is no charge for this.
After your therapy has ended, I will retain your data for seven years, in line with professional practice guidelines. At that point, they will be destroyed/erased, to include all electronic communications. In certain circumstances, you may wish to have your personal data permanently erased sooner than this. This is known as the right to be forgotten.
To allow me to process your personal data in the above described ways, I will need a clear and specific statement of consent from you.