Privacy Policy
Why do we need to process information about you?
In order to provide you with clinical psychology services, Rethink Health will need to handle your personal information. ‘Personal information’ refers to details about you from which you can be identified, such as your name and contact details. Depending on the services you receive from us, we may process additional sensitive data such as information about your health. This information is essential to provide effective clinical psychological services to you. Under the requirements of the Health Care Professions Council (HCPC) and British Psychological Society (BPS), we are required to store your personal data to allow us to provide these services.
How will we hold the information?
Information about you will be held in the form of written notes, emails, questionnaires, letters and invoices. This information could be collected at any point during your contact with us. Your information will be collected, managed and stored solely for the purposes of us providing you with clinical psychology services.
How do we use the information that we collect?
We use the information we collect:
- To communicate with you
- To provide an effective clinical psychological service to you
- To communicate with other relevant healthcare professionals, referrers, funders and stakeholders.
Where do we keep the information?
Electronic storage
The computers we use are password protected. Emails, external USBs and mobile phones are encrypted. When cloud services are used, these meet GDPR requirements and all data is securely encrypted when stored there.
We occasionally need to transfer our accounts Excel Spreadsheet to our (UK-based) accountant. This is done using encrypted transfer and our accountant has confirmed that his company’s processes are GDPR compliant.
Paper storage
We usually make hand written notes when we meet you. These notes may be used to create a report or letter providing feedback to relevant healthcare professionals and stakeholders regarding the services that we provide to you. Mostly, however, our written notes serve as a memory aid to help promote the quality of our work and care. We keep a paper copy of your notes, questionnaires, letters and any invoices in a locked filing cabinet in our offices.
How long will you store my information for?
We will store information about you for as long as you receive services from us and for 6 years following the date of our last contact with you. This is because the professional organisations that govern our practice (the HCPC and the BPS) specify data retention requirements. Paper-based information will be electronically scanned and stored shortly after the point your case file is closed to the service (usually defined as your last appointment). Once scanned, paper-based information will be shredded and disposed of. Electronically held files will be deleted after six years.
You do have the right to ask for the information we hold about you to be erased prior to this time by contacting our Data Protection Officer, Dr Matthew Beadman via email at info@rethinkhealth.com. However, if you want to have your data removed, we must first determine whether we need to keep the data. For example, if there is an on-going legal matter related to your case or if your request falls within the timeframe that our governing practice body has a requirement that we hold data for. In this instance, we may not be able to erase your data before that time has passed.
How can I access the information you hold?
You can ask to access the information we hold by emailing our Data Protection Officer, Dr Matthew Beadman at info@rethinkhealth.com to make a Subject Access Request (SAR). You can also ask for your information to be transferred to another provider of psychological services. We will respond to your request within 30 days. Verification of the identity of anyone making such a request will be required before information can be shared.
What if I believe the information you hold about me is incorrect?
While you are receiving services from Rethink Health, we will aim to keep the information we hold about you accurate and up-to-date. We encourage you to tell us as soon as possible if your personal data changes or if you notice an error, so that we can update our records.
Protecting your Information
Rethink Health is committed to keeping the information we hold about you secure. To protect your personal data, we follow the guidelines and recommendations in line with our professional bodies (The BPS and the HCPC) and regulatory bodies such as the Information Commissioners Office. More detailed information can be found in our Data Protection Policy, which complies with the requirements detailed in the Data Protection Act (1998) and the General Data Protection Regulations (2018). This document is available on request. We have physical, electronic, and operational procedures in place to protect your data. In the unlikely event of our security processes being compromised leading to a significant breach of your information, we will endeavour to inform you within 72 hours.
Confidentiality
The confidentiality of your personal information is very important to us. All our services are confidential. Access to confidential information is restricted to those who have a reasonable need to access it. This means that we will ask for your written consent before sharing information with other relevant stakeholders which usually includes other healthcare professionals involved in your care, representatives from referring or funding organisations including insurance providers and (if relevant) your occupational health department. We will not share your information without your consent unless we judge that there is a serious risk of harm to yourself or others or when we are legally obliged to do so.
Who can I contact if I have concerns about my data management?
Should you have any concerns about the management of your data by us, please contact our Data Protection Officer, Dr Matthew Beadman, in the first instance. If we are unable to resolve your concerns, you have the right to contact or make a compliant to the Information Commissioner’s Office: https://ico.org.uk/for-the-public/raisingconcerns/