Data Privacy, GDPR, Record Keeping

Record Keeping / Insurance

My Insurance Policy with Holistic Insurances Services requires that…

  • Client consultation records are taken and retained for a period of five years.
  • The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given.
  • Records include a brief description of the therapy or treatment, as well as any unusual reaction to the therapy.
  • Clients aged under 16 require parental or guardian written consent prior to the treatment/activity. Please note that as I have DBS clearance there is no need for a parent/guardian top be present at all times.
  • Link to more information

In some cases I may ask clients for the permission to contact their GP. The information is documented in the client’s record.

Data Privacy / GDPR

General Data Protection Regulations (GDPR) came into effect from May 25th 2018, building on the Data Protection Act that came into force in 1998.

To comply with GDPR…

  • I am registered with the ICO (Information Commissioner’s Office, membership ZA368167).
  • Paper and electronic forms contain the following statement: ‘I acknowledge and agree that personal data will be recorded for treatment, accounts and communication purposes and this information is stored in accordance with the General Data Protection Regulations’. 
  • The personal data I record is usually on a paper form, face to face during the first session.
  • I transcript some data online, in particular notes following each session.
  • For better safety electronic personal records are not stored on my computer but on Google’s cloud.
  • I never share client’s data, except in these rare cases where I’ve asked for permission to contact the client’s GP.
  • Clients can request from Denise a copy of their record, or their deletion.
  • Once the information is no longer needed (i.e. after the 5 years required by the insurance and if I no longer see a client), I destroy the paper record and delete the electronic record. If I decide to keep a record longer, typically for case study, then it will be anonymised first.
  • GDPR information from the Information Commissioner’s Office