Data Privacy, GDPR, Record Keeping, Insurance

Record Keeping / Insurance

My Insurance Policy with Holistic Insurances Services requires that…

  • Client consultation records are taken and retained for a period of five years.
  • The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given.
  • Records include a brief description of the therapy or treatment, as well as any unusual reaction to the therapy.
  • Clients aged under 16 require parental or guardian written consent prior to the treatment/activity. Please note that as I have DBS clearance there is no need for a parent/guardian top be present at all times.
  • Link to more information

In some cases I may ask clients for the permission to contact their GP. The information is documented in the client’s record.

Data Privacy / GDPR

General Data Protection Regulations (GDPR) came into effect from May 25th 2018, building on the Data Protection Act that came into force in 1998.

To comply with GDPR…

  • I am registered with the ICO (Information Commissioner’s Office, membership ZA368167).
  • Paper and electronic forms contain the following statement: ‘I acknowledge and agree that personal data will be recorded for treatment, accounts and communication purposes and this information is stored in accordance with the General Data Protection Regulations’. 
  • The personal data I record is usually on a paper form, face to face during the first session.
  • I transcript some data online, in particular notes following each session.
  • For better safety electronic personal records are not stored on my computer but on Google’s cloud.
  • I never share client’s data, except in these rare cases where I’ve asked for permission to contact the client’s GP.
  • Clients can request from Denise a copy of their record, or their deletion.
  • Once the information is no longer needed (i.e. after the 5 years required by the insurance and if I no longer see a client), I destroy the paper record and delete the electronic record. If I decide to keep a record longer, typically for case study, then it will be anonymised first.
  • GDPR information from the Information Commissioner’s Office

Video Conference Privacy

There’s been some privacy concern with using Zoom so by default Denise uses Google Meet. If you have another preference then let her know.