Data Privacy, GDPR, Record Keeping, Insurance, Codes of Conduct
Record Keeping / Insurance
My Insurance Policy with Holistic Insurances Services (Membership HIS3810) requires that…
- Client consultation records are taken and retained for a period of five years.
- The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given.
- Records include a brief description of the therapy or treatment, as well as any unusual reaction to the therapy.
- Clients aged under 16 require parental or guardian written consent prior to the treatment/activity. Please note that as I have DBS clearance there is no need for a parent/guardian top be present at all times.
- Link to more information
In some cases, I may ask clients for permission to contact their GP. The information is documented in the client’s record.
Data Privacy / GDPR
General Data Protection Regulations (GDPR) came into effect from May 25th 2018, building on the Data Protection Act that came into force in 1998.
To comply with GDPR…
- I am registered with the ICO (Information Commissioner’s Office, membership ZA368167).
- Paper and electronic forms contain the following statement: ‘I acknowledge and agree that personal data will be recorded for treatment, accounts and communication purposes and this information is stored in accordance with the General Data Protection Regulations’.
- The personal data I record is usually on a paper form, face to face during the first session.
- I transcript some data online, in particular notes following each session.
- For better safety electronic personal records are not stored on my computer but on Google’s cloud.
- I never share client’s data, except in these rare cases where I’ve asked for permission to contact the client’s GP.
- Clients can request from Denise a copy of their record, or their deletion.
- Once the information is no longer needed (i.e. after the 5 years required by the insurance and if I no longer see a client), I destroy the paper record and delete the electronic record. If I decide to keep a record longer, typically for case study, then it will be anonymised first.
- GDPR information from the Information Commissioner’s Office
Codes of Conduct
Several of my professional memberships involve a code of conduct: