Last year was the summer of “please can we keep in touch” emails as the new GDPR data protection rules changed who was and was not allowed to contact you.
These changes also affected psychotherapists and added to the existing data protection regulations. When I work with other organisations, the information I process is owned by them and I am covered by their policies. When I see private clients, or when an organisation refers their clients to me, I am required to register with the ICO in my own right.
So over the bank holiday weekend, I was updating my client data policies, therapy referral forms, consent to therapy form, therapy assessment forms and registering with the Information Commissioner’s Office.
As a mental health professional, I need to collect information which is sensitive and personal. This includes my clients name, date of birth, ethnicity and religion, medication, medical history (including mental health history), and details about their emergency contact person and GP. Some of this information is to ensure that I am aware of the clients needs and can offer appropriate interventions. Some of it is collected in case the clients needs urgent medical or emotional care. I also need to asses if a client may be a risk to themselves or others; particularly when they are joining a group which may include other clients who could be vulnerable. During therapy sessions, clients may share further personal or sensitive information which may be recorded in their client notes.
Client have a right to know that I am protecting their data, particularly as client-therapist confidentiality is so important. How I record, process and store that information, how long I keep it for and when/with whom I share it are all important aspects of data processing.
You can check my registration with the ico’s website which includes a data protection public register.
(Registration Number: ZA514550 ).