What is the General Data Protection Regulations, 2018 (GDPR) and how does it affect me?
The GDPR replaces the 1998 Data Protection Act to ensure your personal, sensitive, and confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g., your name and address or whether you have a specific condition. It also covers any session records, text messages or emails exchanged with NeuroClear.
How long will you hold my information for?
NeuroClear is certified by the Information Commissioners Office (ICO), which upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. NeuroClear holds your data for 8 years after your final session. In the case of a child, NeuroClear must hold data until their 25th birthday, unless 17 when treatment ends and then data must be kept until their 26th birthday. Therefore, all records will be deleted each January following the above retention scales. This is in line with NHS regulations for holding data.
What if I don’t want my records to be held for that long?
Under GDPR, you can make a request in writing to NeuroClear, for all your records to be deleted. In this case, all your paper records would be destroyed and any electronic data, such as emails or text messages, would be permanently deleted from the devices they are stored on. This may not happen immediately, if the insurance company insists that NeuroClear has a legal basis on which to hold your data. In some circumstances, the insurance company’s legal team may want to verify the information NeuroClear releases.
Why does NeuroClear need to record this information?
NeuroClear holds information relating to; the use of its services, minimal medical information, personal and emergency contact details and brief session notes. This information enables a high-quality service.
Website Visitors and Third-Party Services
NeuroClear will always be transparent when it comes to collecting personal data and will be clear about how that data is processed. When an individual visits www.neuroclear.co.uk, Google Analytics, a third-party service, collect information about what visitors do when they click on the website, e.g., which page they visit the most. Google Analytics only collect non-identifiable data, which means they cannot identify who is visiting. Google’s privacy policy can be found here. Privacy Policy – Privacy & Terms – Google
NeuroClear works with third-party services to help with managing and building its website. These include the use of Wix.com; you can access their privacy policy here. About Privacy | WIX
What lengths are made to ensure my information is held securely?
Hardcopy documents – They are stored in a secure, GDPR-compliant location.
Text messages – NeuroClear’s phones are secured with pin codes.
Emails, Attachments and Documents - NeuroClear uses Hushmail to provide secure communication via a safe encrypted platform. Hushmail requires setting a personal password to ensure no one else can access any exchanges in communication between us.
Video Calls and Chat – NeuroClear uses doxy.me to provide secure communication via a safe encrypted platform.
Is what we discuss kept confidential?
Everything we talk about during sessions is strictly confidential. Each NeuroClear therapist conducting therapy sessions is an accredited BACP member and attends regular supervision. The work you do with each therapist may be verbally presented for supervision purposes, but your identity will not be revealed. This is standard practice and helps our therapists to work as well as they can with you. Our chosen supervisors are also bound by the BACP Ethical Framework for good practice.
What if I see my therapist outside of the session?
If you see your therapist outside of a session, they will smile, but will not engage in any further conversation to ensure your confidentiality. You are welcome to share with other people about the therapy you are receiving, but we are obligated by GDPR law to ensure your confidentiality is protected. NeuroClear would request that you refrain from discussing your treatment with your therapist outside of your sessions, to ensure the success of your treatment.
What about other Health and Social Care Professionals?
In line with GDPR, any contact, relating to you, with other health care professionals would only be made with your signed consent.
Exceptions:
NeuroClear operates solely under UK Law and has a duty of care, which means there are certain legal exceptions concerning confidentiality, where NeuroClear may need to share relevant information with authorities. For example, in cases concerning acts of terrorism (under the Terrorism Act) or acts specifically relating to the Children’s Act; or cases where there are concerns for your safety or the safety of others, NeuroClear is legally bound to declare such information and would discuss this with you.
If NeuroClear is issued a Police Warrant or Court Order, by law, NeuroClear will have to provide them with your information.
If you have accessed NeuroClear Services and wish to read the full Information Governance Policies and Procedures, please contact us via the website to request a copy.