The purpose for collecting and keeping the information is:
– to communicate in order to arrange appointments
– to keep a record of processes within the therapy, for reference during future sessions
MAP DATA FLOWS
What’s the first point of contact?
– phone me directly
– email me directly
– fill in a form on a directory website (The Hypnotherapy Directory), and that is emailed to me
How do we note and store the information and what information is collected?
Notebook notes – information included is full name, contact details, appointment time, a brief note of what type the issue or problem is, with no personal details.
Appointments in a paper diary and electronic diary (on phone & computer) – both just include name and time.
During sessions, client notes are taken on loose leaf paper which are put in a dedicated folder, carried home in a dedicated briefcase, and filed in a separate lockable metal file box. Notes are brief, specific to the hypnotherapy process, and probably wouldn’t mean much to anyone else who looked at them.
What safeguards are there to keep the information confidential?
I am the only one who handles any of the paperwork. They’re carefully carried to and from the therapy centre in a dedicated briefcase. They are locked away when at home. There is only one other person in the house and she is completely trustworthy, but doesn’t handle the paperwork at all.
Include assessment of risks and what safeguards are in place.
Risks of anyone else seeing the notes are slim to none. We have visitors almost never. Safeguards as above.
MAP DATA USEAGE
How is info used / processed?
Notes are retrieved from the locked file when needed for a specific client, carried to the therapy centre in dedicated briefcase, added to as appropriate and returned at end of therapy day to secure file.
– all contacts have approached me in the first instance and asked me to contact them
– client records are kept for two years, in case they wish to return in that time, then they are destroyed.
– records are accurate at the time of client contact, and only updated if clients return.
– client notes are shredded after two years
– shreddings are put in recycling bin
NOTE how to recognise and respond to individual’s requests to access their personal data or have their personal data destroyed securely.
– I’ll recognise it because the client will need to ask me directly, by letter
– personal data will only be released directly to the client, not to a third party.
– I would consider releasing to a third party ONLY with the client’s direct specific instructions to do so
– likewise destroying the record, ONLY with the client’s specific direct instructions to do so