At Christine Tizzard Psychology, we care about the privacy of our clients. Firstly, we have a duty of care to clients as private psychologists and psychiatrists; secondly, we have a duty of care as a business; thirdly, we respect the new GDPR (General Data Protection Regulations) that cover all EU businesses and data handlers from 25th May 2018, replacing the Data Protection Act.
This page outlines your privacy as a client, or when making an initial enquiry about our services.
In accordance with GDPR, we are registered with the ICO (INFORMATION COMMISSIONER’S OFFICE). Our registration number is A8325014.
Personal Data Conventions of Psychologists and Psychiatrists
Basic personal data, such as client names, addresses, phone numbers and emails, are collected to create a client record and be able to keep in contact with each client. At the end of an appointment, the client and the therapist make the next appointment (if applicable) at a time that suits both parties.
However, in some cases, the client or therapist may need to change or cancel the next appointment before it takes place – for example, if a psychologist is called to court, or if a client can no longer make the date arranged. It is important to hold this client data (and for clients to retain contact details for Christine Tizzard Psychology) to make new arrangements.
Maintaining Industry Standards
Christine Tizzard Psychology only employs psychologists and psychiatrists registered with the HCPC (Health and Care Professions Council). They therefore follow HCPC Standards of Proficiency: for example, the setting for psychology appointments is in a private and safe space where conversations cannot be overheard by others. However, in some cases the psychologist or psychiatrist will conduct assessments in other spaces, such as in the family home, which may have less privacy. The environment for an assessment or appointment is decided on a case-by-case basis.
Private psychologists and psychiatrists will, at times, be informed that a client is at serious risk of harming themselves or others, or that they must provide data for legal proceedings. In extreme circumstances, a client may not be able or willing to consent to their data being shared, but data may have to be shared to prevent harm to the client or other people, or to abide with the law.
If Christine Tizzard Psychology is required to share data in such situations where safety and health are severely compromised, only relevant data will be shared, and it will always be shared securely. This data sharing will be recorded by Christine Tizzard Psychology, including the justification for sharing, the individuals who received the information, and whether it was shared with or without consent.
If a referral is made for a client to an additional non-emergency service, such as a medical practitioner or specialist, data will be shared with the client’s consent.
You can read more about the British Psychological Society’s code of conduct and ethics for psychologists here.
Privacy Issues in Child Psychology
Issues of safeguarding children are particularly important, as Christine Tizzard Psychology often works with children and families and various support agencies, such as social services. Statutory guidance on safeguarding children is part of the law and must be followed unless there is a substantial reason to support not doing so.
When working with children and families, the HCPC states that a child deemed to be Gillick competent (able to make their own informed decisions) can give consent to work with a psychologist, whether or not parental consent is given. The psychologist does not have to inform a Gillick competent young person’s parents that they are working with the child, thus keeping client-therapist privacy intact. If parents are divorced or separated, only one parent needs to provide consent.
Data We Need to Collect
Data can take many forms, but the most basic will include:
- Client name
- Phone number/s (mobile or landline)
- Email address
When becoming a client or having an initial consultation, this can expand to:
- Clinical notes, including initial consultation
- Payment details, if agreeing to become a client
- Formal psychological or psychiatric assessment reports
- Contact details of a client’s GP and, if applicable, psychiatrist, either private or NHS, to keep them informed
We often work with local authorities and law courts. This widens the range of data we need to collect as professionals, and we are required to share the data with relevant parties in court and police proceedings. We may also receive data from these relevant parties about a client or the proceedings they are involved in. Additional data could include:
- Basic contact data of professionals we engage with from related agencies
- Emailed or written content from communications about ongoing or prospective cases
- Statements and testimonies from legal proceedings
- Medical records for the purpose of preparing reports
- Court bundles
- Police records
We do not share data with third parties for marketing purposes. We do, however, need to share data when required by agencies such as local authorities, social workers and solicitors, e.g. on receiving court orders for disclosure, or police investigations.
The external parties holding your data, such as your GP, legal representative or local authority, are duty-bound to store this data securely. In the case of a data breach, they must inform you and Christine Tizzard Psychology.
In the case of job applicants applying to vacancies at Christine Tizzard Psychology, the data we collect will include an applicant’s CV, basic contact details, and – at a more advanced stage of the recruitment process – details of references and referee contacts. At the interview stage, we will create notes about the interviewee and their answers, as standard in any job interviewing process. Applicants’ data will be kept for up to six months after initial contact about a vacancy, before being deleted.
How We Store and Manage Data
Data is stored electronically and on paper by Christine Tizzard Psychology and is accessed by our data controllers when required, such as ahead of a client session or when asked by a client’s GP to provide an update on their care.
Data controllers are your named psychologist or psychiatrist at Christine Tizzard Psychology (if you become a client or complete an initial consultation), plus our head psychologist and founder, Dr. Christine Tizzard, and the company secretary and administrator, Shiona Watson.
Digital data is kept on password-protected electronic devices; written data is kept in secure filing cabinets and in a secure location. Irrelevant data which we have no lawful or professional reason to hold will be deleted.
By its very nature, data transmission over the internet can never be 100% secure, and its level of security depends on both parties’ cooperation (e.g. not using unsecured Wi-Fi networks, or internet-enabled devices that aren’t protected by passwords or firewalls). However, Christine Tizzard Psychology takes every reasonable effort to prevent loss, theft or unauthorised amendments of data.
Necessary phone call data from client or agency calls, such as the data mentioned previously, is recorded on paper-stored logs where necessary.
Any mail sent through the post is signed for or recorded delivery; most communication is via email.
If there were a breach of data security, such as hacking or theft of devices that hold data, clients (and those who have contacted us as potential clients) would be informed of this breach within 72 hours of us establishing that a breach has taken place.
Data protection law dictates that client data should not be kept for ‘longer than is necessary’, but no specific time limit is enforced. However, under common law, records can be kept for up to six years to protect from claims of personal injury or breach of contract initiated by a client.
At Christine Tizzard Psychology, client data is destroyed after six years. Data from prospective client queries which do not lead to a client-therapist relationship is destroyed after one year.
Requests to Remove or Access Personal Data
Subject Access Requirements occur when you make a request to see the data a company holds on you – in this case, Christine Tizzard Psychology. When a Subject Access Requirement is made, we will respond to it within one calendar month.
A copy of the requested information will then be sent to you, unless it is deemed by legal standards to be ‘manifestly unfounded or excessive’, in which case you will be told why the request has been refused.
If you find that your requested information is inaccurate (for example, your phone number is wrong) and needs amending, you are welcome to notify us of the corrections needed. If we have shared this inaccurate data with another data handler in the client process, such as your GP, we will inform them of the error.
This page was last updated on 25/05/2018.