Your general rights under GDPR
Below is a summary of basic rights as denoted by GDPR governance. Please note that these are general rights for the GDPR process as a whole. There are additional specific considerations for those providing a health related service to the public, which includes Horsham Psychology.
- The right to be informed.
- The right of access-to request information held about you.
- The right of rectification-were there is a despite in relation to the accuracy or processing of personal data.
- The right to erasure- the right to request your data is erased when it is no longer necessary for Horsham Psychology to retain it (within boundaries of professional guidance and legislation for retention of clinical notes).
- The right to restrict processing- to request a restriction is placed on further processing of your data.
- The right to data portability- the right to request that the data controller provide the data subject with his/her personal data and where possible to transmit data directly to another data controller (data portability).
- The right to object to the processing of personal data- withdrawing consent at any time (There are exceptions to this for those providing a health related service to the public).
- The right not to be subject to automated decision making.
- The right to lodge a complaint with the Information Commissioners Office (ICO).
- The right to withdraw consent at any time, where we rely on consent to process your personal data.
What is your personal data?
Personal data is information that can identify an individual. The processing of such personal data is governed by the General Data Protection Regulation (GDPR) and came into effect on the 25th May 2018. This may include:
- Personal biographical details e.g., name, dob, address, GP.
- Sensitive data e.g., medical history, mental health history etc. I gain specific consent verbally for this at the time of assessment.
- Contact data e.g., email, telephone and address.
- Financial /transactions data when paying for services e.g. psychology session.
- Technical data and usage data e.g. data the website collects when you visit (IP address, browser type, time zone setting, browser plug in types, operating system and platform)
- Marketing data e.g. data collected when you sign up to my email list such as your email address, full name and marketing preferences.
Who is Horsham Psychology?
Dr Tara Quinn-Cirillo is a HCPC Practitioner Psychologist and Sole Trader who conducts psychological assessment and treatment. In order to provide this service safely and effectively, Dr Quinn-Cirillo needs to collect personal data on you including demographic data and information pertaining to clinical presentation and history. This makes Dr Quinn-Cirillo both a data controller and a processor under GDPR governance. This means I decide how your personal data is processed, for what purposes and how it is stored. At present there are no other employees of Horsham Psychology and therefore no one else is responsible for handling patient data.
Making a referral via email
Please note that by emailing email@example.com you are consenting to share personal data with Dr Tara Quinn-Cirillo, Horsham Psychology. This includes your return email address. I would advise not to send sensitive patient information through email when making initial contact. Sensitive patient information should be sent through the secure email provider. Upon receipt of your initial contact email, you will be sent instructions on how to use a secure email channel where you are able to send patient sensitive information should you wish to do so. Please see below section on ‘what data I collect and hold’ for types of personal and sensitive patient data. Dr Tara Quinn-Cirillo is not responsible for information that you choose to send outside of the secure email channel.
Why does Horsham Psychology collect and will use your personal data?
Horsham Psychology has a number of lawful reasons that it can use or ‘process’ your personal information. One of the lawful reasons is called ‘legitimate interests’. This means that we can process your personal information if we have a genuine an legitimate reason and we are not harming any of your rights and interests. In other words, Horsham psychology will collect relevant personal data about you solely for the purposes of providing a heath service that offers psychological assessment and treatment.
Another lawful reason for us processing your data may be legal obligation, this is likely to apply if you are being assessed as part of a legitimate claim. We will need to process your personal data to comply with a common law or statutory obligation.
- We collect personal information on you so that we can communicate with you in a personal way. The legal basis for this is legitimate interest.
- Deliver a psychological service to you and process your payment for this service (where appropriate). The legal basis for this is the contract with you.
I may collect your personal data in the following ways:
- Direct interactions (face to face sessions or via video sessions
- Via email (also using a secure email provider option where appropriate)
- Automated technologies or interactions e.g., via the Horsham Psychology website or mailing list.
Disclosure of your personal data
I may need to share your data with third parties. This may include the following:
- Where there is a risk issue identified during psychological treatment and it is deemed clinically necessary to share information to keep you or others g(including those you may disclosures about) safe. This will be explicitly discussed with you at the beginning of treatment (under confidentiality and consent discussions. Examples may include sharing your information with a general practitioner (GP) emergency mental health service or adult/child social services.
- HM Revenue & Customs and Banking, regulators and other authorities acting as processors or joint controllers, who require reporting of processing activities in certain circumstances.
- Other service providers such a s GP’s , private Healthcare agencies such as Bupa/AXA where you the patient have asked for your information to be shared ( e.g. a clinical letter or clinical report) or where you the patient have asked me to provide a report for a private health care agency in order to further your treatment allowance. In all these circumstances I will discuss the nature and consent with you as the patient.
- Third parties such as booking webinars through companies such as Eventbrite where you will be asked for personal details in order to register for the event. in theses circumstances it is up to you as the individual to decide if you wish to give these details before booking.
- Some companies such as Zoom are located outside of UK and therefore UK data protection laws will be different. Please take time to read the data policies for these companies before agreeing to use them.
What data I will collect and hold?
Horsham Psychology will only use your personal data for the purposes for which we collected it, unless I reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose please contact me.
Horsham Psychology collects and processes the following data from patients:
- Full Name
- Date of birth
- GP details
- Contact details e.g. mobile telephone/email
- Relationships and children
Sensitive personal data:
- Information gathered at the time of assessment including: medial conditions (if relevant), medication, psychological history and current difficulties, sexuality, offences (including alleged offences), risk information (including suicidal ideation or intent).
- Signed therapy contracts, therapy records including session notes, formulations, letters, reports and outcome measures. We may collect this data ourselves or you may provide us with information in the format of previous psychological or medical reports. Sometimes referrers such as GP’s or Psychiatrists will send a report to us which contains personal information. We are not responsible for how third parties send this information, but we are responsible for what we do with it once we receive it.
- Where appropriate- Private Health Provider membership number/activation number, referral information and authorisation for psychological treatment.
- The name your bank account is in when paying by bank transfer (I am not able to see your sort code or account number when a payment is made).
- To manage my relationship with you which may include notifying you of changes to policies and procedures.
Marketing emails for Horsham Psychology Services
Patient Information sent to Horsham Psychology
Horsham Psychology is NOT responsible for patient information sent by third parties including patients themselves, referring agencies, G.P’s, agencies involved in patients care such as psychiatrists and Healthcare Providers such as AXAPPP and Bupa. Once received, this information will be stored by Horsham Psychology in a secure format and Horsham Psychology is then responsible for the continued storage of this information.
How I process your personal data?
Horsham Psychology complies with obligations under GDPR, by keeping personal data up to date, securely stored and destroyed where appropriate. I do not collate or keep information that is not clinically relevant for the purposes of psychological assessment or treatment. Horsham Psychology is also responsible for protecting against data loss, misuse and unauthorised disclosure or access. This is achieved by ensuring that appropriate GDPR complaint protection methods are in place to protect patients personal data in both electronic and paper format.
What is the legal basis for processing your personal information?
Horsham Psychology has a legitimate interest in using the personal information you supply/health insurers supply to provide an effective and ethical psychological assessment and treatment service. It is necessary for Horsham psychology to provide Psychological therapy as a health provider, to patients wishing to use the service.
No information that you provide will ever be passed on to another party without your consent. I do not sell your information to others.
What we do with your information?
- Horsham Psychology takes your privacy very seriously. I will only ever use your personal information to provide the psychological services you have requested from me.
- Your personal information will be used in order to conduct psychological assessment and treatments requested by you when being referred to Horsham Psychology. This includes being able to provide you with a clinical service and to collect electronic payment from you for this service.
- If you are not able to provide the personal information I request, then please be aware that I may not be able to provide you with the psychological services you have requested.
- Horsham psychology does not send information to patients regarding other services offered and I DO NOT share any information for marketing purposes.
Horsham Psychology uses both paper and secure electronic storage of patient data. This is in order to provide the most effective clinical service to you. Paper and electronic data is stored using GDPR complaint systems. These include, paper storage in a filing cabinet a encrypted electronic file server storage, also use of a secure email and 6 pin log in smartphone for contacting patients and other providers involved in your care.
How long I will hold it and why
Horsham Psychology will only store your personal and sensitive information for as long as it is required in line with professional guidance and legislation- The British Psychological Society (BPS) and The Health Care Professionals Council (HCPC). Horsham Psychology will only retain your personal data to fulfil the purposes it was collected for. Further information on data retention will be supplied in the patient privacy notice and contract but a summary is as follows:
- 6 months for referral enquiries that do not result in a person becoming a patient (termed “potential patients”).
- 7 years for for adults who are patients of Horsham Psychology.
- Age 18 + 7 years for children under the age of 18.
- For those individuals with a learning disability/neuropsychological information/court information should be stored for the lifetime of the client.
- There is a requirement by the HMRC Revenue and Customs that financial information including patient invoices to be stored for 6 years.
- The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology. BPS.
- Health and Care Professions Council (2017). Confidentiality Guidance for Registrants: London:HCPC.
Sharing data with third parties
Patient data will be held by Horsham Psychology for the purposes of assessment and treatment. Information will only be shared with a third party with consent of the patient. The exception being for purposes of safeguarding or risk to patient or others. Dr Quinn-Cirillo reserves the right to break confidentiality and share information with relevant safeguarding parties should a risk be identified. Dr Quinn-Cirillo will always inform patients should this occur and a discussion about informing other parties will take place.
For those patients who are referred via private health providers such as Bupa and AXAPPP, Horsham Psychology will share information about appointments with the provider in order to bill the provider for each treatment session. I may also share treatment updates with the provider for example, where the attention has requested to extend treatment. This is a prerequisite for many health providers in order to approve further treatment. Horsham Psychology will always discuss this with the patient before updating the healthcare provider.
Your right to access the personal information we hold about you
You have the right to access the information I hold about you. This is called a ‘subject access request” or “right of access” under the data protection act and the general data protection regulation. I will then supply you with:
- A description of the data I hold about you.
- Inform you how it was obtained (if not supplied by you)
- Inform you why and what purpose I am holding it.
- What categories of personal data are concerned.
- Inform you who this could be disclosed to.
- Inform you of the retention periods of the data.
- Inform you of any automated decision making including profiling.
- Let you have a copy of the information an an intelligible format.
You must inform a Horsham Psychology in writing to access the information I hold about you. I want to ensure your information is correct and up to date. You can ask me to correct or remove information to think is inaccurate.
- I will provide your patient information within 30 days of your initial request being received. There is no fee to access your personal data. However; if your request is clearly unfounded, repetitive or excessive I may charge a reasonable fee. Alternatively, I could refuse to comply with your request in these circumstances.
- I may need to request specific information from you to help confirm your identity and right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. I may also contact you to ask you further information in relation to your request to speed up the response.
- Please note that Horsham Psychology reserves the right to refuse a request to delete patient therapy records. These have to be kept for a period of 7 years for adults and different lengths for others as outlined above in accordance with the British Psychological Society (BPS) and Health Care Professions Council (HCPC).
- I may ask for identify documents to verify your identity.
- You have the right to get your information corrected if there are inaccuracies in the data we hold.
You have a the right to complain to a regulator (the Information Commissioners Office ICO) if you think that we have not complied with data protection laws.
Horsham Psychology uses a WordPress website so potential patients, referrers and agencies I may consult with can learn about me and the Psychological services that I offer.
The website Horsham Psychology is operated by WordPress.
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to remember you and your preferences either for a single visit (session cookie) or multiple repeat visits (persistent cookie). Source: WordPress.com
There are different types of cookies:
- Strictly necessary cookies – these include cookies that enable people to log into secure areas of a website, use a shopping cart or make use of e-billing services.
- Analytical or performance cookies- these allow websites to recognise and count the number of visitors and see how many visitors move around the website when they are using it. This helps website owners to improve the way their website works, for example by ensuring that visitors are finding what they are looking for easily.
- Functionality cookies- These are used to recognise when you return to a website. This enables websites to personalise their content for you, greet you by name and remember your preferences (for example your choice of language or region)
- Targeting cookies- These cookies record your visits to a website and the pages you have visited and the links you have followed. This information is used to make a website and the advertising displayed on it more relevant for your interest. This information may be shared with third parties for this purpose.
Please be aware that you can disable cookies via your internet browser. This may mean that some parts of this website may become inaccessible or not function properly.
The Horsham Psychology website does contain links to third party sites including the HCPC (Health Care Professions Council) and the BPS (British Psychological Society). Horsham Psychology is not responsible for the operation of third party sites and by following these links you are accepting liability for doing so.
It is possible to turn off cookies on the device you use to access a website. For some websites this can affect the performance of the website.
For further information visit www.allaboutcookies.org.
Dr Tara Quinn-Cirillo (CPsychol, AFBPsS)