Privacy Policy
Legal Framework
I am obliged to keep records concerning you, your health and the treatment I have undertaken with you for a period of 8 years after we have finished working together. I am also required to maintain a record of your last recorded contact details to enable me to address any issues relating to your treatment over this 8 year period. After this time these detailed records will be destroyed.
I have reviewed my practice, privacy policy and terms of engagement, in the context of the GDPR (General Data Protection Regulations) which came into force on 25th May 2018 and have ensured that my practice is fully compliant.
I will update my policies and terms as is required and the latest version on any policy will always be published on my website. I welcome any comments you may feel appropriate.
I am registered under the Data Protection Act 1998 Registration Number: ZA046776 - and follow the Code of Practice of the National Council of Hypnotherapy as well as the NHS Code of Practice. Data Protection is important to everyone and is also covered by The Human Rights Act 1988 and The Equalities Act 2010 may also apply.
Data Protection is a complex area of law and I take my responsibilities under it seriously. Any employee or contractor with whom any data is shared is fully appraised of their duty in law to maintain the strict confidentiality of the data with which they are entrusted and of the detailed requirements of the codes of professional practice to which I strictly adhere.
Securely Storing Your Data
Initially your records are held on my Remarkable tablet (and app) and on iCloud – both of which are password protected and to which only I have access. At the conclusion of your treatment the records are all uploaded to secure iCloud Storage to which only I have access.
My computer, network and email security are set at enterprise level in terms of passwords, anti virus and anti malware and rely only on Apple preserving the integrity and security of their iCloud enterprise servers. No data is stored electronically outside iCloud once your treatment is completed.
My client database contains only your contact details and matters relating to my accounts, this is shared with administrative staff. My research database contains only fully anonymised data which requires a strong password to access and the anonymised data is only ever shared with other medical and academic research personnel with your
specific permission.
Use of Your Data in the Day to Day Business of My Practice
I record your name and contact details on my booking system – 10 to 8 - these will be shared where necessary with administrative staff contracted to or employed by my practice to run its day-to-day business. These details are always separated from details of your sessions. The only circumstance in which any further information - regardless of how this is acquired - is shared with administrative staff is where this information is required for any legal or accounting business purpose.
Use of Your Data during your sessions
I record your date of birth, presenting issue, dates and details of each session you attend, together with any test or assessment documentation and my own notes and observations from that session. These are used to record progress and measure the impact of the various interventions I use over the course of your treatment and to guide the overall course of your individual treatment.
Use of Anonymised Data in Research and Continuous Professional Development
I summarise the details of all clients treatment and add them to my client research database, which is an on-going research tool and CPD quality control measure of my professional practice. At your induction session I will ask your specific written permission to share fully anonymised abstracts of this data with appropriate health professionals and academic research personnel.
Use of Your Contact Data for any other purpose after any therapy we undertake is complete.
My Hypnotherapy is designed to be brief therapy and to reach a natural conclusion when your issue is resolved or we agree that further progress is unlikely. Under no circumstances will your contact details be shared outside the practice of My Hypnotherapy Works unless I am obliged by the requirements of statute law, the public interest, or to facilitate any other legal process to do this. You are free to change or revoke any permissions you have given by notifying me in writing or by email at any future date.
I will always seek your explicit and informed consents for any and all other purpose in which your data might be used in the future, and maintain a record of these consents in a database that records these permissions as they are signed by you in both your own and my copy of the Terms of Engagement. Some examples of the consents I might ask you for are - emailing you a newsletter or an article I have found that I think might interest you, or to follow up on your progress after 6 months or a year. I'm professionally interested in your progress and such feedback helps me improve my practice.
Your Right to See Your Records
I know that you value the privacy and security of all personal information I hold and all your individual records are available for your inspection with reasonable notice in writing - including email. I consider 5 working days to be reasonable notice unless there are some urgent circumstances requiring earlier availability. Before making your records available to you I will formally check your identity by reference to documents such as your Passport or Driving Licence. You may ask me to correct any information we hold on you that is inaccurate or incorrect, please let me know where this is the case.