Main photo with kind permission of Alicia Hendrick.
Hendrick Psychological Services, Data Protection & Privacy Policy
The private practice offers psychological and therapeutic services that are available to private self- funded clients, referrals from health insurers and from health colleagues. The practice is also compliant with guiding legislation as detailed below to promote safety, effective assessment and interventions in conjunction with the rights of the client.
This practice recognises and values the diversity of all people using the service and does not discriminate on the basis of gender, age, sexual orientation, marital status, family status, socioeconomic status, religion, disability, race, ethnicity and membership of the Traveller Community (PSI Guidelines for Good Practice with Lesbian, Gay and Bisexual Clients).
Locations
The current location is in Edinburgh and via zoom.
How to Make an Appointment
An appointment can be made via several routes:
The aim is to respond to messages within 24 hours during weekdays. However, this may not always be possible. A recorded message will direct any caller to absences such as annual leave, professional training and direct to external support services. Every effort will be made to offer a client an appointment as soon as possible. If an appointment is to be cancelled, clients are asked to contact the service 48 hours in advance to avoid incurring any charges. For clients attending an on site practice, the notice period may vary for room cancellation and each client will be informed at assessment of local cancellation fees.
Confidentiality
This is a confidential service aligned with the code of practices of HCPC; PSI and BACP. However, conditions of confidentiality are subject to the Freedom of Information Act 2000; Data Protection Act of 2018 and the Children and Young People (Scotland) Act 2014. Such exemptions to confidentiality include:
If the psychologist receives a request for information, then informed consent is required from the individual client before this takes place. In the event of an external contact e.g. specialist/agency/employer/health insurer/family/friend, no information can be provided by the practice without the direct and confirmed consent of the client. Any reports requested will be sent electronically and will be password protected. If a third party e.g. a referral from a practitioner, provides personal information then the privacy notice will be sent to the named person within one month of receiving this information if this is not a current client of the service.
Withdrawal of Consent
Data obtained and managed by a health practitioner is classed as special category data and any request for withdrawal will be assessed on a case by case basis, with input as required from ICO https://ico.org.uk Exceptions to this right are detailed below:
The GDPR also specifies two circumstances where the right to erasure will not apply to special category data:
“If the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
If the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).
For more information about special categories of data please see our Guide to the GDPR”.
Client Records
The psychologist is required to clarify the rationale for the collection of data, in accordance with GDPR legislative guidelines and to maintain the appropriate professional standards within the realms of professional accountability. The HCPC Practitioner Psychologist registered with the Information Commissioner's Office on 28/04/19 with annual review due 15/05/24.
The forms of record keeping are:
(A) Client Registration Form which is completed by the client when he/she first meets with a psychologist. This documents biographical information such as name, contact details, GP, etc
(B) An Assessment which is completed during the first session for the purposes of understanding the issues and life circumstances the client is currently dealing with. This may include psychometric assessment materials such as CORE. This forms the basis of their therapeutic treatment plan. (C) Individual case notes which contain documentation of key issues, therapeutic interventions, plan of action etc.
(D) Electronic person identifiable information is encrypted by default (Ionos); paper-based recordings are kept in a physical file stored in a locked filing cabinet in a secure location; mobile phone storage contains first name only and is pin protected. Laptop for appointments is password protected. For website information please see the section on cookies below.
(E) Zoom consultations are by arrangement and constitute a minor part of professional practice. Where this is relevant, the client is agreeing that they are subject to Zoom’s GDPR guidelines. Guidelines for GDPR are listed here: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU- GDPR-Compliance
(F)The information collected is to communicate with the client and to provide an effective and safe practice to the client in line with the regulatory body, HCPC.
(G) Notify the client without undue delay on becoming aware of a personal data breach or communication which relates to your or your client's compliance with the Data Protection legislation.
Payments and Data Protection
Self funded clients are requested to pay for sessions prior to an appointment.
Clients rights under data protection can be read here: www.knowyourprivacyrights.org
You have the right to make a subject access request to see information by contacting the psychologist directly and will receive a response within one month of a written request. The assessment of this request is based on the clients rights and health assessment. If it is possible to provide this information, this will be processed but consideration will be if this information negatively impacts on the clients wellbeing or it is related to a third party.
Case Notes
The psychologist regards confidentiality as paramount in the maintenance of record keeping. Therefore, each client who approaches the service is allocated an ID number which is communicated only within the psychological practice. All case notes are attached with individual ID’s only. No identifying information obtained by the practice is transferred to any other area. Non identifying information may be used for statistical purposes. All records are shredded after 7 years unless there is a request to maintain them e.g. health insurer or legal request.
Accountability
In the interest of maintaining a professional standard of service to the client population, the aim of the psychological practice is to offer a transparent procedure for the investigation of complaints in regards to the conduct of the psychologist. If there are any concerns about the conduct of the psychologist, clients are encouraged to address this initially with the psychologist. If this route is not satisfactory, then complaints can be submitted to the Health Care Professions Council. Contact details are: https://www.hcpc-uk.org/concerns/raising-concerns/
For data protection, complaints can be made to the Information Commissioner’s Office: https:ico.org.uk
International clients
The governing law is Scottish law. The Scottish Courts have exclusive jurisdiction to deal with any disputes or complaints.
Health and Safety
In light of the coronavirus pandemic, face to face consultations will be in compliance with Scottish Government guidance and local risk assessment practices at therapy rooms in Edinburgh.
Quality of Practice
At the end of contact with the psychologist, clients may be asked to complete anonymous questionnaires. The feedback from questionnaires will enable direct feedback from the clients regarding their perception and effectiveness of the psychologist practice.
Clinical Supervision
To maintain the professional standards of practice, the psychologist receives feedback from regular supervision meetings. The psychologist discusses client cases with their supervisor in individual and group clinical meetings and is guided by the expertise on best therapeutic practice. The supervisor and members are bound by the same confidentiality practices as the psychologist. This, in conjunction with liaison with professional colleagues, written resources, current research and participation in further training enables the practice to strive to provide a high standard of service.
Website data
No direct personal information is collected via the website (Hendrick psychological services). Data will be stored securely by third party servers weebly located in the UK which are compliant with EU/UK legislation, with security certificate. Data submitted by email will be kept for approximately 6 months and deleted unless there is a legitimate reason for keeping this as part of the client case record.
Cookies
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a customised experience within this website and to improve functionality. Cookies provide the ability of software to track website usage only.
Should users wish to deny the use and saving of cookies from Hendrick Psychological Service’s website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website.
Policy Review
This data protection and privacy policy will be subject to change upon annual review of guiding information and legislation. If this occurs, clients will be alerted and provided with an updated policy. Next review due February 2025.
BACP (2023) Privacy Notice Guide. Sourced on 17/02/24 at: www.bacp.co.uk
Hendrick Psychological Services, Data Protection & Privacy Policy
The private practice offers psychological and therapeutic services that are available to private self- funded clients, referrals from health insurers and from health colleagues. The practice is also compliant with guiding legislation as detailed below to promote safety, effective assessment and interventions in conjunction with the rights of the client.
This practice recognises and values the diversity of all people using the service and does not discriminate on the basis of gender, age, sexual orientation, marital status, family status, socioeconomic status, religion, disability, race, ethnicity and membership of the Traveller Community (PSI Guidelines for Good Practice with Lesbian, Gay and Bisexual Clients).
Locations
The current location is in Edinburgh and via zoom.
How to Make an Appointment
An appointment can be made via several routes:
- By telephoning Katie Hendrick on: 07907904840
- By Emailing at: [email protected]
The aim is to respond to messages within 24 hours during weekdays. However, this may not always be possible. A recorded message will direct any caller to absences such as annual leave, professional training and direct to external support services. Every effort will be made to offer a client an appointment as soon as possible. If an appointment is to be cancelled, clients are asked to contact the service 48 hours in advance to avoid incurring any charges. For clients attending an on site practice, the notice period may vary for room cancellation and each client will be informed at assessment of local cancellation fees.
Confidentiality
This is a confidential service aligned with the code of practices of HCPC; PSI and BACP. However, conditions of confidentiality are subject to the Freedom of Information Act 2000; Data Protection Act of 2018 and the Children and Young People (Scotland) Act 2014. Such exemptions to confidentiality include:
- If the psychologist is alerted to a child or vulnerable adult at risk of harm, as defined by the Children Scotland Act 2015 and Adult Support and Protection Act 2007, then the psychological has a legal and ethical responsibility to inform the relevant Social Care Directorate Office/Protection Team and/or Police department.
- If a psychologist assesses that a client is at significant risk of harming his/her self or is assessed to be of harm to others then the psychologist has a duty of care to breach agreed confidentiality.
- The records maintained by the psychological practice may be subpoenaed by a court of law.
If the psychologist receives a request for information, then informed consent is required from the individual client before this takes place. In the event of an external contact e.g. specialist/agency/employer/health insurer/family/friend, no information can be provided by the practice without the direct and confirmed consent of the client. Any reports requested will be sent electronically and will be password protected. If a third party e.g. a referral from a practitioner, provides personal information then the privacy notice will be sent to the named person within one month of receiving this information if this is not a current client of the service.
Withdrawal of Consent
Data obtained and managed by a health practitioner is classed as special category data and any request for withdrawal will be assessed on a case by case basis, with input as required from ICO https://ico.org.uk Exceptions to this right are detailed below:
The GDPR also specifies two circumstances where the right to erasure will not apply to special category data:
“If the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
If the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).
For more information about special categories of data please see our Guide to the GDPR”.
Client Records
The psychologist is required to clarify the rationale for the collection of data, in accordance with GDPR legislative guidelines and to maintain the appropriate professional standards within the realms of professional accountability. The HCPC Practitioner Psychologist registered with the Information Commissioner's Office on 28/04/19 with annual review due 15/05/24.
The forms of record keeping are:
(A) Client Registration Form which is completed by the client when he/she first meets with a psychologist. This documents biographical information such as name, contact details, GP, etc
(B) An Assessment which is completed during the first session for the purposes of understanding the issues and life circumstances the client is currently dealing with. This may include psychometric assessment materials such as CORE. This forms the basis of their therapeutic treatment plan. (C) Individual case notes which contain documentation of key issues, therapeutic interventions, plan of action etc.
(D) Electronic person identifiable information is encrypted by default (Ionos); paper-based recordings are kept in a physical file stored in a locked filing cabinet in a secure location; mobile phone storage contains first name only and is pin protected. Laptop for appointments is password protected. For website information please see the section on cookies below.
(E) Zoom consultations are by arrangement and constitute a minor part of professional practice. Where this is relevant, the client is agreeing that they are subject to Zoom’s GDPR guidelines. Guidelines for GDPR are listed here: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU- GDPR-Compliance
(F)The information collected is to communicate with the client and to provide an effective and safe practice to the client in line with the regulatory body, HCPC.
(G) Notify the client without undue delay on becoming aware of a personal data breach or communication which relates to your or your client's compliance with the Data Protection legislation.
Payments and Data Protection
Self funded clients are requested to pay for sessions prior to an appointment.
- Payment information such as invoices, receipts etc are kept for a period of 6 years in line with HMRC requirements.
- Card payments are processed via IZettle. www.izettle.com who are fully compliant with EMV, certified by PCI, and using TDES with hardware cryptography and HTTPS for all communication.
- For private health clients, there are individual requirements per insurer to facilitate payments of invoices which will be discussed at the first appointment.
- The practice is registered with Healthcode.co.uk for ebilling who are GDPR compliant.
- Payments are accepted, as requested, via Business paypal. See their privacy policy here: www.paypal.com/uk/legalhub/privacy-full
Clients rights under data protection can be read here: www.knowyourprivacyrights.org
You have the right to make a subject access request to see information by contacting the psychologist directly and will receive a response within one month of a written request. The assessment of this request is based on the clients rights and health assessment. If it is possible to provide this information, this will be processed but consideration will be if this information negatively impacts on the clients wellbeing or it is related to a third party.
Case Notes
The psychologist regards confidentiality as paramount in the maintenance of record keeping. Therefore, each client who approaches the service is allocated an ID number which is communicated only within the psychological practice. All case notes are attached with individual ID’s only. No identifying information obtained by the practice is transferred to any other area. Non identifying information may be used for statistical purposes. All records are shredded after 7 years unless there is a request to maintain them e.g. health insurer or legal request.
Accountability
In the interest of maintaining a professional standard of service to the client population, the aim of the psychological practice is to offer a transparent procedure for the investigation of complaints in regards to the conduct of the psychologist. If there are any concerns about the conduct of the psychologist, clients are encouraged to address this initially with the psychologist. If this route is not satisfactory, then complaints can be submitted to the Health Care Professions Council. Contact details are: https://www.hcpc-uk.org/concerns/raising-concerns/
For data protection, complaints can be made to the Information Commissioner’s Office: https:ico.org.uk
International clients
The governing law is Scottish law. The Scottish Courts have exclusive jurisdiction to deal with any disputes or complaints.
Health and Safety
In light of the coronavirus pandemic, face to face consultations will be in compliance with Scottish Government guidance and local risk assessment practices at therapy rooms in Edinburgh.
Quality of Practice
At the end of contact with the psychologist, clients may be asked to complete anonymous questionnaires. The feedback from questionnaires will enable direct feedback from the clients regarding their perception and effectiveness of the psychologist practice.
Clinical Supervision
To maintain the professional standards of practice, the psychologist receives feedback from regular supervision meetings. The psychologist discusses client cases with their supervisor in individual and group clinical meetings and is guided by the expertise on best therapeutic practice. The supervisor and members are bound by the same confidentiality practices as the psychologist. This, in conjunction with liaison with professional colleagues, written resources, current research and participation in further training enables the practice to strive to provide a high standard of service.
Website data
No direct personal information is collected via the website (Hendrick psychological services). Data will be stored securely by third party servers weebly located in the UK which are compliant with EU/UK legislation, with security certificate. Data submitted by email will be kept for approximately 6 months and deleted unless there is a legitimate reason for keeping this as part of the client case record.
Cookies
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a customised experience within this website and to improve functionality. Cookies provide the ability of software to track website usage only.
Should users wish to deny the use and saving of cookies from Hendrick Psychological Service’s website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website.
Policy Review
This data protection and privacy policy will be subject to change upon annual review of guiding information and legislation. If this occurs, clients will be alerted and provided with an updated policy. Next review due February 2025.
BACP (2023) Privacy Notice Guide. Sourced on 17/02/24 at: www.bacp.co.uk