Dr Jo McColl acts as the data controller and is registered with the Information Commissioners Office.
What information is being collected?
In order to work as a clinical psychologist, it is part of my professional practice to collect personally identifiable information. This will include your name, address, email address, date of birth and phone number. I will also require your GP details and insurers details if applicable. This would be collected in a form prior to your first appointment. Using an iPad, I will take written electronic clinical notes during our sessions in order to help me remember your important details, and to think about and plan our sessions. I am professionally required to keep these clinical notes which may contain sensitive information. These clinical notes will be password protected and stored on a note taking app called Notability. Your electronic clinical notes will also be uploaded to a cloud based storage system called OneDrive and also within a very secure and confidential practice management software system (WriteUpp). Any paper notes taken will be shredded upon your discharge from therapy as you will have an electronic casenote record.
I may sometimes use psychological outcome measures (in order to understand more about difficulties and your progress within therapy).
In order to reduce the risk of data breach it is strongly recommended that you do not disclose sensitive information via email or text message and I will also not do this when sending information to you.
Why is information being collected?
Such information is necessary to fulfil the contracted service that I have been asked to provide (e.g. therapy or a clinical report). I require your GP details to allow me to contact them should I be concerned about your current level of risk. I require your contact details so I can reach you should an appointment need to be rearranged. In order for me to contact you by text I will store your first name and surname initial on my mobile phone. No other information will be stored about you in this format. This information is only accessible by me and is password protected. I will delete your details from my phone as soon as we finish working together. We will discuss if you do / do not wish to be contacted by phone and your privacy will always be respected.
Your written information will be kept in a file and stored securely to which I will only have access to. All digital information and storage will be encrypted (e.g, emails, information databases etc). Your information will be retained for 7 years as according to professional HCPC guidelines. Your information will be deleted at the end of these 7 years.
Who will my information be shared with?
The information you provide is confidential, however there are certain circumstances where I have a duty of care to share your information:
if there are significant concerns regarding your own levels or risk and safety
to protect a child or vulnerable adult thought to be at risk
if I am asked to disclose your personal data in order to comply with any legal obligation
I can also share your information if you have given explicit consent that you wish it to be shared (e.g. with another professional or family member).
I will not routinely share your information with other health professionals (e.g, your GP) unless you specifically ask or if there is any significant risk of harm to yourself or others.
Right to access
You have a right to ask for a copy of your personal information (free of charge) in an electronic or paper format and within one month of your request.
Right to rectification
You have the right to request changes to factually inaccurate information that I hold about you. If this is a change to a report, this change would be added in a further letter to highlight the inaccuracy.
Right to erasure
GDPR guidance states that people have the right to 'be forgotten' i.e., for information held about them to be erased. Within my practice as a clinical psychologist, and in line with guidance from the HCPC, I have a lawful basis to retain your information for 7 years therefore this right does not apply to health records and I would be unable to erase any part of your health records.
A cookie is a small file which asks permission to be placed on a computer hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
I use traffic log cookies to identify which pages are being used. This helps me analyse data about webpage traffic and improve my website in order to tailor it to client needs. I only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help provide a better website by enabling me to monitor which pages clients find most useful. A cookie in no way gives me access to your computer or any information about you, other than the data you choose to share with me.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
My website may contain links to other websites of interest. However, once you have used these links to leave my site, please note that I do not have any control over the destination website. I therefore cannot be responsible for the protection and privacy of any information which you provide whilst visiting other sites and such other sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If you wish to discuss any of the above, please do not hesitate to ask me.
Dr Jo McColl