Privacy Policy

Last updated: 01/02/2025

Introduction

This is the Privacy Policy for Sue Hinds, an Independent Speech and Language Therapist. This policy will be reviewed and updated every two years, or sooner if there are any important changes to legislation.

I am committed to protecting your personal data and ensuring that your rights to privacy are protected. I gather, store, and process your personal data in accordance with the requirements of:

· The Data Protection Act (2018)

· The General Data Protection Regulation (GDPR, 2018)

· The guidelines set out by the Information Commissioner’s Office (ICO)

· The professional guidelines and requirements as set out by the Royal College of Speech and Language Therapists (RCSLT)

· The Health and Care Professions Council (HCPC)

· The Association of Speech and Language Therapists in Independent Practice (ASLTIP).

I am registered as a data controller with the ICO and can be found on the ICO register https://ico.org.uk/register by searching for Sue Hinds. I am registered with HCPC and RCSLT and complete yearly Information Governance training.

Why is my personal information required?

I need to collect comprehensive and accurate personal data from you to provide safe and effective intervention that is tailored to your individual needs. My lawful basis for processing and storing personal information is one of ‘legitimate interest’ under article 6 of GDPR. Data relating to an individual’s health is classified as ‘Special Category Data’ under section 9 of the GDPR.

GDPR specifies that health professionals who are “legally bound to professional secrecy” may have a lawful basis for processing this data. Speech and Language Therapists are legally bound to keep client information confidential, and it is under this condition that we process and store personal information. This is set out by the Royal College of Speech and Language Therapists and Health Care Professions Council.

How is my personal information kept?

I collect personal information from you when you make contact to enquire about my services. Any information collected by phone, or in writing is stored and used only by me for the basis of delivering Speech and Language Therapy intervention to you.

This information is stored on a secure electronic records system, Information collected during Speech and Language Therapy sessions is also written up electronically and stored on this system. No paper notes are kept.

What personal information is collected?

The personal data required from you may include:

  • Personal details such as your age, address, telephone number and general medical practitioner.
  • Your past and current medical information, including clinical reports where appropriate.
  • Your social situation including employment and support from family members, where this is relevant to your rehabilitation.

Other personal data that may be stored includes:

  • Results or comments following your performance on formal and informal assessments which you may share with me.
  • Information about the treatment or services that I have provided or propose to provide.
  • Notes of conversations that are relevant to my involvement with you.
  • Correspondence with other health care professionals that relates to your care.
What other information might I collect?

With your consent, videos, or audio recordings of you may be taken as part of your assessment or treatment. These are recorded and temporarily stored on a password-protected tablet or mobile phone. If these need to be kept, i.e., to review at the end of a block of therapy, they are then transferred to my password-protected laptop and stored in a password-protected folder. Consent can be refused or withdrawn at any time. If consent is withdrawn, the video or audio recording will be deleted without delay.

How is my personal information used?

I may collect information and use it in the following ways:

  • To arrange, plan and provide Speech and Language Therapy as appropriate to meet your individual needs.
  • To communicate with you via email, telephone, or SMS in relation to, for example: arranging and planning for sessions.
  • Sending you copies of reports and programmes (password-protected where personal data is included).
  • Communicating with other professionals involved in your care (your initials rather than full name will be used in emails).
  • Sending therapy resources.
  • Sending invoices.

Whenever personal identifiers are not needed for these tasks, if possible, they will be removed from the communication.

Will my personal information be shared?

With your written consent, information about your speech, language and swallowing difficulties may be shared with other professionals involved in your care, when it is in your best interests.

You will be fully informed about who your data will be shared with and what data is to be shared. A record of your consent is kept within your clinical notes. Unless required by law, I will not disclose any personal information collected to any person other than as set out above. In the unlikely event that there is a legal requirement to share your personal data with law enforcement and government bodies, this would be in relation to: the prevention or detection of crime and/or fraud; the apprehension or prosecution of offenders; the assessment or collection of tax owed to

HMRC; legal proceedings; a requirement to satisfy safeguarding obligations; supporting emergency services or local authorities to respond to an emergency situation that affects you.

If it is necessary as part of your care to transfer personal data to a country or territory outside the European Economic Area, I will do so in accordance with data protection law. I do not employ agents to process personal data, for example specialist mailing companies to send out communications, and client details are not given or sold to any third parties.

How is my personal information stored

Documents containing confidential information including clinical notes, assessment record forms, reports and therapy programmes are recorded on an online clinical records programme called WriteUpp, which is password-protected and only accessible by myself. WriteUpp is used widely within both the NHS and private practices. Further information regarding the security of WriteUpp can be found here.

Emails are accessed on both a password-protected laptop, tablet and a smartphone.

In accordance with law, all records will be kept securely for eight years. After this time all your records will be destroyed.

What happens if a personal data breach occurs?

Personal data breaches involve personal data becoming accidentally or unlawfully lost, stolen, destroyed, altered, or disclosed where it should not have been. In the extremely unlikely event that a breach occurs, all reasonable efforts will be taken to contain and minimise the impact of the breach, and the breach will be reported to the ICO within 72 hours.

I make all reasonable endeavours to ensure that there are no personal data breaches. For example, all your clinical records relating to your Speech and Language Therapy intervention are stored on the secure online clinical records system, WriteUpp. No paper notes are kept, and no information is kept on a USB device. The only personal data saved directly onto a laptop are audio and video recordings which WriteUpp currently does not have the facility to upload; these are stored in a password-protected folder with your initials rather than full name.

If reports are sent via email, they are sent as password protected PDF documents and the password is provided separately.

How can I withdraw my consent to my personal data being collected or stored?

I seek explicit consent from you where possible, to collect, store and share your personal information. There are some situations where you may provide consent implicitly; for example, by providing information via email, or online case history forms. You may withdraw your consent at any time, however if you do so, it may no longer be possible to provide you with Speech and Language Therapy intervention.

How can I access my records?

You are legally entitled under GDPR to access the information I hold about you. This is a Subject Access Request. According to the Information Commissioner’s Office (ICO) and their code of practice for subject access requests, you have the right to a copy of the information I hold about your care in addition to the right to ask for it to be amended if you feel it is incorrect. A copy of your records is provided free of charge, within 30 days of receipt of all necessary information.

Please make your request in writing via email to enrichcaring@gmail.com including the following information: Your name, your correspondence address, your contact number and email address, the details of the information requested.

If you are requesting a copy of the records on the behalf of the individual, this can only be provided if you hold the Lasting Power of Attorney for Health and Welfare. I will need to see evidence of this documentation before sharing any records.

When responding to requests, I will need to ask the individual to provide two forms of identification. The individual may be contacted via telephone to confirm the request was made. Information may not be disclosed if there is a risk of serious harm to the physical or mental health of the subject or another individual.

If the request is complex or numerous, the individual may be informed that I will comply within three months of receipt of the request. I will inform you of this within one month and explain why the extension is necessary. If the request is unfounded or excessive, I may refuse to act on it or charge a reasonable fee which considers administrative costs. A request will be deemed to be unfounded or excessive if it is repetitive or asks for further copies of the same information. If refusing a request, the individual will be informed of the reasons for this, and they will be informed of their right to complain to the ICO.

How can I make a comment, suggestion, complaint?

If you have any further questions about, I use your information, please contact enrichcaring@gmail.com. Further information about data protection legislation and your rights is available from the Information Commissioner’s Office (ICO). I am interested to hear any comments or suggestions about any improvements that could be made to the collection and storage of personal information. Please email me or telephone if you are not happy with this privacy policy or if you have any complaint in respect to how your personal information is processed. In the unlikely event that this cannot be resolved, you have a right to make a formal complaint to the ICO.