One of the concerns for many counsellors and psychotherapists when starting out in private practice is how they manage notes and information they hold on clients.
An important element of this is governed by the Data Protection Act (1998) which involves us registering each year with the Information Commissioners Office (ICO) and the payment of a fee. This department functions to ensure data held on individuals is held and managed in a safe and ethical manner.
In May of this year, the ICO will be implementing a new initiative called the General Data Protection Regulation (GDPR) and along with this initiative there will be several changes that are relevant to counsellors and psychotherapists in private practice. Firstly, you will no longer need to register every year. However, there will continue to be an annual charge to cover the work undertaken by the ICO. Secondly, there have been some changes to the rights of the individuals whose data you are holding. This is my understanding of the resulting rights:
Consent – you will need to ensure that you have consent from the individual to hold information about them. This may well be something that you might want to think about building into your administration contract, and perhaps getting the person to sign the contract to confirm they agree with all elements of the contract.
Right to access – the individual has a right to view all information that you hold about them. With this in mind, you may want to think carefully about what you do and do not want to include in your notes. If unsure this could be a valuable area to explore in your own supervision.
Breach notification – this is concerned with data you hold being viewed by other parties. In such an event you would need to inform the client, your professional body (e.g. BACP, UKCP) and the ICO within 72 hours of the breach occurring. The problem here is not so much with manual filing systems but with data held on computer systems. In these cases, the question
arises as to how do you know a breach has occurred? Those of you holding such data electronically may well need expert advice to hep with this issue.
Right to be forgotten – the client has the right to ask you to destroy any data that you hold on them. This may well take precedence over any requirements outlined in Codes of Professional Practice which stipulate periods for which client notes should be kept. Whilst many of us may not store client information electronically, because by its nature client information is the type of information that would be held in a filing system, it still falls within the remit of data protection. It is therefore important that we are aware of the latest regulations and what may be required of us when working in private practice.
Mark Head CTA(P), TSTA(P), UKCP Reg. Psychotherapist is an internationally endorsed trainer and supervisor. He is a director of the Link Centre www.thelinkcentre.co.uk a training Centre in East Sussex offering counselling and psychotherapy courses, CPD workshops and free wellbeing events. Mark divides his time between his private client practice, supervising and training. As well as a grounding in TA, Mark is also a Mindfulness Instructor.