Data Protection Policy
When you use Private Speech Therapy NI you trust us with your information and your data is important to us.
Private Speech Therapy NI, as with most providers of healthcare services, is aware of the need for privacy. As such, we aim to practise privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.
Private Speech Therapy NIis an Independent Speech and Language Therapy Service set up in 2010 by Mrs. Kate Scott, a fully qualified Specialist Speech and Language Therapist registered with the “Health and Care Professions Council’ (HCPC), ‘Royal College of Speech and Language Therapists’ (RCSLT), The ‘Association of Speech and Language Therapists in Independent Practice’ (ASLTIP), the ‘Information Commissioners Office’ (ICO) and ‘Her Majesty Revenue and Customs’ (HMRC).
Mrs Kate Scott - assumes the function of data controller and supervises the compliance with General Data Protection Regulation (GDPR) within the business.
Information we collect
Private Speech Therapy NI - holds personal data as part of conducting a professional service. The data comes under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.
The lawful basis for processing personal information is a ‘legitimate interest’ under article 6 of General Data Protection Regulation (GDPR). Private Speech Therapy NIcannot deliver a service to your child without processing personal information. Information relating to a child’s health is classified as ‘Special Category Data’ under section 9 of the GDPR. The regulations state that health professionals who are “legally bound to professional secrecy” may have a lawful basis for processing this information. Speech and Language Therapists are legally bound to keep client information confidential and it is under this condition that personal information is stored and processed.
Health care records
A healthcare record refers to all information collected, processed and held both in manual and electronic formats pertaining to the service user and their care. Speech and language problems can be complex, and a wide range of information may be collected in order to best meet the needs of the client, and to maintain a high quality service which meets best practice requirements. In order to provide a high quality service, a range of information may be collected.
Examples of data collected and held on all current and active clients include the following:
Contact details: Name, address, phone numbers, e-mail address
Personal details: date of birth, family members
Other contacts: name and contact details of GP and any other relevant healthcare professionals involved.
For child services:
Description of family, names/ages of siblings
Pre- and post-natal history: This can include information relating to mother’s pregnancy, and child’s birth.
Developmental data: developmental milestones, feeding history, audiology history.
Medical details: such as any relevant illnesses, medical diagnoses, medications, and relevant family history. Reports from other relevant allied health professionals such as: Audiology, Psychology, CAMHS (Child & Adolescent Mental Health Services), Occupational therapy, Physiotherapy.
Relevant Individual Educational Plans (IEPs), progress notes from educational staff and school reports may be held.
Specific data in relation to communication skills may be collected and held, such as assessment forms, reports, case notes, e-mails, text messages and transcripts of phone calls. Audio and video files may also be collected and stored.
General administration records
Private Speech Therapy NI -may hold information regarding attendance reports and accident report forms.
A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue. Private Speech Therapy NImay hold data in relation to: on-line purchasing history, card payments, bank details, receipts and invoices. Information will include name of bill payer, client name, address and record of invoices and payments made and accounts in arrears.
How we collect information
Personal data will be provided by the client, or in the case of a child (under 16 years), their parent(s)/guardian(s). This information will be collected as part of a case history form prior to and/or on the date of first contact (e.g. face to face, phone calls, emails, website enquires)
Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).
How we use information
We use the information we collect to provide assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of the business, such as running our electronic booking system, keeping our accounts and updating you of any changes in policies or fees.
Information may also be used for research purposes, with the written consent of the client or parent/guardian.
Data retention periods
The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed under confidential means.
How long does Private Speech Therapy NI keep personal information for?
Telephone enquiry - Until the enquiry has been completed. This is usually within 7 working days. If a referral is made, the information may be transferred to the child’s case notes otherwise the information will be destroyed.
Website enquiry - Until the enquiry has been completed. This is usually within 7 working days. If a referral is made, the information may be transferred to the child’s case notes otherwise the information will be destroyed.
Email - Emails are kept for approximately three months. After this time emails will be copied and stored on a password protected document as part of the child’s case notes or they will be destroyed.
Facebook Enquiry - Until the enquiry has been completed. This is usually within 7 working days. If a referral is made, the information may be transferred to the child’s case notes otherwise the information will be destroyed.
Case notes - Until the child’s 25th birthday or 26th birthday if they are 17 years old at the end of treatment. If under investigation or if litigation is likely, client files must be held in original form indefinitely.
Financial Records - Private Speech Therapy NI - keeps electronic/paper records of financial data from those who use our services. Financial Data is kept for 6 years to adhere to Revenue guidelines. Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.
Video Voice Recordings - Video records/ voice recordings relating to client care/video conferencing may be recorded with consent, analysed and then will be destroyed within 24 hours.
Information we share
We do not share personal information with companies, organisations and individuals outside Private Speech Therapy NI unless one of the following circumstances apply:
With your consent
We will only share your Personal Identifying Information (PII) to third parties when we have express written permission by letter or email to do so. We require opt-in consent for the sharing of any sensitive information.
Third parties may include: hospitals, GPs, other allied health professionals, educational facilities.
For legal reasons
We will share personal information with companies or organisations outside of Private Speech Therapy NI if disclosure of the information is reasonably necessary to:
Meet any applicable law, regulation, legal process or enforceable governmental request.
Meet the requirements of the Children First Act 2015.
To protect against harm to the rights, property or safely of Private Speech Therapy NI, our service users or the public as required or permitted by law.
To meet financial requirements
Private Speech Therapy NI –may also share financial data with aregistered accountantin order to comply with local tax laws.Private Speech Therapy NIwill obtain a copy of the accountant’s own Data Protection Policy.
For Transfer of data outside the European Economic Area (EEA)
Private Speech Therapy NI does not transfer personal data outside the EEA.
How and when we obtain consent
A link to the ‘Data Protection Policy’ will be included in the Initial Appointment confirmation email. During the initial assessment appointment, a consent form will need to be read and signed by the client or in the case of a child under 16 by the Parent(s)/ Guardian(s).
A copy of the ‘Terms and Conditions Policy’ will be provided and a signed copy will be held on file.
A copy of the ‘Cancellation Policy’ and ‘Services and Fees Policy’ will also be provided to clients.
Should a client wish to withdraw their consent for data to be processed and/or treatment, they can do so at any time by contacting Private Speech Therapy NI.
How we protect your data
In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in a number of ways:
By limiting the data that we collect in the first instance
By transmitting the data in certain specified circumstances only
Data will only be shared and transmitted, be it on paper, electronically or verbally, only as is required, and as set out in section 4.
By keeping only the data that is required
When it is required and by limiting its accessibility to any other third parties.
By retaining the data for only as long as is required
Client files will be held on record until the child’s 25th birthday or 26th birthday if they are 17 years old at the end of treatment.
Where data is required to be held by us for longer than the period set out above, we will put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These may include measures such as the encryption of electronic devices, pseudonymisation of personal data, and/or safe and secure storage facilities for paper/electronic records.
By destroying the data securely and confidentially after the period of retention has elapsed.
This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records to the individual.
By ensuring that any personal data collected and retained is both accurate and up-to-date.
Protecting your Rights to Data
Adults have the right to request data held on them as per article 15 of GDPR. A request must be made in writing. Further information regarding accessing your personal data are available in the document ‘Rights of Individuals under the General Data Protection Regulation’, downloadable from: www.gdprandyou.ie
For children under the age of 16, data access requests are made by their Parents / Guardians. When a child turns 16, then they may make a request for their personal data. However, this is subject to adherence with the Children First Act.
All persons working in, and with Private Speech Therapy NI in a professional capacity are briefed on the proper management, storage and safekeeping of data.
All data used byPrivate Speech Therapy NI, including personal data may be retained in any of the following formats:
The type of format for storing the data is decided based on the format the data exists in.
Where applicable, Private Speech Therapy NI may convert physical files to electronic records to allow us to provide a better service to clients.
Private Speech Therapy NI -understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which Private Speech Therapy NI use to ensure that the data is kept safe.
All information about you, your child and their speech and language therapy is stored securely in our systems to ensure that we have a complete record of our service to them. We use a secure electronic cloud-based system called “WriteUpp” which is compliant with general data protection regulations.
Writeupp is a cloud based application, physically located in the Republic of Ireland.
This system provider is aware of their requirements for GDPR compliance.
Microsoft Azureis the hosting platform who uphold the highest standards of privacy and data protection.
All persons working in Private Speech Therapy NIhave READ/WRITE/ DELETEaccess to records.
All persons require a secure log on and password in order to access the records.
A copy of the files ARE NOT madeon the users’ computer when in use.
The data controller in Private Speech Therapy NI CAN remove or delete users.
The data controller in Private Speech Therapy NI CAN change user passwords.
Prior to being uploaded to this system documents are temporarily stored on a Mac laptop which is only accessible via a secure password held by Mrs Kate Scott. Documents which contain confidential information such as reports and programmes are also individually password protected from the outset.
ONLY Mrs Kate Scott – Owner of Private Speech Therapy NI has access to these files.
These files are kept in a container secured under lock and key within alarmed premises.
The minimum amount of confidential information will be taken out of the Speech and Language Therapist’s office base. When your child’s information is taken out of the office base it will be kept with the Speech and Language Therapist or will be locked in the boot of the Speech and Language Therapist’s car (whichever is deemed to be the most secure at that time).
Private Speech Therapy NI -understands that requirements for electronic and physical storage may change with time and the state of the art. As such, the data controller in Private Speech Therapy NI reviews the electronic and physical storage options available to Private Speech Therapy NI every 6 MONTHS.
All physical devices used by persons working in Private Speech Therapy NI which may contain any identifiable PII (Patient Identifiable Information) - ARE enabled with loss theft tracking and remote wipe abilities.
All persons working in Private Speech Therapy NI are aware and briefed on and refresh the requirements for good data hygiene every 6 MONTHS. This briefing compliance is monitored by the Private Speech Therapy NI data controller and includes, but is not limited to:
- Awareness of client conversations in unsecure locations.
- Enabling auto-lock on devices when leaving them unattended, even within Private Speech Therapy NI locations.
- Use of non-identifiable note taking options. (initials, not names).
- The awareness of Private Speech Therapy NI procedure should a possible data breach occur, either through malicious (theft) or accident (loss) of devices or physical files.
Data protection legislation gives you, the parent, various rights. The most important of these are as follows:
You have the right to a copy of information we hold about your child.
You have the right to ask for your record to be amended if you believe that it is wrong.
How to access your child’s records
You can access the information we hold about you by writing to us at the address given below. Please apply in writing rather than by email, so that we receive an original signature to compare against the records we hold. A small administration fee will be payable.