General Data Protection Regulations, 2018 (GDPR)
Frequently asked questions & Terms and Conditions including provision for Covid 19
The frequently asked questions and answers in this document establish the terms and conditions for therapy at Miv’s Hypnotherapy Solutions, both in person and over Zoom. Please make sure these terms and conditions are fully accepted by you before attending succeeding appointments after the initial consultation. If you feel you may need something changed, please speak with me before our second session.
What is the General Data Protection Regulations, 2018 (GDPR) and how does it affect me?
The GDPR replaces the 1998 Data Protection Act. GDPR ensures your personal and sensitive, confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights when you have received services for example, that might involve your identifiable data, in this instance, your name and address or whether you have a specific condition. It also covers any session records; text messages or emails we send.
How long will you hold my information for?
I am regulated by the AfSFH and CNHC. These organisations stipulate that any records I keep should be kept in the manner required by the GDPR regulations and for a period of a minimum of 8 years after the final session. If you are a child, I must keep the data until your 25th birthday, unless you are 17 when treatment finishes and then I must keep it until you are 26 years of age.
What if I don’t want my records to be held for that long?
Under the GDPR you can request in writing that all your records are deleted. All your paper records would be shredded with a cross shredding machine and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I would have to save your request for deletion of your records but that would be the only information I saved. In some circumstances my insurance company and their legal team may want to verify information I send out.
Why do you need to record this information?
In the process of supporting you, I need to collect information about your reason for coming to see me, a small amount of medical information and some information about your important other people. I will also keep brief session notes to enable me to offer you the best support, ongoing.
If you would agree to do so, anonymised information would be shared with the national CORP research project which is an anonymised outcomes measured tool for Solution Focussed Hypnotherapy. The tool has an added benefit as it also helps monitor progress over the course of sessions. Although the information collated can be useful for us during session, it is entirely voluntary, and we will discuss this at your initial consultation.
Your contact details, address and doctor information may be needed as a part of Covid 19 management and track and trace, if face to face meetings are held, providing you give permission for this to be shared and in the event of me testing positive for Covid 19 in the current recognised time frame of your attendance.
How do you keep my information secure?
Hardcopy documents – Are all stored in folders, in files, in a locked room.
Text messages – My phone is secured with a pin code.
Emails and attachments – My computer is password protected and kept in the locked room.
CORP research project – If you choose to be involved with this at your initial consultation your data will be stored anonymously on a password protected computer. It will not be possible to identify you from the data collected and stored on the CORP national database.
Are our discussions confidential?
Anything we discuss is confidential between us. I may sometimes need to discuss elements with my supervisor as supervision ensures I am doing my job well and providing you with the best support possible. During any such conversations, I do not share any details that may identify you. My supervisor must also follow GDPR.
If we see each other away from session, what happens?
To maintain your confidentiality, I will smile and acknowledge you but will not get into any discussions with you in order to protect your confidentiality. You can discuss the therapy you receive with anyone you chose to. GDPR means that I am obliged by law to maintain your confidentiality and therefore will not discuss sessions outside of our arranged times.
What if other Health and Social Care Professionals are involved?
GDPR ensures that if there was a need for me to be in touch with other health and social care providers, this would only be made with your signed consent. For example, if I were to write to your GP to notify them of your therapy with me, and then notify them of the therapy ending, I would only do this if you were to sign the specific consent for this. Exceptions: 1. Safeguarding: If you were to share during session that you were going to harm yourself or someone else, I have a duty of care and I am obligated by law to let relevant people / authorities know. I would, whenever possible, discuss this with you before contacting anyone. 2. Legal requests for information: If I was issued with a police warrant or court order for information, I would also have to provide them with this by law.
What happens if I get Covid 19 or become unwell?
I will contact you to inform you and we can make other arrangements for sessions. If I am too unwell to notify you in person, I will set up my phone with an automated message advising of the situation so as to protect your confidentiality.