Speaking and Understanding provides independent Speech and Language Therapy to children in homes, clinical settings and/or educational settings. It is managed by Fritha Fayers, Speech and Language Therapist, who is registered with the Health and Care Professions Council (HCPC), is a member of the Royal College of Speech & Language Therapists (RCSLT) and a member of the Association of Speech and Language Therapists in Private Practice (ASLTIP).
Speaking and Understanding is committed to protecting the privacy of information provided by clients.
Speaking and Understanding is registered with the Information Commissioner's Office with the reference ZA060153.
MY LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION
My lawful basis for processing and storing personal information is one of ‘legitimate interest’ (under article 6 of GDPR). I cannot adequately deliver a service to your child without processing their personal information. As it is both a necessity for my service delivery and of benefit to your child, I have a legitimate interest to process and store their data.
Data relating to an individual’s health is classified as ‘Special Category Data’ under section 9 of the GDPR. The regulations specify that health professionals who are ‘legally bound to professional secrecy’ may have a lawful basis for processing this data. Speech and Language Therapists are legally bound to keep client information confidential and it is under this condition that I process and store personal information.
MEETING MY PROFESSIONAL OBLIGATIONS
It is a legal requirement for all Speech and Language Therapists to be registered with the Health and Care Professions Council (HCPC). The HCPC has clear standards of conduct, performance and ethics that all registrants must adhere to.
Standard 2: Communicate appropriately and effectively
‘You must share relevant information, where appropriate, with colleagues involved in the care, treatment or other services provided to a service user.’
Standard 10: Keep records of your work
‘You must keep full, clear, and accurate records for everyone you care for, treat, or provide other services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access.’
For further information the full document can be found at: www.hcpc-uk.org/assets/ documents/10004EDFStandardsofconduct,performanceandethics.pdf
TYPES OF PERSONAL DATA
Speaking and Understanding holds personal data as part of conducting a professional service. The data follows under the following headings: healthcare records, educational records, clinical records, general administrative records and financial records.
1. Healthcare records
Examples of data collected and held on all current and active clients include the following:
Contact details: Name, address, phone numbers, e-mail address,
Personal details: date of birth
Other contacts: name and contact details of GP and any other relevant healthcare professionals involved, e.g., Specialist Advisory Teachers, Health Visitors.
Description of family
Pre- and post-natal history: This can include information relating to mother’s pregnancy, and child’s birth.
Developmental data: developmental milestones, feeding history, audiology history.
Medical details: such as any relevant illnesses, medications, and relevant family history.
Reports from other relevant allied health professionals such as: Audiology, Psychology, CAMHS (Child & Adolescent Mental Health Services), Occupational therapy, Physiotherapy, Paediatricians, Specialist Advisory Teachers.
2. Educational records
Relevant Individual Educational Plans (IEPs), progress notes from educational staff and school reports may be held.
3. Clinical records
Specific data in relation to communication skills will be collected and held, such as assessment forms, reports, case notes, e-mails, text messages. Audio and video files may also be collected and stored.
4. General administrative records
Speaking and Understanding may hold information regarding attendance reports and accident report forms.
5. Financial records
A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for HMRC. Speaking and Understanding may hold data in relation to: on-line purchasing history, card payments, bank details, receipts and invoices. Information will include name of bill payer, client name, address and record of invoices and payments made.
WHERE I GET MY INFORMATION
Personal data will be provided by a child’s (under 18 years) parent(s)/guardian(s). This information will be collected as part of a case history form prior to, or on the date of first contact. Personal information may also be collected via the Speaking and Understanding website, email, telephone or SMS.
With parental consent, information may also be collected from other professionals working with your child (such as teachers, nursery staff, childminders, NHS Speech and Language Therapists, Specialist Advisory Teachers). I may also collect information about family members where this relates to your child e.g. contact details for parents and relevant medical or developmental history.
You may use the Speaking and Understanding website without providing any personal information. However, if you wish to make an enquiry via the website, you are requested to provide relevant contact details, such as your name, e-mail address and contact telephone number to enable us to respond to your enquiry. You may add comments or queries, which might also contain personal information.
By providing personal information for initial contact by SMS, voicemail, phone call, email or website enquiry you are consenting to personal details for yourself and your child being held temporarily by Speaking and Understanding. If your enquiry does not result in your child being seen by Speaking and Understanding then this personal information will be deleted once your enquiry has been dealt with. If your child is subsequently seen by Speaking and Understanding these details may be added to their personal record.
HOW I USE THE INFORMATION THAT I COLLECT
I use the information I collect to provide assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of the business, such as keeping my accounts and updating you of any changes in policies or fees.
Examples of how I use this information:
To prepare, plan and provide speech and language therapy services appropriate for your child’s needs.
To communicate with you via post, email, telephone, mobile messages and SMS in relation to:
Confirming and preparing for appointments
General communication in between appointments
Sending you reports and programmes for your child (which will be password protected if sent via e mail)
Copying you in to communications with other professionals involved with your child (your child’s initials or first name, rather than full name will be used in emails)
Sending you resources
Sending you invoices
For clinical audit to assess and improve my service. Results of audits are always presented with all client identities removed.
For management and administration, for example, surnames are used on invoices.
Whenever personal identifiers are not needed for these tasks, if possible I remove them from the information I use.
Information may also be used for research purposes, with the written consent of the client or parent/guardian.
Data retention periods
Following the retention deadline, all data will be destroyed under confidential means.
Clinical Records (including contact data)
Speaking and Understanding keeps both physical and electronic records of clinical data in order to provide a service.
Clinical data is deleted/confidentially destroyed once a child reaches the age of 25 years or 7 years after therapy has ceased for adults, whichever is the longer time.
Video records/ voice recordings relating to client care may be recorded with consent, analysed and then destroyed. If written consent is provided to use recordings for training purposes, the client will have the option to withdraw consent at any time.
Speaking and Understanding keeps paper and electronic records of financial data from those who use my services.
Financial Data is kept for 6 years to adhere to HMRC guidelines. These requirements apply to manual and electronic records equally.
Financial Data (including non-payment of bills) can be provided at HMRC’s request.
If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods set out above.
INFORMATION I SHARE
I do not share personal information with companies, organisations and individuals outside Speaking and Understanding unless one of the following circumstances apply:
1. With your consent:
I will only share your Personal Identifying Information (PII) to third parties when I have written permission. I require opt-in consent for the sharing of any sensitive information.
Third parties may include: hospitals, GPs, Specialist Advisory Teachers, Educational Psychologists, other allied health professionals, educational facilities.
2. For legal reasons:
I will share personal information with companies or organisations outside of Speaking and Understanding if disclosure of the information is reasonably necessary to:
Meet any applicable law, regulation, legal process or enforceable governmental request.
Please note that if information is disclosed which relates to a child protection issue it is the duty of care of the professional to disclose this information to the appropriate authority in accordance with the Safeguarding Children Act 2004.
To protect against harm to the rights, property or safety of JAS Speech & Language therapy, my service users or the public as required or permitted by law.
HOW AND WHEN I OBTAIN CONSENT
Prior to initial assessment or consultation, clients will be provided with Speaking and Understanding Terms and Conditions.
Should a client wish to withdraw their consent for data to be processed, they can do so by contacting Speaking and Understanding at any time.
HOW I PROTECT YOUR DATA
In accordance with the General Data Protection Regulation (GDPR), I will endeavour to protect your personal data in a number of ways:
1. By limiting the data that I collect in the first instance
All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include the assessment, diagnosis and treatment of speech, language and communication disorders.
2. By transmitting the data in certain specified circumstances only
Data will only be share and transmitted, be it on paper or electronically only as is required, and as set out in section 3.
3. By keeping only the data that is required
When it is required and by limiting its accessibility to any other third parties.
4. By disposing of/destroying the data once the individual has ceased receiving treatment
Section 3 outlines retention periods for different kinds of data. I will put in place appropriate technical measures to ensure a level of security appropriate to the risk. These will include measures such as safe and secure storage facilities for paper/electronic records.
5. By retaining the data for only as long as is required
In this case, until a child reaches 25 years or 7 years after therapy has ceased for adults, whichever time is longer, except for circumstances in which retention of data is required in certain specific circumstances as set out at Article 23(1) of the GDPR.
6. By destroying the data securely and confidentially after the period of retention has elapsed.
This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records to the individual.
7. By ensuring that any personal data collected and retained is both accurate and up-to-date.
PROTECTING YOUR RIGHTS TO DATA
Data access requests can be made by a child’s (under 18) parents/guardians.
Speaking and Understanding, as with most providers of healthcare services, is aware of the need for privacy. As such, I aim to practise privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.
All data used by Speaking and Understanding, including personal data may be retained in any of the following formats:
1. Electronic Data
2. Physical Files
The type of format for storing the data is decided based on the format the data exists in.
Where applicable, Speaking and Understanding may convert physical files to electronic records to allow us to provide a better service to clients.
Speaking and Understanding understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps that Speaking and Understanding uses to ensure that the data is kept safe.
All information about you, your child and their speech and language therapy is stored securely in our systems to ensure that I have a complete record of my service to them. All confidential information, including written case notes (summarising direct and indirect contact, such as content of therapy sessions, telephone calls etc), informal and formal assessments, copies of letters, reports and e-mails are stored securely, in accordance with Data Protection Regulations.
The minimum amount of confidential information will be taken out of the Speech and Language Therapists’ office base.
Documents that contain confidential information, such as reports and programmes, are also stored on a password-protected laptop.
Client phone numbers may be stored on a mobile telephone and text messages sent to Speaking and Understanding may remain on the telephone. Speaking and Understanding will only refer to your child by initial or first name in text. The mobile phone is passcode protected.
Videos may be taken of clients with parental consent. The videos may then be viewed by the therapist, in order to make notes in a client record or be used as part of therapy. The video will then be deleted when it is no longer required.
Speaking and Understanding understands that requirements for electronic and physical storage may change with time and the state of the art. As such, I review the electronic and physical storage options available annually.
Speaking and Understanding is aware of and refreshes the requirements for good data hygiene regularly. This includes, but is not limited to:
Awareness of client conversations in unsecure locations.
Enabling auto-lock on devices when leaving them unattended
Use of non-identifiable note taking options. (initials, not names).
A procedure should a possible data breach occur, either through malicious (theft) or accident (loss) of devices or physical files.
Data protection legislation gives parents/guardians various rights. The most important of these are as follows:
You have the right to be informed about the personal data I hold and why I hold it.
You have the right to access a copy of your/your child’s data that I hold by contacting us directly.
You have the right to ask for your record to be amended if you believe that it is wrong.
You have the right to have your data erased in certain circumstances.
You have the right to transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
You have the right to tell us not to actively process or update your data in certain circumstances.
Further information about data protection legislation and your rights is available from the Information Commissioner's Office or by calling 0303 123 1113, 9am to 5pm, Monday to Friday.
Date of document: January 2020
Review Date: August 2021