All correspondence and therapies are undertaken in the strictest confidence.

 Privacy statement

The privacy statement sets out how I use and protect any personally identifiable information that you disclose to me either online, by phone, in writing and/or verbally during therapy sessions from the first time you make contact with me. The data controller/data processor for Dr Ruth Henderson is Dr Ruth Henderson.

I seek to ensure the highest standards of compliance with United Kingdom data protection laws and regulations (GDPR - General Data Protection Regulation, 2018). I am also ICO (Information Commissioner’s Office) - registered.

Any information provided by you during therapy sessions will be regarded as medically sensitive information. Such information will not be disclosed to third parties without your prior written consent, in accordance with the provisions of Access to Medical Reports Act 1988 and 1990. I may be obligated to disclose data to the police, regulatory bodies or legal advisors in connection with any alleged criminal offence where required by law and/or if it is in the public interest - in accordance with the HCPC-regulatory requirements.

Storing your personal data

I take all steps reasonably necessary to ensure that your data is treated securely. Paper files are anonymised, coded and stored in a locked filing cabinet in a secure locations. Electronic data is stored using a web-based storage facility, also coded and access to all data is password-protected. Unfortunately, the transmission of information via the internet is not completely secure. Although, I will do my best to protect your personal data. For example, I use an encrypted software and password protect documents kept on my computer, however, I am unable to absolutely guarantee the security of your data transmitted.

How long your data is stored for

I comply with the BPS and HCPC regulatory requirments for psychologist in terms of data storage and usage. This means that due to legal obligation I am not able to delete personal data and need to keep it, so ‘the right to be forgotten’ does not apply to psychology and medical notes (GDPR - 2018). The BMA (British Medical Association) suggests that GP notes are to be kept for 20 years and indefinitely in criminal cases or where the armed forces are involved. The APA (American Psychological Association) suggests note keeping for 7 years and the BPS (The British Psychological Society) recommends notes to be kept for 7 to 10 years from the last contact - this is the advice I follow. Finally, you have the right to access the data that is stored about you.