Bucks & Berks SLT Consultancy

Privacy Policy Statement for Bucks & Berks SLT Consultancy

When you use Bucks & Berks SLT Consultancy you trust us with your information. This privacy policy is meant to help you understand what data we collect, why we collect it, and what we do with it. We have tried to make it as simple as possible but if you have any questions please contact us.

Glynis Haines, Lead SLT assumes the function of data controller and supervises the compliance with General Data Protection Regulation (GDPR) within the business.

5

Information we collect

5

Where we get our information

5

How we use the information we collect

5

Information we share

5

How and when consent is obtained

5

How we protect your data

5

Protecting your rights to data

5

Security of your personal data

1. Information we collect

Bucks & Berks SLT Consultancy holds personal data as part of conducting a professional service. The data follows under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.

1.1 Healthcare records

A healthcare record refers to all information collected, processed and held both in paper and electronic formats pertaining to the service user and their care.  Speech and language problems can be complex, and a wide range of information may be collected in order to best meet the needs of the client, and to maintain a high quality service which meets best practice requirements. In order to provide a high quality service, a range of information may be collected.

Examples of data collected and held on all current and active clients include the following:

  • Contact details: Name, address, phone numbers, e-mail address
  • Personal details: date of birth, names of siblings, educational setting
  • Other contacts: name and contact details of any other relevant healthcare professionals involved

For child services:

  • Parent/guardian details
  • Description of family
  • Educational placements: Names of Class Teachers and LSA, EHCP status etc.
  • Pre- and post-natal history: This can include information relating to mother’s pregnancy, and child’s birth.
  • Developmental data: developmental milestones, feeding history, audiology history.
  • Medical details: such as any relevant illnesses, medications, and relevant family history. Reports from other relevant allied health professionals such as: Audiology, Psychology, CAMHS (Child & Adolescent Mental Health Services), Occupational Therapy, Physiotherapy, Ophthalmology.

1.2 Educational records

Relevant Individual Educational Plans (IEPs), Multi-Agency Provision Plans, (MAPPs), progress notes and assessments from educational staff and school reports may be held.

1.3 Clinical records

Specific data in relation to communication skills may be collected and held, such as assessment forms, reports, case notes, emails, text messages and transcripts of phone. Audio and video files may also be collected and stored, but only after your consent has been obtained specifically for this purpose.

1.4 General administrative records

Bucks & Berks SLT Consultancy may hold information regarding attendance reports and accident report forms.

1.5 Financial records

A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue. Bucks & Berks SLT Consultancy may hold data in relation to: on-line purchasing history, card payments, bank details, receipts and invoices. Information will include name of bill payer, client name, address and record of invoices and payments made.

2. Where we get our information

Personal data will be provided by the client, or in the case of a child (under 16 years), their parent(s)/guardian(s). This information will be collected as part of a case history form prior to, or on the date of first contact.

Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).

3. How we use the information that we collect

We use the information we collect to provide assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of the business, such as keeping our accounts and updating you of any changes in policies or fees.

Information may also be used for research purposes, with the written consent of the client or parent/guardian.

3.1 Data retention periods

The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed via confidential means.

3.2 Client Records

3.2.1 Clinical Records

Bucks & Berks SLT Consultancy keeps both physical and electronic records of clinical data in order to provide a service.

  • The preferred format for clinical data is electronic.
  • Clinical data is deleted/confidentially destroyed when the client turns 26 years.
  • Clinical data used for research purposes, may be kept for longer if written consent has been obtained for this purpose.
  • Video records/voice recordings relating to client care/videoconferencing records may be recorded with consent, analysed and then destroyed. If written consent is provided to use recordings for training purposes, the client will have the option to withdraw consent at any time.

3.2.2 Financial Records

Bucks & Berks SLT Consultancy keeps electronic records of financial data from those who use our services.

Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.

  • Financial Data is kept for 6 years to adhere to Revenue guidelines.
  • Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.

3.2.3 Contact Data

Contact Data is kept for 6 years to allow processing of Financial Data if required.  (This may be retained for longer for safety, legal request, or child protection reasons.)

3.3 Exceptions

If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods set out above.

4. Information we share

We do not share personal information with companies, organisations and individuals outside Bucks & Berks SLT Consultancy unless one of the following circumstances apply:

4.1 With your consent:

We will only share your Personal Identifying Information (PII) to third parties when we have express written permission by letter or email to do so. I require opt-in consent for the sharing of any sensitive information.

Third parties may include: hospitals, GPs, other Allied Health Professionals, educational facilities and staff.

4.2 For legal reasons:

We will share personal information with companies or organisations outside of Bucks & Berks SLT Consultancy if disclosure of the information is reasonably necessary to:

  • Meet any applicable law, regulation, legal process or enforceable governmental request.
  • Meet the requirements of the Children First Act 2015.
  • To protect against harm to the rights, property or safely of (name of business), our service users or the public as required or permitted by law.

4.3 To meet financial requirements:

Bucks & Berks SLT Consultancy also is required to share Financial data with Donna Esler, Accountant, in order to comply with local tax laws. Bucks & Berks SLT Consultancy has obtained a copy of the Donna Esler’s own Data protection policy.

4.4 For processing by third parties/external processing

The following third parties are engaged for processing data:

5. How and when we obtain consent

Prior to initial assessment or consultation, a copy of the data protection policy will be provided to clients along with a case history form. A consent form will need to be signed by the client prior to commencing the service. Copies of the signed consent forms and client contract will be retained by both parties.

Should a client wish to withdraw their consent for data to be processed, they can do so by contacting Bucks & Berks SLT Consultancy

6. How we protect your data

In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in a number of ways:

6.1 By limiting the data that we collect in the first instance

All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes.  The data will not be processed any further in a manner that is incompatible with those purposes save in the special circumstances referred to in section 5.1. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include, inter alia, the assessment, diagnosis and treatment of speech, language and communication disorders, which may be done face-to-face or via an online platform such as Zoom, Teams etc. None of the online sessions are recorded.

6.2 By transmitting the data in certain specified circumstances only

Data will be shared and transmitted electronically only as is required, and as set out in section 3.

6.3 By keeping only the data that is required

Only data which is relevant to the client’s speech and language therapy will be retained and accessibility will be limited to any other third parties. All paper copies of documents will be converted to an electronic format within 4 weeks of receipt by Bucks & Berks SLT Consultancy so that it can be stored on a password-protected encrypted USB stick, requiring the use of a 7 – 11 digit password known only to the treating Speech and Language Therapist, for use solely by the treating Speech and Language Therapist. All data will be backed up on a second password-protected encrypted USB, also requiring the use of a 7 – 11 digit password known only to the Glynis Haines, Lead Therapist, purely for the purposes of IT back-up. Once the document has been scanned and stored on the USB stick, the scanned pdf document will be permanently deleted from the Speech and Language Therapist’s desk top or laptop computer and the paper document will be shredded.

6.4 By disposing of/destroying the data once the individual has ceased receiving treatment

All data will be destroyed when the client turns 26 years.

6.5 By retaining the data for only as long as is required

Data will be retained until the client turns 26 years unless the the parents of the client, if the client is under the age of 18 years, or the client themselves, if the client is over the age of 18 years, specifically requests, in writing, that the data be destroyed

Emails containing client-identifiable information will be deleted as soon as the subject has been dealt with to minimise the risk of any data breaches.

6.6 By destroying the data securely and confidentially after the period of retention has elapsed.

This could include the use of permanent deletion of all electronic data, confidential shredding facilities or, the return of personal records if requested in writing by the parents of the client, if the client is under the age of 18 years, or the client themselves, if the client is over the age of 18 years.

6.7 By ensuring that any personal data collected and retained is both accurate and up-to-date.

7. Protecting your Rights to Data

7.1 Adult clients

Adults have the right to request data held on them as per article 15 of GDPR. A request must be made in writing. Further information regarding accessing your personal data are available in the document ‘Rights of Individuals under the General Data Protection Regulation’, downloadable from: www.gdprandyou.ie

7.2 Children

For children under the age of 16, data access requests are made by their guardians. When a child turns 16, then they may make a request for their personal data. However, this is subject to adherence with the Children First Act. 

8. Security

Bucks & Berks SLT Consultancy, as with most providers of healthcare services, is aware of the need for privacy. As such, we aim to practice privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.

All persons working in, and with Bucks & Berks SLT Consultancy in a professional capacity are briefed on the proper management, storage and safekeeping of data.

All data used by Bucks & Berks SLT Consultancy, including personal data, will be retained solely in electronic format.

Bucks & Berks SLT Consultancy will convert physical documents to electronic records to allow us to provide a better service to clients.

8.1 Data Security

Bucks & Berks SLT Consultancy understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which Bucks & Berks SLT Consultancy uses to ensure that the data is kept safe.

8.1.1 Electronic Data

All electronic data is contained in the following systems:

  • Email system: Microsoft Outlook with SSL encryption of ingoing and outgoing emails managed by Bluehost® web hosting, Orem, Utah, United States of America
  • password protected encrypted USB sticks
  • automatic Google Drive backup of all electronic data from the USB sticks

No client data in paper format is held for more than 4 weeks

No client data is saved onto computer hard drives

8.1.2 Physical Files

All physical data is held by the treating Speech and Language Therapist within a locked cupboard in their home for a maximum of 4 weeks until it is converted to an electronic format.

8.2 Security Policy

8.2.1

Bucks & Berks SLT Consultancy understands that requirements for electronic and physical storage may change with time and the state of the art. As such, the data controller in Bucks & Berks SLT Consultancy reviews the electronic and physical storage options available to Bucks & Berks SLT Consultancy every 12 months.

8.2.2

None of the physical devices used by persons working in Bucks & Berks SLT Consultancy which may contain any identifiable PII are enabled with loss theft tracking and remote wipe abilities because no PII is ever saved on the computer hard drives and the encrypted USB sticks cannot be opened without the 7 – 11 digit password which is selected by the Treating Speech and Language Therapist.

8.2.3

All persons working in Bucks & Berks SLT Consultancy are aware and briefed on and refresh the requirements for good data hygiene every 12 months. This briefing compliance is monitored by the Bucks & Berks SLT Consultancy data controller and includes, but is not limited to:

  • Awareness of client conversations in unsecure locations.
  • Enabling auto-lock on devices when leaving them unattended, even within Bucks & Berks SLT Consultancy locations.
  • Use of non-identifiable note taking options. (initials, not names).
  • The awareness of Bucks & Berks SLT Consultancy procedure should a possible data breach occur, either through malicious (theft) or accident (loss) of devices or physical files.