Where do you keep your clients’ records?
Who has access to your files?
Are you protecting your clients’ confidentiality?
Does your private practice comply with the Data Protection Act (2018)? And the General Data Protection Regulation (GDPR)?
Therapists hold the following information about their clients:
- names, addresses and contact details
- medical conditions
- copies of correspondence
- treatment records
- details of their GP and medication
- financial details
This information can be held in the form of emails, paper records, notes on various devices, spreadsheets, practice management software and so on. You must keep this information confidential and secure. Not only that, you must be able to demonstrate how you do so, should someone ask.
Here are some guidelines to help you meet both your ethical and legal obligations.
Top ten client confidentiality guidelines for the private practitioner
1. Read about the Data Protection Act and GDPR. It is tempting to avoid the subject, but once you do your research you’ll realise it’s not as daunting as it sounds.
2. Keep all written information secure in a locked, preferably fire-proof, filing cabinet. Do not make any unnecessary copies of client information and avoid taking it out of your office unless absolutely necessary. Keep your office door locked when you are not using it and do not leave spare keys lying around. Make a plan for regular shredding of items that no longer need to be kept in paper format.
3. Do not let anyone other than yourself or a trusted employee access client records, and make sure that your employees are aware of the importance of confidentiality. If you need to share any client details outside of your practice, check their procedures for complying with the Data Protection Act and GDPR.
4. Take a look at your email system and think about how you can ensure that confidential information is not easily accessed by others. Keep client emails in individual folders so that it is well organised, then it can be managed more efficiently. Try to avoid sending emails that contain or repeat sensitive information such as full addresses, medical records or payment details. Where possible, transfer this information onto a secure document or practice management software, then delete the email. Do not copy anyone else into an email to a client unless absolutely necessary.
5. Keep all other digital client information secure. Look into practice management software and check their Data Protection protocol. If you decide not to use practice management software, ensure that files such as spreadsheets or word documents are well organised. Make sure your computer and all other devices are password-protected with a strong password. Also, back up all information on your computer regularly, and keep the back-up in a secure place (such as a locked cabinet or safe).
6. Register with the Information Commissioners Office (ICO) online to comply with the Data Protection Act. Click here for more info.
7. Don’t discuss your client cases with anyone, unless you are seeking advice from a qualified professional or in the case of an emergency.
8. Allow one and a quarter hours for each consultation slot - this will allow for overruns and will ensure that clients don’t bump into one another.
9. During client consultations, make sure you are not disturbed and that your conversations cannot be overheard.
10. State in your therapy contract that client information is kept strictly confidential, except when there is any indication that clients may harm themselves or others. This will cover you in the event of an emergency.
Find out about the Data Protection Act and your legal obligations in our article on Data Protection.