Social Media Policy

Though therapists are mostly trained to keep their personal lives out of the consulting room for the benefit of their clients, the availability of information about us on the internet means that this isn’t always possible. Furthermore, therapists need to make their own choices about their involvement in social media, how publicly available their online presence is, and to be aware of how their online presence can affect their clients. This document is based on my own choices with regard to social media and I ask all therapy clients, whether face to face or online, to read through this document.

Public activities

My duty of care to my therapy clients and my professional commitment to confidentiality means that I only talk about clinical work in general terms publicly. You will have signed a confidentiality agreement with myself when you become my client and I take this very seriously.

Keeping boundaries

As a therapist, it is ethically important for me to make sure that relationship boundaries with clients are clear. Therapists do this to protect both their own interests as well as those of their clients. As part of these boundaries and to ensure the success of therapy, I will avoid ‘dual relationships’ where possible (for example, a friend being a client). The very nature of an online presence can blur these boundaries, so it is important for me to be as clear as possible about how boundaries may be challenged in an online environment.

Twitter

I maintain a clinical and personal presence on Twitter. I occasionally send links that may be of some interest to my followers and engage in public conversations about these topics. I advise our therapy clients against following my personal Twitter streams as it is easier for relationships to remain ‘in the consultation room’ this way. I also will not knowingly follow any current or former therapy clients on Twitter.

Facebook and LinkedIn

I maintain personal Facebook and LinkedIn accounts. I aim to keep my personal Facebook account as private as possible and it would not be appropriate to be Facebook ‘friends’ with former or current therapy clients. You can, however, follow my professional Facebook page where I maintain a clinical presence, sharing related links and stories that may be useful to current or prospective therapy clients. It would also not be appropriate to add current or former clients as connections on my personal LinkedIn accounts.

Interacting with your therapist

Social networking and other online activities are increasingly becoming a part of our daily lives and as a result you may wish to share your stories and experiences with your therapist in between sessions or after your therapeutic relationship has ended. Should you wish to do this, you are welcome to contact me via email or via the professional Facebook page but please note that I will not generally reply to messages in between therapeutic sessions.

Reviews and testimonials

You are welcome to leave a review on Google. Should you encounter something about myself online that concerns you, please discuss it with me.

General Policy Between Therapist & Client

When outside of the therapy room, any contact should ideally be made via email, text message or telephone call.

If I should see you outside of the the therapy room, I will not acknowledge that we know one another for your confidentiality. Should you wish to acknowledge me, that is fine and I will engage appropriately.

All therapy sessions, emails text messages and recordings made are strictly confidential and will not be shared with anyone without your explicit consent. This is unless I believe you or someone else are in imminent danger. If asked by high court, the police or other legal figure to provide information, I may be obliged under the legal system to do so.

Data Management and Retention.

Therapy client data GDPR: As from 25th May 2018, under the General Data Protection Regulations (GDPR) I (Debi Hall) am required by law to inform you (as my current therapy client, or potential therapy client) about how I process and keep safe the data I hold that pertains to you. 

I am also required to gain your explicit consent to my holding and processing your data in certain ways (as detailed below). 

I take confidentiality and privacy very seriously and am bound by a code of ethics.

What therapy client data GDPR is held about you?

I keep certain data so that I can work safely and professionally with you.

The therapy client data GDPR I hold may include:

1.    Your name and address

2.    Your phone number and email address

3.    An emergency contact’s name and phone number

4.    Your GP name and contact details

5.    Relevant medical information

6.    Session notes/audio recordings

7.    Payment information

8.    My emails to you, and yours to me

9.    Any text or Whatsapp messages that were sent between us

10. Invoices

You have the right to know what therapy client data GDPR I hold, why I hold it, and for how long I hold it.

You also have the right to view it, and to ask for changes to be made.

When sensitive data is to be destroyed, it is shredded and disposed of securely.

If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you and the ICO (Information Commissioners Office), within 72 hours.

How long is your data kept for and why?

1. Your name and address

How I keep this data

I keep your name and address in paper form in a locked filing cabinet. These are kept separate from your session notes.

My clinical supervisor has your first name and phone number in paper form, kept in their locked filing cabinet.

Why I keep this data

This is required by my professional liability insurer.

How long I keep this data

My professional liability insurer advises that I keep this data for seven years. After that time it is destroyed.

My clinical supervisor will destroy the data when you and I finish our work.

Who sees the data

Myself. My clinical supervisor will see your first name but not your surname or address.

2. Your phone number and email address

How I keep this data

I keep your phone number in my mobile phone under an identifying code, not your name. My phone is locked with a passcode when I am not using it. Your email address is held in my email address, which is secure, encrypted and is password protected.

Neither my computer nor my phone are shared with anyone else, unless it is required by a technician for maintenance.

I also keep your phone number and email address in paper form in a locked filing cabinet. These are kept separate from your session notes.

My clinical supervisor has your first name and phone number in paper form, kept in a locked filing cabinet.

Why I keep this data

This is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice).

My clinical supervisor keeps this data so that you could be contacted in case I became suddenly incapacitated through a health crisis or other emergency, as required by my clinical will.

How long I keep this data

I will remove this data when we have finished our work, unless you tell me that you would like me to retain it in case we work together again in the future.

Who sees the data

Myself and my clinical supervisor.

3. Emergency contact’s name and phone number

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare.

How long I keep this data

When we finish working together, I will delete this data, unless you and I decide to make other arrangements.

Who sees the data

Only myself.

4. Your GP name and contact details

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

You and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures.

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only myself.

5. Relevant medical information

How I keep this data

I keep this data in paper form in a locked filing cabinet along with your name and contact details.

Why I keep this data

It may be relevant to share certain medical information when:

(a) Your mental health history, diagnoses etc. may inform my treatment plan to make it more appropriate for you

(b) There is any risk that health conditions such as seizures, diabetes, etc. may impact a session

(c) Your medications may affect our work

(d) You have any allergies that I should be aware of in order to keep you safe

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only myself.

6. Session notes/ Audio recordings

Notes may include dates and times of attendance, and brief notes on important themes from the session. I do not keep detailed session notes. I keep a ‘clear desk’ policy, which means that session notes and other information are not left unattended. Please note that I may record sessions if I think it will be of benefit to therapeutic success. This will be discussed with you prior to doing so and if you do not consent, then I will refrain from recording the sessions. I will ask you to sign a separate form of consent if you do agree to sessions being recorded.

How I keep this data

I keep brief session notes in paper form in a locked filing cabinet. Your name or other identifying details are not kept with your session notes; only a code is used. The audio recordings will be kept on the cloud and my computer in a secure password protected file.

Why I keep this data

Notes may remind me of important points I want to be sure to remember to discuss in our next session, and/or in supervision. Recording session may be useful for future sessions and also for the protection of you, the client.

How long I keep this data

After the work has been discussed in supervision, I may destroy any notes (or parts of notes) and delete recordings that my supervisor and I do not consider necessary to keep for longer.

My current policy is to destroy session records seven years after our work finishes.

Who sees the data

Only myself.

7. Payment information

How I keep this data

I make a note of payments you have made, on a password-protected financial spreadsheet for my business. I may also outline invoices and record payments in a secure, password protected file on the cloud, but under a code rather than your name.

Why I keep this data

As a small business owner, I am required by law to retain certain financial information, primarily for tax purposes.

How long I keep this data

I keep financial information for 7 years as advised by HMRC.

Who sees the data

Banking transactions may be viewed by myself, employees of the bank and tax officers (HMRC).

When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.

8. Your emails and texts

How I keep this data

I may delete emails after I have noted the contents (for example, emails around scheduling). Any emails that I consider it necessary to keep are retained in my email account, which is encrypted and password protected.

If you would like to communicate via text, for example regarding rescheduling appointments, you can do so via normal text message or Whatsapp. My phone is passcode protected and not accessible by anybody but myself.

Please note that applications such as FaceTime and Messenger, are not recommended due to confidentiality and privacy issues. I do not use these with clients.

Why I keep this data

I may keep emails if I consider it clinically necessary.

How long I keep this data

I will delete emails when our work ends, unless they form session notes (in which case, see above).

Who sees the data

Only myself.

9. Invoices

How I keep this data

I create invoices on my computer using Pages, and then export as pdf. Invoices are kept as password protected documents on my computer and on the Cloud, which is again password protected.

Why I keep this data

I use the invoice to create the next one (in the case of ongoing work) so that I can revise and update it with new information.

How long I keep this data

I keep the invoice for a short time whilst I monitor payments (usually this is one month). Once payment has been made, and any further invoice has been created, I delete the invoice.

Who sees the data

Only myself.

Changes to the Policy

I will notify you of any changes that I may make to this policy in the future.

·      Please read and sign to indicate your consent. You may print a paper copy, or copy and paste digitally.

·      If you do not wish to give your consent, you have the option to discuss with me, and it may be possible to create a bespoke agreement between us.

·      You have the right to withdraw your consent at any time. We would need to discuss what this might mean in practice, with the primary aim being to keep you safe. However there may be certain situations that require certain information to be retained, and I may need to seek legal advice in this case.

·      If you agree to give your consent for me to hold and process your data as stated, please sign, date and return to me by hand, by post, or email to my email account: info@thewellnessroom.org.uk

Please sign and date below if you consent to the client data GDPR points above.

☐ I agree to Debi Hall holding, controlling, processing and storing my data as stated.

 Signed:

Print name:

Date:

If you have any other questions regarding how your client data GDPR is processed and handled, please do not hesitate to discuss with me.