Primary Care Psychotherapy – Data Privacy and Protection for Clients who make a Direct Referral
Primary Care Psychotherapy (PCP) obtains, retains and processes personal data for
- members of the general public who make direct contact with PCP, who are seeking a therapist or a therapeutic appointment, and who have given their consent to have their personal details and disclosures passed on to the appointed practitioner.
PCP separately seeks consent to retain and process your contact details to provide information on the services offered by therapists and practitioners working at PCP. PCP does not share personal data with any person or organisation other than with the appointed therapist or practitioner.
This Statement is your guide to the principles of privacy and confidentiality which govern our collection, use, storage, disclosure and destruction of your personal data in PCP. The Data Compliance Officer in Primary Care Psychotherapy is Jennifer Timmins Rourke.
Obtaining personal information
It is important that we obtain, use and store information about you to process your query and follow through on your arrangements with PCP. This personal data includes details such as:
- your name, age (where appropriate), telephone numbers, email address and description of service required
Client’s personal information is stored in computer encrypted files. Client intake sheets are used for the purpose of connecting you to a therapist or practitioner. It is the responsibility of your therapist or practitioner to independently manage your personal data in accordance with their data protection policy. PCP retains your information for administration purposes. All information obtained from members of the public is deleted from our records on an annual basis.
Personal data is kept for specified, explicit and lawful purposes
Personal data is obtained, kept and used primarily for the purpose of passing initial client enquiries on to therapists and practitioners. PCP staff will have access to the personal data on a ‘need-to-know’ basis for administrative purposes.
PCP complies with the Data Protection Acts, 1988 and 2003. Any disclosure of personal data, without your consent, can only be done for specified, legitimate reasons (8 (a-h), Data Protection Act, 1988; Section 10).
Access to your personal data is on a ‘need-to-know’ basis. This prohibits the release of your information to a spouse, partner or family member without your explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.
Personal data is kept safely
Obtained personal data is accessed on a ‘need-to-know’ basis and thereafter, is stored securely:
- There is no access for unauthorised persons to manual records, fax machines, computers or computer monitors within the Centre.
- Our administration staff are trained in the secure use of email and the internet.
- Our administration staff are compliant with the practice’s security measures.
- Our software is legally owned, updated regularly, and password protected.
- All computer-based records are encrypted.
- We do not provide data to 3rd parties outside of the EU.
Jennifer Timmins Rourke is responsible for dealing with any incident where personal data has been put at risk of unauthorised disclosure, loss, destruction or alteration. Management of any breach incident will comply with the advice of the Data Protection Commissioner (Personal Data Security Breach Code of Practice).
Personal data is adequate, relevant and not excessive
Every effort is made to ensure that the information we collect and retain about you is in keeping with our aim to provide you with an efficient service. We will explain the purpose of any information sought if you are not sure why. Personal data is retained for no longer than necessary. However, all records will be deleted at any time if you request it in accordance with the Data Protection Acts, 1988 and 2003.
Right to withdraw consent
It is your right to have your name removed from any areas mentioned above if you do not consider this information to be in your best interest. You can withdraw your consent to us holding personal information at any time.
Accessing, deleting and rectifying your personal information
You have the right to:
- Access your personal information
- Require us to delete it; or
- Rectify any personal information we hold that is incorrect
You can at any point request your record to be deleted. This means that you will not be contacted by our team in any method or for any purpose. You are legally entitled to a photocopy of your personal data upon written request. (NOTE: The maximum fee for an access request is €6.35).
If you want to exercise these rights, please let us know in writing and send to the following address, and your request will be dealt within 21 days.
Jennifer Timmins Rourke
Primary Care Psychotherapy,
Vista Primary Care,
Alternatively, please email: firstname.lastname@example.org.
If you do not wish to have your personal data collected, used or disclosed as described in this Statement please discuss this matter with us by calling on 045 896690.
Lodging a complaint
Every effort is made to ensure disclosed personal data is accurate and secure, however if you have a complaint or concern with any aspect of how we process your personal information we would hope that you would notify us in the first place. You retain the right to make a complaint at all times to the Data Protection Commissioner www.dataprotection.ie
If you have any questions in relation to this Statement or any issue that arises from it, please speak with us on 045 896690