If you have any questions please contact Carolyn Webb, who ensures compliance with General Data Protection Regulation (GDPR) within The Speech Grove service. This policy covers the following topics:
- What Information Is Collected?
- Where Is Your Information Collected From?
- How Is Your Information Used?
- Sharing Your Information
- When And How Is Your Consent Obtained?
- How Is Your Data Protected?
- Protecting Your Rights To Your Data
- Security Of Your Personal Data
1. What Information Is Collected?
The Speech Grove Service needs to hold onto personal data as part of offering a professional service. The data follows under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.
1.1 Healthcare Records
A healthcare record refers to all information collected, processed and held both in manual and electronic formats and relates to the service user and their care. A range of information may be collected in order to best meet the needs of the client, and to maintain a high level of service that meets best practice requirements. Examples of data collected and held on all current and active clients include the following:
- Contact details including: name, address, phone numbers, email address, date of birth
- Personal details such as: parent/guardian and family details, educational details
- Pre- and post-natal history which can include information regarding mother’s pregnancy and child’s birth
- Developmental data such as: developmental milestones, feeding history, audiology history
- Medical details such as: any relevant illnesses, medications, and relevant family history
- Reports from other relevant allied health professionals such as: Psychology, Occupational therapy, Physiotherapy, Audiology, Child & Adolescent Mental Health Services (CAMHS), Ophthalmology
- Other contacts’ names and contact details such as: GP and any other relevant healthcare professionals involved 1.2 Educational Records
This may include relevant School Support Plans (SSPs), progress notes from interviews with educational staff and school reports may be held.
1.2 Clinical Records
Specific data in relation to communication skills may be collected and held, such as assessment forms, reports, case notes, emails, text messages and transcripts of phone calls. Audio and video files may also be collected and stored temporarily. These will be deleted once analysed and no longer required.
1.3 General Administrative Records
The Speech Grove Therapy Services may hold information regarding attendance reports and accident report forms.
1.4 Financial Records
A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue. The Speech Grove Therapy Service may hold data in relation to: on-line card payments, bank details, receipts and invoices. Information will include name of bill payer, client name, date of birth in the case of children, address and record of invoices and payments made.
2. Where Is Your Information Collected From?
Personal data will be provided by the client’s parent(s) / guardian(s), and some information may be provided by the child. This information will be collected as part of a case history form prior to, or on the date of first contact, or through discussion during sessions. Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).
3. How Is Your Information Used?
The information helps to provide assessment and therapy consistent with relevant professional guidelines, as well as to maintain the general running of the business, keeping accounts and updating you of any changes in policies or fees.
3.1 Data Retention Periods
The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed in a confidential way.
3.2 Client Records
3.2.1 Clinical Records
The Speech Grove Therapy Service keeps both physical and electronic records of clinical data in order to provide a service.
• The preferred format for clinical data is paper (e.g. note taking during sessions).
• Video records/ voice recordings relating to client care/videoconferencing records may be recorded with consent, analysed and then destroyed.
3.2.2 Financial Records
The Speech Grove Therapy Service keeps electronic & paper records of financial data from those who use our services. Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.
• Financial Data is kept for 7 years to adhere to Revenue guidelines.
• Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.
3.2.3 Contact Data
Contact Data is kept for 7 years to allow processing of Financial Data if required. (This may be retained for longer for safety, legal request, or child protection reasons.)
If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods listed above.
4. Sharing Your Information
Your personal information is not shared with companies, organisations or anyone outside The Speech Grove Therapy Service unless one of the following circumstances apply:
4.1 With Your Consent
We will share personal information with other relevant health care providers or educational providers when we have your written consent to do so. We require opt-in consent for the sharing of any sensitive information.
4.2 For Legal Reasons
We will share personal information with companies or organisations outside of The Speech Grove Therapy Service if disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process or enforceable governmental request.
- Meet the requirements of the Children First Act 2015
- To protect against harm to the rights, property or safety of The Speech Grove Therapy Service, our service users or the public as required or permitted by law.
4.3 For Processing By Third Parties/External Processing
The following third parties are engaged for processing data: Cornmarket Tax Return Service, for financial processing of financial accounts.
5. Sharing Your Data
5.1 Legal Requirements
The Speech Grove Therapy Service is required to share data with external parties in the following circumstances:
– Compliance with local tax and audit laws
– Compliance with child protection
– Compliance with law enforcement
5.2 Financial Requirements
The Speech Grove Therapy Service also is required to share Financial data with Cornmarket Tax Return Service in order to comply with Irish tax laws.
5.3 Other Parties
Any transfers outside the above which contain Personal Identifying Information (PII) to third parties such as hospitals, GPs, schools, pre-schools, are only made once you have given express written permission by letter or email to do so.
6. When And How is Your Consent Obtained?
7. How Is Your Data Protected?
In accordance with the General Data Protection Regulation (GDPR), your personal data will be protected in a number of ways:
7.1 By Limiting The Data That Is Collected In The First Instance
All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes. The data will not be processed any further in a manner that is incompatible with those purposes save in the special circumstances referred to in section 5.1. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include the assessment, diagnosis and treatment of speech, language and communication disorders.
7.2 By Transmitting The Data In Certain Specified Circumstances
Data will only be share and transmitted, be it on paper and/or electronically as set out in section 3.
7.3 By Restricting Data Held
By only keeping the data that is required, when it is required and by limiting its accessibility to any other third parties.
7.4 By Disposing Of/Destroying The Data Once The Individual Has Ceased Receiving Treatment Within 7 years of the completion of this treatment apart from the special categories of personal data as set out at 1.1 above. Where data is required to be held for longer than the period of 7 years, we will put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These may include measures such as the encryption of electronic devices, and/or safe and secure storage facilities for paper/electronic records.
7.5 By Retaining The Data For Only As Long As Is Required
-Which in this case is 7 years, except for circumstances in which retention of data is required in circumstances set out at part 1.1 above or in certain specific circumstances as set out at Article 23(1) of the GDPR.
7.6 By Destroying The Data Securely And Confidentially After The Period Of Retention Has Elapsed. This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records or a copy of records can be requested by the individual.
7.7 By ensuring:
That any personal data collected and retained is both accurate and up-to-date.
8. Protecting your Rights to Your Data
For children under the age of 16, data access requests are made by their guardians. When a child turns 16, then they may make a request for their personal data. However, this is subject to adherence with the Children First Act.
At all times you retain:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing • The right to data portability
- • The right to object and
- • The right not to be subjected to automated decision-making
9. Security of Your Personal Data
The Speech Grove Therapy Service respects the need for privacy. Only information needed to provide you with a professional service will be obtained and retained. Personal data may be retained in any of the following formats: 1. Electronic Data 2. Physical Files The type of format for storing the data is decided based on the format the data exists in. Where applicable, physical files may be converted to electronic records, and stored as described below in section 9.1.1.
9.1 Data Security
You will always remain in control of your data.
The following outlines the steps which The Speech Grove Service uses to ensure that your data is kept safe.
9.1.1 Electronic Data
Your electronic data is stored in these systems: e.g. Email system, documents with personal information are password protected when sent via email, password protected laptop, external hard back-up hard drive which are locked in a filing cabinet when not in use. Carolyn Webb operates as a sole trader and is the only person who will have access to these records.
9.1.2 Physical Files
All physical data is located at 61 Sandyford Downs, Sandyford, Dublin 18. Carolyn Webb is the only person to have access to your records. When not in use, your records are kept in a filing cabinet secured with a lock and key.
9.2 Security Policy
The Speech Grove Therapy Service will review requirements for electronic and physical storage as appropriate.
Date of document: 8th January 2020