Anam Cara Therapy GDPR Privacy Policy
As of 25 May 2018, under General Data Protection Regulation (GDPR) I (Em Ryan of Anam Cara Therapy) am required by law to inform you (as my current therapy client, or potential therapy client) about how I control, process and protect your personal data.
I am also required to gain your explicit consent to my holding and processing your data (see below)
I am bound by an ethical code, and American HIPAA laws and GDPR laws. HIPAA and how I protect your Personal Health Information is also available for you to review and sign at your first appointment.
On my website, there is a cookie policy via WordPress with privacy information related to WordAds. Please read and click or sign to consent: https://automattic.com/cookies/
If you are my current or potential therapy client:
Please read and click or sign to indicate your consent. You may print a paper copy, or copy and paste digitally.
If you do not wish to give your consent, you have the option to discuss with me, and we may create a personalized agreement together.
You have the right to withdraw your consent at any time. We would need to discuss what this might mean in practice, with the goal being to safeguard your data. However, in certain circumstances, specific information may need to be retained, and I may seek legal advice in this case.
If you agree and consent for me to hold and process your data as stated, please sign, date and return to me in person, by post, or email: anamcaratherapy@pm.me.
What therapy client data is held about you?
I keep certain data so that I can work with you safely and in a professional manner, in line with IACP and NBCC guidelines (organizations of which I am a fully accredited member).
The therapy client data I hold may include:
- Your name and address
- Your phone number and email address
- An emergency contact’s name and phone number
- Your Doctor’s name and contact details
- Personal health information
- Session notes
- Payment information
- Emails and Texts that you send me
- Invoicing
You have the right to know what, why and how long I hold therapy client data.
You also have the right to view it, and to ask for changes to be made. Requests for data can be made verbally and in writing, either by post or email.
When sensitive data is to be destroyed, it is incinerated in my chimney. Online data is deleted and purged from the recycle bin and the hard drive. Anam Cara Therapy does not use cloud storage.
Online data is protected under multiple layers of encryption. My phone, tablet and computer are all password protected with an additional security measure: a Virtual Private Network to protect data from hacking. My therapy files are in a fire-resistant locked cabinet and my home and satellite offices are behind gates. These offices are secured by me and by key. I also have a sworn duty to protect as I am a black belt in tae kwon do.
In the highly unlikely event of a data breach of your personal information that could put you at risk, I will notify you immediately.
How, why, and for how long is your data held and who sees it?
Consider each of the data points outlined below and, if you consent, then click or sign and date at the bottom of the page.
Your name and address
HOW
I keep your name and address in paper form in a locked filing cabinet. These are kept separate from your session notes.
My supervisor has your first name in paper form, kept in her locked filing cabinet.
WHY
This is required by my professional liability insurer and by my professional organisations (IACP and NBCC).
HOW LONG
Data is kept for 7 years after which it is destroyed.
My supervisor will destroy the data when you and I finish our therapy work.
WHO
Me. (My supervisor will see your first name but not your surname or address.)
Your phone number and email address
For sound healing clients, your email and phone number is only used if you sign up for 1-4x a year reminders of sound healing events I am hosting. You may respond with “Unsubscribe” in your response text or email at any time, to withdraw consent from your signed or clicked acceptance of this privacy policy.
HOW
I keep your phone number in my mobile phone under an identifying code, not your full name. My phone is secured with a passcode when I am not using it. Your email address is stored my Protonmail account, which is encrypted and held on servers in Switzerland.
Neither my computer, tablet, external hard drive nor my phone are shared with anyone else, unless required for repair purposes.
I also keep your phone number and email address in paper form in a locked filing cabinet in my locked home office. These are kept separate from your session notes.
My supervisor has your first name in paper form, kept in a locked filing cabinet in her home office.
WHY
This is needed in case I have to contact you (i.e. for scheduling sessions)
My supervisor keeps this data so that you could be contacted in case I became disabled or incapacitated, as stated in my POA/Will.
I also keep your email address in case we agree to work therapeutically via email, weekly or just on occasion.
HOW LONG
I will remove this data when we have finished therapy, unless you tell me that you would like me to retain it for any future therapy sessions we may have. In this case, it will be kept for 7 years.
WHO
Me.
Emergency contact’s name and phone number
HOW
I keep this data in paper form in a locked filing cabinet along with your name and contact details.
WHY
I only use this information in the unlikely event I become concerned for your welfare and I cannot reach you directly. We may also agree on some other reason that I might contact this person, based on your best interest.
HOW LONG
When we finish therapy, I will delete/destroy this data, unless you and I decide to make other arrangements.
WHO
Me.
Your doctor’s name and contact details
HOW
I keep this data in paper form in a locked filing cabinet along with your name and contact details.
WHY
You and I may agree that I should contact your Doctor, based on your best interest, to discuss your treatment plan, diagnosis, or safety.
HOW LONG
When we finish working together, I will delete or destroy this data.
WHO
Me.
Personal health information
HOW
I keep this data in paper form in a locked filing cabinet along with your name and contact details.
WHY
It may be relevant to share certain medical information when:
(a) Your mental health history may inform my treatment plan to make it more timely and appropriate.
(b) Your health conditions (epilepsy, diabetes, heart disease) may impact a session.
(c) Your medications may affect therapeutic work.
(d) You have any allergies that I should be aware of.
HOW LONG
When we finish therapy, I will delete this data.
WHO
Me.
Session notes
Notes may include dates and times of attendance, and brief notation on important themes from the session. Detailed session notes are not kept. I have a clean desk policy.Session notes and other personal information are not left unattended.
HOW
I keep brief session notes in my password-protected, VPN-secured tablet that is rarely connected to the internet. Your full name or other identifying details are not kept with your session notes; only a code is used.
WHY
Brief notes may remind me of key points I want to recall for our next session and/or with my supervisor.
HOW LONG
My policy is to destroy session records 7 years after our therapy concludes. If you would like me to retain them for a longer period, please discuss this with me.
WHO
Me.
Payment information
HOW
I record payments you have made to me, on a password-protected Excel spreadsheet for my business, stored on my secure computer.
WHY
As a small business owner, I am required by tax law to retain certain financial information.
HOW LONG
I keep financial information for 7 years.
WHO
Banking transactions may be viewed by employees of the bank and my accountant. When payment is made via bank transfer, your account name or reference (or whoever is paying) may show up on my bank statements. You have the right to discuss alternative payment options with me.
Payments via my and your PayPal accounts are secured via password and encrypted by PayPal.
Payments via SumUp are secured via my password and encrypted by SumUp. Your credit card information is not stored or held by me or my SumUp device.
Emails or Texts that you send me.
HOW
I may delete scheduling and similar emails after I have noted the contents Any necessary emails are kept in my ProtonMail email account, which is encrypted.
If you would like to communicate regularly via text, for example regarding rescheduling appointments, you will need to download and use the Signal app.
You may also type a message to me within the secure, encrypted audio/video conferencing VSee app.
WHY
I may keep messages I consider clinically necessary.
HOW LONG
I will delete all messages (emails, texts, VSee messages) when our work ends, unless they are part of session notes.
WHO
Me.
Invoicing
HOW
Invoices/Receipts are created on my password-protected, VPN-secured computer using Word and sent via an encrypted email via Protonmail. Alternatively, you may receive a PayPal invoice from my password-protected PayPal account.
WHY
I use an invoice template that can be revised and updated for subsequent invoices during our therapy together.
HOW LONG
I keep the invoice for a short time whilst I monitor payments (usually this is one month). Once payment has been made, and any further invoice has been created, I delete the invoice.
Who sees this data?
Me.
Please sign and date below if you consent to the therapy client data points above. A digital click or signature (or simply your printed name) is acceptable.
☐ I (click or tick) to agree to Em Ryan of Anam Cara Therapy holding, controlling, processing and storing my data as stated. Signed (first and last name ) & date:
If you have any other questions regarding how your therapy client data is processed and handled, please feel free to discuss with me.
This document regarding therapy client data is subject to review and will be updated at regular intervals.
All rights reserved 2018. Anam Cara Therapy.
Information on this website is not a substitute for psychological or medical evaluation or treatment. If you are concerned about your physical health, please see a General Practitioner or Medical Doctor. If you are having suicidal thoughts, please dial 911 (in the USA) or 999 (in Ireland or the UK) to seek emergency treatment. Em Ryan of Anam Cara Therapy does not provide treatment for mental health emergencies.
