When you use Stepping Stones Speech and Language Therapy (SaLT) Services Ltd you trust us with yourinformation. This privacy policy is meant to help you understand what data we collect, why we collect it, andwhat we do with it. We have tried to make it as simple as possible but if you have any questions pleasecontact us.Deeba Akram assumes the function of data controller and supervises the compliance with General DataProtection Regulation (GDPR) within the business.
1. Information we collect
Stepping Stones SaLT services Ltd holds personal data as part of conducting a professional service. The data follows under the following headings: healthcare records, educational records, clinical records ,general administrative records, and financial records.
1.1. Healthcare records
A healthcare record refers to all information collected, processed and held both in manual and electronic formats pertaining to the service user and their care. Speech and language problems can becomplex, and a wide range of information may be collected in order to best meet the needs of the client, and to maintain a high quality service which meets best practice requirements. In order to provide a high quality service, a range of information may be collected.Examples of data collected and held on all current and active clients includes the following:
1.2. Educational records
Relevant Individual Educational Plans (IEPs), copies of Education, Health and Care Plans (EHCP), progress notes from educational staff and school reports may be held.
1.3. Clinical records
Specific data in relation to communication skills may be collected and held, such as assessment forms, reports, case notes, e-mails, text messages and transcripts of phone. Audio and video files may also be collected and stored.
1.4. General administrative records
Stepping Stones SaLT services Ltd may hold information regarding attendance reports and accident report forms.
1.5. Financial records
A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue. Stepping Stones SaLT services Ltd may hold data in relation to: on-line purchasing history, card payments, bank details, receipts and invoices. Information will include name of bill payer, client name, address and record of invoices and payments made.
2. Where we get our information
Personal data will be provided by the client, or in the case of a child (under 16 years), their parent(s)/guardian(s). This information will be collected as part of a case history form prior to, or on the date of first contact.Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).
3. How we use the information that we collect
We use the information we collect to provide assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of the business, such as keeping our accounts and updating you of any changes in policies or fees.Information may also be used for research purposes, with the written consent of the client or parent/guardian.
3.1. Data retention periods
The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed under confidential means.
3.2. Client Records
3.2.1. Clinical Records
Stepping Stones SaLT services Ltd keeps both physical and electronic records of clinical data in order to provide a service.
3.2.2. Financial Records
Stepping Stones SaLT services Ltd keeps electronic/paper records of financial data from those who use our services.Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.
3.2.3. Contact Data
Contact Data is kept for 6 years to allow processing of Financial Data if required. (This may be retained for longer for safety, legal request, or child protection reasons.)
3.3. Exceptions
If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods set out above.
4. Information we share
We do not share personal information with companies, organisations and individuals outside SteppingStones SaLT services Ltd unless one of the following circumstances apply:
4.1. With your consent
We will only share your Personal Identifying Information (PII) to third parties when we have express written permission by letter or email to do so. We require opt-in consent for the sharing of any sensitive information.Third parties may include: hospitals, GPs, other allied health professionals and educational facilities.
4.2. For legal reasons
We will share personal information with companies or organisations outside of Stepping Stones SaLT services Ltd if disclosure of the information is reasonably necessary to:
4.3. To meet financial requirements
Stepping Stones SaLT services Ltd is required to share Financial data with Mr Titus Obayomi in order to comply with local tax laws. Stepping Stones SaLT services Ltd has obtained a copy of Mr Titus Obayomi’s own Data protection policy
4.4. For processing by third parties/external processing
The following third parties are engaged for processing data:
Who
Administrative staff
Accountant
Type of data
Record keeping, typing, correspondence.
Financial
Purpose
Updating records
Processing financial accounts
4.4.1. Transfer of personal data outside the European Economic Area (EEA)
In certain instances, personal data may be transferred outside the EEA, e.g. to the US or other countries. This would be for specific purposes such as web-based appointment scheduling. In such instances, Stepping Stones SaLT services Ltd will use third parties which meet the privacy standards of GDPR.
5. How and when we obtain consent
Prior to initial assessment or consultation, a link to a copy of the data protection policy will be provided to clients along with a client contract and client information form. A consent form will need to be signed by the client prior to commencing the service. Copies of the signed consent forms and client contract will be given to both parties.Should a client wish to withdraw their consent for data to be processed, they can do so by contactingStepping Stones SaLT services Ltd.
6. How we protect your data
In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in a number of ways:
6.1. By limiting the data that we collect in the first instance
All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes. The data will not be processed any further in a manner that is incompatible with those purposes save in the special circumstances referred to in section 5.1. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include, inter alia, the assessment, diagnosis and treatment of speech, language and communication disorders.
6.2. By transmitting the data in certain specified circumstances only
Data will only be shared and transmitted, be it on paper or electronically, only as is required, and as set out in section 3.
6.3. By keeping only the data that is required when it is required
and by limiting its accessibility to any other third parties.
6.4. By disposing of/destroying the data once the individual has ceased receiving treatment
in line with guidance from the Royal College of Speech and language Therapists clinical data will be kept for a minimum period of 7 years, until the child’s 25th birthday (or 26th birthday if they are 17 years old at the end of treatment).
6.5. By retaining the data for only as long as is required
In line with guidance from the Royal College of Speech and language Therapists clinical data will be kept for a minimum period of 7 years, until the child’s 25th birthday (or 26th birthday if they are 17years old at the end of treatment).
6.6. By destroying the data securely and confidentially after the period of retention has elapsed
This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records to the individual.
6.7. By ensuring that any personal data collected and retained is both accurate and up-to-date
7. Protecting your Rights to Data
7.1. Adult clients
Adults have the right to request data held on them as per article 15 of GDPR. A request must be made in writing. Further information regarding accessing your personal data are available in the document‘Rights of Individuals under the General Data Protection Regulation’, downloadable from: www.gdprandyou.ie
7.2. Children
For children under the age of 16, data access requests are made by their guardians. When a child turns16, then they may make a request for their personal data. However, this is subject to adherence with the Children First Act.
8. Security
Stepping Stones SaLT services Ltd, as with most providers of healthcare services is aware of the need for privacy. As such, we aim to practice privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.All persons working in, and with Stepping Stones SaLT services Ltd in a professional capacity are briefed on the proper management, storage and safekeeping of data.All data used by Stepping Stones SaLT services Ltd, including personal data may be retained in any of the following formats:
The type of format for storing the data is decided based on the format the data exists in.
Where applicable, Stepping Stones SaLT services Ltd may convert physical files to electronic records to allow us to provide a better service to clients.
8.1. Data Security
Stepping Stones SaLT services Ltd understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which Stepping Stones SaLT services Ltd use to ensure that the data is kept safe.
8.1.1. Electronic Data
All electronic data is contained in the following systems:
MyTherapyTracker:
1and1 mail:
8.2. Security Policy
8.2.1. Stepping Stones SaLT services Ltd understands that requirements for electronic and physical storage may change with time and the state of the art. As such, the data controller in Stepping Stones SaLT services Ltd reviews the electronic and physical storage options available to Stepping Stones SaLT services Ltd every 6 months.
8.2.2. All physical devices used by persons working in Stepping Stones SaLT services Ltd which may contain any identifiable PII are enabled with loss theft tracking and remote wipe abilities.
8.2.3. All persons working in Stepping Stones SaLT services Ltd are aware and briefed on and refresh the requirements for good data hygiene every month This briefing compliance is monitored by the Stepping Stones SaLT services Ltd data controller and includes, but is not limited to:
Date of document: 5th September 2018
Review Date: 5th September 2019