Security of data and confidentiality is an ethical concern and a requirement that therapists must abide by in their line of work. Client confidentiality is not just the details of a therapy session; it also includes the therapy session. Therapists will rarely acknowledge or disclose clients who attend therapy.
Therapy is often regarded as a safe place where patients can share their secrets or whatever is bothering them. Such data is a goldmine for cybercriminals, especially if the patients are famous. Fortunately, the EU introduced the General Data Protection Regulation (GDPR) in May 2016, and it was implemented two years later on May 25th, 2018.
As a therapist, you’re classified as a data controller in the GDPR since you are responsible for purposing and processing your client’s data. According to the GDPR, you’re required to inform your clients about how you process and safeguard their data.
GDPR will affect your practice in several ways, such as:
1. Clarify Data Processing Roles
According to the GDPR, there are two data processing roles- data controllers and data processors. Singleton practitioners are classified under data controllers as they decide the data to collect and store. Therapists who work under agencies are classified as data processors as they follow set procedures and guidelines.
2. Implications On Your practice
As a practice, GDPR will affect how you handle and process client data. Every process needs to be transparent and lawful. Your clients have to give consent before you can use their data, and the consent has to relate to the intended purpose. GDPR gives clients control, unlike the previous Data Protection Act, in which companies relied on presumed consent.
GDPR has handed clients more power over the way their data is used. The new law has also strengthened the rights of customers and increased accountability for the data holder.
Now that you know how GDPR will impact your practice, how do you prepare for the GDPR?
3. Awareness
Start by informing your clients and employees that the laws have changed. Always inform your clients every time you intend to use their information. Also, explain to the clients why you need their information and ask for consent before using it.
4. Review How You Seek Consent
Read the guidelines published by the ICO on how to seek consent and review your standard practices using the consent checklist. Be sure to review existing consents and ensure that they are GDPR compliant.
While you review, existing consents also review how you seek consent for children’s data. According to the GDPR, the minimum age a kid when a kid can give consent for data collection is 16. However, in the UK, the minimum age can go as low as 13. If your client is younger than the set age, you need to seek consent from the parents or guardians.
5. Map Your Data
Identify where your clients’ data is stored and document what you intend to do with the data. Identify who has access to the data and risks that could lead to data loss or data breach. Review the data and determine which data to keep. Clean up any data that has no real benefit to you or your clients.
6. Implement Security Measures
Develop security measures to safeguard your clients’ data. Implement these security measures to contain and reduce the risk of data breaches. Also, confirm that your suppliers are compliant, especially if you outsource software and security systems.
7. Subject Access Requests
Start by updating your procedures to comply with the GDPR. Your clients have a right of subject access, which allows them to see any information collected about them. If a client requests access to their data, the new law dictates that you should grant the request. The client should not incur any cost for this request.
According to the GDPR, you have one month to comply with such a request. You can also decline the request if it’s excessive or manifestly unfounded. Requests to access will become a norm in your practice, and thus you want to have the data well stored. If you’re handling a large number of clients, you can develop a system where clients can access their data online.
Data is a valuable asset; it gives insight into your clients. As a therapist, it’s your role to help your clients get better but also protect their data. Implementing GDPR will help you protect customer data.
This is a sponsored post
Digital Health Buzz!
Digital Health Buzz! aims to be the destination of choice when it comes to what’s happening in the digital health world. We are not about news and views, but informative articles and thoughts to apply in your business.
One comment
manuel
February 25, 2020 at 5:47 pm
Very interesting article. The information security is nowadays widely applied to any industry or business.
The General Data Protection Regulation (GDPR) is applied to organizations that collect or process data from European residents or have a residence in the UE. If an organization selling products or services, has facilities, or runs a web site in the EU, the GDPR is applied. The non-compliance of the GDPR might be penalized with fines of up to 20 million euro or the four percent of the annual incomes, and the Organizations shall make a report to the regulatory Authorities within 72 Hours after a security infraction has been detected.