Sign up

for PTL’s email list!

    a

    Speech & Language Therapy Privacy Policy

      /  Speech & Language Therapy Privacy Policy

    Privacy Policy Statement

    Playing Talking Learning Speech and Language Therapy
    Olwen Morgen, Speech and Language Therapist

    The privacy policy of Playing Talking Learning (PTL) details the data PTL collects, why it is collected, and what PTL does with this data. Olwen Morgen assumes the function of the data controller and supervises the compliance with General Data Protection Regulation (GDPR) within the business. Olwen Morgen is registered with the Information Commissioner’s Office (ICO) as a Data Controller. You can view
    Olwen Morgen’s ICO registration by visiting ico.org.uk.

    1.  Information PTL collects
    2.  Where PTL gets information
    3. How PTL uses the information collected
    4. Information PTL shares
    5. How and when consent is obtained
    6. How data is protected
    7. Protecting your rights to data
    8. Security of your personal data

     

    1. Information PTL collects

    PTL holds personal data as part of conducting a professional service. The data follows under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.

    1.1 Healthcare records

    A healthcare record refers to all information collected, processed and held both in manual and electronic formats pertaining to the service user and their care. Speech and language problems can be complex, and a wide range of information may be collected in order to best meet the needs of the client and to maintain a high-quality service that meets best practice requirements. In order to provide a high- quality service, a range of information may be collected. Examples of data collected and held on all current and active clients
    include the following:

    – Contact details: Name, address, phone numbers, e-mail address,
    – Personal details: date of birth,
    – Other contacts: name and contact details of GP and any other relevant healthcare professionals involved.
    – Parent/guardian details
    – Description of family
    – Educational placements
    – Pre- and post-natal history
    – Developmental data: developmental milestones, feeding history, audiology history.
    – Medical details: such as any relevant illnesses, medications, and relevant family history. Reports from
    other relevant allied health professionals such as: Audiology, Psychology, CAMHS (Child & Adolescent
    Mental Health Services), Occupational therapy, Physiotherapy.

    1.2 Educational records

    Relevant Individual Educational Plans (IEPs), Education Health and Care Plans (EHCPS), progress notes from educational staff and school reports may be held.

    1.3 Clinical records

    Specific data in relation to communication skills may be collected and held, such as assessment forms,
    reports, case notes, e-mails, text messages and transcripts of the phone. Audio and video files may also be
    collected and stored.

    1.4 Financial records

    A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts,
    information for Revenue. PTL may hold data in relation to: on-line purchasing history, card payments, bank
    details, receipts and invoices. Information will include the name of the bill payer, client name, address and record of invoices and payments made.

    2. Where PTL gets information

    Personal data will be provided by the client, or in the case of a child (under 16 years), their parent(s)/guardian(s).  This information will be collected as part of a case history form prior to, or on the
    date of the first contact.  Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).

     

    3. How PTL uses the information collected

    The information collected is used to conduct assessment and therapy as per relevant professional guidelines and to maintain the general running of the business.

    3.1 Data retention periods

    The retention periods are the suggested time periods for which the records should be held based on the
    organisation’s needs, legal or historical purposes. Following the retention deadline, all data will be destroyed
    confidentially.

    3.2 Client Records

    3.2.1 Clinical Records

    PTL keeps electronic records of clinical data in order to provide a service.
    • The preferred format for clinical data is electronic.
    • Clinical data is deleted/confidentially destroyed after 2 years from the last invoiced session. (Usually post-discharge).
    • Video records/voice recordings relating to client care/videoconferencing records may be recorded with
    consent, analysed and then destroyed. If written consent is provided to use recordings for training purposes, the client will have the option to withdraw consent at any time.

    3.2.2 Financial Records

    PTL keeps electronic records of financial data from those who use our services.
    Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.

    • Financial Data is kept for 6 years to adhere to Revenue guidelines.
    • Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.

    Contact Data is kept for 6 years to allow processing of Financial Data if required. (This may be retained for
    longer for safety, legal request, or child protection reasons).

     

    4. Information PTL shares

    PTL does not share personal information with companies, organisations and individuals outside PTL unless
    one of the following circumstances apply:

    4.1 With your consent:

    PTL will only share your Personal Identifying Information (PII) to third parties when we have express
    written permission by letter or email to do so. PTL requires opt-in consent for the sharing of any sensitive
    information. Third parties may include: GPs, other allied health professionals, educational facilities.

    4.2 For legal reasons:

    We will share personal information with companies or organisations outside of PTL if disclosure of the
    information is reasonably necessary to:
    • Meet any applicable law, regulation, legal process or enforceable governmental request.
    • Meet the requirements of the Children First Act 2015.
    • To protect against harm to the rights, property or safety of PTL, our service users or the
    public as required or permitted by law.

    4.3 To meet financial requirements:

    PTL also is required to share Financial data with PTL’s accountant in order to comply with taxation
    requirements.

     

    5. How and when consent is obtained

    Prior to initial assessment or consultation, a copy of the data protection policy will be provided to clients
    along with a client referral form. A consent form will need to be signed by the client prior to commencing
    the service.

     

    6. How data is protected

    In accordance with the General Data Protection Regulation (GDPR), PTL will endeavour to protect your
    personal data in a number of ways:

    6.1 By limiting the data that we collect in the first instance

    All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for
    specified, explicit and legitimate purposes. The data will not be processed any further in a manner that is
    incompatible with those purposes. Furthermore, all data collected by PTL will be adequate, relevant and
    limited to what is necessary in relation to the purposes for which it is collected which include, inter alia, the
    assessment, diagnosis and treatment of speech, language and communication disorders.

    6.2 By transmitting the data in certain specified circumstances only

    Data will be shared and transmitted, only as is required, and as set out in section 3.

    6.3 By keeping only the data that is required

    When it is required and by limiting its accessibility to any other third parties.

    6.4 By disposing of/destroying the data once the individual has ceased receiving treatment

    Within two years of the completion of this treatment apart from the special categories of personal data as set out at 1.1 above. Where data is required to be held by PTL for longer than a period of 6 years, PTL will put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These may include measures such as the encryption of electronic devices, and/or safe and secure
    storage facilities for paper/electronic records.

    6.5 By retaining the data for only as long as is required

    Which in this case is two years except for circumstances in which retention of data is required in
    circumstances set out at part 1.1 above or in certain specific circumstances as set out at Article 23(1) of the
    GDPR.

    6.6 By destroying the data securely and confidentially after the period of retention has elapsed

    This includes the use of confidential shredding facilities or if requested by the individual, the return of personal records to the individual.

    6.7 By ensuring that any personal data collected and retained is both accurate and up-to-date.

     

    7. Protecting your Rights to Data

    7.1 Children

    For children under the age of 16, data access requests are made by their guardians. When a child turns 16,
    then they may make a request for their personal data. However, this is subject to adherence with the Children First Act.

     

    8. Security

    PTL, as with most providers of healthcare services, is aware of the need for privacy.

    As such, PTL practices privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.

    All persons working in, and with PTL in a professional capacity are briefed on the proper management, storage and safekeeping of data.

    All data used by PTL, including personal data, will be retained in electronic formats.

    The type of format for storing the data is decided based on the format the data exists in, i.e. PTL will convert physical files to electronic records.

    8.1 Data Security

    PTL understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which PTL uses to ensure that the data is kept safe.

    8.1.1 Electronic Data

    All electronic data:
    – The system is physically located in the UK, and overseen by Olwen Morgen
    – Olwen Morgen is aware of the requirements for GDPR compliance.
    – Olwen Morgen requires a Log on and Password in order to access the records.

    8.2 Security Policy

    8.2.1 Olwen Morgen (Playing Talking Learning) understands that requirements for electronic storage may change with time and the state of the art.  Olwen Morgen (PTL) reviews the electronic storage options available to PTL annually.
    8.2.2 Olwen Morgen refreshes the requirements for good data hygiene annually. This includes, but is not limited to:
    • Awareness of client conversations in unsecured locations.
    • Enabling auto-lock on devices when leaving them unattended.
    • Use of non-identifiable note-taking options. (initials, not names).
    • The awareness of PTL procedure should a possible data breach occur, either through malicious (theft) or accident (loss) of devices or physical files.

     

    Date of document: 01.01.2021
    Review Date: 31.12.2021

    About

    Playing Talking Learning is an organisation that delivers Speech and Language Therapy to individuals, in schools and in partnership with organisations.

    Playing Talking Learning works together with children, parents, carers, teachers, other professionals, and governmental and non-governmental agencies, i.e. all those who live and work with and teach children.

    info@playtalkinglearning.org

    Playing Talking Learning © 2021

    Follow us