Co Reg 5890758 written by Dr James Manning & Dr Nicola Ridgeway
We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
(1) What information do we collect?
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation);
(b) information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services (including Name, address, postcode, and purchase history);
(c) information that you provide to us for the purpose of registering with us (including name and email address);
(d) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters (including name and email address);
(e) any other information that you choose to send to us;
A cookie consists of a piece of text sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.
(3) Using your personal information
We may use your personal information to:
(a) administer the website;
(b) improve your browsing experience by personalising the website;
(c) enable your use of the services available on the website;
(d) send to you goods purchased via the website, and supply to you services purchased via the website;
(e) send you email notifications which you have specifically requested;
(f) send to you our newsletter marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
(g) deal with enquiries and complaints made by or about you relating to the website;
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
In addition, we may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(5) Security of your personal information
We do not store credit card details on our website nor do we share customer details with any 3rd parties
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
(6) Policy amendments
(7) Your rights
You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to:
(a) the payment of a fee (currently fixed at £10.00); and
(b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold such personal information to the extent permitted by law.
You may instruct us not to process your personal information for marketing purposes, by sending an email to us. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.
(8) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
(9) Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.
The Data Protection Act
The West Suffolk CBT Service is fully compliant with the Data Protection Act 1998. ICO registration number Z2684324.
Directors of the West Suffolk CBT Service are committed to sharing information in order to ensure the most productive outcomes for service users. In doing this we will operate within our legal and professional framework as outlined by the BPS.
Confidentiality is important because service users expect that information about them will not be unnecessarily disclosed. Our service users will also assume and expect that their information will be dealt with in a professional manner. We are also bound by ethical and legal requirements as set out by the BPS.
Sharing information without Consent
Information will be shared in the absence of consent where the subject does not have mental capacity and it is in their best interest to share information between organisations.
A decision to share information without consent is not a routine decision and is made on a case by case basis by West Suffolk CBT Service therapists. Information may be shared without consent when it is required for the prevention or detection of crime, to prevent serious harm or to preserve life. Information may also be shared without consent to comply with a court order.
Information may also be shared without consent if another person is involved, whether this is an adult, another vulnerable adult, or a child.
In the NHS and Social Care services Caldicott principles have been adopted to guide the use of personal information. These have been adopted by the West Suffolk CBT Service since its inception 2007. Rules therefore incorporated into this Information Sharing Agreement and are
• Justify the purpose(s) of information disclosure
• Don’t use personally identifiable information unless it is absolutely necessary
• Use the minimum necessary personally identifiable information
• Access to personally identifiable information should be on a strict need to know basis
• Everyone should be aware of their responsibilities
• We should all understand and comply with the law
Within the West Suffolk CBT Service, our Clinical Director, Dr Nicola Ridgeway is our nominated Caldicott guardian, and all employees consult Dr Ridgeway for advice on information sharing.
The West Suffolk CBT Service works within the following legislation in terms of confidentiality.
• National Health Services Act 1977;
• Crime and Disorder Act 1998: provides any person the power to lawfully disclose information to the Police, local authorities, probation service, or health authorities, where it is in the public interest;
• Data Protection Act 1998: defines personal data, and governs the use of it (see below);
• Human Rights Act 1998: provides everyone with the right to respect for their private & family life, their home, and their correspondence;
• Health Act 1999;
• Freedom Of Information Act 2000: allows members of the public to have access to all types of information held by organisations in the public sector, with a number of exclusions;
• Local Government Act 2000;
• Criminal Justice Act 2003; and,
• Common Law Duty of Confidentiality; applies a duty of confidentiality to all public sector workers.
Data Protection Act
The West Suffolk CBT Service complies with the Data Protection Act (1988) (see below).
The Data Protection Act (1998), is legislation that governs the collection, storage, and processing of information, in both manual and electronic forms.
• An individual must be clearly informed of what their information will be used for, they must understand this, and the data must only be used for the purposes that were originally stated;
• The individual’s consent must be explicitly gained to hold & process information.
• The individual’s consent must be explicitly gained if information is to be shared with, or processed by, another organisation, and then must only be shared in accordance with a clearly defined procedure and information sharing agreement;
• All information must be accurate, necessary & not excessive, kept up to date, and must not be kept for longer than necessary for the purposes stated;
• The individual can ask for a copy of their records at any time, subject to certain specific restrictions not outlined here; and,
• If the individual believes any data is incorrect they have the right to have the data corrected, or erased.
Practical measures on information sharing
The West Suffolk CBT Service follows the following framework with respect to confidential information.
• Written confidential information is locked away;
• Confidential information is not be disclosed unless the recipient has an explicit need to know;
• Extra care is taken when confidential information is being taken on public transport or other vehicles (this will be only if absolutely necessary);
• The of the identity and relationship of any telephone caller is established and recorded before any confidential information is disclosed;
• Discussions involving confidential information will be done in a private place where it is not possible to be overheard;
• Confidential information will only be emailed over safe email connections with files password protected as is standard practice and;
• When disclosing information about an individual, professionals will clearly state whether the information being supplied is fact or opinion, or a combination of the two.
The West Suffolk CBT Service views the concept of confidential information as follows
West Suffolk CBT Service employees have access to a great deal of confidential information, including personal information. Confidential information is generally in one of two categories: Personally Identifiable Information or 'Information for therapist only, for example process notes. ‘Personally Identifiable Information’ (INFORMATION) is anything that can identify an individual, this includes, but is not limited to:
• Contact details
• Date of Birth
• Racial or Ethnic Origin
• Religious or other Beliefs
• Physical or mental health
• Sexual Orientation & sexual history
• NHS number, SWIFT number or other unique identifier
Information Governance at the West Suffolk CBT Service
The West Suffolk CBT Service works within a principle that information held by it represents its most valuable asset. In this respect, the West Suffolk CBT Service seeks to ensure that all information and information systems are protected against the many threats which affect confidentiality and overall service provision. Such threats may range from accidental damage to deliberate disclosure of sensitive information. Information security is the responsibility of every member of staff employed by the West Suffolk CBT Service.
The West Suffolk CBT Service information governance policy highlights the many steps that are involved in protecting information, whether this is information that is stored on computers, transmitted across public networks, stored within databases, printed, spoken during telephone calls etc. (Please see appendix).
What outcomes would we expect to achieve and how would we measure them.
With the level of experience and extensive training of therapists the West Suffolk CBT service expects a significant degree of change or progress consistent with the level of training of its therapists. In this respect, outcomes expected or degree of change reported are anticipated to be significantly greater than for an average therapist. Equally, it is expected that our therapists will have an enhanced ability to treat service users who have found previous treatment approaches unsuccessful, either in the NHS or elsewhere. Service user progress is measured using the West Suffolk CBT Service’s own self-report measures or by those provided by purchasers.