lecture 6 data protection and access to client records
DESCRIPTION
Data Protection and counselling implicationsTRANSCRIPT
Lecture 6 Data Protection and
Access to Client records
Module: Law for Counsellors
Kevin Standish
LEARNING OUTCOMES
1. Recording therapeutic work
2. Data Protection: Core idea
3. Definition of personal data
4. The eight principles
5. Format of therapy records
6. Handling data
7. Access to therapeutic records
8. Frequently asked questions regarding record keeping
1. RECORDING THERAPEUTIC
WORK
1. Professional aspects of
record keeping
2. Ethical aspects of
record keeping
3. BACP code of practice
1. Issues relating to data protection and access to records clearly impact on the central concept of therapeutic confidentiality
2. Both the therapist disclosing information and the client or other party obtaining such access may infringe confidentiality, but the processes involved are often quite distinct.
3. Persons with a statutory right of access to personal records include clients, solicitors (in certain situations) and external agencies, such as the police and courts.
4. The legal process of disclosure can involve the therapist in attending court, and being required to answer the court’s questions in the witness box.
1.1.PROFESSIONAL ASPECTS OF
RECORD KEEPING
The principle of
confidentiality of client
material is NOT a valid
defence on its own against
legal demands for
disclosure on judicial
grounds, or under statute
Therapists are engaged in record-keeping for three sets of reasons:
1. relating to service delivery: record-keeping is useful for the purposes of management and administration, monitoring client progress and measuring outcomes via audits
2. therapeutic practice: record-keeping may be essential to
orient the therapist towards the client’s key issues and relationships, and can also play a role in identifying issues to take to supervision.
3. professional development: records can be used for personal reflection, or may be needed for accreditation purposes, and to contribute towards research and publication
1.1.PROFESSIONAL ASPECTS OF
RECORD KEEPING
1. From an ethical perspective, record-keeping tends to be framed in terms of professional responsibilities to maintain confidentiality and to demonstrate respect for the client.
2. ‘Good quality of care:
Practitioners are encouraged to keep appropriate records of their work with clients unless there are adequate reasons for not keeping any records. All records should be accurate, respectful of clients and colleagues and protected from unauthorised disclosure. Practitioners should take into account their responsibilities and their clients’ rights under data protection legislation and any other legal requirements.’ (BACP, 2002: 6)
1.2. ETHICAL ASPECTS OF RECORD
KEEPING
Respecting privacy and confidentiality
Section 20. Respecting clients’ privacy and confidentiality are fundamental requirements for keeping trust and respecting client autonomy.
The professional management of confidentiality concerns the protection of personally identifiable and sensitive information from unauthorised disclosure.
Disclosure may be authorised by client consent or the law. Any disclosures of client confidences should be undertaken in ways that best protect the client’s trust and respect client autonomy.
BACP CODE
1.3. BACP CODE OF PRACTICE
‘Confidentiality:
Psychologists shall maintain adequate records, but they shall take
all reasonable steps to preserve the confidentiality of information
acquired through their professional practice or research and to
protect the privacy of individuals or organisations about whom
information is collected or held.’
(BPS, 2000: 4)
BACP advises practitioners to ‘keep
appropriate records of their work with clients
unless there are good and sufficient reasons
for not keeping any records’ (BACP, 2010)
Why do we keep notes on clients?
1. Making and keeping notes of
client sessions fulfils a number of
therapeutic and functional
purposes for therapists and
counselling services.
2. When considering what to put in
notes there are two key issues;
what is the purpose of keeping
notes and to whom do the notes
belong?
3. The importance of notes will vary
with the context.
THE PURPOSE OF RECORDS AND
NOTES
Here are some of the purposes for making notes:
1. Tracking and liaison record
2. Notes for general assessment or screening purposes
3. Session content notes
4. Notes for research
5. Notes as part of quality assurance processes
6. Medical or quasi-medical record
7. Notes and artefacts that are made by the client as part of their treatment
8. Process notes
THE PURPOSE OF RECORDS AND
NOTES
2. DATA PROTECTION
1. Core Idea
2. Personal data
3. 8 principles
2.1. CORE IDEA
1. The ethical justification for record-keeping has
often been unclear. Based on a quasi-medical
model, influenced by agency practice and personal
preferences, therapeutic recordkeeping was quite
varied in its format and content and largely
protected from client access.
2. The Data Protection Act (DPA) 1998, derived from European
Directive 95/46/EC, has attempted to develop a culture of
openness and transparency with regard to personal records
kept on citizens.
3. It has had a profound impact on therapeutic
recording, by challenging the widespread
presumption held by therapists that record-
keeping is a private, professional task, to be
carried out beyond the scrutiny of clients, agency
management or the wider society.
According to the Act, personal data is widely
defined to cover almost every kind of
information related to an identifiable living
person, including information recorded
electronically. The Act includes within its
remit manual or handwritten records, as well
as material held on computer, thus capturing
for the first time the bulk of therapeutic
records.
2.1. CORE IDEA
The Act makes a distinction between personal
data, and categories of information, such as a
person’s mental, physical and sexual health,
which are termed ‘sensitive personal data’
and accordingly require higher levels of
security, such as the client’s explicit consent
for any processing.
2.2. DEFINITION OF PERSONAL
DATA
2.3. THE EIGHT PRINCIPLES
1. Processed fairly and lawfully.
2. Processing personal data for specified purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the
individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate
protection in situ.
In practice, it means that you must:
1. have legitimate grounds for collecting and using the personal data;
2. not use the data in ways that have unjustified adverse effects on the individuals concerned;
3. be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;
4. handle people’s personal data only in ways they would reasonably expect; and
5. make sure you do not do anything unlawful with the data.
PRINCIPLE 1: PROCESSED FAIRLY AND
LAWFULLY.
In practice, the second data protection principle means that you must:
1. be clear from the outset about why you are collecting personal data and what you intend to do with it;
2. comply with the Act’s fair processing requirements –including the duty to give privacy notices to individuals when collecting their personal data;
3. comply with what the Act says about notifying the Information Commissioner; and
4. ensure that if you wish to use or disclose the personal data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure is fair.
PRINCIPLE 2: PROCESSING PERSONAL
DATA FOR SPECIFIED PURPOSES .
In practice, it means you should ensure that:
1. you hold personal data about an individual that is sufficient for the purpose you are holding it for in relation to that individual; and
2. you do not hold more information than you need for that purpose.
3. So you should identify the minimum amount of personal data you need to properly fulfil your purpose. You should hold that much information, but no more. This is part of the practice known as “data minimisation”.
PRINCIPLE 3: ADEQUATE, RELEVANT
AND NOT EXCESSIVE
To comply with these provisions you should:
1. take reasonable steps to ensure the accuracy of
any personal data you obtain;
2. ensure that the source of any personal data is
clear;
3. carefully consider any challenges to the accuracy
of information; and
4. consider whether it is necessary to update the
information.
PRINCIPLE 4: ACCURATE AND UP TO
DATE
In practice, it means that you will need to:
1. review the length of time you keep personal data;
2. consider the purpose or purposes you hold the
information for in deciding whether (and for how
long) to retain it;
3. securely delete information that is no longer
needed for this purpose or these purposes; and
4. update, archive or securely delete information if it
goes out of date.
PRINCIPLE 5: NOT KEPT ANY
LONGER THAN NECESSARY
the rights of individuals that it refers to are:
1. a right of access to a copy of the information comprised in their personal data;
2. a right to object to processing that is likely to cause or is causing damage or distress;
3. a right to prevent processing for direct marketing;
4. a right to object to decisions being taken by automated means;
5. a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
6. a right to claim compensation for damages caused by a breach of the Act.
PRINCIPLE 6: PROCESSED IN ACCORDANCE WITH THE
“DATA SUBJECT’S” (THE INDIVIDUAL’S) RIGHTS
In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:
1. design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
2. be clear about who in your organisation is responsible for ensuring information security;
3. make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
4. be ready to respond to any breach of security swiftly and effectively.
PRINCIPLE 7: SECURELY KEPT
Personal data shall not be transferred to a
country or territory outside the EU unless that
country or territory ensures an adequate level of
protection for the rights and freedoms of data
subjects in relation to the processing of personal
data.
PRINCIPLE 8: NOT TRANSFERRED TO ANY OTHER COUNTRY
WITHOUT ADEQUATE PROTECTION IN SITU.
3. FORMAT OF THERAPY
RECORDS
1. Relevant filing system
2. Process notes
3. Handling Data
• the Data Protection Act has presented challenges to therapists in subjecting to public scrutiny what had previously been a private professional activity (Jenkins, 2002).
• Therapists tend to define record-keeping in terms of the purpose of the record. Therapist tend to distinguish between objective official agency record of client contact and more personal, subjective records, known as process notes :
• Data protection law however, defines records on a completely different basis.
• Records are defined firstly in terms of context, so that records kept in health, education and social work settings have separate provisions, deriving from the reforms initiated by the Gaskin case
• Records are further defined by format, rather than by purpose. Thus records are categorised as electronic or manual.
• Manual, or handwritten, records are further subdivided into those which are part of ‘a relevant filing system’ and those which are ‘unstructured’. These distinctions are crucial for determining issues of client access
3. FORMAT OF THERAPY RECORDS
1. For therapy records more generally, it seems
that the Act has been instrumental in changing
practitioners’ recording practice.
2. It is increasingly based on the presumption of
client access and has become more factual
and less subjective in nature (Jenkins and
Potter, 2007).
3. FORMAT OF THERAPY RECORDS
GASKIN CASE
3.1. RELEVANT FILING SYSTEM
it is intended to cover non-automated records that are
structured in a way which allows ready access to information
about individuals.
As a broad rule, a relevant filing system exists where records
relating to individuals (such as personnel records) are held in
a sufficiently systematic, structured way as to allow ready
access to specific information about those individuals.
"Accessible record" means: a health record that consists of
information about the physical or mental health or condition
of an individual, made by or on behalf of a health professional
(another term defined in the Act) in connection with the care
of that individual
WOULD PRIVATE PRACTISE FALL UNDER
RELEVANT FILING SYSTEM?
FREEDOM OF INFORMATION ACT 2000
However the Freedom of information act
amended the Data Protection Act 1998 to
provide for the right of data subject to have
access to ‘unstructured personal data’ held by
public authorities.
• These were defined as including Local Authorities, the
NHS, maintained schools and other educational
institutions, the police and a long list of public bodies,
ranging from the Advisory Committee on NHS Drugs to
the Zoo Forum.
• Agencies not classed as a ‘public authority’, or
practitioners in private practice, whose records are not
held in relevant filing systems, may be exempt from
provisions for client access.
• However, from an ethical and professional perspective,
denying client access on legal grounds alone might be
seen to be contrary to the move within the profession
towards adopting more open and accessible forms of
recording, even where these are not formally required
by the law.
PUBLIC BODIES DEFINED
Session content notes usually form part of a counselling service record.
1. These notes are made by therapists to indicate that a session has taken place and to give a general overview of what was covered in a session and/or any other matters which the therapist considers necessary as an aide mémoire for the therapy, or made in compliance with agency policy or legislation.
2. What is important is that content notes are accurate and an authentic, usually brief, summary of what was discussed
Process notes: there is a long tradition of
keeping process notes in therapy. They may
be optional, handwritten notes, or they may be
held on computer.
Process notes are usually made by therapists
to bring to supervision or to engage in
personal reflection on the therapeutic
relationship.
If process notes identify the client directly by
name, or contain data that could identify the
client (personally identifiable information),
then they are part of the client record, and
subject to the law and duty of confidentiality.
They should be retained with the client
records.
Process notes that are completely anonymous
(i.e. contain no personally identifiable
information and so do not identify the client in
any way) may be treated as separate from the
client records and destroyed when no longer
required.
See Bond, T. and Mitchels, B. (2008: 68–71).
3. 2. SESSION NOTES: CONTENT VS
PROCESS NOTES
3.3. HANDLING DATA
It is equally important NOT to:
a) access personal data that you do not need
for your work
b) use the data for any purpose it was not
explicitly obtained for
c) keep data that would embarrass or damage
you or the client if disclosed
d) transfer personal data outside of the
European Economic Area unless you are certain
you are entitled to or consent from the individual
concerned has been obtained
e) store/process/handle sensitive personal data
not relevant to the purpose.
• The law refers to a number of different types of records.
Client access varies according to the nature of the
record, rather than its content
Records may be of several types including:
1. Accessible records: i.e. health, education and social
work records and records held by public Authorities
2. Computerised records, i.e. records held in electronic
form
3. Computerised records held in combination with
manual or handwritten records
4. Manual or handwritten records as the sole form of
recording by an individual or organisation
5. Audio and video recordings, on tape, digital or created
and stored with any other form of technology
3.3. DIFFERENT TYPES OF RECORDS
DETERMINE ACCESS
SUMMARY
4. FREQUENTLY ASKED QUESTIONS
REGARDING RECORD KEEPING
1. Therapist obliged to
keep notes?
2. Who owns the notes?
3. Time limits for keeping
records
• Therapeutic notes and records may include handwritten
or computer-based notes, audio tape and video tape or
digital recordings, and may include written, visual or
audio material for example drawings, poems, songs and
other artefacts created by the client or created in
connection with the therapeutic work.
• Therapists are not specifically required by law to keep
therapeutic records, although this may be an obligation
imposed by their contract with an agency or employer.
HOWEVER:
• BACP’s Ethical Framework states that :“Practitioners are
encouraged to keep appropriate records of their work
with clients unless there are adequate reasons for not
keeping any records. All records should be accurate,
respectful of clients and colleagues and protected from
unauthorised disclosure, (BACP, 2007: 5.5).
4.1. THERAPIST OBLIGED TO KEEP
NOTES?
1. The client contract should make the ownership of the records clear.
2. Notes on clients made by a therapist employed by an organisation or agency in the course of that work are, generally speaking, the property of the employing organisation.
3. Notes kept by a therapist in private practice belong to that therapist.
4. Records kept by a self-employed therapist providing a service for a referring agency, such as an Employee Assistance Programme, may be designated as agency property under the terms of the contract existing between the agency and therapist.
4.2. WHO OWNS THE NOTES?
5. In law, unless otherwise agreed with the
client, tape and video recordings are
usually deemed to belong to the owner of
the tape or video,
6. photographs belong to the owner of the
negatives or in the case of digital images,
the owner of the camera.
7. However, ‘ownership’ of records is not a
deciding factor regarding issues of
disclosure or client access
4.2. WHO OWNS THE NOTES?
1. Personal data should not be held any longer than
necessary for its purpose.
2. Certain types of record, e.g. NHS records, are
classed as ‘public records’, with specified periods
for retention. For example, records of patients
defined as ‘mentally disordered’ are kept for 20
years after their last treatment, or 8 years after the
patient’s death.
3. Where there is no set time limit which applies to
therapeutic records, therapists and their
organisations need to decide an appropriate time
limit for keeping records before destruction.
4.3. TIME LIMITS FOR KEEPING
RECORDS
4. These might be set to accord with the relevant
time limits for responding to a complaint
against a therapist or agency under the BACP
or other Professional Conduct Procedures or
to comply with the time limits for legal actions.
5. The normal time limit for legal action by the
client for personal injury is three years from
the incident or three years from the date when
the individual could have reasonably known
the problem had arisen. The time limit on legal
action for breach of contract is six years.
4.3. TIME LIMITS FOR KEEPING
RECORDS
Essential reading
• Jenkins (2007) 6 - Data Protection and Access to Client Records..
• Mitchels, B. & Bond, T (2008):
1. chapter 6 recordkeeping – basic responsibilities
2. chapter 7 how long to keep records?
3. Chapter 9 sharing information between professionals
4. chapter 12 recording confidences practical guidelines
• Bond, T. (2010) chapter 13 record keeping
• Jenkins (2002) Chapter 5 - Transparent Recording: Therapists and the Data Protection Act 1998
CORE READINGS
Essential reading:
• BACP G1 information sheet: Access to records of counselling and psychotherapy by Tim Bond & Peter Jenkins (2009)
• P12 Information sheet: Making notes and records of counselling
and psychotherapy sessions by Liz Coldridge (2010)
• Please see What is personal data? – A quick reference guide
Data Protection Act 1998 on ICO website: http://ico.org.uk/for_organisations/data_protection/the_guide/~/media/documents/library/Data_Protection/Detailed_specialist_guides/determining_what_is_personal_data_quick_reference_guide.ashx
Advanced reading
1. Tribe, R. & Morrissey, J (editors) (2005) chapter 6 client confidentiality and data protection by Peter Jenkins
2. chapter 9 the ethics and responsibilities of recordkeeping and note taking by David Purves
3. Jenkins (2002) Appendix 2: Therapy Notes and the Law
READINGS