SB Holistic Magic, winner of Holistic Therapist Magazine, Star Product 2017, is a simple, yet complete toolkit of five unique aromatherapy products. Designed by Dr. Sarah Bryan, sports/remedial massage therapist and clinical aromatherapist, the Magic range has been specifically formulated to enhance your massage and bodywork treatments, helping your clients to get better faster. No aromatherapy training or additional insurance cover is needed for you to use the Magic range safely and effectively. These products aid recovery from injury and tension and smell divine too, adding an element of luxury to your treatments, which your clients will love.
Check out the full range, with introductory videos, product reviews and detailed written information at https://www.sbholistic.co.uk
What is GDPR and how does it affect me?
I am sure I am not in the minority when I say I have seen these letters a lot lately and kept thinking – I must have a read of that at some point!
I finally decided to have a look the other day and to be honest I think I picked the worst site to look at. It was full of confusing terms. I did a bit more research and found other sites that were a little more straight forward and thought it was worth writing what I found out and how I feel GDPR will affect a typical therapist.
Obviously this is my view and there are a few loopholes for some of the points but to be honest I feel its best to go with best practice and not risk doing it wrong.
What does GDPR stands for?
General Data Protection Regulation.
Basically this was originally set up in 1995 to protect personal data that companies may hold. As you can imagine back then only about 1% of Europe were on line and there was no social media like today.
I am sure you have all heard about data protection and make sure you keep clients details safe and secure but this is just one step further to make sure that happens online also.
What do I mean by Personal data?
This covers any information you hold on someone – Name, Address, email, bank details, medical information, photos or their computer IP address. Also covers any notes you take during a session.
What is meant by consent?
When we first meet a client I ask them to fill in a form including their contact details. This is fine if I am keeping it on paper as they have filled it in themselves and are aware how it is recorded, they will sign it to say they are aware I am storing their details. BUT if I decide to transfer it on to my computer (even if it scanned in) I need to get consent from my client. This can be a simple line on the form to explain that all data will be transferred on to a computer and explain how it will be saved – is it on a stand-alone computer or cloud based system. It is best to draw their attention to this and explain how it will be secured and it is up to you to keep your computer virus free.
So far personally I have decided to stick to keeping everything paper based and when I do move to computer I will have to make sure I get everyone’s consent before uploading it.
As far as I understand if you get your client to fill in the forms on the computer you just need consent and to confirm how it will be saved.
How to get consent?
In the past consent forms have been long and complicated, often there is a section explaining how the data will be made available to third parties. This has now changed.
The consent form has to be simple to understand and in clear plain English so there is no confusion.
It must be easy to give consent but also easy to change your mind and withdraw consent!
This also applies if you send emails to clients or send newsletters. They have to sign up for the newsletter and be able to unsubscribe just as easy.
What is right of access?
In a nutshell your client can ask to look at everything you hold on them, including notes you have made about their treatment. This has to be accessible to them on request. It also means if they read through and discover what they feel to be an error you must delete or rectify the information. This being said you are able to discuss this and explain reasoning if there is any and come to an agreement. Ultimately it is their information and therefore belongs to them. They also have a right to request you delete all data you hold on them. Obviously if this is client you are still seeing, it is worth having the conversation about the importance of keeping notes. It may be that they don’t want it on the computer in which case you could keep paper notes for that client. Make sure your client is happy with the way you store THEIR information.
What if there is a data breach?
If there is a problem and someone else has accessed personal data you have a right to notify the individual immediately and also notify the DPA within 72 hours. A breach would include a hacked computer or someone physically accessing notes.
What is relevant information?
The directive states only to keep relevant information. This basically means if they were to question anything you had made of a note of can you explain your reason for it? If the answer is yes and it helps to give them the best treatment then it is fine.
What is meant by protecting the data?
This means making sure wherever the data is held it is safe and secure. So if it is paper based it is held in a locked cabinet or within a locked room that only you have access to (or fellow therapist who may need to see the notes for seeing that client)
If you are storing on a computer – is that computer up to date with anti virus software? Is it regularly checked?
However you store the data you have to make sure reasonable safeguards are in places to minimise the risk of loss of the data or unauthorised access. It has to be secure to avoid anyone altering it or deleting or sharing it!
Can I share data?
This is an area I only briefly looked at and to be honest as I can’t see a reason why an MT would want to share data. Of course you can share in the sense that if a fellow MT is seeing your client they can have access to the notes. What I mean by sharing it outside of your company. In the past a lot of companies sold data to other companies which results in lots of marketing in our inbox or phone calls. This is now not allowed. I believe if you get clear consent from your client you may be able to pass on data but like I said I don’t feel any of us would be passing data on so didn’t research that part. If you have shared data in the past please research and get clear consent before continuing to do so.
Hold on – This is a European directive, what about Brexit?
We are still in the EU at the moment so yes it does mean we have to abide by this. Also it is not a bad thing to have as a practice – even if you are living outside if Europe it is a good idea. For the sake of an extra few lines on the intake form to cover you and let your client feel their data is safe, why not?
That more or less covers everything that would affect the average MT. It’s not a lot of change to how most of us are working already. Just make sure you have consent and it is clear and in simple terms and you will be fine.
Just remember it is about making sure clients data is safe, so explain how you hold data and get their consent. If you send newsletter ask if they wish to receive it and get consent – make sure its clear and easy to read. Also easy to opt out.
We all put our clients first so I don’t think anyone will have a problem with the new directive.
If anything is confusing or you have any questions please get in touch and as always if you have anything you want us to cover or you want to share a story with us let us know