Who we are:
- The Owl Centre Ltd is registered with Companies House (no. 07880303).
- The Owl Centre delivers independent therapy services to children at our clinics, in their homes, or in their educational settings.
- The Owl Centre is directed by Rhodri Lathey, Lydia Ebsworth, John Lathey, Nicola Lathey, Philip Lathey, & Jennifer Wilson.
- The Owl Centre’s website is www.theowltherapycentre.co.uk
The
Owl Centre is committed to protecting the privacy of information
provided by clients.
Collection of personal information
We
may collect personal information from you when you interact with our
private healthcare services, including but not limited to:
- Contact and identification details (e.g., name, address, phone number, email address, date of birth)
- Health and medical information (e.g., medical history, test results, diagnoses, treatment plans)
- Financial and billing information (e.g., insurance details, payment information)
- Employment details (e.g., CV, employment history)
- Other information relevant to the provision of our services
Information
about the patients will be collected via spoken or written media from
patients
themselves, or their referrers. A referrer could be, but not limited
to; parent/carer, education or work setting or NHS Trust.
With
consent, information may also be collected from other professionals
working with the patient.
Information
may also be taken about family members where this relates to the
patient - e.g. contact details for parents and any relevant medical /
developmental history.
You
may use the Owl Centre website without providing any personal
information, but if you wish to make an enquiry or contact us via the
website or by email, you are requested to provide relevant contact
details such as your name, email address and contact phone number to
enable us to respond to your enquiry.
Making
an Enquiry or Booking
You
may add comments or queries which might also contain personal
information.
If
your enquiry does not result in the patient being seen by The Owl
Centre, we will remove identifiable information and retain anonymised
information for up to one year. This is to improve the Services The
Owl Centre offers.
If
the patient is subsequently seen by The Owl Centre, details
from the enquiry will be added to their personal health records.
Our
website contains links to other internet sites that are outside our
control and are not covered by this privacy policy. We are not
responsible for any data that you provided through any such websites.
Our use of personal information
1.
Personal information collected by us via the Owl Centre’s website,
email, telephone,
online, or face-to-face is stored and used by us for the purpose of
delivering appointments.
2.
Any sensitive personal details are stored in a secure and
confidential system called the Nest and processed in confidence by
The Owl Centre.
3.
Personal details shall be used for the purpose of delivering
appropriate therapy service to the patient. With consent, information
about the patient’s needs will be shared with other professionals
involved in the patient’s care when it is in the patient’s best
interests.
4.
A record of the patient’s consent, or parental consent is kept
within the patient's case notes.
5.
Unless we are required to do so by law, we will not disclose any
personal information collected to any person other than as set out
above.
6.
The Owl Centre may use an external printing and mailing company if
paper versions of reports or documents are requested. Patients can
request more information about this should the service be required.
7.
The Owl Centre does not give or sell client details to any third
party
8.
The Owl Centre uses a third-party software company for IT
Development. All third-party staff abide by the same data protection
standards as The Owl Centre staff.
How we use personal information
The
Owl Centre uses personal information:
To
prepare, plan, and provide appointments appropriate to the patient's
need.
To
communicate with the client by post, email, telephone or text message
in relation to:
- Confirming and preparing for appointments
- General communication in between appointments
- Sending you reports and programmes for the patient
- Copying the client into communications with other professionals about the patient
- Sending resources
- Sending invoices
- For clinical audit to assess and improve The Owl Centre’s service. Results of audits are always presented with all client identities removed.
- For management and administration – for example, surnames of clients are included in our password-protected database.
- Whenever personal identifiers are not needed for these tasks, The Owl Centre removes them from the information it uses, if possible.
How we store personal information
All
information about the client, the patient, and their therapy is
stored securely in a password-protected, encrypted folder on The Owl
Centre’s and the therapists’ computers in order to ensure that we
have a complete record of our service to them.
Any
paper-based, confidential information (such as assessments and case
notes) are stored securely in accordance with data protection
regulations.
Videos
may be taken with consent. These are temporarily stored on a
password-protected, encrypted cloud system. These may then be viewed
by the therapist to make notes in the client’s records
or
carry out a video-based intervention. The
video is then deleted.
Most
records are kept electronically. Where paper information is
required, the minimum amount of confidential information will be
taken out of the therapist’s office base. When taken out of that
base, it will be kept with the therapist or will be locked in the
boot of their car, whichever is deemed to be more secure at the time.
In
accordance with law, all records will be kept securely until a child
is 26 years old or for 8 years after an adult patient has been
discharged. After this time, all records relating to the patient will
be securely destroyed.
Non-clinical
email correspondence and invoices will be deleted from The Owl
Centre’s systems after 6 years.
All
records relating to NHS contract patients are kept only on the Nest
and not in paper form. They are not stored off site.
Comprehensive
Patient Records
At
The Owl Centre, we maintain comprehensive patient records that link
all interactions a patient has with us. This means that if you are
referred to us through multiple routes, such as self-referral for
private sessions, referral via the NHS, or workplace referrals, all
relevant information will be consolidated into one unified patient record.
The
purpose of maintaining comprehensive patient records is to ensure the
safety and completeness of the medical information we hold. By
linking all interactions and healthcare services provided to a
patient, we can facilitate seamless continuity of care and enable all
clinicians involved in the patient's treatment to have access to a
comprehensive overview of the patient's medical history and prior
interactions with us.
It
is important to note that the sharing of information among our
healthcare professionals is strictly conducted on a need-to-know
basis and in accordance with applicable privacy laws and regulations.
Only authorised staff directly involved in the patient's care or
record management will have access to the comprehensive patient
records. We maintain strict confidentiality and employ appropriate
security measures to protect the privacy and integrity of these
records.
We
understand the importance of respecting patient privacy and will
always handle patient information with the utmost care and
discretion. If you have any concerns regarding the consolidation of
your records or the access provided to healthcare professionals,
please do not hesitate to contact us using the details provided in
this Privacy Policy.
Data Subjects
The
Owl Centre may collect identifiable or sensitive data on:
- Clients,
- Next of kin,
- Employees,
- Freelancers,
- Job applicants,
- Students & volunteers
Disclosure
of Personal Information
- We may disclose your personal information to the following parties:
- Healthcare professionals, providers, and practitioners involved in your care and treatment
- NHS or other public health services for referrals, consultations, and coordination of care
- Other referrers, such as education settings and workplaces
- Third-party service providers who assist us in providing our services (e.g., IT support, payment processors)
- Regulatory bodies, government authorities, or law enforcement agencies as required by law or to protect our legal rights
- Other parties with your consent or as permitted by applicable laws
When
disclosing personal information to third parties, we take reasonable
measures to ensure that they handle your information securely and in
accordance with applicable privacy laws.
Data outside of the UK
Data
is only transferred outside of the UK with appropriate safeguards,
always following the same safeguards as inside the UK. This may
include, for example, freelancers, employees, or directors who are
mobile working from a different location than the UK. It may also
include clients who are based outside of the UK. The Owl Centre has a
password policy which includes Two Factor Authentication login to the
secure system.
Breach
procedure
If
any confidential data is lost, damaged or inappropriately accessed,
The Owl Centre follows a breach procedure.
1.
The Owl Centre therapist notifies the
involved
staff member or Head of Compliance and fills out an incident form on
the Nest
2.
The Owl Centre completes the ICO self-assessment flow chart and seeks
advice from the ICO about how to act if required
3.
The Head of Compliance completes an internal investigation and makes
recommendations about any required changes to processes or policies.
3.
The Owl Centre might contact the data subject if advised to do so.
Meeting
professional obligations
All
staff, including non-clinical and therapy support staff carry out
training in data protection annually.
It
is a legal requirement for all our Clinicians to be registered with
their appropriate board, for example, the Health and Care
Professionals Council (HCPC) the Nursing and Midwifery Council or the
General Medical Council for example.
Each
board has a regulation around data protection. For example, the HCPC
states:
- Standard 2: Communicate appropriately and effectively
“You
must share relevant information where appropriate with colleagues
involved in the care, treatment, or other services provided to a
service user.”
- Standard 10: Keep records of your work
“You
must keep full, clear, and accurate records for everyone you care for,
treat, or provide services to. You must complete all records promptly
and as soon as possible after providing care, treatment or other
services. You must keep records secure by protecting them from loss,
damage or inappropriate access.”
UK
data protection law
Data
Protection Law lays down wide-ranging rules backed up by criminal
sanctions for the processing of information about identifiable,
living individuals. It also gives individuals certain rights in
relation to personal data held about them by others. The Owl Centre
is registered with the Information Commissioner’s Office (ICO) as a
data controller.
Our
lawful basis for processing personal information
1.
Our lawful basis for processing and storing personal information is
one of “legitimate interest” (under article 6 of GDPR). The Owl
Centre cannot adequately deliver a service without processing their
personal information. As it is both a necessity for our service
delivery and of benefit to the patient, we have a legitimate interest
to process and store their data.
2.
Data relating to an individual’s health is classified as “special
category data” under Article 9 of UK GDPR. Our lawful basis for
processing and storing personal information is one of "provision
of health and social care or treatment" (under Article 9 of UK
GDPR). The regulations specify that health professionals processing
the data under this lawful basis are “legally bound to professional
secrecy”. The Owl Centre therapists are legally bound to keep
client information confidential.
Our
responsibilities
The
Owl Centre is committed to maintaining the security and
confidentiality of the patient's record. We actively implement
security measures to ensure that their information is safe, and we
audit these regularly.
The
Owl Centre will not release personal details to any third party
without first seeking consent unless this is allowed for, or
required, by law.
The
Owl Centre is constantly working to ensure compliance with current
data protection regulations.
Your
rights
Data
protection legislation gives the client various rights, the most of
important of which are as follows:
- You have the right to a copy of the information that we hold about the patient.
- Third party information will be redacted from Subject Access Requests. The Owl Centre may also get consent from a child if they are deemed to be Gillick Competent before sharing their records with a person with parental responsibility.
- You have the right to ask for your record to be amended if you believe that it is wrong.
- You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you believe we have breached your data rights
How
to access the patient's records (Subject Access Request)
You
can access the information The Owl Centre holds about you or your
child. You may do this verbally on in writing / email.
A
copy of the patient's records is provided free of charge unless it is
a large request, in which case a small admin fee will be charged.
Postage costs, however, will be incurred if the records need to be,
or are asked to be, sent by post.
The
Owl Centre will provide access to the patient's records within 30
days of confirmation of the requesters ID and rights to access the
information. If the request is particularly large or complex, this
may be extended to 60 days.
Questions
If
you have any questions about how The Owl Centre uses your
information, please contact us at
[email protected]
Further
information about data protection legislation and your rights is
available from the Information Commissioner’s Office.