When you use Juniper Speech and Language Therapy, you trust us with your information. This privacy policy is meant to help you understand what data we collect, why we collect it, and what we do with it. We have tried to make it as simple as possible but if you have any questions, please contact us.

SCOPE

Kerry Juniper assumes the function of data controller and supervises the compliance with General Data Protection Regulation (GDPR) within Juniper Speech and Language Therapy as follows:

1.         Information we collect

2.         Where we get our information

3.         How we use the information we collect

4.         Information we share

5.         How and when consent is obtained

6.         How we protect your data

7.         Protecting your rights to data

8.         Security of your personal data

1.        Information we collect 

 Juniper Speech and Language Therapy holds personal data as part of conducting a professional service. The data follows under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.

1.1     Healthcare records

A healthcare record refers to all information collected, processed and held both in manual and electronic formats pertaining to the service user and their care.  Speech, language, communication and learning problems can be complex, and a wide range of information may be collected in order to best meet the needs of the client, and to maintain a high-quality service which meets best practice requirements. In order to provide a high-quality service, a range of information may be collected.  Examples of data collected and held on all current and active clients include the following:

•          Contact details: Name, address, phone numbers, e-mail address,

•          Personal details: date of birth,

•          Other contacts: name and contact details of GP and any other relevant healthcare professionals involved.

•          Parent/guardian details

•          Description of family and family history

•          Educational placements.

•          Pre- and post-natal history: This can include information relating to mother’s pregnancy, and child’s birth.

•          Developmental data: developmental milestones, feeding history, audiology history.

•          Medical details: such as any relevant illnesses, medications, and relevant family history. Reports from other relevant allied health professionals such as: Paediatricians, school staff, Audiology, Psychology, CAMHS (Child & Adolescent Mental Health Services), Occupational therapy, Physiotherapy, Ophthalmology.

1.2      Educational Records

Relevant Educational Health Care Plans (EHCPs), Individual Educational Plans (IEPs), progress notes from educational staff and school reports may be held.

1.3     Clinical records

Specific data in relation to communication and literacy skills may be collected and held, such as assessment forms, reports, case notes, e-mails, text messages and transcripts of phone. Audio and video files may also be collected and stored.

1.4     General administrative records

 Juniper Speech and Language Therapy may hold information regarding attendance reports and accident report forms. 

1.5     Financial records 

A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, information for Revenue. Juniper Speech and Language Therapy may hold data in relation to: on-line purchasing history, card payments, bank details, receipts and invoices. Information will include name of bill payer, client name, address and record of invoices and payments made. 

2          Where we get our information 

Personal data will be provided by the client, or in the case of a child (under 16 years), their parent(s)/guardian(s). This information will be collected as part of a case history form prior to, or on the date of first contact. Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).

3          How we use the information that we collect 

We use the information we collect to provide assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of the business, such as running our electronic booking system, keeping our accounts and updating you of any changes in policies or fees.

Information may also be used for research purposes, with the written consent of the client or parent/guardian.

3.1      Data retention periods 

The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed under confidential means. In accordance with law, all records will be kept securely until your child is 25 years old or if still receiving treatment at the age of 17, until they are 26 years old. After this time all records relating to your child will be destroyed.

3.2     Client Records 

3.2.1 Clinical Records – Juniper Speech and Language Therapy keeps both physical and electronic records of clinical data in order to provide a service. 

•               The preferred format for clinical data is electronic. We use a secure electronic cloud-based system called Qunote which is compliant with general data protection regulations. Alongside this system larger documents such as SLT reports or reports provided by parents from other professionals may be stored on a secure, which is only accessible via a password held by the speech and language therapist involved in the care of the client.

•               Video records/ voice recordings relating to client care/videoconferencing records may be recorded with consent, analysed and then destroyed. If written consent is provided to use recordings for training purposes, the client will have the option to withdraw consent at any time.

3.2.2    Financial Records – Juniper Speech and Language Therapy keeps electronic/paper records of financial data from those who use our services. Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally. 

•            Financial Data is kept for 6 years to adhere to Revenue guidelines.

•            Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.

3.2.3  Contact Data 

Contact Data is kept for the period of time as set out in 3.1. This may be retained for longer for safety, legal request, or child protection reasons.

3.3     Exceptions 

If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods set out above.

4       Information we share 

We do not share personal information with companies, organisations and individuals outside Juniper Speech and Language Therapy unless one of the following circumstances apply:

4.1    With your consent: 

We will only share your Personal Identifying Information (PII) to third parties when we have express written permission by letter or email to do so. We require opt-in consent for the sharing of any sensitive information. Third parties may include: hospitals, GPs, other allied health professionals, educational facilities.

4.2     For legal reasons: We will share personal information with companies or organisations outside of Juniper Speech and Language Therapy if disclosure of the information is reasonably necessary to:

•            Meet any applicable law, regulation, legal process or enforceable governmental request.

•            Meet the requirements of the Children First Act 2015.

•            To protect against harm to the rights, property or safely of Juniper Speech and Language Therapy our service users or the public as required or permitted by law.

4.3     To meet financial requirements: 

Juniper Speech and Language Therapy is also required to share financial data with their accountant in order to comply with local tax laws. 

5         How and when we obtain consent:

Prior to initial assessment or consultation, a copy of the data protection policy (or link to data protection policy) will be provided to clients along with a consent form. A consent form will need to be signed by the client prior to commencing the service.

Should a client wish to withdraw their consent for data to be processed, they can do so at any time.

6       How we protect your data 

In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in a number of ways:

6.1         By limiting the data that we collect in the first instance - all data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes.  The data will not be processed any further in a manner that is incompatible with those purposes save in the special circumstances referred to in section 4.2. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include for the assessment, diagnosis and treatment of speech, language, communication or learning difficulties.

6.2         By transmitting the data in certain specified circumstances only.  Data will only be shared and transmitted, be it on paper or electronically, only as is required, and as set out in 4.1 and 4.2.

6.3         By keeping only the data that is required when it is required and by limiting its accessibility to any other third parties.

6.4         By disposing of/destroying the data once the individual has passed the ages as set out in 3.1.  We will put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These may include measures such as the encryption of electronic devices, pseudonymisation of personal data, and/or safe and secure storage facilities for paper/electronic records.

6.5         By retaining the data for only as long as is required as set out in 3.1 except for circumstances in which retention of data is required in circumstances set out at part 1.1 above or in certain specific circumstances as set out at Article 23(1) of the GDPR.

6.6         By destroying the data securely and confidentially after the period of retention has elapsed.  This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records to the individual.

6.7         By ensuring that any personal data collected and retained is both accurate and up-to-date. 

7           Protecting your Rights to Data 

7.1         Adult clients 

Adults have the right to request data held on them as per article 15 of GDPR. A request must be made in writing. Further information regarding accessing your personal data is available in the document ‘Rights of Individuals under the General Data Protection Regulation’, downloadable from: www.gdprandyou.ie

7.2      Children 

For children under the age of 16, data access requests are made by their guardians. When a child turns 16, then they may make a request for their personal data. However, this is subject to adherence with the Children First Act.

8          Security 

Juniper Speech and Language Therapy as with most providers of healthcare services is aware of the need for privacy. As such, we aim to practice privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.

All persons working in, and with Juniper Speech and Language Therapy in a professional capacity are briefed on the proper management, storage and safekeeping of data.

All data used by Juniper Speech and Language Therapy, including personal data may be retained in any of the following formats:

1.         Electronic Data

2.         Physical Files

The type of format for storing the data is decided based on the format the data exists in.

Where applicable, Juniper Speech and Language Therapy may convert physical files to electronic records to allow us to provide a better service to clients.

8.1     Data Security 

Juniper Speech and Language Therapy understands that the personal data used in order to provide a service belongs to the individuals involved. The following outlines the steps which Juniper Speech and Language Therapy use to ensure that the data is kept safe.

8.1.1  Electronic Data 

All electronic data is contained in the following systems:

            Email System

-           This system provider is aware of their requirements for GDPR compliance

-           Reports are sent password protected.

Secure hard drive and encrypted memory stick

-           This system provider is aware of their requirements for GDPR compliance.

-           Juniper Speech and Language Therapy employees require a Log on and Password in order to access the records.

8.1.2  Physical Files 

All physical data is stored within a lockable filing cabinet located at the business address. Only Kerry Juniper has access to these records.

8.2       Security Policy 

8.2.1 Juniper Speech and Language Therapy understands that requirements for electronic and physical storage may change with time and the state of the art. As such, the data controller in Juniper Speech and Language Therapy reviews the electronic and physical storage options available on an annual basis.

8.2.2  Juniper Speech and Language Therapy are aware and briefed on and refresh the requirements for good data hygiene annually. This briefing compliance is monitored by Juniper Speech and Language Therapy ’s data controller and includes but is not limited to: Awareness of client conversations in unsecure locations; enabling auto-lock on devices when leaving them unattended; use of non-identifiable note taking options (initials, not names).

8.2.3  Juniper Speech and Language Therapy employees abide by an acceptable use policy in relation to technology.

ADMINISTRATION

This policy shall be administered in accordance with all applicable UK laws and regulations.  The Company may amend this policy from time to time, at its sole discretion. Users are responsible for regularly reviewing this policy.   

QUESTIONS

Any questions regarding this policy should be directed to Kerry Juniper. Clinical Director.

This policy was last reviewed on 09.02.25

Name: Kerry Juniper

Position: Clinical Director