AAS may change this statement from time to time but the updated version will always be visible on our website. You should check this page from time to time to ensure that you are happy with any changes and let us know if you have any concerns.
Collection of personal information
- Information about the patient(s) will be collected via spoken or written media from clients / parents / carers.
- With (parental) consent, information may also be collected from other professionals working with you or your child.
- Information may also be taken about family members where this relates to you or your child – e.g. contact details for parents and any relevant medical / developmental history.
- You may use the Autism Assessment Service (AAS) website without providing any personal information, but if you wish to make an enquiry or contact us via the website or by email, you are requested to provide relevant contact details such as your name, email address and contact phone number to enable us to respond to your enquiry.
- You may add comments or queries which might also contain personal information.
- If your enquiry does not result in you or your child being seen by AAS, then this personal information will be deleted once your enquiry has been dealt with.
- If the patient is subsequently seen by AAS, these details may be added to their personal records.
Our use of personal information
- Personal information collected by us via AAS’s website, email, telephone, or face to face is stored and used by us for the purpose of delivering your (child’s) services.
- Any sensitive personal details are stored in a secure and confidential system, and processed in confidence by AAS.
- Personal details shall be used for the purpose of delivering appropriate service(s) to the patient. With consent, information about the patient’s needs will be shared with other professionals involved in the patient’s care when it is in the patient’s best interests.
- A record of the client’s consent is kept within the patient’s case notes.
- Unless we are required to do so by law, we will not disclose any personal information collected to any person other than as set out above.
- AAS does not employ agents to process personal data – for example, specialist mailing companies to send out communications.
- AAS does not give or sell client details to any third parties (our partner company notwithstanding, as set out above).
How we use personal information
AAS uses personal information:
To prepare, plan, and provide service(s) appropriate to the patient’s need.
To communicate with the client by post, email, telephone or text message in relation to:
• Confirming and preparing for appointments
• General communication in between appointments
• Sending you reports and programmes for the patient, which are password-protected
• Copying the client into communications with other professionals about the patient
• Sending resources
• Sending invoices
- For clinical audit to assess and improve AAS’s service. Results of audits are always presented with all client identities removed.
- For management and administration – for example, surnames of clients are included in our password-protected database.
Whenever personal identifiers are not needed for these tasks, AAS removes them from the information it uses, if possible.
How we store personal information
- All information about the client, the patient, and their service(s) is stored securely in a password-protected, encrypted folder on AAS’s and the clinicians’ computers in order to ensure that we have a complete record of our service to them.
- Any paper-based, confidential information (such as assessments and case notes) are stored securely in accordance with data protection regulations.
- Videos may be taken of children with the client’s consent. These are temporarily stored on a password-protected, encrypted computer. These may then be viewed by the clinician in order to make notes in the client’s records within 1 month of the appointment. The video is then deleted.
- The minimum amount of confidential information will be taken out of the clinician’s office base. When taken out of that base, it will be kept with the clinician or will be locked in the boot of her car, whichever is deemed to be more secure at the time.
- In accordance with law, all records will be kept securely until the child is 26 years old or for 8 years after an adult patient has been discharged. After this time, all records relating to the patient will be securely destroyed.
- Email correspondence and invoices will be deleted from AAS’s systems after 5 years.
If any confidential data is lost, damaged or inappropriately accessed, AAS follows a breach procedure.
- AAS staff member notifies AAS Data Protection Officer.
- AAS seeks advice from the ICO about how to act.
- AAS might contact the client if advised to do so.
Meeting our professional obligations
It is a legal requirement for all of our clinicians to be registered with the Health and Care Professionals Council (HCPC). HCPC has clear standards of conduct, performance and ethics to which all registrants must adhere. These standards affect the way in which clinicians process and share information, specifically:
Standard 2: Communicate appropriately and effectively
“You must share relevant information where appropriate with colleagues involved in the care, treatment or other services provided to a service user.”
Standard 10: Keep records of your work
“You must keep full, clear and accurate records for everyone you care for, treat, or provide services to. You must complete all records promptly and as soon as possible after providing care, treatment or other services. You must keep records secure by protecting them from loss, damage or inappropriate access.”
For further information, see the HCPC website.
UK data protection law
Data Protection Law lays down wide-ranging rules backed up by criminal sanctions for the processing of information about identifiable, living individuals. It also gives individuals certain rights in relation to personal data held about them by others. AAS is registered with the Information Commissioner’s Office (ICO) as a data controller.
Our lawful basis for processing personal information
- Our lawful basis for processing and storing personal information is one of “legitimate interest” (under article 6 of GDPR). AAS cannot adequately deliver a service to your child without processing their personal information. As it is both a necessity for our service delivery and of benefit to the child, we lack a legitimate interest to process and store their data.
- Data relating to an individual’s health is classified as “special category data” under section 9 of GDPR. The regulations specify that health professionals that are “legally bound to professional secrecy” may have a lawful basis for processing this data. AAS clinicians are legally bound to keep client information confidential, and it is under this condition that we process and store personal information.
- AAS is committed to maintaining the security and confidentiality of the patient’s record. We actively implement security measures to ensure that their information is safe, and we audit these regularly.
- AAS will not release personal details to any third party without first seeking consent unless this is allowed for, or required, by law.
- AAS is constantly working to ensure compliance with current data protection regulations.
Data protection legislation gives the client various rights, the most of important of which are as follows:
• You have the right to a copy of the information that we hold about the patient. If the patient is 16 years or older, his/her consent is required unless the client has power of attorney.
• You have the right to ask for your record to be amended if you believe that it is wrong.
How to access the patient’s records
- You can access the information AAS holds about you by writing to us at the address given below. Please apply in writing rather than by email so that we receive an original signature to compare against the records we hold.
- A copy of the patient’s records is provided free of charge. Postage costs, however, will be incurred if the records need to be, or are asked to be, sent by post.
- AAS will provide access to the patient’s records within 30 days of receipt of all necessary information.
Please make the request in writing to:
The Autism Assessment Service,
Page House, 40 East Street
Epsom, Surrey, KT17 1BH
If you have any questions about how AAS uses your information, please contact us.
Tel. 0204 548 6979
Further information about data protection legislation and your rights is available from the Information Commissioner’s Office.
This policy will be reviewed annually or as changes in policy determine the need to do so.