Privacy:

We maintain the highest standards of confidentiality, but we have a professional obligation to disclose if a client or others are at risk, if a court order is received and a legal obligation arises. Please be aware though Dr Lenihan’s services are not for emergencies or urgent help. If you are ever in a state of crisis or emergency, please contact a crisis line such as Samaritans (08457 90 90 90), call 999, or go to your local Accident and Emergency Department.

Dr Lenihan has regular supervision and also consults selected colleagues around client care, in accordance with good professional practice. The content of  sessions and care will not be disclosed outside of anonymised discussion in peer consultation without client consent, unless there is a professional requirement to disclose as above. Dr Lenihan’s service manager and administrator has access to client data as required for administration of care and arranging appointments.

We take reasonable steps to ensure personal information is secure, in line with General Data Protection Regulations, British Psychological Society, Health Care Professions Council and CIMSPA guidelines on confidentiality, but email, text, telephone, video, online platform messaging and online systems can never be made 100% proof against professional data theft. Letters or reports are sent via first class post or encrypted via email (recommended end to end encrypted) to clients, and agreed outside agencies. We communicate information with selected clinical colleagues using an end-to-end encrypted email service (Protonmail and egress) to provide an extra layer of security. Please see https://protonmail.com/privacy-policy and https://www.egress.com/legal/website-privacy for further details on how Protonmail and egress manage and process user data. We provide relevant information to other health care providers involved in client’s care (such as the NHS or private organisations) and discuss clinical care as agreed with the client. Email communication with other agencies (for example, client’s GP or themselves) cannot be guaranteed the same level of security after the information has left our service. Consenting to continued communication by email and platform messaging, confirms client understanding that this can be an insecure method of communication. Clients are advised to use an encrypted email service provider such as Protonmail for greater security of emails. Email communication of details relating to client care may be required with other agencies, where emails received relate to care with them and need immediate attention and if the client consents for their details to be passed on in this way.

Clinical records are stored electronically on encrypted media and a GDPR compliant practice management system WriteUpp, with a high level of security, for at least the minimum legal period following completion of care. Records on all management systems may be needed to be lawfully retained for a longer period as required by Dr Lenihan’s professional registration bodies or insurers. Clients have the right to ask for a copy of their personal information free of charge and to ask for any incorrect information about them to be amended or erased. They have the right to ask for any information to be erased, which is no longer held for legitimate interests. This includes personal information that is no longer relevant to original purposes. In all cases and when considering such requests, these rights are obligatory unless it’s information that we have a legal obligation to retain, such as above. For the purposes of the General Data Protection Regulations (GDPR) 2018, the data controller is Dr Penny Lenihan. In proceeding with booking an appointment, clinical clients are consenting to the transfer of their data to WriteUpp as a data processor, please see http://www.writeupp.com/privacy for details of how they manage data.  DPL Fitness and Wellbeing Service uses PT Distinction to provide the online platform for web access and apps. DPL Fitness and Wellbeing clients agree for their data to be entered into PT Distinction. please see https://www.ptdistinction.com/terms/privacy.php for details of their privacy policy. We use client contact details for the legitimate purpose of arrangement and provision of professional  services and communication in relation to those services. Clients consent to provide contact details for communication by email and platform messaging, post and mobile phone (for Two-Factor Authentication). Clients can contact us via enquiries@drpennylenihan.com to discuss this further at any time.

Remote appointments are provided via the Zoom platform and clients consent to their initials being entered on it for an appointment to be scheduled and to entering their name to attend their appointment. Clients are asked to read the instructions for using Zoom that are provided prior to remote appointments, for information on their privacy policy, further data they require from users and how they process user data, see https://zoom.us/privacy. Please be aware that remote communication cannot be considered absolutely secure. Clients are not permitted or allowed to permit recording or publishing in any format of any appointments, in person or remote. Programmes, coaching and any other material provided to DPL Fitness and Wellbeing clients remains the property of Dr Penny Lenihan and cannot be published or distributed in any form. Each person attending a group appointment must register separately as a client and give individual consent. Consent cannot be given on someone else’s behalf and only booked in attendees can attend appointments. Dr Lenihan’s website is hosted by  Wix.com. Please see  https://www.wix.com/about/privacy for details of their privacy policy. 

Payment for services is in advance and generally via the payment platform Paypal for added security and efficient management of payments, via credit card, debit card or Paypal account. Clients are asked to provide an email address for invoicing as part of the booking in process and consent to transfer of this email address for invoicing to the PayPal system. Paypal may link this email address to other data that it already holds on you. You can see how Paypal manages and processes user data at http://www.paypal.com/uk.

We hope that clients are happy with any service provided and are encouraged to contact us in the first instance to resolve any concerns and provide any positive feedback. The professional body for statutory regulation of Practitioner Psychologists is the Health Care Professions Council (HCPC) and for Exercise and Fitness Professionals it is The Chartered Institute for the Management of Sport and Physical Activity (CIMSPA).

Image by Dan Nelson