The Essential Guide to Managing Patient Records in Mental Health Practices

In a data and privacy-conscious world, thinking about how we manage our client’s personal information and therapy notes are essential to safe and ethical work as counsellors. 

UK Accredited Professional Bodies, such as the BACP (British Association of Counselling & Psychotherapy), set out best practice commitments that therapists should take short clinical notes after client sessions as a means for our own reflection and process, but also to ensure we have an accurate record for our clients should they ever be needed for a court process. 

Those notes are also our client’s property, and like their personal information such as name, contact information etc, need to be protected with great care. Clients have the right to request to see this data at any time, as well as to have their data removed and expunged. Legally, we are required to keep these records for seven years, under both GDPR (General Data Protection Regulations) and guidance set out by the ICO (Information Commissioner’s Office)

This is often a requirement of private practice insurers too, and for organisations we might work with such as clinics, employee assistance programmes (EAPs) or health insurance providers. We may also want to record other client information, such as emergency contacts, GP details or medication being taken.

In short, we’re likely to hold a lot of our client’s information, and it’s vital that we safeguard this properly. Here’s some ways we can do this more effectively:

‍

1. Have a great client onboarding process

Signing up a new client can be exciting. This is a new person who has chosen to work with us, and we feel like we might be able to help them through therapy. For those of us in private practice, it’s also new income, and a key part to making our practice successful.

With all that excitement and nervousness, it’s also important to have a clear, smooth onboarding process for new clients. Most of us will do this through a “contract” or counselling agreement, and we will explain this to our clients as well as the key points such as confidentiality policy. We also need to explain how we record, store and protect client information (see point 2 next).

If we’re going to take further client information such as address, contact information, next of kin, medication etc, it’s important to work out when and how you’re going to take this. The first session is a great place to start, as that is the official start of your therapeutic relationship and ensures you have the time and space to go over it. 

Be conscious that some clients are neurodiverse and may struggle to write things down, remember information or understand complex processes. Clients may also have high anxiety or trust issues, and it’s important to be flexible and go at your clients’ own pace, and remind them they have the legal right to refuse to give this information. You will need to decide ethically if this is then a barrier to you being able to work with them, and is something you should discuss with a supervisor and/or check with your organisation or referral partner.

‍

2. Make your privacy and data policy really clear

Within your client contract or clinic’s policies, it’s essential that you have a clear, written privacy and data protection policy. This covers you in the event of a data breach, such as an accident where client data is lost or stolen, provided you can show that you followed your procedures including safe storage and requirements to notify. 

A best practice tip is to make sure you’re registered with the ICO and to also check what the data requirements of your insurer and referral partners are. Then make sure your own policy falls in line with this and that this is clearly communicated to clients in writing as part of your contract. Many clients might not read this in detail, so it’s important to go over it verbally as part of your first client session.

3. Learn how to take session notes the right way

We when first begin counselling, for example in our student placement, we’re often excited about our new work and can easily write pages and pages of detailed client notes. We can also put ourselves under pressure to try and remember everything that was said within a session, which family relation is who, or to remember a key phrase or something they said.

As we get more experienced, not to mention busier, it becomes important instead to try and keep these notes brief and use our time as efficiently as possible. For one, because our clients have the right to request access to their notes at any time under GDPR, we need to be mindful that our clients might one day read them, or be used in a court process, so it’s important to try to avoid speculation or too much of what you might be thinking as a therapist, we can always keep our own journal or reflective process if we need to (just don’t include client data).

Keeping notes brief, perhaps in bullet-point format, and factual helps us complete write-ups quickly and ethically. It also reduces the admin pressure on us and gives us more time to recharge our empathy batteries between sessions, and are easier for us to read if we need to go back to them to remind ourselves about what had been said.

‍

4. Use a verified online platform solution

Working out where to store all your client data, contact information and session notes can be hard. It can be tempting to keep everything as paper records, but even if we’re storing a name and number on our mobile phone, that’s client data that’s been recorded somewhere else. We might also have a labyrinth of excel spreadsheets across our computer and email.

It is much easier to try and put all of this information in a single place instead. Konfidens is a new platform in the UK specifically designed for therapists, and works great both for independent counsellors in private practice as well as in clinics with multiple practitioners.

Konfidens has a smooth, minimalistic user interface that’s easy to use even if you’re not tech-savvy. You can easily set up a new client profile, record any information, and take session notes after each session that are securely stored within it. You can also export audit records to show if the clients have ever been edited, verifying this as legal evidence in the event of a complaint or legal process. Konfidens are also a fully EU and GDPR compliant system that has their own privacy and data processing agreement, which you can view here and here.

--

Tom is a Person-Centred Psychotherapist and Managing Director of The Empathy Project CIC. A Registered Member of the BACP, Tom specialises in working with depression and trauma, having started his clinical work with young people during Covid-19. 

The Empathy Project is a non-profit community interest company supporting people through low-cost, long-term counselling. They also run a series of CPD workshops for therapists with all proceeds supporting the project. You can find their website here: www.empathyproject.org.uk