Discounted hourly rates available for block bookings of six sessions.

Book a session
Book a session

Record keeping and Retention Policy

1. Purpose of this Policy

This policy sets out how The Blue Lotus Practice creates, stores, manages, and disposes of client records. It ensures compliance with the UK GDPR, Data Protection Act 2018, and professional standards (BACP/UKCP).

2. Types of Records Kept

We keep only the minimum necessary records required to provide safe and effective counselling. These may include:

  • Personal details (name, contact information, GP details, emergency contact).

  • Signed counselling agreements and consent forms.

  • Session notes (brief factual summaries, not full transcripts).

  • Risk assessments and safety plans (if applicable).

  • Correspondence relevant to therapy (e.g., emails, GP letters).

3. Storage of Records

  • All electronic records are stored securely within Cliniko, a GDPR-compliant practice management system.

  • Notes are encrypted, password-protected, and access is restricted to authorised staff only.

  • Paper records (if any) are kept in locked storage and transferred to digital format as soon as possible.

4. Retention Periods

  • Adult client records: Retained for 7 years after the end of therapy.

  • Children and young people’s records: Retained until the client is 25 years old (or 26 if aged 17 at the end of therapy).

  • Financial records (invoices, payment receipts): Retained for 7 years in line with HMRC requirements.

  • Email correspondence: Deleted within 6 months of therapy ending, unless clinically relevant (then stored within Cliniko as part of the client file).

5. Disposal of Records

At the end of the retention period:

  • Digital records will be permanently deleted from Cliniko and all backups.

  • Any paper records will be shredded and disposed of securely.

  • No client data will be kept beyond the necessary retention period.

6. Client Access to Records

  • Clients have the right to request access to their records under UK GDPR Subject Access Rights.

  • Requests must be made in writing and will be responded to within 30 days.

  • Records will only be shared with the client, or with a third party if there is explicit written consent (except where disclosure is legally required).

7. Exceptions to Retention/Confidentiality

Records may be retained or disclosed beyond these limits if:

  • Required by law (e.g., court order, safeguarding).

  • Relevant to a serious complaint or ongoing legal proceedings.

  • Necessary to protect vital interests (e.g., risk of harm).

8. Review of Policy

This policy will be reviewed annually or sooner if legislation, ICO guidance, or professional standards change.

© 2025. All rights reserved.

Phone

Email

Terms & Conditions

Staff Portal

Disclaimer