top of page

Governance

We take data protection and information governance seriously. As a clinically led service handling sensitive personal and health data, we have invested in systems and practices that meet and exceed professional and legal requirements. Below is an overview of our governance framework for transparency.

Confidentiality and Privacy

Confidentiality is a core part of psychological therapy and central to the work we do at Well Balanced Minds. Therapy works best when people feel safe to speak openly about their thoughts, experiences, and difficulties. Protecting your privacy and handling your information responsibly is therefore extremely important to us.

All information shared in therapy is treated as confidential. Personal information and brief clinical notes are stored securely and handled in accordance with professional ethical standards and the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Your personal data will only be used for purposes directly related to providing psychological services, such as arranging appointments, maintaining clinical records, and ensuring continuity of care.

 

Information is stored securely and is only accessible to the therapist. Your information will not be shared with third parties without your consent unless there is a legal or ethical obligation to do so.

Under UK GDPR you have rights in relation to your personal data, including the right to request access to the information held about you and to request corrections if any information is inaccurate.

Limits to Confidentiality

While confidentiality is taken very seriously, there are some rare circumstances where it may need to be limited. These situations usually relate to concerns about safety or legal requirements. Examples may include:

  • If there is a serious risk of harm to yourself

  • If there is a serious risk of harm to another person

  • If there are safeguarding concerns involving a child or vulnerable adult

  • If information is required by a court of law

Wherever possible, these situations would be discussed with you before any information is shared.

Professional Supervision

As part of maintaining safe and effective practice, therapists engage in regular professional supervision. This involves discussing aspects of clinical work with an experienced supervisor to ensure high standards of care. Identifying information is kept to a minimum and confidentiality remains protected.

If you have any questions or concerns about confidentiality or how your information is stored and used, please feel free to ask.

writeupp logo
carepatron logo
proton logo
ico.jpg

Governance:
Our Digital Systems  

Our business utilizes a variety of health-related systems, including WriteUpp, Care Patron, and Healthcode, to ensure efficient operations and exceptional service. These tools help us manage patient information and streamline our processes, allowing us to focus on what truly matters—providing the best care for our clients whilst reflecting the need for adherence to current government guidelines and GDPR. We are registered with ICO and adhere to their recommendations.

We use ProtonMail as our primary email platform to support confidentiality, data security, and GDPR compliance.

ProtonMail provides end-to-end encryption, meaning that email content is encrypted both in transit and at rest. This significantly reduces the risk of unauthorised access to sensitive information and supports the protection of personal and special category data.

All data is stored on secure servers located in Switzerland and the European Economic Area, jurisdictions with strong data protection laws aligned with GDPR principles.

Our use of ProtonMail supports key GDPR requirements, including:

  • Confidentiality and integrity of personal data

  • Data minimisation and secure handling of information

  • Protection against unauthorised or unlawful processing

  • Safeguards for special category data, including health-related information

Where communication involves sensitive or clinical information, additional security measures (such as password-protected messages or secure links) may be used as appropriate.

Email communication is used thoughtfully and proportionately, with consideration given to the sensitivity of information shared. We encourage alternative secure methods where email may not be the most appropriate channel.

Our information governance practices align with professional, ethical, and legal obligations, and form part of our broader commitment to data protection, confidentiality, and safe practice. We are also registered with the Information Commissioner's Office.

bottom of page