Harley Street  
info@londonhypnotherapyuk.com 0207 467 8564

Data Protection

How does a psychotherapist protect important information about his patient?


Notes and information should focus on feelings and thoughts, while specific details about clients should be kept to a minimum. These are my first thoughts about writing notes on clients. However, many psychotherapists point out that it is better to be factual because in the court of law, they might dispute the thoughts and feelings of both the client and the therapist. I agree with this. However, I am not writing notes for the court of law; I am writing the notes so that I can understand my client more, and how he is feeling and thinking. So, whilst factual information is important to record to aid memory; so, too, are our thoughts and feelings.


When writing to the GP, details of the clients—name, date of birth, address, contact number and possibly an e-mail address—should be documented at the top of the page. One must also say that you will be working with this client in order to help him or her with a specific disorder or issue so that the GP is absolutely clear about the presenting problem. Letters written to GPs are confidential. I keep my notes in a locked filing cabinet at home. I am the only person that has access to this cabinet. If I write notes on my laptop, I include a password. Once I have finished writing the report for the session, I then print out the document page and add it to the client’s folder. I then delete the document.


On occasions, I receive letters and notes from clients; again, these are added to their personal file and put in the filing cabinet under lock and key.


The data protection act puts forth the following eight principles as follows:


1. Personal data shall be processed fairly and lawfully.

2. Personal data shall be obtained only for one or more specified and lawful purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.

6. Personal data shall be processed in accordance with the rights of data subjects under the Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area…


It is important to consider the data protection act and its relevance to keeping adequate records.


David Kraft PhD

UKCP Registered Psychotherapist

Fellow of The Royal Society of Medicine

Member of Council for Section of Hypnosis & Psychosomatic Medicine

Member of Council for BSCAH


Back to Hypnotherapy Glossary