Information Security & Data Protection


This privacy policy sets out how Rehabilitation & Training Consultants (RTC) uses and protects any information that you provide when you use our services.

This policy is effective from May 2018.

Why do we need to collect and hold personal information?

RTC provides occupational therapy, rehabilitation and return to work services to injured and disabled individuals or to those suffering with a health condition which is impacting on their function.

Some personal and background information is first required in order to identify the best type of assessment or intervention for each person and this is requested from the referring party.

In order to provide appropriate intervention and treatment an assessment must first take place. As part of that assessment the OT will obtain information regarding a person’s medical history, treatment, daily function and work through a combination of interview, observation, assessment and clinical reasoning. This allows the OT to make appropriate clinical recommendations to support the individual.

What information do we collect?

We may require basic information which identifies the individual (“Personal Information”), such as name, email address and phone number, we may also collect the following information at the point of referral:

  • Name, date of birth and contact details.
  • Date of injury or onset of medical condition.
  • Any medical information known.
  • Work status.
  • Reason for the referral, type or assessment required.
  • Contact details – name and address of the referring party.

From the assessment more details will be obtained as detailed above in order to make appropriate recommendations. Further medical information may be requested from the treating GP, consultant or treating practitioner to ensure all OT recommendations are in line with medical guidance.

Data Protection – The role of the Occupational Therapist

When handling personal and sensitive information about individuals, the legal obligations are in place to protect that information under the Data Protection Act 1998, Access to Medical Reports Act 1998 and GDPR.

Under the Data Protection Act, we ensure that:

  • only information needed for a specific purpose is collected;
  • the information is kept securely;
  • it is relevant and up to date;
  • it is only held as much as is needed, and only for as long as it is needed;
  • The subject of the information is allowed to see it on written request.

Your consent

Referrers will have gained consent to share information with RTC for the purposes of referral to our services but we require your written consent before we can conduct an assessment, provide treatment and services or liaise and share information with others regarding you.

In order to provide effective assessment, treatment and rehabilitation services to you, it may be relevant to liaise with and share personal information about you with other medical practitioners, rehabilitation specialists, consultants, your employer, family and carers and we will request your written consent to do this.

The client/individual or service user has the right to withdraw consent at any time.

Sharing personal information

Personal information is only shared with the referring parties and those involved in your rehabilitation and with your written and verbal consent.

In order to provide OT services we may need to share information in the following ways:

  • Through written reports detailing assessment findings and clinical recommendations.
  • Through letters and correspondence with the referring parties or involved medical and rehabilitation teams.
  • In order to refer an individual on to another service.
  • Via email – this is always within an attached password protected document; personal information is not put in the body or subject box of the email.

How do we store your personal information?

The information we hold about you is stored in two ways; paper and electronically.

Paper files

Paper notes, assessment notes and files containing personal and medical information regarding individuals is stored in a locked filing cabinet within a secure office where only authorised personnel have access. (See below for storage of electronic documents). These files remain within the secure office and are not removed.

Desks are cleared when the consultant is not in the office.

RTC are required by our governing professional bodies, to retain all notes and files for the required period – this is 7 years for adults.

Electronic data storage

Referrals are typically received via email. All information received or created electronically such as referral forms, assessment reports, letters are stored on a secure computer to which only authorized personnel have access. These documents are regularly backed up onto encrypted storage devices which are stored within a security safe within a locked cabinet inside a secure office.


Photographic images may be taken during an assessment. This is often done to provide additional information and support clinical recommendations and as a reference point for the assessing occupational therapist. RTC will not take photographs without your consent to do so. Following the assessment or visit the photographs are uploaded on to a secure computer and deleted from the camera.

Photographs may be used within reports or letters to describe or explain something further. These reports are then password protected before being shared with the relevant parties such as the referrer or a medical practitioner involved in your care.

Computer Security and Password Protection of documents

The laptops and computers used by RTC are password protected and secure; computers are not shared, only used by authorized personnel and have firewall and virus checking installed. Operating system updates are automatically downloaded and computers scanned regularly.

All documents, referral forms and reports are password protected. To open and modify customers need to use a password to gain access to confidential information. Strong passwords (at least 6-8 characters that are a combination of letters, numbers and symbols) are applied and will be kept confidential.

B roadband connection is encrypted and complies with industry security measures.

RTC uses a private and secure email and web hosting server.


Confidential or personal information and material is not included within the body or subject box of emails. All reports, letters, documents or attachments are password protected. Care is taken to avoid sharing confidential information and personal email addresses with group/multiple email addresses without consent. E-mail is not used for abusive, illegal, unethical, discriminatory or offensive purposes.

Retention and Destruction of Confidential Data

All referral forms, confidential data and medical data received from the referring party (insurers, employers or customers) are also destroyed in accordance with data protection regulations. Where consultants are required to keep information for time periods according to their professional body requirements, the information is archived and backed up securely and complies with the policies and procedures for the destruction of hardware, removable media, paper documents and back-up tapes. All personal information is securely removed before disposing of old computers (by using technology or destroying the hard disk).

Controlling your personal information

RTC will not sell, distribute or lease your personal information to third parties unless we have your explicit permission or are required by law to do so. RTC are required to keep all information confidential and are not permitted to use it for any purposes other than that required to carry out the occupational therapy and rehabilitation services for which you have been referred and have consented.

You may request details of personal information which we hold about you. If you believe that any information we are holding on you is incorrect or incomplete, or have any other data protection related issues or queries, please write to us, as soon as possible at the following address:

Rehabilitation & Training Consultants

8 Knutsford Road
Alderley Edge

Information Commissioners Office

RTC is registered with ICO (Information Commissioners Office) Registration Number: ZA295470 . This registration is updated annually and will expire in December 2018.  

Organization name: Rehabilitation & Training Consultants (RTC)

Owner: Mrs Kay McArthur

Organisation registered Address:

8 Knutsford Road,
Alderley Edge,
Cheshire, SK9 7SD,
United Kingdom

Email address:

Telephone number: 07899906360