Skip to main content


We know that confidentiality is really important to the people we work with

Our staff will talk to you about confidentiality and what it means and how it may affect you.

We aim to keep everything discussed between us confidential. However, if we’re very worried about your safety, we may give someone else information to protect you. This happens very rarely and we’ll always aim to let you know first. If you want to know more about this then just ask.

We have a robust and comprehensive Safeguarding Policy in place to protect all of the people we work with, their families and our staff from any harm. We firmly believe that safeguarding is everyone’s business.

We will need to keep information about you for the following reasons:

  • so that we can remember what is talked about with you
  • so that we can keep you safe from harm

The information that we keep is in the form of paper records and computer records. When we’re not using it, it is kept securely.

Who else sees your information

We also need to collect information to send to statutory agencies and we’ll discuss this with you. This information won’t identify you but will be used to write reports and to show how drug and alcohol treatment is working and inform future funding from the government.

The funders for services also want to know how many people come to see us so they can tell other people what is happening about drugs, alcohol and mental health in local areas. Again, the information will not identify you.

You may also agree with your key worker that we can share information about you with other services or people that work with you.

Confidentiality and our psychological therapies (IAPT) services

This section covers how our psychological therapies (IAPT) services in Kent and Surrey handle your information.

We ask you for information so that we can provide you with the best possible care to help you achieve your goals.

The records we keep about you are only seen by people who are involved in your care (including the NHS, who see key information but not the whole record) unless you have agreed to share it with others (see Sharing your information).

We will keep information about you safe and secure. We keep data for at least 8 years after you have left us and then securely destroy it.

Learning what worked for you can help us meet other people’s needs. We remove data that identifies you if we use it for research and planning, or in audits to help us improve services.

If we do want to use data that identifies you, for example in research projects, we will always ask you first.

Your right to see your records

You have the right to see records kept about you. This includes paper-based records and those kept on a computer.

If you would like to see your records your worker will be able to help you. If you prefer, you can email

We will arrange for you to see or get a copy of your records within one month. You can go through your record with a worker in case you have any questions. There is no charge for this service.

There may be parts of the record which we do not share with you. For instance names of other people, or information that we feel could cause harm to you or someone else.

If you are asking on behalf of someone else then we may need further information from you or them in order to do this. You may not be allowed to see the record if we believe that the person did not wish this to happen.

If you feel there are parts of your record which are not accurate then you can ask us to correct it. We will either make the correction, or put a note on the file with your comments.

Sharing your information

We share key information with your GP and NHS Digital as part of your care. We encourage everyone who uses our services to be open with others, whether professionals or family and friends. We believe that the active involvement of family and friends can help you get better. But you can choose whether we share information with them.

The sharing of sensitive personal information in healthcare is strictly controlled by law. Anyone who gets data from us is also under a legal duty to only use it for agreed purposes and keep it safe and strictly confidential. If we work with other organisations regularly, we both sign an Information Sharing Agreement (ISA) which sets out what, why and how we will share your data.

If you change your mind about sharing your data, you may withdraw your consent at any time by speaking to your worker.

Sometimes there are exceptional circumstances when we would share information about you without your consent, but this would only usually be for very serious reasons involving your safety or that of other people.

There are also times when the law says we must share information:

  • when a court orders us to
  • if we have knowledge of very serious crimes (such as murder or terrorism)
  • telling the Health Protection Agency about hepatitis B cases

Sharing with NHS Digital

What NHS Digital is and does:

NHS Digital has two main responsibilities under UK law:

  • to run and manage computer systems that link different parts of health and care together and improve individual care
  • collect some specific health and care data to check how the health and care service is doing and to improve everyone’s care

To carry out these duties, we need to collect, store, use and sometimes share information about you.

Find out more at

What information NHS Digital uses and why:

NHS Digital collects information about:

  • You – personal information (DOB, postcode, ethnicity)
  • Your care with us (key dates and outcomes)
  • Your mental and physical health (including any long term conditions)
  • Your social circumstances (employment, parental status)

This information is used to produce reports that show how effective mental health treatment is in England, and to ensure that the service is funded correctly. You are not identifiable from these reports.

How NHS Digital protects your information:

NHS Digital holds personal information securely, and manages its use according to strict rules under a legal obligation. Only trained staff with authorised access can see your personal health information.

When we send information to NHS Digital, we code most of the data categories. Only people who know what the codes mean will be able to understand it. We use an identifier instead of your full name and protect the information while it’s moving by uploading it directly to the NHS through a secure portal.

Need more information?

To find out more information about how NHS-funded services hold and use your data please see the information on the NHS website.

Your data rights are covered in law by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2016. These are overseen by the Information Commissioner’s Office (ICO) who have more information on their website.

For more information about how we look after your records, speak to your worker or contact:

Information Governance
We Are With You, Central Office
Part Lower Ground Floor
Gate House
1-3 St Johns Square


If you are concerned about how we have looked after your records and we haven’t put it right, you can contact the ICO on their website or at:

The Information Commissioner’s Office
Wycliffe House, Water Lane

Telephone: 0303 123 1113


Privacy and confidentiality