As a therapist, you are subject to strict rules about collecting and retaining data. Against the trend, HMG and your Insurer demands you to take and hold reams of data. Often for many years.

Data such as Consultation Forms, Consent Forms, Medical Histories and Treatment Plans as well as clients contact details.

Not only do you collect this in order to function as a therapist but also in order to insure against subsequent legal claims of negligence.

Just check out what the small print says in your insurance policy. I have taken some notes of the small print in some policies. The blog can be read here.

It is informative, if scary reading.


If you do not Keep Necessary Records, often you are not insured. 

What patient records should I as a Therapist Keep?

In this day and age, almost all of us use computers and doesn’t everyone use a smartphone? 

Unfortunately, many practitioners still stockpile paper in filing cabinets. In the mistaken belief that GDPR only applies to computer data. Like the Sicilian Mafiosi who only communicated by little paper notes. He had smuggled out from his hideout for 20 years. Some of us feel that paper is somehow safer than electronic communications.

Data is data on disc, paper or in the cloud, even in your mobile phone. If you take a client’s phone number and save it on your phone you have just collected personal data. 

So it’s best to keep it safe and easy – using paper forms is neither.

As a 21st Century business manager you probably book your appointments using ‘Booksy’ or a similar system. You run your accounts on ‘Quickbooks’ or ‘Xero’. Unfortunately, many therapists are still keeping patient consent and medical records on your hard drive, or worse, on paper forms.

That’s an awful lot of data, all of which, if it’s not correctly secured and stored makes you vulnerable to an attack by a hacker or experience a data leak.


According to the government department for Digital, Culture, Media and Sports 2018 survey, over four in ten businesses and nearly two in ten charities experienced a cyber security breach or attack in the last 12 months. No wonder nearly three quarters of businesses (74%) and over half of all charities (53%) say cyber security is a high priority for their management.

The average cost per breach was over three thousand pounds.

Unfortunately today we all produce so much data. With GDPR in place, fines are coming in thick and fast, and with cyber-attacks becoming increasingly sophisticated and expensive, it really is time to get serious about your data.

We have all heard of the ransom that was demanded after malware froze the NHS. You can bet didn’t demand just three grand.

How would you cope if you were locked out of your client’s database? How much would it cost you if you lost your clients contacts?


There has never been a more important time to make sure that your cyber security is able to keep your data safe. 

Fortunately, you can now buy insurance against these losses.

Cyber and data risks insurance is available to protect and support your business. If you are the victim of malware from a malicious site, subject to an attack by a hacker or suffer a data breach.

If you use a Paperless System such as iPEGS, Consultation Forms, Consent Forms, Medical Histories and Treatment Plans, you can be sure your data is safe.

As the data processor we store and encrypt your data in a secure, state of the art, UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more why not email us: