October 2018: This chapter has been amended to reflect changes in data protection regulation, including the General Data Protection Regulation and add a link to Confidentiality: Guidance for Registrants, published by the HCPC as linked above.
All staff have responsibility to ensure that person identifiable, confidential or sensitive information is handled, processed and stored in accordance with the Data Protection Act 2018, the General Data Protection Regulation, The Human Rights Act 1998 and the European Convention on Human Rights.
The organisation should ensure that access to data is restricted to those that have legitimate authority to view it; it should be confident that data that is held is accurate and relevant and where amendments are required, revision are carried out by authorised personnel.
Staff are often required to work within a multi-agency arena and therefore need to be confident about their responsibilities concerning information sharing. Legislation such as the Data Protection Act 2018 (DPA) should not to be seen as an obstacle but as a framework of best practice to support promotion of wellbeing and improving outcomes for adults with care and support needs, their carers and the community.
There is an expectation that from their first point of contact with the service, adults will be helped to understand the information that is being gathered, processed and stored in relation to them and give their written consent to this. They also have a right to know if and when information held about them is going to be shared, for what purpose it will be shared and with whom (unless there is justified reason to share without informing the individual concerned).
There are certain circumstances when sharing information is not appropriate and doing so can cause detriment to adults and the service. Equally not sharing information can have serious consequences, therefore all staff must use their professional judgement on a case by case basis, and if necessary seek help from their line manager before making a decision. All decisions and outcomes need to be recorded appropriately.
Staff must apply a consistent and responsible approach to information sharing and should ensure that they are familiar with the information sharing procedures and supporting government guidance in relation to information sharing.
The principles in the guidance are intended to help practitioners share information between organisations. Practitioners should use their judgement when making decisions on what information to share and when and should follow organisation procedures or consult with their manager if in doubt.
The most important consideration is whether sharing information is likely to safeguard an adult who is experiencing or at risk of abuse or neglect.
When asked to share information, you should consider the following questions to help you decide if and when to share. If the decision is taken to share, you should consider how best to effectively share the information.
Q. 1 Is there a clear and legitimate purpose for sharing information? This includes taking action in relation to safeguarding children and adults.
Q.2 Does the information enable an individual to be identified?
Q.3 Is the information confidential?
Q.4 Do you have consent?
Q.5 Is there another reason to share information such as to fulfil a public function or to protect the vital interests of the information subject? See also Section 6, Sharing Information with the Safeguarding Adults Board below.
Agencies should draw up a common agreement relating to confidentiality and setting out the principles governing the sharing of information, based on the welfare of the adult or of other potentially affected adults.
Any agreement should be consistent with the principles set out in the Caldicott review: Information governance in the health and care system, Department of Health (2013) ensuring that:
Where an adult has refused to consent to information being disclosed for these purposes, then practitioners must consider whether there is an overriding public interest that would justify information sharing (for example because there is a risk that others are at risk of serious harm) and wherever possible, the appropriate Caldicott Guardian should be involved.
Decisions about who needs to know and what needs to be known should be taken on a case by case basis, within agency policies and the constraints of the legal framework.
Principles of confidentiality designed to safeguard and promote the interests of an adult should not be confused with those designed to protect the management interests of an organisation. These have a legitimate role but must never be allowed to conflict with the welfare of an adult. If it appears to an employee or person in a similar role that such confidentiality rules may be operating against the interests of the adult then a duty arises to make full disclosure in the public interest.
In certain circumstances, it will be necessary to exchange or disclose personal information, which will need to be in accordance with the law on confidentiality and the Data Protection Act 2018 where this applies.
In order to carry out its functions, the SAB will need access to information that a wide number of people or other organisations may hold.
In the past, there have been instances where the withholding of information has prevented organisations being fully able to understand what ‘went wrong’ and so has hindered them identifying, to the best of their ability, the lessons to be applied to prevent or reduce the risks of such cases reoccurring. If someone knows that abuse or neglect is happening they must act upon that knowledge, not wait to be asked for information.
A SAB may request a member of staff from Adult Social Care to supply information to it or to another person. The Care Act 2014 specifies that the person who receives the request must provide the information provided to the SAB if:
– End –