View Lincolnshire SCB Procedures View Lincolnshire SCB Procedures

5.1.21 Information Sharing Guidance

SCOPE OF THIS CHAPTER

This guidance applies to all employees working in Children’s Services and to partner agency employees handling information on behalf of the LCC. The document is intended to help employees decide whether sensitive and personal information can be shared with other individuals and practitioners.


Contents

  1. Introduction
  2. References
  3. The Caldicott Principles
  4. Receiving Information
  5. Consent
  6. Storage of Information
  7. Transfer of Information
  8. Disclosing Information
  9. Recording
  10. Multi-Disciplinary Terms
  11. Access to Personal Records
  12. Breaches


1. Introduction

This chapter provides recognised principles which are to be considered when disclosing information. The guidance is intended to benefit children and their families/carers, as well as employees working in Lincolnshire County Council’s (LCC) Children’s Services and its partner agencies.  

The guidance will assist employees to disclose information appropriately with other individuals, partner agencies and other organisations. The child’s file/record will be updated each time information is disclosed, providing transparency and accountability for decisions made and actions taken.


2. References

Freedom of Information Act
Data Protection Act 1998
Children Act 1989 and 2004
Education Act
The Human Rights Act 1998 and the European Convention of Human Rights

Caldicott Principles
Common Law Duty of Confidentiality
Leaving Care 2004
Recording with Care guidance
LSCB Safeguarding Children Policy
Confidentiality - A guide for Children’s Services (employees and schools)
Information Sharing guidance from the Department for Children, Schools and Families (DCSF)


3. The Caldicott Principles

These principles were developed by Dame Fiona Caldicott following a review of how the National Health Service managed personally-identifiable information, and in 2001, the six principles were applied to all Social Care and Health organisations.

Unlike the Data Protection Act which governs what data we hold, who holds it and what we use it for, the Caldicott Principles are concerned with how that data is managed, owned and protected. 

The six Caldicott Principles:

Principle 1 – Justify the purpose(s)

Every proposed use or transfer of personal – identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed by an appropriate guardian.

Principle 2 – Don’t use personal information unless it is absolutely necessary

Personal and/or identifiable information items should not be used unless there is no alternative.

Principle 3 – Use the minimum necessary personal / identifiable information

Where use of personal identifiable information is considered to be essential, each individual item of information should be justified with the aim of reducing identifiability.

Principle 4 – Access to personal information should be on a strict need to know basis

Only those individuals who need access to personal – identifiable information should have access to it, and they should only have access to the information items they need to see.

Principle 5 – Everyone should be aware of their responsibilities

Action should be taken to ensure that those handling personal / identifiable information are aware of their individual responsibilities and obligations in respect of maintaining client confidentiality.

Principle 6 – Understand and comply with the law

Every use of personal / identifiable information must be lawful. A person in each organisation should be responsible for ensuring that the organisation complies with the legal requirements.

The Department for Children, Schools and Families (DCSF) Seven Golden Rules for information sharing

The Seven Golden Rules will help to support employees with decision making, ensuring all information is being shared legally and professionally.

NB Where employees are unsure whether information should be disclosed they must seek advice from a supervisor, manager, or nominated person within their organisation or area.

The Seven Golden Rules:

  1. Is there a clear and legitimate purpose for sharing information?

    Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.
  2. Does the information enable a living person to be identified?

    Be open and honest     with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
  3. Is the information confidential?

    Seek advice     if you are in any doubt, without disclosing the identity of the person where possible.
  4. Do you have consent to share?

    Share with consent where appropriate     and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case.
  5. Is there sufficient public interest to share the information?

    Consider safety and well-being:     Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions.
  6. Are you sharing information appropriately and securely?

    Necessary, proportionate, relevant, accurate, timely and secure:     Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely.
  7. Have you properly recorded your information sharing decision?

    Keep a record of your decision and the reasons for it     – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose

    Note:     Further guidance on information sharing is available to view, download or order from the Teachernet Online Publications for Schools website.


4. Receiving Information

Each service user, or individual who provides information relating to a service user, will be given a copy of LCC’s Data Protection Fair Processing Notice, which explains what LCC will do with the information, and how it may be shared. Copies of this notice entitled ‘How we use your information’ can be obtained from LCC’s General Office.

Where information is taken over the telephone or by email, callers should be advised that their details will be recorded on the child’s file, in accordance with the Data Protection Act. Callers should be made aware that hard copies of the notice are available for reference should they require further information.

When gathering information, it is essential to discuss confidentiality with children and their families/carers, and to explain there may be occasions, such as safeguarding, where employees may share information without their consent.

All information is to be recorded as described in the Recording with Care Guidance document, which will ensure any information being disclosed by LCC is accurate and up to date. 


5. Consent

The consent of the individual must be sought before disclosing information; however in exceptional circumstances it may be justified to share information without consent.

Disclosure without consent should be considered in the following situations:

  • Where you have reasonable cause to believe that a child or young person may be suffering or may be at risk of suffering significant harm. as described in the Children Act 1989 and Working Together to Safeguard Children 2006. Details of all discussions must be recorded in the child’s case file/record. Employees must record their decision and the justification for not seeking consent to share information. This should include details of the relevant legislation or LCC policy referred to
  • Where the individual may cause significant harm to others
  • Where there is a statutory duty or court order
  • To assist with the prevention and detection of crime

In these cases, employees should refer to their local Safeguarding Policy for further guidance.

Where employees are still unsure whether to disclose information, the case should be referred to an appropriate manager or lead professional for guidance.

Where it is necessary to obtain the consent of a child, care must be taken to ensure their right to confidentiality is respected, wherever possible. Where a practitioner considers a child is sufficiently mature, and understands the implications of sharing and not sharing their information, employees may be required to use their professional judgement when deciding whether to disclose their information against the child’s wishes. All decisions and justification must be recorded in the child’s file/record for reference. For further information please refer to ‘Confidentiality - A guide for Children’s Services (employees and schools)’.

Consent may be withdrawn at any time, either verbally or in writing, and employees must ensure this is documented within the child’s file/record.

It may be necessary to obtain an individual’s consent to the further sharing of information, for different reasons than those originally agreed. This must also be documented within the file.


6. Storage of information

All information held about an individual will be stored and disposed of securely, in accordance with the current Records Management Policy.


7. Transfer of Information

The purpose of any transfer of information must be clear. All employees should consider and document what information is to be shared and with whom, and whether consent is required to share. Before any information is shared, all employees must verify the identity of person or organisation with whom information is being shared. The recipient must be advised of their responsibility to protect the data being received, and of any limitations relating to the information disclosed.


8. Disclosing Information 

When disclosing information, employees will follow the Seven Golden Rules, (listed previously) and disclose the minimum amount of information necessary.

Information in all formats must be disclosed using secure methods. Service user information is not to be stored or exchanged on electronic devices such as memory sticks or disks.

Acceptable methods of exchanging information include:

  • Verbally to a named individual whose identity has been confirmed
  • By secure email, using a mutually agreed password
  • To a secure fax machine, requesting a follow-up call or email from the recipient on receipt. No person-identifiable information is to be written on the fax cover sheet
  • Delivered by hand to an individual whose identity has been confirmed
  • Posted recorded delivery to a verified address

Suggested methods of verifying the identity and/or contact address of the recipient:

  • Telephone the switchboard of the organisation and ask to be connected with the recipient
  • Ask to see their employees pass
  • Ask for the request to be made in writing and on letter-headed paper
  • See also the access to records section regarding requests from other individuals


9. Recording

Each disclosure of information must be documented in the child’s file/record, with reasons for disclosure or non-disclosure clearly explained. Employees must refer to the Recording with Care guidance for further information on recording methods.


10. Multi-Disciplinary Teams

Multi-disciplinary teams must adhere to the information sharing policy and guidance when there is joint working.  Where there is inter-agency supervision or mentoring, managers must discuss and agree the limits of information sharing and the need for confidentiality.


11. Access to Personal Records

An individual or their representative can apply to see information held about them by LCC and its partner agencies. In addition, professionals from regulatory organisations may require sight of individual files during statutory audits and inspections.


12. Breaches

In the event of a breach of the information sharing policy, guidance or agreed protocols, such as the improper disclosure of personal information, all relevant agencies must be advised as soon as practicably possible, and in any event within seven working days.

Each agency will deal with the incident in accordance with their own procedures, and provide the other agencies involved with details of any action required. LCC managers should refer to the Code of Conduct and Human Resources regarding any disciplinary matters.

End