Policy

CONFIDENTIALITY & DATA PROTECTION POLICY

OUTCOME 21, REGULATION 20 (Records)

Name: Constantia Care Ltd.

Purpose of this Document

This document has to be read in conjunction with the procedures on confidentiality, the policy outlined below adheres fully to the principles within the Data Protection Act 1998, the Freedom of Information Act 2000 and the Social Care Record Guarantee Guidance from the National Information Governance Board 2009 www.nigb.nhs.uk/social. All data held, stored or handled by Constantia Care td. complies with the current legislation and guidance.

This document outlines the policy of Constantia Care Ltd. in relation to the handling of confidential information we need to hold about service users.

Principles

  1. The work of Constantia Care Ltd. inevitably involves the need to know a good deal about our services users. We cannot provide good care without access to that information.

  2. Much of this information is highly personal and sensitive. We recognise that our service users have a right to privacy and dignity, and that this extends to our handling information about them in ways which cause as little as possible intrusion on those rights.

  3. We want our service users to feel at ease with the staff who help to care for them. An important element in that relationship is the capacity of a service user to be able to share information with staff, confident that it will be used with appropriate respect and only in relation to the care provided.

  4. As providing care is a complex process, it is not possible to guarantee to a service user that information they give about themselves will be handled only by the staff to whom it was first passed but we can ensure that information is seen only by staff on the basis of their need to know.

  5. We sometimes have to share information with colleagues in other agencies but we only do so on the basis of their need to know and as far as possible only with the permission of the person concerned.

  6. We will only break the rule of confidentiality in very extreme circumstances which justify our taking that action for the greater good of a service user or, exceptionally, others.

Our Legal Obligations

Data Protection Act 1998

The Data Protection Act 1998 lays various obligations on Constantia Care Ltd. and similar organisations concerning the handling of the information we hold on individuals. Information must, for example, be obtained fairly and lawfully, be held for specified purposes, be adequate, relevant and not excessive for the purpose for which it was gathered, be accurate and up to date, and not be held for longer than is necessary. We observe all of these requirements.

Please Note

Guidance on confidentiality and how it can be maintained in respect of service user information has now a wealth of information which assists within this activity. Reference should be made to the following:

  • National Information Governance Board

  • DoH 2003 Confidentiality NHS Code of Practice

  • National Institute for Health and Clinical Excellence

  • Information Commissioner Codes of Practice

  • Local Authority Confidentiality Agreements*

* These are usually found within the Local Authority Contract or Service Specification Documents issued to you as a provider of services. These will often have a set of procedures which are in addition to any other guidance.

Information and Care Needs Assessment

Every user of the services of Constantia Care Ltd. must have their care needs thoroughly assessed before services are provided. This necessarily involves the staff who carry out an assessment or handle assessment material sent to us from other agencies in learning a considerable amount about an individual. It is the duty of such staff to retain, record and pass to the allocated care workers only the information which is relevant to the person’s future care. A similar obligation applies to staff involved in a review or reassessment of care needs or in making any changes in the service provided.

Handling of information by care workers

The care workers assisting a service user have access both to the information passed to them when they start to work with that service user and to knowledge which accumulates in the course of providing care. They have a duty of confidentiality:

  1. To treat all personal information with respect and in the best interests of the service user to whom it relates.

  2. To share with their manager, when appropriate, information given to them in confidence.

  3. To share confidential information when appropriate with colleagues with whom they are sharing the task of providing care.

  4. To pass and receive confidential information to and from colleagues on occasions when they have to be replaced because of sickness, holidays or other reasons, in a responsible and respectful manner.

  5. Only to pass confidential information to other social and healthcare agencies with the agreement of the service user, with the permission of their manager, or in emergencies when it is clear that it is in the interests of the service user or is urgently required for the protection of the service user or another person.

  6. To refer to confidential information in training or group supervision sessions with respect and caution and preferably in ways which conceal the identity of the service user to which it relates.

  7. Never to gossip about a service user or to pass information to any other individual other than for professional reasons.

Managerial and administrative responsibilities

Confidential information must occasionally be seen by staff other than the care workers providing direct care. It is therefore the responsibility of managers to ensure that information is stored and handled in ways that limit access to those who have a need to know and to provide the following arrangements in particular.

  1. To provide lockable filing cabinets to hold service users’ records and ensure that records are kept secure at all times, that they are accessible to the staff during office hours as required.

  2. To arrange for information held on computers to be accessed only by appropriate personnel. These computers are all password protected.

  3. To locate office machinery and provide appropriate shielding so that screens displaying personal data are hidden from general view.

Exceptional breaches of confidentiality

There are rare occasions on which it is necessary for a staff member acting in good faith to breach confidentiality in an emergency situation — for example, to protect the service user or another person from grave danger — without obtaining the permission of the person to whom it applies. In such a situation, the staff member should use their best judgement, should consult the service user’s representative, a manager or a colleague if possible, and should inform their manager of what has happened as soon afterwards as possible.

Staff briefing, training and discipline

It is a responsibility of management to ensure that all relevant staff are briefed on Constantia Care Ltd’s policy and procedures on confidentiality, are trained in the implications of this issue, and have opportunities to explore any problems they encounter and be supported through appropriate supervision. Inappropriate breach of the rules of confidentiality will be treated as a disciplinary matter.