health and social care staff members: what you should know ... · information governance sits...

p1 Information Governance

Health and social care staff members: What you should know about Information Governance


What is Information Governance?

You have probably heard of Clinical or Social Care Governance, which is a way for organisations and individuals to continuously improve the quality of health and social care and ensure high standards of care are provided.

You may be aware of Research Governance, which defines the good practice guidelines necessary to ensure health and social care research complies with scientific and ethical standards.

Senior personnel will be involved in Corporate Governance, which is the way that organisations are able to achieve their business objectives and meet the necessary standards of accountability and integrity.

Information Governance sits alongside these other governance initiatives, it is to do with the way organisations process or handle information. It covers personal information, ie that relating to patients/service users and employees, and corporate information, eg financial and accounting records.

Information Governance allows organisations and individuals to ensure that personal information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with Corporate Governance standards.

Information Governance provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling of information, allowing:

• implementationofcentraladviceandguidance;

• compliancewiththelaw;• yearonyearimprovements.

At its heart, Information Governance is about setting a high standard for the handling of information and giving organisations the tools to achieve that standard.

The ultimate aim is to demonstrate that an organisation can be trusted to maintain the confidentiality and security of personal information by helping individuals to practice good information governance and be consistent in the way they handle personal and corporate information and avoid duplication of effort, leading to improvements in:

• informationhandlingactivities;• patientandserviceuserconfidencein

care providers; • employeetraininganddevelopment.


What are the standards and requirements that make up Information Governance?

Information Governance provides a consistent way for employees to deal with the many different standards and legal rules that apply to information handling, including:

• The Data Protection Act 1998.• The common law duty of confidence.• The Confidentiality NHS Code of Practice. • The NHS Care Record Guarantee for England.• The Social Care Record Guarantee for

England.• The international information security

standard: ISO/IEC 27002: 2005.• The Information Security NHS Code of

Practice.• The Records Management NHS Code of

Practice.• The Freedom of Information Act 2000.

The Department of Health has developed sets of information governance requirements, which enable NHS and partner organisations to measure their compliance with the information handling standards and legal rules. The requirements cover all aspects of information governance including:

• data protection and confidentiality;• information security;• information quality;• health / care records management;• corporate information.


Why should you learn about it?

Information Governance helps ensure that all employees are following best practice guidelines on information handling.

Information Governance helps all employees providing care services to manage personal information for the benefit of the patient or service user.

Your patients and service users will know that their records will not be disclosed inappropriately, which will:

• give them greater trust in NHS and social care working practices, and

• encourage them to be more open to sharing important personal information with you.

Thereby ensuring they receive care of the best quality.

Information Governance includes training requirements to help ensure that all employees comply with the law and best practice when handling information.

Training and development is a vital component of Information Governance. If you attend or participate in the available training and evaluation, you can ensure you are adequately informed how to:

• respect patient/service user information rights;

• use personal information appropriately and legally;

• create, file and store corporate documents in line with the best practice records management standards outlined in the

Records Management NHS Code of Practice and equivalent codes for social care records;

• seek assistance if required.

Information Governance helps employees to work with others outside of their own area and organisation.

It depends on teamwork and good communication among all staff to encourage:

• sharing of good practice ideas across departmental and organisational boundaries;

• joint initiatives between health, social care and partner organisations;

• shared efforts and reduced duplication.


Information Governance leads to improvements in information handling

The Department of Health has developed clear requirements for information handling to ensure that information is:

• Held securely and confidentially.• Obtained fairly and efficiently.• Recorded accurately and reliably.• Used effectively and ethically.• Shared appropriately and lawfully.

The requirements help organisations to ensure that:

• appropriate management structures and personnel are in place to oversee IG arrangements;

• information within computerised and paper-based systems is held securely, is accurate and is available when and where needed (for example in the event of an unplanned attendance/admission);

• processes and procedures for information and records are efficient and effective;

• employees are provided with guidance and appropriate, effective training.

Annual Information Governance assessments are performed to help identify good practice and highlight areas that need improvement.

When assessing information handling, Information Governance staff review the existing policies, procedures and processes in place throughout the organisation. They ensure that the policies, etc are relevant, understandable and are published and widely distributed throughout an organisation; and that employees in general are aware of and comply with them. Where documentation is absent or outdated, they arrange for it to be written or updated. They identify areas of good practice and enable them to be shared with others.

Your responsibility is to comply with the policies, procedures and processes, and share any good practice in information handling with the IG staff.


It is the responsibility of all organisations to comply with the law. The organisation can achieve this by assigning responsibilities for Information Governance issues to named staff, and by ensuring that all employees are made aware of their individual responsibilities and of any penalties for non-compliance.

Training and awareness raising sessions can help to ensure that all employees practice in accordance with policies, procedures and processes and ultimately with the law. Your organisation will have personnel and/or structures in place to provide you with assistance on Information Governance issues.

The Department of Health has made an IG Training Tool available to assist organisations in ensuring their staff members are appropriately trained in Information Governance.

Users can self-register to use the products in the tool or take a guest tour. The tool can be accessed at: www.connectingforhealth.nhs. uk/igtrainingtool.

Your responsibility is to undertake the IG training specified by your organisation and seek assistance from an appropriate source if you require it.

Information Governance staff regularly review policies, procedures and processes and employee compliance with them. The outcomes are measured against the Information Governance requirements, allowing year on year improvements to be made and any deterioration in standards to be quickly tackled.

The outcomes may indicate that further training is required in some areas, or better staff guidance materials are needed that can be easily accessed at all times (for example should an issue arise with a patient/service user late at night when IG staff are not around to offer advice or assistance).

Your responsibility is to participate in Information Governance surveys carried out by IG staff so that compliance can be monitored.


Information Governance can help improve patient/service user care

Information Governance can help to improve the care and services that patients and service users receive by: Improving the quality of information - accurate and complete patient/service user information means:

• care professionals will be able to rely on the information to make decisions about care, treatment and services;

• care professionals will be able to rely on the information to communicate effectively with other professionals involved in providing services for the patient/service user;

• patients and service users will receive the most appropriate treatment or care in a timely manner;

• the risks posed by duplicate records will be minimised;

• organisations will be correctly paid for the care and services they provide meaning that appropriate services are made available for the local population.

Improving the security of patient/service user information - using robust security processes, controls and management means:

• that the confidentiality of patient/service user information will be maintained;

• patients/service users will have increased confidence in the care organisation’s ability to manage their information securely and are therefore more likely to provide accurate, up-to-date information which ultimately improves the quality of care and services they receive.

TheNHSandSocialCareRecordGuarantees for England

Individuals’ rights regarding the sharing of their personal information are supported by the Care Record Guarantees, which set out high-level commitments to patients/service users that their records will be used in ways which respect their rights and promote their health and wellbeing.

Your organisation may make copies of the Guarantee available to patients/service users, if not; they can be downloaded from the National Information Governance Board for Health and Social Care website: www.nigb.nhs.uk/guarantee and www.nigb.nhs.uk/social


Local guidance

Your organisation will have patient and service user information materials that explain how personal information is used and how concerns about use can be expressed. Adhering to the guidance will mean that patients/service users’ rights are respected, and they will be assured that their information is handled in accordance with the law. Organisations should have an effective and well-advertised procedure to enable patients/service users to make known any concerns they have.

Your responsibilities are to comply with the promises in the Guarantee and any local guidance, to make sure you know how patients/service users can obtain a copy of the Guarantee and/or any locally produced guidance/materials, and be prepared to discuss any concerns that are raised, or be able to direct patients/service users to a more knowledgeable member of staff.

Organisationsshouldensurethattherearedefined reporting and investigation procedures so that employees have access to clear advice and guidance networks.

Incidents and “near misses” should become learning opportunities, to enable employees to avoid similar problems in the future. The reporting of incidents both actual and potential is essential to raising Information Governance standards in the organisation, so you should make sure you know how to report potential and actual breaches.

If you witness an actual or potential breach of Information Governance, your responsibility is to advise the responsible person of their failure to comply and in most circumstances, to report the matter to your line manager or to the appropriate IG staff.


Information Governance will improve records management

NHSorganisations: TheRecordsManagement:NHSCodeofPracticesets out the required standards of practice for allNHSrecords.

The standards in the Code apply to all those who work within or under contract to NHS organisations in England. It is based on current legal requirements and professional best practice and contains details of the recommended minimum retention period for each record type.

Socialcareorganisations: There are similar standards of practice contained withinlegalregulations,NationalMinimumStandards,localguidanceandprofessionalcodes of conduct.

These standards apply to all those who provide social care services in care homes and in the service user’s own home. They provide guidance on record creation, security, confidentiality and retention.

Your responsibility is to make sure you comply with the standards and assist your organisation to achieve efficient and effective records management through:

• standardised records creation, including naming and filing;

• appropriate storage of records;• controlled access to records;• speedy location and retrieval of records,

when and where needed.


Information Governance involves new ways of working

Multidisciplinaryteamsshouldworkmoreclosely together to help to reduce repetitive practices and minimise duplication of effort.

The focus will be on appropriately sharing the information between professions, leading to:

• a single assessment process for care purposes;• joint working between IT and Information

Governance employees;• employee time and skills put to more

effective use;• less annoyance to the patient or service

user at having to repeat information already given.

IG requires greater patient/service user participation, therefore it is important that theNHSandsocialcareproviderslistentothe opinions of patients and service users and where appropriate act on those opinions.

Organisations should actively seek patient/service user participation in decisions about treatment and uses of their personal information and monitor “user satisfaction”, eg by way of public and patient/service user involvement groups or surveys.

Your responsibility is to make patients and service users aware of any surveys being carried out regarding Information Governance.

A National Information Governance Board for Health and Social Care has been established to support those working in information governance by providing oversight, developing and interpreting best practice, promoting consistency and arbitrating on the interpretation of policy, procedure and legal requirements. The National Information Governance Board has a web site at www.nigb.nhs.uk/ and can be contacted by email at [email protected] or on 020 7633 7052.


What can you do to make Information Governance a success?

There are several general things you can do to assist your organisation:

Don’t be afraid of changeInformation Governance merely pulls together all the information handling standards and legal rules into one framework.

ParticipateineducationandtrainingopportunitiesTake up any education and training offered to develop your awareness of the legal and organisational requirements when handling information.

ParticipateinassessmentsofInformationGovernance in your areaThis will enable you to develop and strengthen your understanding of Information Governance, and also assist your organisation to improve the way in which information is handled.

Help your team achieve best practiceMake sure you follow the relevant procedures or processes in your organisation, as failure to do so could impact on the whole team.

Don’t be afraid to speak up about shortcomingsIf you have any concerns about standards or practices in your department, talk with other members of your team or your supervisor or manager.

Ensure that errors give rise to learningA culture of blame is not conducive to improvement being made and lessons can usually be learnt from shortcomings allowing good practice for the future.

ShareyourgoodpracticeIf you identify ways in which information handling can be improved in your work area share your ideas with your colleagues.

Encourage others to share their good practiceYour colleagues will feel more valued and respected if they know that their ideas are listened to and where appropriate, action taken to implement them.


Keep personal information secure: Ensure confidential information is not unlawfully or inappropriately accessed.

Comply with your organisation’s computer safety procedures. Do not share your access passwords with others. Ensure you “log out” once you have finished using a computer. Do not leave paper records unattended. Lock rooms and cupboards where personal information is stored.

Keep personal information confidential: Onlydisclosepersonalinformationtothosewho legitimately need to know to carry out their role.

The information the care team needs to know may be different from the requirements of some admin and clerical support staff. Bear in mind that you could be overheard and do not discuss personal information about your patients/service users on the bus, in corridors, lifts or the canteen!

Ensure that the personal information you use is obtained fairly: Inform patients/service users of the reason their information is being collected.

Organisational compliance with the Data Protection Act 1998 depends on employees acting in accordance with the law. The Act states information is obtained lawfully and fairly if individuals are informed of the reason their information is required, what will generally be done with that information and who the information is likely to be shared with. Patients/service users should also be informed

whether any potential use of their information is optional, eg automatic referrals to other agencies.

Makesuretheinformationyouuseiscorrect:Ensure the information you record is accurate, legible and complete and if possible, verify personal information with patients/service users.

Information quality is an important part of Information Governance. There is little point in putting procedures in place to protect information if the information is inaccurate. You should give patients and service users the opportunity to check information held about them and allow them to point out any mistakes. You should encourage them to inform the organisation if any of their details have changed. If your organisation has an information leaflet about the importance of providing accurate information, ensure patients/service users have access to it.

Please note: Under the Data Protection Act 1998,

individuals have the right to request that inaccuracies

in their records are corrected.

Makesuretherecords/documentsyoucreateare appropriately accessible: Where there are locally determined rules for record/document creation and filing ensure you comply with them.

Organisations need to be able to locate and retrieve information, where and when it is needed; you can assist this process by adhering to the procedures for record/document creation, eg file names, version control and filing/storage.

There are also more specific actions you can take to assist the success of Information Governance


Onlyusepersonalinformationforthepurposefor which it was given: Usetheinformationinanethicalway.

This means that personal information that was given for one purpose, eg hospital treatment, should not be used for a totally separate purpose, eg research, unless the individual consents to the new purpose.

Sharepersonalinformationappropriately and lawfully: Obtainconsentbeforesharingpersonalinformation with others.

If you are providing social care and you believe that a service user requires NHS treatment, you should ordinarily obtain the individual’s consent before sharing their details, eg with a health visitor or GP. Similarly, if a patient requires referral to another agency, eg from NHS to social services, check that the patient has agreed to be referred, and is fully aware of and consents to their personal information being passed to that other agency.

Complywiththelawandlocalpolicies and procedures: Ignorance of the law is not usually a defence for breach.

Your organisation will have spent time and money ensuring that its policies and procedures comply with the law and do not breach patient/service user rights. Whilst you may not need to know what all the specific rights are, if you comply with these policies and procedures you are unlikely to break the law.


Work with your patients and service users and take steps to ensure their rights and choices are respected

Don’t be persuaded to break the law: You have a duty to protect the confidentiality of patient/service user personal information, both under the common law and through Acts ofParliament.

If anyone asks or pressures you to breach this duty discuss the issue with your manager and/or Caldicott Guardian. If a legitimate need to disclose without consent is identified senior personnel must make the decision. A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. The Guardian plays a key role in ensuring that NHS, Councils with Social Services Responsibilities and partner organisations satisfy the highest practical standards for handling patient identifiable information. You can find out more about Caldicott Guardians at: www.connectingforhealth.nhs.uk/systemsandservices/infogov/caldicott

You can also contact Public Concern at Work, an independent body providing free legal advice to individuals concerned about wrongdoing in the workplace, on 020 7404 6609 or email: [email protected].

Communicateclearly:Ensure that the advice and guidance you give to patients/service users is clear.

You should be able to clearly explain why you require the information you have requested, the purposes to which personal information may be put and with whom the information may be shared. If your organisation has an information leaflet, use it to reinforce what you have said.

Encourage patients and service users to be actively involved in decisions about their care: Patients/serviceusershavearighttobeinvolved in decisions about the use of their information.

Be open and honest with your patients and service users and ensure they have sufficient information to make an informed decision about the use of their personal information. For example, make sure that there are copies of the Care Record Guarantee available in your department, or know where to obtain them from if they are stored elsewhere.

Know who to contact for advice: Makesurethatpatientsandserviceusersareaware of the routes through which a complaint about the use of their information can be made.

Your organisation will have assigned responsibility for dealing with complaints about the use of patient/service user information. Often responsibility will have been assigned to the Patient Advice and Liaison Service (PALS), Complaints Officer or similar, to deal with initial complaints, which may then be escalated to other staff such as the Caldicott Guardian or IG Lead. You must make sure you know who to contact in your organisation and how to contact them, and provide this information to patients/service users if asked.


So - Information Governance ensures that personal information is dealt with legally, securely, efficiently and effectively

• UnderstandwhatInformationGovernanceis.

• KnowhowInformationGovernanceappliesto your role.

• Doyourbesttoimproveandencouragegoodpractices in your department.

• Supportinformationhandlingimprovementefforts across your organisation.

• Bereceptivetothechangeprocess.

• Beateamplayer.

• Ensureyourpatients/serviceusersarefullyinformed.

• Takeadvantageoftraininganddevelopmentopportunities.

Remember:Information Governance is the responsibility of every employee. You must treat all personal information with respect and regard for confidentiality, information security and information quality.

ContactsFor assistance with:

• InformationGovernancePolicy• TheInformationGovernanceTrainingTool

(content issues and technical advice)• TheInformationGovernanceToolkit(content,

technical advice and administration issues)

PleasecontacttheHelpdeskon01392251289orby email at: [email protected]


For more information about NHS Connecting for Health please visitwww.connectingforhealth.nhs.uk

For more information about Information Governance or to download further copies of this brochure, please visit www.connectingforhealth.nhs.uk/systemsandservices/infogov/links

If you require printed copies of this publication please order via NHS Connecting for Health resources, quoting reference number 4691 www.connectingforheath.nhs.uk/resources

Crown copyright 2010

Information Sharing: Pocket guide

This pocket guide

• This pocket guide is part of the HM Government information sharing guidance package (2008), which aims to support good practice in information sharing by offering clarity on when and how information can be shared legally and professionally, in order to achieve improved outcomes.

• This package of guidance is for practitioners who have to make decisions about information sharing on a case-by-case basis. It is also for managers and advisors who support these practitioners in their decision making and for others with responsibility for information governance.

• This pocket guide presents a summary of the key decision making considerations which are detailed in Information Sharing: Guidance for practitioners and managers. It is not designed to be read as a stand alone document, rather to be a helpful tool in reminding the practitioner of the key messages received during training on information sharing and the detailed messages contained in the guidance.

Information Sharing: Pocket guide 1

Alongside this document, we have published:

• Information Sharing: Guidance for practitioners and managers;

• Information Sharing: Case examples which illustrate best practice in information sharing situations;

• Information Sharing: Training materials available for local agency and multi-agency training, and for use by training providers; and

• Information Sharing: Further guidance on legal issues which is a summary of the laws affecting information sharing.

This pocket guide and the other documents can be located at www.everychildmatters.gov.uk/informationsharing

2 Information Sharing: Pocket guide

Introduction

Information sharing is key to the Government’s goal of delivering better, more efficient public services that are coordinated around the needs of the individual. It is essential to enable early intervention and preventative work, for safeguarding and promoting welfare and for wider public protection. Information sharing is a vital element in improving outcomes for all.

The Government understands that it is important that people remain confident that their personal information is kept safe and secure and that practitioners maintain the privacy rights of the individual, whilst sharing information to deliver better services. It is therefore important that practitioners can share information appropriately as part of their day-to-day practice and do so confidently.

It is important to remember there can be significant consequences to not sharing information as there can be to sharing information. You must use your professional judgement to decide whether to share or not, and what information is appropriate to share.


Myth buster on data protection

• The Data Protection Act 1998 is not a barrier to sharing information but provides a framework to ensure that personal information is shared appropriately.

• Data protection law reinforces common sense rules of information handling. It is there to ensure personal information is managed in a sensible way.

• It helps us strike a balance between the many benefits of public organisations sharing information, and maintaining and strengthening safeguards and privacy of the individual.

• It also helps us balance the need to preserve a trusted relationship between practitioner and client with the need to share information to benefit and improve the life chances of the client or protect the public.


Seven golden rules for information sharing

1. Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.

2. Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.

3. Seek advice if you are in any doubt, without disclosing the identity of the person where possible.

4. Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case.

5. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions.


6. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely.

7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.

The ‘ Seven Golden Rules’ and the following Questions 1- 7 will help support your decision making so you can be more confident that information is being shared legally and professionally.

If you answer ‘not sure’ to any of the questions, seek advice from your supervisor, manager, nominated person within your organisation or area, or from a professional body.


Flo

wch

art

of k

ey q

ues

tio

ns

for

info

rmat

ion

sh

arin

g

Yes

Yes

Yes

Is th

ere

a cl

ear a

nd le

git

imat

e p

urp

ose

for s

hari

ng in

form

atio

n?

Doe

s th

e in

form

atio

n en

able

a p

erso

n to

be

iden

tifie

d?

Is th

e in

form

atio

n co

nfid

enti

al?

Do

you

have

con

sent

?

No

No

Yes

You

are

aske

d to

or w

ish

to s

hare

info

rmat

ion

Seek

ad

vice

No

t su

re

No


No

Yes

Is th

ere

suff

icie

nt p

ublic

inte

rest

to

sha

re?

No

If th

ere

are

conc

erns

that

a c

hild

may

be

at ri

sk o

f sig

nific

ant h

arm

or a

n ad

ult m

ay b

e at

risk

of

ser

ious

har

m, t

hen

follo

w th

e re

leva

nt p

roce

dur

es w

itho

ut d

elay

.

Seek

ad

vice

if y

ou a

re n

ot s

ure

wha

t to

do

at a

ny s

tag

e an

d e

nsur

e th

at th

e ou

tcom

e of

th

e d

iscu

ssio

n is

reco

rded

.

Reco

rd th

e in

form

atio

n sh

arin

g d

ecis

ion

and

you

r rea

sons

, in

line

wit

h yo

ur a

gen

cy’s

or l

ocal

pro

ced

ures

.

Shar

e in

form

atio

n:

• Id

enti

fy h

ow m

uch

info

rmat

ion

to s

hare

.• D

isti

ngui

sh fa

ct fr

om o

pin

ion.

• Ens

ure

that

you

are

giv

ing

the

rig

ht in

form

atio

n to

the

rig

ht p

erso

n.• E

nsur

e yo

u ar

e sh

arin

g th

e in

form

atio

n se

cure

ly.

• Inf

orm

the

per

son

that

the

info

rmat

ion

has

bee

n sh

ared

if th

ey w

ere

not a

war

e of

this

and

it w

ould

not

cre

ate

or in

crea

se ri

sk o

f har

m.

Yo

u c

an

shar

e

Do

no

t sh

are


Question 1

Is there a clear and legitimate purpose for sharing information?

• Why do you or the other person want the information?

• What is the outcome you are trying to achieve?

• Could the aims be achieved without sharing the information?


Golden rule

Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.

Other things to consider:

• Do not assume that you need to share the whole case file.

• Different agencies may have different processes for sharing information. You will need to be guided by your agency’s policies and procedures and, where applicable, by your professional code.

For more details, see the Information Sharing: Guidance for practitioners and managers paragraphs 3.3 – 3.9.


Question 2

Does the information enable a living person to be identified?

• If the information is about an identifiable living individual, or could enable a living person to be identified when considered with other information, it is personal information and is subject to data protection law. This is likely to be the case in the course of your work. You should be open about what information you might need to share and why.

• However, it may not be appropriate to inform a person that information is being shared, or seek consent to this sharing. This is the case if informing them is likely to hamper the prevention or investigation of a serious crime, or put a child at risk of significant harm or an adult at risk of serious harm.


Golden rule

Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.


• If the person was informed about how and with whom their personal information might be shared at the outset, it will usually not be necessary to inform them again as long as the use as described in the original notification is the same.

For more details, see the Information Sharing: Guidance for practitioners and managers paragraph 3.10 – 3.11.


Question 3

Is the information confidential?

• Not all information is confidential.

• Confidential information is information of a private or sensitive nature that is:

• not already lawfully in the public domain or readily available from another public source; and

• has been provided in circumstances where the person giving the information could reasonably expect that it would not be shared with others.


Golden rule

Seek advice if you are in any doubt, without disclosing the identity of the person where possible.


If the information is not confidential you must now consider Question 6.

If the information is confidential you must now consider Question 4.


Question 4

Do you have consent to share?

• You should seek consent where possible and respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement on the facts of the case, that lack of consent can be overridden in the public interest.

• You do not always need consent to share personal information. There will be some circumstances where you should not seek consent, for example, where doing so would:

• place a child at increased risk of significant harm; or

• place an adult at increased risk of serious harm; or

• prejudice the prevention, detection or prosecution of a serious crime; or

• lead to unjustified delay in making enquiries about allegations of significant harm or serious harm.


Golden rule

Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You need to base your judgement on the facts of the case.


• Generally, there should be ‘no surprises’.

• Obtaining explicit consent is best practice. It can be expressed either verbally or in writing, although written consent is preferable since that reduces the scope for subsequent dispute.

• You will need to consider whose consent should be sought. Does the person have the capacity to understand and make their own decisions on this occasion? If not, is someone else authorised to act on their behalf?

• Consent must be informed, i.e. when people agree to information sharing, they must understand how much of their information needs to be shared, who will see it, why it is necessary to share the information and any implications of sharing or not sharing.

• Consent can be withdrawn at any time. For more details, see the Information sharing: Guidance for practitioners and managers paragraphs 3.17 – 3.37.


Question 5

Is there sufficient public interest to share the information?

• Even where you do not have consent to share confidential information, you may lawfully share if this can be justified in the public interest. Where consent cannot be obtained or is refused, or where seeking it is unsafe or inappropriate (as explained at Question 4), the question of whether there is a sufficient public interest must be judged by the practitioner on the facts of each case. A public interest can arise in a wide range of circumstances. For a fuller definition of public interest refer to the Glossary in Information Sharing: Guidance for practitioners and managers.

• Where you have a concern about a person, you should not regard refusal of consent as necessarily to mean that you cannot share confidential information.

• In making the decision you must weigh up what might happen if the information is shared against what might happen if it is not, and make a decision based on professional judgement.


Golden rule

Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions.


• A competent adult has the right to make decisions which may put themselves at risk but which present no risk of significant harm to children or serious harm to other adults. In this case it may not be justifiable to share information without consent.


If you decide not to share information you must consider Question 7.

If you decide to share information you must consider Question 6.


Question 6

Are you sharing information appropriately and securely?

• Only share what is necessary to achieve the purpose, distinguishing clearly between fact and opinion.

• Share only with the person or people who really need to know the information.

• Make sure the information is accurate and up-to-date.

• Understand the limits of any consent given and especially if the information has been provided by a third party.

• Check who will see the information and share the information in a secure way. For example, confirm the identity of the person you are talking to; ensure a conversation or phone call cannot be overheard; use secure email; ensure that the intended person will be on hand to receive a fax.

• Establish with the recipient whether they intend to pass it on to other people and ensure that they understand the limits of any consent that has been given.

• Inform the person to whom the information relates that you are sharing the information, if it is safe to do so, and if you have not already told them that their information may be shared.


Golden rule

Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely.

For more details, see the Information sharing: Guidance for practitioners and managers paragraphs 3.48 – 3.49.


Question 7

Have you properly recorded your information sharing decision?

• Record your information sharing decision and your reasons, including what information you have shared and with whom, following your agency’s arrangements for recording information and in line with any local information sharing procedures in place.

• If, at any stage, you decide not to share information, you should record this decision and the reasons for it.

Golden rule

Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.



Local contacts

Insert names and numbers of your local information sharing contacts here.

You can download this publication or order copies online at: www.teachernet.gov.uk/publicationsSearch using the ref: DCSF-00808-2008

Copies of this publication can also be obtained from:Department for Children, Schools and Families PublicationsPO Box 5050Sherwood Park, AnnesleyNottingham NG15 ODJTel 0845 60 222 60Fax 0845 60 333 60Textphone 0845 60 555 60Please quote ref 00808-2008BKT-ENISBN: 978-1-84775-274-1

PPCOL/D35(3933)/1008/55

© Crown Copyright 2008Published by the Department for Children, Schools and Families, and Communities and Local Government

Extracts from this document may be reproduced for non-commercial research, education or training purposes on the condition that the source is acknowledged. For any other use please contact [email protected]

health and social care staff members: what you should know ... · information governance sits...

Documents