€¦ · web view · 2013-04-09all employees working in the nhs are bound by the common law duty...

CONFIDENTIALITY CODE OF CONDUCT

Date effective from: 17th February 2012

Review date: 17th February 2015

Version number: 2.0

Date effective from: 17th February 2012Document Reference Number: IG-0003Version No: 2.0 1 of 36

Contents

Section Page

DOCUMENT SUMMARY SHEET 5

DOCUMENT AMENDMENT SHEET 7

1 INTRODUCTION 8

2 PURPOSE OF DOCUMENT 9

2.1 Policy Statement 9

2.2 Purpose of document 9

3 DEFINITIONS 10

3.1 Type of procedural document 10

3.2 Glossary of definitions 10

4 DUTIES 12

5 Procedures 14

5.1 Requests for Information on Service Users 14

5.2 Telephone Enquires 15

5.3 Requests for Information by the Police and Media 15

5.4 Disclosure of Information to Other Employees of the Trust 16

5.5 Abuse of Privilege 16

5.6 Carelessness 17


5.7 Movement of Person-Identifiable Data 17

5.8 Use of Internal and External Post 17

5.9 Faxing 19

5.10 Storage of confidential information 20

5.11 Retention and Disposal of confidential information 20

5.12 Confidentiality of User Names and Passwords 21

5.13 Emailing Confidential Information 22

5.14 Working at Home or Other Remote Location 23

5.15 Copying of Software 24

5.16 Anonymised Disclosures 24

6 DEVELOPMENT OF PROCEDURAL DOCUMENTS 25

6.1 Prioritisation of Work 25

6.2 Identification of Stakeholders 25

6.3 Equality impact assessment 26

7 DISSEMINATION AND IMPLEMENTATION 26

7.1 Dissemination 26

7.2 Implementation 26

7.3 Training and Support for the Implementation of the Code 26

8 MONITORING COMPLIANCE WITH AND THE EFFECTIVENESS OF 26Date effective from: 17th February 2012Document Reference Number: IG-0003Version No: 2.0 3 of 36

PROCEDURAL DOCUMENTS

8.1 Process for monitoring compliance 26

8.2 Process for monitoring effectiveness 27

8.3 Standards/key performance indicators 27

9 REFERENCES 27

10 ASSOCIATED DOCUMENTATION 28

Appendices

A Equality Impact Assessment Form 29

B Plan for dissemination and implementation 32

C Disclosures to the Police and the Data Protection Act 33


DOCUMENT SUMMARY SHEET

ALL sections of this form must be completed. Those marked with * will be used as search information on Staffnet.

Document title*: Confidentiality Code of Conduct

Document reference number*: IG-0003

Version number: 2.0

Member of the Executive Team Responsible*:

Guy Musson – Director of Finance

Document author*: Information & Knowledge Manager

Members of procedural document development group:(Note: please list titles not names of individuals)

Information & Knowledge ManagerInformation Governance Standing SupportGroup

People (please use titles) / committees or groups consulted:

Information Governance Standing SupportGroup

Approved by (group/committee): Means Goal 7 Group

Date approved: 18th January 2012

Ratified by: Executive Team

Date ratified: 31st January 2012

Date effective from: 17th February 2012

Review date: 17th February 2012

Frequency of review: Every three years

Responsible for the review: Information & Knowledge Manager

Target audience: All employees of LPFTNon-employed staff working within LPFT teams

Responsible for dissemination: Carl Starbuck – Information & Knowledge Manager


Copies available from: Staffnet

Where are essential paper copies held (include unit addresses):

N/A


DOCUMENT AMENDMENT SHEET

Please record what changes you have made to the procedural document since the last version.

This is a detailed tracked change document and is designed to show people exactly what has changed. The version number recorded below should correspond to the ratified version number shown on the Document Summary Sheet.

Version Amendment Reason0.1 Transposed into new

procedural document format

0.2 Review amendments made by Carl Starbuck and Claire Stoker.

Development work in line with current IG best practice.

0.3 Review amendments made by Carl Starbuck and Claire Stoker.

Following input from IG Steering Group delegates

0.4 Minor changes by Carl Starbuck

Following IG adoption of policy from HR’s lead. Re-align document ownership and approval / ratification committees

1.0 Ratified by IM&T Committee

1.1 First review by Carl Starbuck

Approaching review date. Appendix C, disclosures to police added.

2.0 Ratified by ET Ratified by Executive Team 31st January 2012


1 INTRODUCTION

All employees working in the NHS are bound by the common law duty of confidentiality to protect person-identifiable, sensitive, and commercially confidential information they may come into contact with during the course of their work. This is re-enforced by the requirements of the Data Protection Act, the Human Rights Act and other relevant legislation, and for health and other professionals through their own professional Code(s) of Conduct.

The NHS has produced a code of practice for all staff entitled ‘NHS Confidentiality Code of Practice’ (Nov 2003), with which all staff must comply. This document is intended to complement the NHS code.

1.1 GUIDING PRINCIPLES

Employees are obliged to keep any person-identifiable, sensitive and otherwise confidential information strictly confidential e.g. patient and employee records, Foundation Trust membership records and any other information which may in whole or in part identify an individual. Employees also come into contact with non-person-identifiable information which should also be treated with the same degree of care e.g. tender information and other confidential commercial information. Any information regarding Trust business that is not a matter of public record should be treated as confidential.

1.11 Disclosures and sharing of person-identifiable information is governed by the requirements of Acts of Parliament, as well as Government and NHS guidelines and European legislation.

1.12 The principle behind this Code of Conduct (Code) is that no employee shall breach their legal duty of confidentiality, allow others to do so, or attempt to breach any of the Trust’s security systems, controls or policies and procedures in order to do so.

1.13 This Code has been written to meet the requirements of:

The Data Protection Act

The Human Rights Act

The Computer Misuse Act

The Caldicott Principles


1.2 PURPOSE OF THE GUIDING PRINCIPLES

The Code gives a detailed definition of confidential information and the procedure for dealing with requests for information from a variety of sources. The Code also covers internal and external movement of information and the storage and disposal of confidential information. In addition there is a section on working at home, which gives clear guidance in respect of confidentiality.

If any employee requires an explanation concerning the interpretation or the relevance of this Code, they should discuss the matter with their line manager, the Data Protection Officer or the Caldicott Guardian.

The Data Protection Officer is Carl Starbuck, Information and Knowledge Manager, LPFT HQ, 2150 Thorpe Park, Colton, Leeds, LS15 8ZB (telephone: 0113 3055916)

The Trust’s Caldicott Guardian is Dr Douglas Fraser, Medical Director, LPFT, HQ, 2150, Thorpe Park, Leeds, LS15 8ZB (telephone: 0113 3055914).

This Code has been produced to protect staff by making them aware of correct procedures so that they do not inadvertently breach any of these requirements.

Individuals working for the Trust who do not comply with this Code may be subject to an investigation, which may include an audit of its information systems. A breach of confidentiality may result in disciplinary action being taken in accordance with the Trust’s Disciplinary Policy and Procedure.

Proven instances of inappropriate access to person-identifiable, sensitive and / or commercially confidential information may be regarded as an act of gross misconduct.

Proven instances of inappropriate access to computerised information systems may result in investigation and prosecution under the Computer Misuse Act.

2. PURPOSE OF DOCUMENT

2.1 Policy Statement

With regard to this procedural document the overarching policy is the Information Governance Policy – IG-0001.

2.2 Purpose of Document


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/IG-0001.doc

mailto:[email protected]

mailto:mailto:[email protected]

All employees are responsible for maintaining the confidentiality of information accessible during their employment by the Trust.

Certain categories of information are legally defined as particularly sensitive and should be most carefully protected by additional requirements stated in legislation (e.g. information regarding in-vitro fertilisation, sexually transmitted diseases including HIV and termination of pregnancy).

During your work you should consider all information to be confidential - the same standards should be applied to all information you come into contact with. Never share any information unless you are confident that you are complying with this Code. When information is to be shared it should be done so in the context of appropriate legal and ethical consideration, upholding the rights of the subject.

3. DEFINITIONS

3.1 Type of Procedural Document

This document is a Code of Conduct and defines how the Trust will deal with confidential information. All employees need to ensure they are adhering to this Code to ensure that confidentiality is never breached.

3.2 Glossary of Definitions

In the context of this document the following definitions are of relevance:-

Confidential Information - can be anything that relates to service users, staff (including non-contract, volunteers, bank and agency staff, locums, and student placements), their family or friends, Foundation Trust Members and other individuals and extends to commercial information relating to Trust business activities, whatever media it is stored on. For example, information may be held on paper, floppy disk, USB device, CD / DVD, computer file or printout, video, photograph or even heard by word of mouth or voice recordings. It includes information stored on portable devices such as laptops, palmtops, mobile phones and digital cameras.

It can take many forms including medical notes, audits, employee records, occupational health records etc. It also includes any Trust confidential information, which is not a matter of public record.

Person-identifiable Information is anything that contains the means, in whole or in part, to identify a person, e.g. name, address, postcode, date of birth, NHS number, National Insurance number etc. Note that even a visual image (e.g. photograph or video) is sufficient to identify an individual. It must be stressed that partial demographics may allow individuals to piece together a more complete picture or identity by use of “mosaicing” techniques – using


partial information along with that available from other sources – e.g. .the internet etc.

Sensitive Information is defined by the Data Protection Act (1998) as information relating to race or ethnic origin, political opinion, religious or similar belief systems, trade union membership, physical or mental health information, sexual preference, the commission or alleged commission of offences and any proceedings relating to the commission or alleged commission of offences.

Safe-Haven Fax - Faxing information to a fax machine with access controlled such that its use is limited to those which satisfy the ‘need to know’ principle, or a fax which is used in such a way to ensure safe receipt, e.g. by being manned at the time of receipt.

Data Protection Act (1998) - This Act contains 8 principles. These state that all person-identifiable and sensitive data must be:

o Processed fairly and lawfullyo Obtained only for one or more specified and lawful purposes, and shall

not be further processed in any manner incompatible with that purpose or those purposes.

o Adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

o Accurate and, where necessary, kept up to date.o Shall not be kept for longer than is necessary for that purpose or those

purposes.o Shall be processed in accordance with the rights of data subjects under

this Act.o Appropriate technical and organisational measures shall be taken

against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

o Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Freedom of Information Act (2000) - This Act gives individuals or organisations the right to request information held by public authorities. It also places an obligation on public authorities to pro-actively publish certain classes of information.

Compliance – The application of the Code, as defined in the document, in routine practice.

Legitimate Relationship – The concept of a legal and ethical link between a person accessing a system or information, and the subject which the data represents. Examples are a clinician reviewing information which relates to a


patient on their caseload, or a member of the HR team filing a CRB check in personnel records. A legitimate relationship must exist in any records access scenario.

Caldicott Principles – 6 principles which form the core of the review commissioned by the Chief Medical Officer in 1997, owing to increasing concern about the ways in which patient information was being used in the NHS in England and Wales and the need to ensure that confidentiality is not undermined in the context of the development of information technology in the service, and its capacity to disseminate information about patients rapidly and extensively.

o Justify the purpose(s): Every proposed use or transfer of patient identifiable information within or from an organisation should be clearly defined and scrutinised, with continuing uses regularly reviewed, by an appropriate guardian.

o Don't use patient identifiable information unless it is absolutely necessary: Patient identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

o Use the minimum necessary patient-identifiable information: Where use of patient identifiable information is considered to be essential, the inclusion of each individual item of information should be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out.

o Access to patient-identifiable information should be on a strict need-to-know basis: Only those individuals who need access to patient identifiable information should have access to it, and they should only have access to the information items that they need to see. This may mean introducing access controls or splitting information flows where one information flow is used for several purposes.

o Everyone with access to patient identifiable information should be aware of their responsibilities: Action should be taken to ensure that those handling patient identifiable information - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.

o Understand and comply with the law: Every use of patient identifiable information must be lawful. Someone in each organisation handling patient information should be responsible for ensuring that the organisation complies with legal requirements.


4. DUTIES

This sets out the duties of the target audience as identified on the Document Summary Sheet:

4.1 All Employees and Associated Personnel

All employees and associated personnel working for and on behalf of the Trust are responsible for maintaining the confidentiality of information accessible during their employment by the Trust. Whilst contractual obligations to follow Trust policy and procedure essentially end on ceasing to be an employee or associated with the Trust, the common law duty of confidentiality and the requirements of the appropriate legislation extend beyond your period of employment or association.

All employees and associated personnel have a responsibility for the management of the records they create or use during their employment or association with the Trust, as stipulated in the NHS Records Management Code of Practice.

4.2 Managers

It is the responsibility of all managers to ensure that employees are aware of this Code, and apply this Code correctly to ensure that employees do not inadvertently breach any of these legal requirements.

4.3 Clinical Managers

It is the responsibility of all clinical managers to ensure that in addition to the above they ensure that employees never give out information on service users or staff to persons who do not ‘need to know’ as all information given must be justified and agreed.

4.4 Senior Managers

It is the responsibility of senior managers to ensure that the relevant staff within their areas of responsibility are aware of this Code and that it is followed correctly.

4.5 HR Department

The HR Department are able to advise and support employees and managers in the application of the Code in respect of staff information. The Information and Knowledge Manager is also available for support and advice.

4.6 Procedural Document Authors


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/NHS%20Records%20Management%20Code%20of%20Practice%20-%20Part%201.pdf


It is the responsibility of procedural document author to ensure that this Code is developed, reviewed, authorised, ratified and implemented in accordance with the requirements of the ‘Procedure for the Development and Management of Procedural Documents’, and that this Code has been put onto Staffnet.

5. Procedures

5.1 Requests for Information on Service Users

Never routinely give out information about service users to persons who do not “need to know” in order to provide health care and treatment i.e. someone with direct care / responsibility for that person / information. If in doubt, seek guidance from your manager before disclosing the information.

Service users must be advised at the outset of engaging with services that their information may be shared with 3rd parties when this is directly related to their care. Services users must also be informed of any and all secondary uses which are known at that time and permission must be sought for these uses. Informed consent must be sought from the service user for any secondary use which has not been previously agreed. The service user has the right to refuse consent in full or in part to such sharing and their choices and decisions must be respected.

All requests for access to person-identifiable information should be on a justified need and may also need to be agreed by the Trust’s Caldicott Guardian, Dr Douglas Fraser, Medical Director, LPFT, HQ, 2150, Thorpe Park, Leeds, LS15 8ZB (telephone: 0113 3055914). If you and your manager are not sufficiently sure that the information can be disclosed, please seek guidance from the Information Governance team and / or the Caldicott Guardian.

We should endeavour, wherever possible, to use subject consent as the basis for using information. Where consent cannot be obtained from the subject, e.g. if the patient is not conscience or lacks capacity it may be necessary to either obtain proxy consent or make a ‘best interests decision’.

The NHS Confidentiality Code of Practice, Annexe B, contains detailed decision-making tools which will support your decisions for using, sharing or disclosing patient data. These are available on Staffnet.

In some circumstances, we are compelled to share information with other agencies because the law requires us to do so. Sharing of this type may take place with or without consent. The reasons for this include criminal investigations, border enforcement, collection of taxes, as well as other


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/NHS%20Confidentiality%20Code%20of%20Practice.pdf

statutory duties placed on the Trust. As these issues are often complex, disclosures for non-health purposes should always be referred to the office of the Caldicott Guardian for advice on disclosure.

If you have any concerns about disclosing / sharing service user information you must discuss this with your manager and if they are not available, someone with the same or similar responsibilities. If you cannot find anyone to discuss the issue with you should take the enquirer’s details and respond to the requestor when you are satisfied the disclosure of information can take place. If your line manager feels it is appropriate, they may refer the matter to the Information Governance team or Caldicott Guardian.

5.2 Telephone Enquiries

If a request for information is made by telephone,

Always check the identity of the caller and Check whether they are entitled to the information they request. Take a number, verify it independently and call back if necessary.

Service user consent should be sought in these circumstances, as should their assistance in verifying the caller’s identity, where possible and appropriate.

Remember that even the fact that a service user is in hospital, or that a person is a service user is confidential in itself. If in doubt consult your manager.

Do not share any information unless you are confident that you are not breaching this Code, any appropriate legislation, and / or your own professional Code of Conduct.

5.3 Requests for Information by the Police and Media

With respect to the Police

The Police do not necessarily have a right to instantaneously access information we hold (including records and CCTV footage).

Requests for information from the Police should always be referred to the appropriate level of management (Clinical Service Manager or equivalent).

Detailed guidance on police and other disclosures to regulatory bodies is included in Appendix C.

With respect to the Media


Do not give out any information under any circumstances.

Only the Communications Department are authorised to do so. If you receive any request from the media by personal visit or by phone refer the person to the Head of Communications, Trust Headquarters, Twenty One Fifty, Thorpe Park, Leeds, LS15 8ZB (telephone: 0113 305 5982).

5.4 Disclosure of Information to Other Employees of the Trust

Information on service users, staff, carers, Foundation Trust members and other individuals should only be released on a need-to-know basis.

Always check the member of staff is who they say they are. This can be achieved by checking the employee’s photo ID badge

and / or their internal extension number, e-mail address or local safe have fax number prior to giving them any information.

Check whether they are entitled to the information. Don’t be bullied into giving out information. Communicate via an appropriately secure method.

If in doubt, check with an appropriate line manager, the Information Governance team, and / or in the case of patient information, the Caldicott Guardian.

5.5 Abuse of Privilege

It is strictly forbidden for employees to look at any information relating to their own family, friends or acquaintances unless they are directly involved in the service user’s clinical care or with the employees administration on behalf of the Trust. Action of this kind will be viewed as a breach of confidentiality and may result in disciplinary action. This is also a breach of the Data Protection Act and could lead to the prosecution of the individual concerned and the Trust.

Ii is important that you disclose to your manager that you may have access to family or friends information, as soon as you become aware of it.

If you have ever been a user of our services, or work in certain roles (Human Resources, Intranet Management etc.) you may also have access to your own records. It is strictly forbidden for you to look at your own records, although you may request a copy of your records under the Data Protection Act (1998) Subject Access Request process.

Your duties within the Trust may grant you access to a variety of local and national computer-based systems. These systems must only be used for their


intended purpose, and there must be a “legitimate relationship” between you, the data and the subjects of the data you are accessing. If you access systems or records inappropriately you may be prosecuted under the Computer Misuse Act (1990).

If you have concerns about this issue please discuss with your line manager.

5.6 Carelessness Do not talk about service users in public places or where you can be

overheard. Do not leave any medical records or confidential information lying

around unattended. Make sure that any computer screens, or other displays of information,

cannot be seen by the general public or inappropriate staff. Ensure that computers are locked when not in use or left unattended.

5.7 Movement of Person-identifiable Data

The Trust accepts that there is a wealth of routine communication, by paper and electronic means, which happens during the normal course of clinical and business operations. Each individual should communicate in a manner which is both appropriate and proportional in security to the content of the material they are sending. We are all responsible for the decisions we make regarding the confidentiality of our data and its storage and transfer. Further guidance should always be sought if you are unsure.

Whilst the following aims to set out best practice in the use of various established communications methods, any new flows of person-identifiable information, particularly those via untried, new or revised methods, should be assessed by the Information & Knowledge Manager in the first instance, to evaluate suitability and security.

There is an outright ban on the carrying / storage of person-identifiable and / or sensitive information on unencrypted portable media, including USB sticks, flash memory, CD, DVD, PDAs (palm computers etc) and Smartphones.

It should be noted that acceptable best practice on the movement of person-identifiable and sensitive information is subject to change and you are advised to be aware of any Trust communication in this area which post-dates this Code.

Detailed instructions on how to use a variety of information transport methods, including e-mail, fax, post and carriers, on a variety of media, is included in IG-0009 – Safe Haven Procedures.

5.8 Use of Internal and External Post


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/IG-0009.docx

Best practice with regard to confidentiality requires that all correspondence containing personal information should always be assessed prior to sending and where possible and appropriate:

1.) Remove the person-identifiable data entirely, or

2.) Reduce the person identifiable data to the absolute minimum necessary.

If it is still necessary to send any level of person-identifiable data, it should be addressed to a named recipient. This means person-identifiable information / sensitive data should be addressed to a person, a post holder, a consultant or a legitimate Safe Haven location, but not to a department, a unit or an organisation. In cases where the mail is for a team it should be addressed to an agreed post holder or team leader / team member.

Delivery methods / services should be agreed with the recipient to ensure that the need for action by the recipient (signature etc) does not cause difficulties or otherwise compromise delivery.

Internal mail containing personal, sensitive or confidential information must be sent in a securely sealed envelope or container, marked ‘Private and Confidential’. End-to-end delivery assurance can be achieved by the sender logging the outgoing data and confirming safe delivery with the recipient by phone or e-mail. Personal, sensitive or confidential information should be sent to a named recipient who is aware of and expecting the transfer whenever practicable.

All mail should be received and opened on the ‘staff side’ of any site which has service user / non-staff access.

External mail containing personal, sensitive or confidential information must be sent in a securely sealed envelope or container, marked ‘Private and Confidential’. End-to-end delivery assurance can be achieved by the sender logging the outgoing data and confirming safe delivery with the recipient by phone or e-mail. Personal, sensitive or confidential information should be sent to a named recipient who is aware of and expecting the transfer whenever practicable.

All mail should be received and opened on the ‘staff side’ of any site which has service user / non-staff access.

It should be noted that point 5.1 is relevant to both internal and external mail transfers. Expectations of security should be scaled to the application. For example, we would not expect every letter sent to a service user, GP or other endpoint which contains correspondence about a single service user to be secured beyond the use of ordinary 1st / 2nd class mail. To do so would exceed the expectations of the process and the recipient. However should we be moving volumes of information (e.g. ‘bulk’ data transfers relating to several


subjects), or when sending highly sensitive data, we would consider enhancing the security using traceable methods.

Electronic media - since the HMRC Child Benefit data loss in October 2007, the security of personal, sensitive or confidential information moved on portable digital media has received heightened scrutiny. Any personal, sensitive or confidential information moved on portable digital media must:-

Be encrypted to an appropriate standard and / or Protected in transit using a secure, traceable delivery mechanism

Ideally, both of the above measures should be employed.The ‘aspirational’ encryption standard set by Connecting for Health is AES 256 bit, however it is notable that NHS.net mail itself only achieves 128 bit encryption when used via Windows XP and Internet Explorer. We therefore sanction the use of the readily available encryption tools built into MS-Office to provide document-level encryption of an acceptable standard. Full instructions on encrypting MS-Office (Word / Excel) files is included in Appendix D.

For larger information packages or non- Word / Excel files, contact the Information & Knowledge Manager for further advice on how to safely send your content.

The Trust has procured a supply of hardware encrypted USB memory sticks. These sticks operate AES 256 bit encryption and are authorised for the transport of personal, sensitive or confidential information.

Case notes and other bulky material should only be transported in the approved boxes and never in dustbin sacks, carrier bags or other containers. These containers should not be left unattended unless stored, waiting for collection, in a secure area, ideally locked. The containers should only be taken and transported by the approved carrier.

Blood samples etc. should also only be transported within the correct authorised containers and should not be left lying around when they have been delivered.

Details on making transfers of person-identifiable and sensitive information is available on Staffnet in IG-0009 – Safe Haven Procedures.

5.9 Faxing

A Safe Haven fax machine is one which is operated in such a way to assure us that controls are in place to secure the documents sent to it. These measures are as follows:-



The location is physically secure. Access to the fax machine is such that only those satisfying the ‘need to know’ principle have access to it. This is usually via the fax being sited in a secure office or cupboard.

The location is out of public view. It will not be visible from the public side of a reception area, or window without obscured glass.

If sited in an office which is unmanned out of hours, fax printing is prevented during unmanned periods. This may be achieved by either removing the paper or putting the fax in ‘memory receive’ or similar offline modem, where supported.

Personal, sensitive and confidential information should only be sent to a fax machine where the sender is confident that safeguards are in place to ensure its security.

Fax header sheets should be used which identify a named sender and recipient and have ‘Private and Confidential’ marking.

Speed dials should be used with caution. Although correctly programmed speed dials may enhance the likelihood that faxes are delivered to the correct recipient, an incorrectly selected speed dial will result in the fax being delivered to an incorrect fax endpoint. When dialling manually or via speed dial, the onus is on the sender to verify the fax number. Speed dials should be used with caution and checked regularly.

When sending to a non- Safe Haven fax, it may be used temporarily as a Safe Haven if the sender can be assured that the intended recipient stands by the fax to receive it and remove it immediately.

Fax transmission is now somewhat outdated technology. Encrypted e-mail correspondence is more secure and cost efficient than fax. Where possible, fax transmission should be replaced with secure e-mail.

A list of known Trust Safe Haven fax numbers is included in Appendix C of IG-0009 – Safe Haven Procedures. Staff wishing to either remove a fax number or have their fax assessed for suitability and inclusion should contact the Information & Knowledge Manager.

5.10 Storage of Confidential Information

Paper-based confidential information should always be kept locked away and preferably in a room that is locked, with access appropriately controlled on a need-to-know basis.

PC-based information should not be saved onto local hard drives or onto removable media, but onto the Trust’s network. Floppy discs, USB devices, CDs, and other media should be kept in locked storage.

5.11 Retention and Disposal of Confidential Information




The NHS Records Management Code of Practice – Part 2 – sets out retention schedules for most types of information. Disposal of information should only be considered when the appropriate retention period has expired. For further guidance on retention schedules contact the Information and Knowledge Manager.

When disposing of paper-based person-identifiable information or confidential information always use ‘Confidential Waste’ sacks / shredders. Keep the waste in a secure place until it can be collected for secure disposal. Once shredded it ceases to be ‘confidential’ and can be disposed of in the usual way.

Computer printouts should either be shredded or disposed of as paper-based confidential waste.

Floppy discs / CDs containing confidential information must be either reformatted or destroyed. Computer files with confidential information no longer required must be deleted from both the PC and the server if necessary.

Obsolete PCs are passed to an approved third party who takes responsibility for removing all data from PC hard drives. It is a breach of the Code for any person-identifiable information to remain on PC hard drives. The ICT Service Desk are responsible for co-ordinating the removal of obsolete PCs.

5.12 Confidentiality of User Names and PasswordsPersonal passwords issued to or created by employees should be regarded as confidential and those passwords must not be communicated to anyone, except if required by a Trust IT technical staff to resolve problems. In this case, the password should be immediately reset by the user at the next log on to the relevant system.

User names and passwords must not be written down. If you have difficulties remembering your user names and passwords

these may be stored securely in the ‘Notes’ function within MS-Outlook. User names and passwords must not relate to the employee or the

system being accessed. User names and passwords must not be shared with colleagues. When user names and passwords are initially given to staff they should

be communicated to securely and confidentially.

You will be given more information about password control and format etc. when you receive your training and / or password. Guidance on the creation of secure passwords is available on the ICT area of Staffnet, or by contacting the ICT Service Desk. No employee should attempt to bypass or defeat Trust security systems or attempt to obtain or use passwords or privileges issued to other employees.



Any attempts to breach security should be immediately reported to your Manager and may result in disciplinary action and also in a breach of the Computer Misuse Act (1990) and / or the Data Protection Act (1998), which could lead to a criminal prosecution.

If you have been issued with a ‘smartcard’ and PIN code to access national information systems, you will need to store these safely and securely, and use them at all times in accordance with the terms and conditions set out in the appropriate Registration Authority documentation.

5.13 Emailing Confidential Information

Since March 2011, the Trust has used the NHS.net e-mail service, replacing the previous Microsoft Exchange e-mail system. This service is endorsed for the communication of personal and sensitive information by Connecting for Health, the British Medical Association, the Royal College of Nursing and the Chartered Society of Physiotherapists.

NHS.net e-mail is automatically encrypted in transit, therefore any e-mail sent from one NHS.net mail account to another (e.g. [email protected] to [email protected]) is secure.

NHS.net e-mail is hosted on the N3 network and as such forms part of the wider public sector Government Secure Intranet (GSi). This means that we can also be assured that e-mail is encrypted when delivered to any of the following e-mail domains:-

Secure email domains in Central Government: *.gsi.gov.uk *.gse.gov.uk *.gsx.gov.uk

The Police National Network/Criminal Justice Services secure email domains: *.police.uk *.pnn.police.uk *.scn.gov.uk *.cjsm.net

Secure email domains in Local Government/Social Services: *.gcsx.gov.uk

E-mail sent to / from NHS.net addresses and e-mail addresses ending in the above will be secure in transit. The Government is expanding GSi coverage and access to other public sector organisations and the list above may increase.




NHS.net mail should not be confused with other NHS e-mail addresses ending with NHS.UK. An example of this is the old Trust e-mail accounts, formatted [email protected] – these addresses are not secure when sending from NHS.net accounts.

When sending outside the GSi network, personal, sensitive and confidential information must be removed from the subject line and body text of the document and sent as an encrypted attachment. Information on how to use e-mail confidentiality and how to encrypt outgoing documents is included in IG-0009 – Safe Haven Procedures.

5.14 Working at Home or Other Remote Location

It is sometimes necessary for employees to work at their own home or other remote location. If you need to do this you first need to gain approval from your manager.

If you wish to use a Trust owned laptop at home to access the Trust's IT Network or access your work emails on your home PC then please contact the IT Service Desk for advice and also refer to the LPFT Trust Network Access Guidelines on Staffnet. If your manager agrees to you working at home you need to ensure the following are considered and remember that there is personal liability under the Data Protection Act (1998) and your contract of employment for breach of these requirements:

If you work on person-identifiable information at home or remotely, this must only be with the knowledge and authorisation of your line manager.

If you are taking manual records please ensure there is a record that you have them, where you are taking them and when they will be returned.

This is particularly important for patient records. A tracer card system or electronic tracking system should suffice. If no such system is available an appropriate manual record should be made.

Ensure any personal information in manual form e.g. patient / staff files etc are in sealed containers prior to them being taken out of Trust building(s).

Data carried on USB devices, CD/DVD, floppy disks etc must be password protected and encrypted to NHS standards. Advice on how to password protect and encrypt files is available from the Information





Governance team. The Trust uses hardware encrypted SafeSticks for the secure transportation of confidential data to facilitate home / remote working.

Make sure records are transported in the boot of a car or carried on your person while being transported from your work place to your home or remote location.

While working at home or remotely you have a personal responsibility to ensure the records are kept secure and confidential. This means that other members of your family and / or your friends / colleagues / visitors must not be able to see the content or outside folder of the records.

You must not let anyone have any access to the records.

If you take home computer records on USB devices, CD / DVD, floppy disks etc you must ensure all of the above apply. In addition you must ensure if you are putting this information onto your own PC that you take the information off again when you have finished your work. Confidential Information must not be stored on your hard drive. Trust SafeSticks will operate as a new drive on your computer. It should therefore not be necessary to transfer data from a SafeStick to your home or other non-Trust computer.

Other family members and visitors must not be able to access this information.

When taking records back to work this must be carried out as above, in secure containers etc. For manual records they should be logged as being back within the Trust. For computer records on USB devices, CD / DVD, floppy disks etc these MUST be virus checked before being loaded onto any of the Trust systems – especially any which can be accessed via the network. The ICT Service Desk can advise on virus checking procedures.

5.15 Copying of Software

All computer software used within the Trust is regulated by license agreements. A breach of the agreement could lead to legal action against the Trust and / or the offender (member of staff).

It is important that software on the PCs / systems used for work purposes must not be copied and used for personal use. This would be a breach of the license agreement.

Although the NHS previously had an Enterprise Agreement with Microsoft UK, this has now ceased. Staff who previously bought Microsoft products (e.g. Windows, Office etc.) under this agreement are no longer licensed to use the software and should remove it from their home computers.

5.16 Anonymised DisclosuresDate effective from: 17th February 2012Document Reference Number: IG-0003Version No: 2.0 24 of 36

Where disclosures of anonymised information are made, e.g. reporting of incidents to the National Patient Safety Agency or other body, it is important to note that person-identifiable data may not be limited to the obvious fields. The body text of records may contain person-identifiable data, so the anonymisation process should include a review of all text provided, such that anonymisation is applied completely throughout the materials provided.

6 THE DEVELOPMENT OF PROCEDURAL DOCUMENTS

A checklist is available to ensure a uniform approach to procedural document development and management and should be utilised to provide assurance to the relevant group or committee when the document is approved. This checklist is available at Appendix B of the “Procedure for the Development and Management of Procedural Documents”, and should be completed and submitted at approval stage (this checklist is a working paper and does not need to be included in the final version of the document).

6.1 Prioritisation of Work

The policy is an update of an existing version. It is the responsibility of the Information Governance Department to develop this Code. The Code sets out the Trust response to UK and European legislative requirements on Data Protection, Human Rights and Freedom of Information. This Policy links closely to the NHS Confidentiality Code of Practice and aims to set out the clear responsibilities for Trust employees under this Code, with which employees are expected to comply.

It is a trustwide policy which must be adhered to by all staff and associated personnel.

The aims of the policy should be met within the operational structure of the organisation, within the resources of the IG team and the wider Trust management structure.

The patient focus of the document is to ensure that both statutory requirements and best practice are observed at all times when handling, processing, storing, retrieving, transmitting or communicating all forms of person-identifiable, sensitive and confidential information.

The Code emphasises the equal need for confidentiality in respect of all person-identifiable, sensitive and commercially confidential information. It encompasses not just patient data but information we hold about staff and other individuals, as well as commercially confidential information relating to the Trust business interests.

6.2 Identification of Stakeholders


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Governance/NHS%20Confidentiality%20Code%20of%20Practice.pdf

Stakeholder Level of involvement

Staff 100%Non-employed personnel 100%

6.3 Equality Impact Assessment

A completed assessment form is attached as Appendix A

7 DISSEMINATION AND IMPLEMENTATION

7.1 Dissemination

The plan for dissemination and implementation is attached as Appendix B

7.2 Implementation

Prominent and regular communication of the Code and other IG-related procedural documents will occur to ensure all employees understand the organisation’s commitment to confidentiality. It is the responsibility of the manager / supervisor to ensure that employees are aware of this Code so all confidential information is handled appropriately.

7.3 Training and Support for the Implementation of the Code

The Code provides guidance which someone not familiar with the process can follow. However, should support or advice be required it will be available from line management or the Information & Knowledge Manager. Awareness of this policy will be highlighted at the Trust Corporate Induction for all new employees, and is one of the essential policies that all employees are mandated to be aware of during their employment with the Trust. This is covered by both local induction processes and in the contract of employment.

8 MONITORING COMPLIANCE WITH, AND THE EFFECTIVENESS OF THE PROCEDURAL DOCUMENT

8.1 Process for Monitoring Compliance

Monitoring compliance must take place once the Procedural Document has been ratified. Monitoring of Compliance for this Code will be undertaken by the following:

IR1 reporting – All IG incidents should be reported to Risk Management using an IR1 form. All IG incidents are reported to the Information Governance team for consideration to ensure that appropriate actions are taken. These incidents


are subsequently collated and reported to the IG Standing Support Group on a monthly basis to consider what other systems / methods of action are required. Patient-related incidents come under the scrutiny of the Caldicott Guardian.

8.2 Process for Monitoring Effectiveness

By maintaining the above monitoring information this will enable trends and patterns to be identified.

By introducing new systems and carrying out actions this should prevent future breaches of IG taking place.

By reducing both the frequency and severity of IG incidents, the Trust is pro-active in avoiding adverse publicity and the scrutiny of Monitor, Healthcare Commission, the Information Commissioners Office, and the potential for prosecutions and fines.

To avoid the need for formal disciplinary action to be taken against Trust employees for breaches of confidentiality.

8.3 Standards/Key Performance Indicators

The standard and key performance indicators for the Code of Conduct for Employees in Respect of Confidentiality Policy are as follows:-

Number of IR1 forms relating to IG issues.

The frequency and severity of incidents reported.

Number of disciplinary cases relating to IG issues

Level of disciplinary action taken.

9 REFERENCES

This Code was informed by the following: The Data Protection Act (1998) The Human Rights Act (1998) The Computer Misuse Act (1990) The Copyright Designs and Patents Act (1988) The Freedom of Information Act (2000) The NHS Confidentiality Code of Practice (Nov 2003) Leeds Information Sharing Protocols Data Handling Procedures in Government: Final Report June 2008


10 ASSOCIATED DOCUMENTATION

The following documents support / link to this Code

IG-0001 - Information Governance Policy IG-0002 – Health Records Policy IG-0005 - Freedom of Information Procedure IG-0007 – Corporate Records Management Guidance IG-0008 – Data Protection Act (1998) Subject Access Request

Procedure IG-0009 – Safe Haven Procedures

ICT300 – User Guide to Network and System Passwords IT-0001 – Encryption Policy IT-0003 - Email Use Policy

HR-0005 - Disciplinary Procedure HR-0034 - Framework for Personal Responsibility


http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Human%20Resources/HR-0034.doc

http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Human%20Resources/HR-0005.docx

http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Technology/IT-0003.docx

http://staffnet/Topics/Policies%20and%20Procedures/Document%20Library/Information%20Technology/IT-0001.doc

http://staffnet/Topics/Corporate%20Functions/ICT/Document%20Library/ICT300-399%20Trust%20wide%20Guides/ICT300%20User%20Guide%20to%20Network%20and%20System%20Passwords.docx








Appendix A – Equality Impact Assessment Form

Equality Impact AssessmentInitial Impact Screening Form

1 Name of procedural document/function/service development being assessed?

Code of Conduct for Employees in Respect of Confidentiality

2

Describe the main aims, objectives and intended outcomes of the procedural document/function/service development?

Aim: To ensure that no employee breaches their legal duty of confidentiality, allows others to do so, or attempts to breach any of the Trust’s security systems or controls in order to do so.

Objective: To protect staff by making them aware of the correct procedures so that they do not inadvertently breach any of the requirements under the Code.

Intended Outcomes: All staff are aware of the importance of confidentiality and the procedures which need to be followed.

3 Who is affected by this policy?

Staff Service Users

Other Stakeholders (please specify) Non-employed personnel who work as

part of trust teams


4 Are there differences in outcomes for different groups? Yes No

Which equality groups may be disadvantaged/experience negative impact?

Race Yes □ No

Disability Yes □ No

Gender Yes □ No

Age Yes □ No

Sexual Orientation Yes □ No

Religion/Belief Yes □ No

Other (e.g., refugees, gypsies and travellers)……............... Yes □ No

5 Is there an adverse impact? Can you please rate on a scale of 1-5. (none = 0, low = 1-2, medium = 3-4, high = 5)

Rating = 0

How have you arrived at the above rating?

The Code is equally relevant to all strands of diversity, and should be engaged with by all staff, regardless of diversity strand.

What evidence do you have and how has this been collected? (personal knowledge, feedback, research, etc)

The combined knowledge of the development group, and the history of previous iterations of this policy having no adverse impact. No difficulties relating to previous versions have been reported.


6 Relevance to General Duties – is the procedural document or practice directly or indirectly discriminatory? Is there any differential and/or adverse impact contrary to key service objectives and/or Respect – Our Single Equality Scheme and our Respect Strategy? Can you please rate on a scale of 1-5. (none = 0, low = 1-2, medium = 3-4, high = 5)

Rating = 0

How have you arrived at the above rating?

Because all staff groups, regardless of diversity strand should engage with this document equally and in full.

7 Overall Rating - please add the two ratings and divide by two to give the over all rating. 0

Please note that all policies where an adverse impact has been identified (even low) will need to have a full impact assessment.

8 Have you explained your procedural document/function/service development to people who might be affected by it?

Yes □ No □ N/A

If yes, please give details of those involved

See appendix B – Dissemination and implementation plan


Appendix B – Plan for Dissemination and implementation of Procedural Documents

SECTION 1 – DETAILS OF DOCUMENT TO BE DISSEMINATEDTitle of Document Confidentiality Code of Conduct

Date Ratified 31st January 2012

Dissemination lead name

Carl Starbuck

Contact details [email protected]

SECTION 2 – DETAILS OF PREVIOUS DOCUMENT TO BE RETRIEVED

Previous document already in use (Y/N) Y Version No &

Date 1.0

Name of document if different from Section 1

Code of Conduct for Employees in Respect of Confidentiality

In what format (paper/electronic) electronic Where is this

filed locally Staffnet

Proposed action to retrieve out-of date copies of the document

Trust-wide e-mail to all staff

SECTION 3 – DETAILS OF DISSEMINATION

Date put on Staffnet 17th February 2012

Who is the document to be disseminated to All staff, Trust-wide

Disseminated to (either directly or via meetings, etc)

Format (electronic/

paper)Date

disseminatedNo of

copies sent

Contact details/comments

All staff Electronic Via Trust e-mail



Appendix C - Disclosures to the Police and the Data Protection Act

READ FIRST: Guiding Principles

Do not feel pressurised to give information simply because the police have requested it. It is always necessary and reasonable to ask what information is required and for what purpose before making a decision.

Whilst it would be reasonable to provide immediate assistance and information where there is a clear and present danger of serious harm (e.g. murder, rape, kidnapping, death by dangerous driving, terrorism etc), most cases are less urgent and warrant a considered approach to disclosure.

If in doubt, seek advice from your manager.

Under the Data Protection Act (1998), Common Law, the European Convention on Human Rights and NHS Caldicott guidance you are under a duty of confidence to keep personal / sensitive information confidential and secure.

However, the Data Protection Act (1998) also permits the use and sharing of information providing certain conditions are met. These conditions facilitate Police access to data held by the Trust, including information about patients, staff and data relating to other individuals.

Can you disclose personal / sensitive information to the Police?

The Police may approach the Trust in a variety of ways, but right of access is not always a given. The information below should assist you in deciding whether or not the Police can be given information, the scope of what they should receive, and whether or not consent of those concerned is a relevant factor.

Subject Consent.The consent of data subjects – the person the information is about – should be sought whenever this does not compromise the investigation - e.g. by the destruction of evidence, or where there is a ‘flight risk’. Subject consent is most common when a person is engaging with a Police enquiry and actively helping. Subject consent must be presented in written form.

Legal Duty Disclosures (you MUST disclose, consent is NOT required)

Prevention of Terrorism Act (1989) and Terrorism Act (2000)If you have gained information about terrorist activity you MUST inform the police.

Court OrderWhere the courts have made an order, you must disclose the required information, unless the organisation decides to challenge the order in court.Date effective from: 17th February 2012Document Reference Number: IG-0003Version No: 2.0 33 of 36

The Road Traffic Act (1988)You have a statutory duty to inform the Police, when asked, the name and address of any driver who is allegedly guilty of an offence under the Act; do not disclose clinical information.

Legal Power Disclosures: (you MAY disclose, but consider implications of gaining consent)

The Police and Criminal Evidence Act (1984)You can pass on information to the Police, as the Act creates a power to do so if you believe that someone may be seriously harmed. Serious arrestable offences include murder, rape, kidnapping and causing death by dangerous driving.

The Crime & Disorder Act (1998)Information may be required on an individual if there is a need for strategic cross-organisational planning to detect, prevent or reduce crime and disorder that an individual may be involved in.

Multi Agency Public Protection (includes the Probation Service)The Criminal Justice and Court Services Act 2000, sets the framework for sharing information about potentially dangerous offenders. Information about individuals may be required by ‘Multi Agency Risk Conferences’. If you are requested to provide information, you should consider gaining consent / informing the individual(s) unless this may cause more harm than good. If the risk presented by an individual(s) clearly cannot be effectively managed without the sharing of information and gaining consent is inadvisable, then relevant information can be shared as it is in the interests of the public.

Children Act (1989)Under section 47 of the Children Act (1989) a Local Authority, working with other relevant agencies, must make all necessary enquiries to decide whether they should take any action to safeguard or promote a child’s welfare. In such a situation, firstly confirm it is a section 47 enquiry and then release relevant information, unless ‘to do so would be unreasonable in the circumstances of the case’. You do not have to gain consent of the parent or child or inform them.

If you suspect a child is being abused, but there is no request for information, you have a legal power to disclose information to Social Services (under ‘vital interest’ & ‘medical purpose’ conditions of the Data Protection Act) and / or the Police (under the Police & Criminal Evidence Act). Consider whether gaining consent or informing the child and parents would be beneficial or detrimental to the situation. If detrimental then disclosure without consent is permitted.

Data Protection Act (1998) - Section 29 Requests


The Police may request information under Section 29 of the Data Protection Act (1998). A Section 29 approach is used when making enquires relating to:

the prevention and detection of crime, or the apprehension or prosecution of offenders

and the view of the Police is that seeking consent or even informing the subject about the transfer of data will prejudice the enquiry. A Section 29 exemption allows information to be provided by organisations without gaining subject consent.

The Police will need to make a written approach under Section 29 requesting the information, signed by the senior investigating officer (SIO).

Section 29 approaches may also be made by other regulatory agencies. The UK Borders Agency (Immigration) and Her Majesty’s Revenue & Customs (Taxation) may also approach the Trust via this route.

Must we provide the Information?

No. A Section 29 approach DOES NOT give the Police instantaneous right of access. It is for the Trust to consider the validity of disclosure and assist with this at its discretion, however the Police have usually made a considered judgement about their need for information and thus we comply with properly presented written requests.

Balancing our Police Disclosures with Patient CareAlthough we seek to work co-operatively with the Police and other regulatory bodies, and we may disclose confidential information in support of Police or other enquiries, we must balance this with the care of our service users and other individuals on whom we hold information.

When we initiate preliminary discussions both internally (e.g. between service managers, Trust Police liaison contacts, and also the Trust Data Protection Officer or Caldicott Guardian), and externally with the Police etc should take place without disclosure of the identities of those concerned.

Advice can be given WITHOUT knowing the identities of those concerned.

Always direct the police to liaise with the team holding the information, so they can ensure that in identifying those concerned, the care and support needs of those who the police may contact are adequately considered.

Important notes & further advice:Always check the identity of anyone requesting information. Only give the minimum information which satisfies the request. Seek advice from colleagues and line managers when making a decision about disclosure and record your reasoning and


any decisions made. You may have to judge whether disclosing information will cause fewer problems than withholding it. Further details on any of the above issues are available from:

Caldicott Guardian – Dr Douglas Fraser 0113 305 5914Data Protection Officer – Carl Starbuck 0113 305 5916
