Confidentiality and Information Sharing
REGULATIONS AND STANDARDS
The Fostering Services (England) Regulations 2011
Regulation 22 - Records with respect to fostering services
Fostering Services: National Minimum Standards
STANDARD 26 - Records
RELATED GUIDANCE
Information Sharing: Advice for Practitioners Providing Safeguarding Services
Contents
- Handling Personal Information
- When it may be Appropriate to Share Personal Information
- Breaches of Confidentiality
1. Handling Personal Information
The agency recognises its duties to safeguard the confidentiality of all personal information it collects in relation to carers and their families, children in placements and employees.
The agency assumes any information that identifies individuals personally and is not already in the public domain is to be treated as confidential information and the Data Protection laws will therefore apply meaning it should be processed lawfully, stored securely and only shared with others if the data subject contents to the sharing or the sharing is necessary in the public interest (including to safeguard a child from abuse or neglect or protect an adult at risk).
When handling personal information staff and carers must ensure that:
- They promote, support and protect the privacy, dignity and rights of children and young people and their families;
- Personal information is only shared with individuals authorised to have access to it - see Section 2, When it may be Appropriate to Share Personal Information;
- Records are clear and accurate, stored securely and retained only for as long as necessary;
- They comply with best practice;
- They conform with the law.
The Manager must ensure that maintaining the confidentiality of any personal information and the importance of accurate record keeping is discussed with all new employees, foster carers and any volunteers as part of their induction.
E-mail messages sent via the internet can be intercepted. Consequently, staff and foster carers will not use the internet to pass on personal identifiable information about service users unless a secure or encrypted connection is in place.
2. When it may be Appropriate to Share Personal Information
It is generally only appropriate to share personal information with others if informed consent has been given to its disclosure by the person to whom it relates (also known as the Data Subject).
However, there may be situations which arise when working with children and families where the sharing of confidential information without consent is appropriate. These are described in the paragraphs below.
Sharing information amongst other professionals working with children and their families is essential to providing the best possible care and to keeping children safe. In many cases it is only when information from a range of sources is put together that it becomes clear that a child has suffered or is likely to suffer significant harm. Where there are concerns that a child may have suffered or is likely to suffer Significant Harm, it is essential that staff members and carers within the agency understand that they can share confidential information lawfully for this purpose.
Carers should not assume that someone else will pass on information that they think may be critical to keeping a child safe. Anyone who has concerns about a child's welfare and considers that they may be a Child in Need or that the child has suffered or is likely to suffer significant harm, should share their concerns with the child's social worker and / or the Police.The key factors in deciding whether or not to share confidential information are necessity and proportionality, i.e. whether the proposed sharing is likely to make an effective contribution to preventing the risk and whether the public interest in sharing information overrides the interest in maintaining confidentiality.
It is not possible to give guidance to cover every circumstance in which sharing of confidential information without consent will be justified. It is possible however to identify some circumstances in which sharing confidential information without consent will normally be justified in the public interest.
These are:
- When there is evidence or reasonable cause to believe that a child is suffering or is likely to suffer Significant Harm; or
- To prevent Significant Harm arising to children or serious harm to adults, including through the prevention, detection and prosecution of serious crime, i.e. any crime which causes or is likely to cause Significant Harm to a child or serious harm to an adult.
Where there is a clear risk of Significant Harm to a child, the public interest test will almost certainly be satisfied.
The Department of Education Seven Golden Rules for Information Sharing contain useful guidance for staff and carers:
- Remember that the Data Protection Act 2018, UK General Data Protection Regulations (UK GDPR) and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately;
- Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could, be shared, and seek their agreement, unless it is unsafe or inappropriate to do so;
- Seek advice from other practitioners if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible;
- Where possible, share information with consent, and where possible, respect the wishes of those who do not consent to having their information shared. Under the UK GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful basis to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be clear of the basis upon which you are doing so. Where you do not have consent, be mindful that an individual might not expect information to be shared;
- Consider safety and well-being: base your information-sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions;
- Necessary, proportionate, relevant, adequate, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely;
- Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.
Whenever personal information is shared with another agency, it should always be recorded.
3. Breaches of Confidentiality
Confidence is breached where the sharing of confidential information is not authorised by the person who provided it or the Data Subject or where there was no justification for sharing the information as set out in Section 2, When it may be Appropriate to Share Personal Information above.
To minimise 'accidental' breaches of confidentiality, confidential information must only be shared with others within the agency for genuine purposes and on a need to know basis. Confidential information should not be shared with members of foster carers' families who live outside the household.
No person working within the agency shall knowingly misuse any information or allow other to do so.
Breaches of confidentiality will be regarded seriously and may result in action being taken for example a review of approval for foster carers, disciplinary action for staff.