View Oxfordshire SCB Procedures View Oxfordshire SCB Procedures

1.1.4 Confidentiality Policy

NOTE

This Confidentiality Policy was written by Rick Parsons, Data Information Officer in August 2006


Contents

  1. Introduction
  2. Definition of Confidential Information
  3. Responsibilities
  4. Legislation
  5. Sharing Personal Information
  6. Physical Security
  7. Flexible Working
  8. Reporting a Breach of Confidentiality

    Annex A - Overview of Associated Legislation

    Annex B - Security Incident Reporting Form


1. Introduction

Social Care requires the collection, use and disclosure of confidential information for a variety of purposes.  The purpose of this policy, in relation to this information, is to:

  • Establish clear guidelines to help staff ensure that confidentiality is maintained.
  • Provide guidance on establishing a balance between maintaining confidentiality and ensuring that we share information where appropriate.

This policy applies to all staff, whether permanent or temporary, and continues to apply after their employment has ended.  It is the responsibility of both the individual and their line manager to ensure adherence to the content of this policy.  Please note that any deliberate or seriously negligent breach of confidentiality could result in disciplinary action.

All new staff, both permanent and temporary, must sign the appropriate Confidentiality Agreement before they are allowed to work with any confidential information.

The following training is available to help ensure confidentiality is applied and maintained:

  • Data Protection briefings
  • Data Protection e-learning package
  • Case Recording training

Staff should also be aware of the content of the following:


2. Definition of Confidential Information

Something is deemed confidential if it is either of a personal nature (be it about a client, a member of staff or any other individual), if it is commercially sensitive, if it has been provided in confidence, or if it is information where the inappropriate disclosure of said information would be problematic for the Council. 

Most information used in Social Care is of a personal nature.  Ensuring that personal information remains confidential is an important factor in establishing trust with our service users.  Likewise, employees have a right to expect that any data held on them will be stored and used securely and in a confidential manner.

In a social care framework there is an expectation that personal information is provided, and therefore must be held and used, in confidence.  The same applies to much of the personal information used for line management purposes.


3. Responsibilities

Responsibility of Managers

Managers are responsible for ensuring:

  • That their staff are aware of this policy
  • That their staff have read and understood the policy
  • That their staff abide by the content of this policy, regardless of where they actually work from
  • That the contents of the policy are applied in any work place that they are responsible for

Personal Responsibility

You must familiarise yourself with the content of this policy and abide by its content at all times.  This includes any time spent working from other Council offices, external sites, or from home. 

You must only access confidential information for which you have a need to know, and any such information must then be handled in accordance with the latest guidance for the system in which the information is held.  Confidential information is only to be shared with or released to those who have a need to know and whose identity has been confirmed. 


4. Legislation

All confidential information held by Children, Young People and Families Services is subject to both legal and statutory frameworks that address issues of confidentiality.  These include:

  • Caldicott Principles
  • Common Law Duty of Confidence
  • Crime and Disorder Act 1998
  • Data Protection Act 1998
  • Freedom of Information Act 2000
  • Human Rights Act 1998
  • Public Interest Disclosure Act 1998
  • Computer Misuse Act 1990

Summaries of relevant parts of the above are contained in Annex A to this Policy.

Legislation such as the Data Protection Act 1998 and Human Rights Act 1998 provide guidance on the safe use of personal data.  Under the Data Protection Act there are two types of personal information:

4.1 Normal Personal Information

This is information that relates to a living person and identifies the said individual, either on its own, or together with other information that is also in the organisation’s possession or that is likely to come into its possession.  This includes:

  • Name and Initials
  • Date of Birth
  • Address
  • Identifying numbers – i.e. Framework-I/NHS number

4.2 Sensitive Personal Information

This is information that is deemed more sensitive and the Act applies additional safeguards to its use.  Sensitive information is anything related to:

  • Racial / ethnic origin
  • Political opinions
  • Religious beliefs or other beliefs of a similar nature
  • Trade union membership
  • Physical or mental health
  • Sexual life
  • The commission or alleged commission of any offence, or proceedings for any offence committed, or alleged to be have been committed.

4.3 Consent

Consent of the individual whose personal information is being used is one approach that legitimises the use and sharing of personal data under the Data Protection Act.  Although it is usually seen as the best approach, it is not the only one that allows use and sharing of personal data to take place. 

Consent is normally a requirement where sharing of personal information takes place automatically with anyone outside of the County Council, or where sharing takes place for purposes for which the information was not originally provided.  However disclosure may be necessary to support child protection or adult protection action where the public interest is of sufficient weight to override the presumption of confidentiality and is in the interests of the data subject.


5. Sharing Personal Information

In order both to provide services and to protect safety, Children, Young People and Families Services are often required to share personal information.  The two most common types of sharing of personal information that take place are detailed below. 

5.1 Access to Records by the Data Subject

Under the Data Protection Act 1998 service users have the right to receive certain details about any social care information that is held on them, no matter whether it is held on paper, electronically, or any other medium. 

Access to records under the Data Protection Act applies only to people accessing their own records.  Access to personal data is normally only given to the data subject, but individuals can apply for access to their personal records through an agent or representative.  Requests for access to records of a deceased person by a third party are at the discretion of the receiving officer and need to be considered on a one-by-one basis.

For full details, see the full Access to Social Care Personal Records Procedure.

5.2 Sharing Information With Other Organisations

In order to deliver the best possible care to our clients and to ensure the safety of others, including workers involved with the client, there is an increasing need to exchange and share information.  Client confidentiality cannot be absolute.  There may be occasions when either it would be detrimental to the service user, or to another individual if this principle is strictly adhered to.  The need to ensure safety, life or wellbeing should almost always take precedence over the need to ensure confidentiality is maintained.  It is important to be able to fully justify such decisions and therefore reasons should always be recorded.

To ensure sharing is lawful, information should only normally be shared where either:

  • The client has given his or her consent to sharing taking place (see paragraph 4.3)
  • It is necessary to protect the vital interests of either the individuals themselves or of someone else, for instance staff in partner agencies. 
  • There is a legal requirement to share, i.e. a Court Order

County Legal Services (General Litigation Team) should be contacted whenever a Court order relating to disclosure is received.

Before confidential information is shared you should confirm that there is a valid reason for sharing and that the person you are sharing with is who they claim to be and is entitled to receive the information. 

 See the Information Sharing Protocol between partner agencies on the Oxfordshire Safeguarding Children Board.

5.3  Contracts

Organisations are often provided with confidential information in order to either fulfil a contract with the Directorate, or to provide a service to the Directorate.  When this happens a suitable condition must be placed in the contract that will both make clear the standards that are expected of the organisation when using the information and indemnify the Directorate against any unauthorised use of the information. 

Suitable checks should be made on any organisation provided with confidential information as part of a contract to ensure that they are able to, and do, comply with the contract arrangements.

5.4 Police

The police can obtain information from us under the following pieces of legislation:

  • Prevention of Terrorism Act 1980 and Terrorism Act 2000

If you are in possession of information about terrorist activity you must inform the police.

  • The Road Traffic Act 1988

You have a duty to inform the police, when asked, the name and address of any driver who is allegedly guilty of an offence under this Act.

  • The Police and Criminal Evidence Act 1984

You can pass on information to the police if you believe someone may be seriously harmed or death may occur if the police are not informed. 

  • Section 29(3) Data Protection Act 1998

The police may also seek, on production of a form signed by a police inspector, information under this exemption.  This exemption applies to the prevention and detection of crime and apprehension or prosecution of offenders.  However you only have to supply the information if a court order is produced.

  •  Proceeds of Crime Act 2002

The Council has an obligation to inform the Serious Organised Crime Agency where we uncover a suspected money laundering operation.  You must inform the Money Laundering Reporting Officer (head of Finance and Procurement) if you have such suspicions. 


6. Physical Security

To help ensure the safe handling of confidential information, there are a number of policies and guidelines available to staff:

  • Client Paper Record Management Protocols (CRMPS)
  • File Retention Periods
  • Working with Framework-I
  • Case Recording – Policy and Practice Guidelines
  • The Use of Information and Communication Technology Policy
  • Procedure for Staff wanting Internet Access to Oxfordshire County Council ICT Systems
  • Corporate Information Security Policy

.The following additional advice is provided on good practice designed to enhance security of confidential information.

6.1 Storage

  • All records containing confidential information must be stored in a secure location that restricts access by anyone who does not need to see the record.
  • Only staff that require regular access to the contents should have access to keys to lockable locations.
  • Keys should also be held in a secure central place when not in use.
  • Confidential documents, when no longer required, must be disposed of in a manner approved for confidential waste destruction.
  • Confidential information should never be left unattended while outside the normal place of work, i.e. in cars.

In addition, Adoption Agency Regulations require that Adoption Case Files are afforded special security that provides protection against inappropriate access and loss due to fire or flood.  If you work with these files you must ensure that their security is always maintained and only disclosed to those who clearly have a need to know.  OFSTED monitor compliance during each inspection of adoption services.

6.2  Paper Documents

  • Ensure incoming post is opened away from public areas.
  • Clear your desk and work space of confidential information when away from the desk for more than one hour (see paragraph 6.3).
  • Client case files removed from the office should be booked out (see the Client Paper Record Management Protocols).
  • Outgoing confidential information should be marked ‘Confidential and Private’
  • All hard copy confidential information must be disposed of in accordance with the latest guidance.
  • Confidential records should be placed back into a secure cabinet when no longer required – do not leave them on your desk.
  • Confidential information must not be kept on open shelving or in desk drawers/pedestals.
  • Set aside time to file paperwork regularly.
  • Confidential information should not be displayed on notice boards unless the notice board can be locked.

6.3  Clear Desk Policy

When a desk, work station or office is to be left unattended for more than 60 minutes the following is to be applied: 

  • All documents should be cleared from the desk.  Confidential information should be placed in secure storage.  Contents of in-trays should be locked away when not in use.
  • Log out of and switch off PC’s.

Your work station should always be left tidy and with sufficient space for it to be used efficiently by someone else in your absence.

6.4  Electronic Documents (see also - use of ICT Policy and Corporate Information Security Policy)

  • Ensure unauthorised persons cannot overlook your computer.
  • Do not disclose your passwords to anyone.
  • Whenever possible, endeavour to use client Framework-I Id numbers rather than names.
  • Confidential information should be stored and saved only where you are sure that access to it will be restricted to those that need to know.
  • If sent by e-mail outside of the Council, documents should be password protected.
  • Ensure documents are deleted when no longer required.
  • Do not save documents to anywhere where access cannot be restricted to a need-to-know basis.
  • Confidential information should never be saved to a non OCC supplied computer.  Portable storage media such as floppy discs or CD’s should be used if working from a non OCC PC.

6.5 E-Mail

  • Unless there is an urgent operational need to do so, do not include confidential information in e-mails.
  • E-mails containing confidential information are not to be sent to addressees outside of the County Council e-mail address book unless they have either been encrypted (non available at time of writing this policy) or the confidential information has been saved to a password protected attachment to the e-mail.  The password should be rung through to the addressee.
  • Do not send confidential information to external e-mail addresses without ensuring the receiving party has adequate protection for that information and have their own Safe Haven type guidelines.
  • Message settings for e-mails containing confidential information should be set at ‘Confidential’ sensitivity.
  • Before sending an e-mail with confidential information, turn on the ‘read’ receipt as a means of recording safe delivery.
  • Ensure e-mails have the appropriate confidentiality warning at the end of the message.
  • Take care when replying to or forwarding e-mails that confidential information is not inadvertently disclosed without good reason.
  • If a client wishes to correspond by e-mail, they should be advised that this is not a secure method but that they can enter into correspondence via this method at their own risk if they wish.
  • E-mails needed for longer term retention should be moved from your ‘In’, ‘Sent’ and ‘Deleted’ mailboxes and saved elsewhere. An e-mail may form part of another record, so it is important that a reliable and accurate copy of the e-mail is kept as part of the main record.
  • Store important message and attachments together, along with proof of delivery.
  • When deleting confidential e-mails ensure they are also deleted from the ‘deleted items’ folder.

6.6  Fax Machines, Printers and Photocopiers

  • Ensure faxes, printers and photocopying machines are in secure areas where visitors and unauthorised people cannot see any material awaiting collection.
  • Programme regularly used numbers into fax machines to prevent misdialling.
  • Do not allow unauthorised people unaccompanied access to areas where confidential information is kept.
  • Only send confidential information by fax when necessary.
  • Endeavour when possible to use Framework-I Id numbers rather than names.
  • Use a fax cover sheet that contains the following confidentiality statement:

‘This facsimile is to the above named addressee only. It may contain private and confidential information. If you are not the intended recipient you should not read, copy or use this fax in any other way. If you are unable to pass it onto the addressee please contact the sender and arrange to return it.’

  • Check the recipient is present before you send the fax.
  • Ensure the recipient is aware they should contact you if the fax HAS NOT been received.
  • After sending, where it is available, attach the transmission report to the fax.
  • Confidential faxes that are received in receptions should be collected by or delivered to the recipient immediately if possible.
  • While awaiting collection faxes must be locked away.
  • Where faxes have the types of toner cartridge that retains a copy of all faxes received, the cartridge should be treated as confidential waste.

6.7  Telephones, Mobile Phones and Voicemail

  • Ensure where possible that telephone conversations are conducted in an area where unauthorised persons cannot overhear them. Never discuss confidential information on mobile or cordless phones in a public area.
  • Voicemail messages should be listened to away from unauthorised persons.
  • Verify the identity of the caller before discussing confidential information over the phone.  If unsure take down details of what callers wish to know, obtain contact details to return the call from another source such as a phone directory of client file, and then call them back.
  • Where possible a password system be established before information is released over the phone.  Clients could use their Framework-I ID as confirmation of their identity. 

If in any doubt over the context of the call/the identity of the caller, seek advice from your Line Manager.

6.8  Taking Messages Containing Confidential Information

  • Mark the message confidential.
  • Do not leave messages lying around on the desk.  Hand the message to the recipient personally, or if not possible either send an e-mail to the recipient (see e-mail guidelines), or put the message in an agreed secure place.
  • Ensure confidential messages are disposed of as confidential waste when no longer required.

6.9 Key Records

  • Key records may need to be given extra security and protection.  A key record is either one where the loss of the record could compromise ability to provide a full service, or one that has been identified as requiring extra protection for another reason such as sensitivity.  When storing these records due consideration needs to be given to providing sufficient protection against inappropriate access and loss due to fire, flood or other disasters that may occur.  Security considerations include careful analysis of where to store the record, what sort of container or security is appropriate, and where the record is to be held or stored. 
  • Business continuity needs can be achieved either by ensuring that a duplicate copy of the record is held separately, or by providing suitable storage that minimises the risk from fire, flood etc. as far as is practical.

6.10 General

  • An ID card or name badge should be displayed by everyone at all times while in an office.  This will assist in recognising someone who does not belong in the office and who may need to be challenged if found in the office.  
  • Visitors and contractors should never be left alone where they would have uncontrolled access to any confidential information.


7. Flexible Working

Maintaining confidentiality is more difficult when working on confidential information outside of the normal work place, be it at home or from another site.  Appropriate steps must be taken to protect any confidential information removed from the office, either in hard copy or electronic. 

Client and staff files should only be removed from the office if absolutely necessary and must be signed out.  Hard copy records must be kept under cover and electronic information should be protected by a password, no matter how it is transported.  No confidential material is to be left unattended in cars.

While working, appropriate measures need to be taken to ensure that confidential work cannot be overseen, that it is not left unattended, and when finished that it is not left behind when you leave, either in hard copy or on a PC or printer if used.

  • More detail is available in ‘Procedure for Staff wanting Internet Access to Oxfordshire County Council ICT Systems


8. Reporting a Breach of Confidentiality

 Where any breach, or suspected breach, of confidentiality has occurred, this must be reported as soon as possible to your Line Manager in accordance with paragraph 4.1 of the Raising Concerns at Work, Grievances and Whistle-blowing Procedure

In addition to this, the manager dealing with the breach should also complete and submit the form at Annex B and, if necessary, seek advice as to what, if any, actions are needed to recover the situation and ensure another breach does not occur.


Annex A - Overview of Associated Legislation

This Annex provides more detail on the following pieces of legislation and guidelines, all of which affect the safe holding of confidential information

  • Caldicott
  • Common Law Duty of Confidence
  • Crime and Disorder Act 1998
  • Data Protection Act 1998
  • Freedom of Information Act 2000
  • Health and Social Care Act 2001 (section 60)
  • Human Rights Act 1998
  • Public Interest Disclosure Act

More information on any of the above can be obtained from the Data Information Officer at Yarnton House.

Caldicott Principles

Caldicott consists of a set of six principles as listed below.  These were drawn up in 1996 by a review committee looking into how person identifiable information was being used and transferred in the NHS. In 2001, application of these principles was extended to include County Councils with Social Care responsibilities.

  1. Formal justification of purpose - Every use or transfer of personal data should be clearly defined and scrutinised.
  2. Identifiable information transferred only when necessary - The use/transfer of personal data should only be used when there is no alternative.
  3. Only minimum use of personal data required – When the use of confidential information is required, each piece of information should be justified in its purpose.
  4. Need-to-know access control - Any person who needs to have access to data should only have access to the information that they need to see.
  5. All to understand their responsibilities - Everyone should be aware of their responsibilities when recording, handling and storing confidential information.
  6. Comply with and understand the law - Each organisation must identify a person responsible for ensuring that the organisation complies with legal requirements.

The work on the Caldicott Principles is monitored by way of a management audit supplied by DoH. The audit is a means of testing and monitoring each area within the Social and Health Care Directorate. The audit rates performance from 0-2 against 18 broad headings. The audit is submitted to the DoH each year.

Common Law Duty of Confidence

The Common Law Duty of Confidentiality directs that information given in confidence should only be used for the purposes for which it was provided.

Crime and Disorder act 1998

This act introduced measures to allow information sharing to take place in order to reduce crime and disorder; this comes in the form of local crime partnerships, which implements strategies for the reduction of crime and disorder.

Data Protection act 1998

The Data Protection Act is concerned with safeguarding the way personal information is collected, held and that the way in which it used is fair to the individuals concerned. It creates a number of rights for individuals whose data is used, including a right of access to any personal information held.

Day to day compliance is achieved by observing eight data protection principles, which require that personal data is:

  1. Obtained and used lawfully.
  2. Only used for purposes for which it was provided.
  3. Limited to that required in order to fulfil the task.
  4. Accurate and, where necessary, kept up to date.
  5. Not kept for longer than is necessary.
  6. Processed in accordance with the rights of the data subject.
  7. Kept securely and safely.
  8. Not transferred to countries that do not recognise the rights of data subjects in the same way we do.

Freedom of Information act 2000 (Section 40 & 41)

The Freedom of Information Act sets out a clear statutory requirement for public bodies to provide easy access to most information they hold.  From the 1 January 2005 any individual is able to apply for access to almost any information held by a public body.  The Act, however does not apply to personal information.  The release of personal information however remains under the Data Protection Act 1998.  See also Access to Social Care Personal Records Procedure.

Human Rights act 1998

Article 8

‘Everyone has the right to respect for their private and family life, home and correspondence and there shall be no inference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety, the economic well being of the country, for the prevention of crime and disorder, for the protection of health and morals or for the protection of the rights and freedoms of others.’ (Article 8)

Article eight states that everyone has the right to have their privacy respected, unless it is in the interest of the following not to do so:

  • Public safety
  • National security
  • Economic wellbeing of the country
  • Prevention of disorder and crime
  • Protection of the rights and freedoms of others
  • Protection of health and morals

and that the disclosure is a proportionate (i.e. justifiable) response to the issue that is being addressed

Public Interest Disclosure act 1998

Protected disclosures should only be made by the individual justifying one or more of the following;

  • A criminal offence has been/will be committed
  • A miscarriage of justice has /is or likely to occur
  • Health and safety of any individual is compromised

See also Raising Concerns at Work, Grievances and Whistle-blowing Policy, which refers to whistle blowing.

Computer Misuse act 1990

This Act identifies three specific offences:

  1. Unauthorised access to computer material (that is, a program or data). This would include: using another person's identifier (ID) and password without proper authority in order to use data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data (for example, to a screen or printer); laying a trap to obtain a password.
  2. Unauthorised access to a computer system with intent to commit or facilitate the commission of a serious crime. This would include gaining access to financial or administrative records, but intent would have to be proved.
  3. Unauthorised Modification of Computer Material.  This would include destroying another user's files; modifying system files; creation of a virus; introduction of a local virus; introduction of a networked virus and deliberately generating information to cause a complete system malfunction.


Annex B - Security Incident Reporting Form

SECURITY INCIDENT REPORTING FORM

This form should be used to record any incident in which unauthorised access to confidential information has, or may have, taken place.  This should include any actual or suspected loss of, or inadvertent disclosure of, information that is confidential. 

Something is deemed confidential if it is either of a personal nature (be it about a client, a member of staff or any other individual), it is commercially sensitive, or is information where the inappropriate disclosure of said information would be problematic for the Directorate. 

PART ONE – DETAILS OF INFORMATION INVOLVED

Date of incident:

 Place: 
Type of record involved: (i.e. client or staffing file, contract document, etc.):
If incident involves personal information, details of person whose information was involved in the incident:
Details of incident:  (i.e. nature of incident and circumstances that led to incident)
Actions already taken to minimise impact, and others still planned to be taken:
Details of person reporting incident:
Name:

Job Title:
Signature:

Date:

Once completed this form should be sent to the Data Information Officer,
Yarnton House,
Rutten Lane,
Yarnton,
OX5 1LP

End