SCOPE OF THIS CHAPTER

This chapter should be read in conjunction with Hull City Council’s corporate policies on Data Protection, Personal Information Handling and Freedom of Information Policy.

RELEVANT INFORMATION

Confidentiality – Guidance for Registrants (Health and Care Professions Council)

February 2019: This chapter was amended to include a link to Confidentiality – Guidance for Registrants, published by the Health and Care Professions Council, as above and make reference to the Data Protection Act 2018.

1. Description

1.1 Confidentiality

The legal framework for confidentiality is contained in the common law duty of confidence, the Human Rights Act 1998 and the Data Protection Act 2018.

Confidentiality is about respecting and maintaining the privacy of a customer.

Information sharing is the act of disclosing information about a customer.

Disclosure means actively sharing confidential information in the customer’s best interests.

Confidential information is private and personal information and knowledge held about a customer, their circumstances and anyone who has a relationship with them.

2. Principles

It should be made clear to customers that in each case the information passed on will only be what is relevant and on a ‘need to know’ basis.

The law permits disclosure of confidential information where crime is suspected or the wellbeing of any vulnerable adult or child is a risk.

Information disclosure to other professionals, for example the police, should be justifiable, and where possible with the agreement of the person concerned.

There may also be situations where third parties have a statutory right of access to the information or where a Court Order requires that access be given.

Where third parties such as solicitors or external researchers request access to information, this should only be given if written consent is given by the person concerned or a person acting on their behalf where they lack mental capacity, e.g. an attorney or advocate (including an Independent Mental Capacity Advocate (IMCA) where appointed).

Individuals should be informed of the circumstances in which information about them will be shared with others.

Sharing information promptly with other professionals working with the same customer or with a child in the same household is essential to safeguarding the individual’s and/or the child’s interests. For example, this may be the case where an adult in receipt of social care services is also the parent of or holds Parental Responsibility in relation to a child.

Where requests for information about a customer of Adult Social Care are received, the customer to whom the information relates should be informed that of the request – unless to do so would prejudice the purpose of the request. Any objections they have should be considered before responding to the person making the request. Where a customer lacks mental capacity, this discussion should be held with the person acting on their behalf, e.g. an attorney or advocate (including an Independent Mental Capacity Advocate (IMCA) where appointed).

Where information or records are passed to others it should be noted and confirmed in writing.

Information may also be disclosed to persons who have a statutory right of access to the information, for example:

  • Where a Court directs that records be produced;
  • Where information is requested by Inspectors of the Regulatory Authority (who have specific statutory powers that permit access to records);
  • An Independent Mental Capacity Advocate (IMCA) where appointed.

Where information is requested by telephone or electronically, great care must be taken to ensure that the identity of the caller and that the he or she is entitled to receive the information requested. Where there is any doubt the information may not be provided without the approval of a manager.

Information may be requested under the Freedom of Information Act 2000, disclosure of personal information is not permitted (see Freedom of Information Policy for further details).

A customer’s right of access to their own personal information must still be dealt with in accordance with the Data Protection Act 2018. The procedure is set out in the Customer Access to Records Procedure.

Where information is disclosed by a member of the public in confidence, the anonymity information will be maintained.

Hull City Council has a duty to ensure that personal data is effectively protected and IF the need to transport it is identified, this is done securely, with the data fully protected.

Personal information should not normally be disclosed without the consent of the customer or a person acting on their behalf where they lack mental capacity, e.g. an Attorney or advocate (including an Independent Mental Capacity Advocate (IMCA) where appointed), except within exceptional circumstances.

3. Process

  • Customer information should be stored securely appropriately, preferably electronically or in locked storage so that is only accessible to those who need to access it;
  • The identity of a customer or relative, or professional should be assured prior to sharing personal information;
  • Conversations in person or over the phone should take place in an appropriate setting i.e. away from the public;
  • When accessing a customer’s personal information care should be taken to ensure the information cannot be viewed by someone who has no need to view the information;
  • When transporting information, particular vigilance must be demonstrated to make sure that it is not lost, stolen or viewed by any unauthorised person. Personal information is protected by law and must only be transported when it is absolutely necessary. It must be in transit for the minimum amount of time and should never be left unattended for any reason.