Information Sharing and Confidentiality Agreement
The Care Act 2014 sets out criteria which require the sharing of confidential information, therefore it is important to establish, within the context of safeguarding adults, an agreement for sharing information between partner agencies committed to Sunderland’s Safeguarding Adults Procedures.
This Agreement covers the sharing of information for any purposes listed below and comprises the common principles and procedures, which will be adopted wherever and whenever these agencies have to share information for these purposes.
- Purposes for which information may be shared
For the purpose of safeguarding adults, relevant information will be shared to:
- Keep service users at the centre of the safeguarding adults process;
- Inform them of, and involve them in, decision making processes;
- Standardise the safeguarding adults process;
- Share relevant and updated information to prevent unnecessary duplication of data collection/creation processes;
- Help identify other people who may be at risk of abuse and take appropriate steps to ensure their safety and wellbeing;
- Assist with the prevention and detection crime;
- Investigate and address complaints;
- To establish and share learning outcomes where possible;
- To facilitate and incorporate governance arrangements and monitoring processes
Statistical information may be shared to:
- Coordinate partnership working and improve delivery of services;
- Train staff and set, monitor and maintain professional standards;
- Identify relevant patterns and trends of abuse and to inform or improve practice;
- Manage, plan, commission and contract services;
- Develop multi-agency strategies;
- Improve performance and management audit;
- Inform local and national research initiatives
This Agreement supports effective integrated multi-agency safeguarding work by providing a standard for lawful information sharing principles which will assist professionals in determining the thresholds for information sharing.
It provides a framework for the secure sharing of information between agencies to:
- Ensure individuals receive appropriate information and services to safeguard them from or minimise abuse and neglect;
- Ensure there is a consistent and effective response to any concerns, allegations or disclosures of abuse and neglect;
- Work effectively and efficiently together throughout the safeguarding process;
- Prevent abuse and neglect occurring within agencies;
- Meet the needs of communities and individuals for care, safeguarding and support;
- Set out for individuals the reasons why information about them may need to be shared and how this sharing will be managed and controlled so that confidentiality is maintained
- Principles Guiding the Sharing of Information
In seeking to share information for the purposes of safeguarding adults, agencies will adhere to the following principles:
- The agencies that are party to this Agreement are committed to enable data to be shared in a manner that is compliant with their statutory responsibilities;
- Where possible and appropriate, individuals should be fully informed about the information that is recorded about them and as a general rule, be asked for consent before their information is shared with colleagues or another agency. There may be justifications to override this requirement, for example if an individual/s are at risk or the act of obtaining consent would (or would be likely to) jeopardise the ability to safeguard;
- The rules about disclosure of information apply to adults who lack capacity. Where appropriate, consent should be obtained from the person with legal authority to act on the person’s behalf. The reasons for the final decision should be clearly recorded;
- Agencies will ensure that staff receive appropriate training around issues of privacy and security;
- Where professionals request that information supplied by the, be kept confidential from the people who use services, the outcome of this request and the reasons for taking the decision will be recorded;
- Where an agency’s organisational or procedural interests conflict with the effective safeguarding of individual/s, the lawful interests of the individuals shall prevail
- Summary of Core Principles
All information sharing and record keeping should be compliant with the following:
5.1 Caldicott Principles
- Justify the purposes of using person-identifiable information;
- Only use person-identifiable information where necessary to do so;
- Use the minimum that is required;
- Access should be on a strict need-to-know basis;
- Everyone should understand their responsibilities;
- Everyone must understand and comply with the law
For further information, see Manual for Caldicott Guardians 2017
5.2 Data Protection Principles
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). It covers all recording, storage and sharing of personal information held on paper files or computer. All personal data must be recorded and shared lawfully and all agencies signed up to this Agreement must be able to demonstrate their data is:
- Processed lawfully, fairly and in a manner transparent to the data subject;
- Processed for specific, explicit purposes and not processed for further, incompatible reasons;
- Adequate, relevant, and limited to the data that is needed to get the job done;
- Accurate, current and, where necessary, promptly updated;
- Not kept for longer than necessary;
- Processed in accordance with the rights of the data subject;
- Protected by the appropriate security;
- Not transferred to a country outside the EEC without adequate protection
Personal data relevant to an adult safeguarding matter (that is, the Adult at Risk and/or anyone involved with their situation or circumstances) will need to be processed in order for Sunderland Safeguarding Adults Board (SSAB) to carry out its functions under the Care Act 2014. These requirements activate the processing conditions within the Data Protection Act that (subject to full observance of the Caldicott and Data Protection Act processing principles) confirm the lawfulness of sharing for safeguarding purposes. See also: the Government’s Data Protection information page.
- Legislation and Guidance
The key legislation and guidance affecting the sharing and disclosure information in respect of safeguarding adults include:
- Care Act 2014
- Data Protection Act 2018
- General Data Protection Regulation (GDPR) (European Law)
- Human Rights Act 1998 (Article 8)
- Crime and Disorder Act 1998
- Access to Health Records Act 1990
- The Common Law Duty of Confidentiality
- Caldicott Principles
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
- Computer Misuse Act 1990
Other relevant legislation/powers include:
- Criminal Procedures and Investigations Act 1996
- Regulation of Investigatory Powers Act 2000
- Health and Social Care Act 2001 (Section 60)
- Third party disclosures
- Care and Support Statutory Guidance 2014
- Good Practice Guidelines
- The views and wishes of the abused person will normally be respected when sharing the information they give us;
- Decisions to share information in safeguarding cases must be made/agreed at the appropriate level within a given agency, and by an appropriate individual;
- Agencies should ensure they have clear guidelines for when the duty to safeguard the wider public (or a particular person/persons) outweighs their responsibility to protect an individual’s right to privacy;
- Staff must never confuse confidentiality with secrecy;
- Agencies cannot give assurances of absolute confidentiality in cases where there are concerns about abuse, particularly in those situations where others may be at risk. There will be circumstances when a duty to safeguard others will outweigh the responsibility to any one individual;
- Information given to, or created by an individual member of staff or agency representative belongs to the agency and not that member of staff;
- The abused person and, where relevant, their carers, must be advised why and with whom information will be, or has been shared where possible and appropriate to do so;
- Information must be shared on a need-to-know basis only;
- Information will be shared only for the purposes of providing care or for safeguarding the abused person or others;
- Information given to an agency must only be used for the purposes for which it was intended, or for purposes that can be shown to be compatible with those purposes;
- Information should be shared with the minimum number of individuals (i.e. professionals, carers, others) required to ensure the safety of the individual or of others;
- Information sharing should follow documented processes, with information flowing to authorised recipients from authorised sources. Decisions to share outside of these processes must be documented in the relevant safeguarding records;
- Information sharing by electronic methods should be done using appropriate levels of security and encryption. The use of 7Zip software to encrypt information in a manner that is easy to send and receive is recommended. This software is free to download and use, and does not require specialist training to be able to use it
Decisions about sharing information need to be taken on a case-by-case basis. Therefore, before sharing information the following questions should be asked:
- Do I have the permission of the Adult at Risk to disclose personal information?
- Do I have the legal authority to disclose this information?
- Is there a duty to protect the wider public interest; are other people at risk?
All decisions made in terms of withholding or sharing information must be recorded in detail.
8.1 Service User as a Perpetrator
If it assessed that the service user continues to pose a threat to others (service users, staff, etc), then this should be included in any information passed on to service providers/strategic partners.
8.2 Safeguarding Adults Meetings
All discussions or meetings taking place under the safeguarding adults process respects the boundaries of confidentiality and are held under the shared understanding that:
- Meetings are called in circumstances where there are concerns that they safety and wellbeing of an individual or several individuals is at risk, and that this safety may outweigh some rights of individual privacy;
- The disclosure of information outside of meetings, beyond that which is agreed at meetings, may be considered as a breach of the subject’s privacy and a breach of the confidentiality of the agencies involved;
- If consent to disclose outside of meetings is considered essential, permission should be sought from the Safeguarding Manager chairing the meeting, and a decision will be made on the principle of a public safety ‘need to know’;
- Unauthorised disclosure of safeguarding information may be a disciplinary matter
- Formal Approval and Adoption
Sunderland Safeguarding Adults Board (SSAB) is responsible for the approval, maintenance and review of this Agreement and the development of any additional service specific procedures.
This Agreement applies to all agencies committed to the SSAB Memorandum of Understanding. It also applies to all staff, agency workers and volunteers working within agencies that are party to this Agreement.
9.1 Dissemination/circulation of the Agreement
Agencies will ensure that their staff are made aware of and have access to this Agreement.
Agencies will ensure that the Agreement will be communicated to service users/patients and carers to ensure that individual rights in relation to the disclosure and use of personal information are upheld.
10. Other Useful Resources
All key partner agencies will have internal policy and procedural guidance and public information in respect of information sharing and security in compliance with the Data Protection Act and Caldicott Principles. Staff should use these references.