CHAPTER 4: Information Sharing & Confidentiality
AMENDMENTThis chapter was updated in March 2014 to reflect recent changes in terminology and statutory guidance. Reference to the General Social Care Council (GSCC) was replaced with the Health and Care Professions Council (HCPC). References to Working Together to Safeguard Children 2010 were updated to the 2013 guidance where appropriate.
|1.1||Information Sharing and Assessment is a central government statutory requirement based on the Children Act 2004, which required all Local Authorities & Partner Agencies to introduce and monitor local information sharing process from 1 April 2005.|
|1.2||Information sharing guidance is designed to help every professional to be able to share information about vulnerable children consistently and with confidence. It primarily focuses on the levels of need below the risk of Significant Harm; it does not replace Child Protection processes.|
|1.3||Research and experience has demonstrated that to keep children safe from harm it is essential that professionals maximise the potential for safe partnership with parent/s and share relevant information across geographical and professional boundaries.|
|1.4||Often it is only when information from a number of sources has been shared, collated and analysed, that it becomes clear a child is suffering, or is likely to suffer Significant Harm.|
Information relevant to child protection will be about:
|1.6||The informed consent of a person under the age of 18 is as significant as that of an adult where s/he is the subject of information, provided s/he has sufficient emotional maturity and intellectual competence to understand the consequences of their consent and consider alternative options. If a member of staff is in doubt about a child's competence s/he should seek legal advice.|
|1.7||Where a child does not have the capacity to consent, it should be sought, if it does not place her/him at additional risk, from a person with Parental Responsibility for that child.|
|1.8||Where possible, informed consent should be provided in writing.|
|1.9||It is the duty of professionals, whether they are providing services to adults or children, to place the needs of the child first.|
|1.10||Each case will depend on its own facts and legal advice should always be sought from agencies' own legal advisers where the professional is concerned about the legality of sharing information.|
|1.11||Limitations to informed consent must be made clear at the point of information exchange (e.g. a request that information is not shared with a particular service/agency).|
|1.12||Informed consent can be withdrawn at any stage. In this event, all professional parties involved in information exchange must be informed as soon as possible. Information exchange should cease at this point, unless there is justification to continue sharing information without consent.|
|1.13||Particular care should be exercised sharing sensitive information (e.g. sexual health, emotional health needs, etc). The rule of proportionality should be applied in these instances i.e. what does the other professional 'need to know' to inform their judgement or service.|
|1.14||Information should be stored safely and securely at all times.|
Please see the national Department for Education for a more detailed explanation of the national context for information sharing.
The 'Common Law Duty of Confidence' arises when a person shares information with another in circumstances where it is reasonable to expect that the information will be kept confidential e.g. a contract, a patient-doctor, solicitor-client, pupil-teacher relationship.
Personal information about children and families kept by professionals and agencies should not generally be disclosed without the consent of the subject.
The duty of confidence is not absolute and disclosure can be justified if:
The disclosure of information should not be an obstacle if an individual has particular concerns about the welfare of a child, the information is disclosed to another professional and the disclosure is justified under the common law duty of confidence.
The key factor in deciding whether or not to disclose confidential information is 'proportionality' i.e. is the proposed disclosure a proportionate response to the need to protect the child's welfare? The amount of confidential information disclosed and the number of people to whom it is disclosed should be no more than is necessary to meet the public interest in protecting the health and well-being of the child.
The approach to confidential information should be the same whether any proposed disclosure is internally within an organisation e.g. within a school or Children's Social Care or between agencies e.g. a teacher to a social worker.
European Convention on Human Rights
Article 8 of the above Convention states that:
The right is not absolute and in certain situations Article 8 enables professionals to disclose information without consent - e.g. to:
As with the common law described above, the principle of 'proportionality' applies to sharing confidential information i.e. when disclosing information without consent one must limit the extent of the disclosure to that which is absolutely necessary to achieve the aim of disclosure e.g. child protection.
Data Protection Act 1998
The Data Protection Act 1998 (as amended) regulates the handling of information kept about an individual on a computer or in a manual filing system and requires of public authorities that any personal information is:
The amendments to the Data Protection Act 1998 introduced by the Freedom of Information Act 2000 mean that any incidental personal information held in loose papers etc (as opposed to a structured filing system) is now also covered by subject access and accuracy obligations.
Legitimate conditions (in Schedule 2 of the Data Protection Act 1998) for sharing information include that:
Many of the above conditions, especially the latter one offer a justification for sharing information (mindful of the proportionality principle).
If the information being shared is 'sensitive personal data' e.g. racial or ethnic origin, religious beliefs or political opinions, trade union membership, sexual life, criminal offences, one of the following additional conditions of Schedule 3 must be met:
Defence of a child's 'legal rights' under the Human Rights Act 1998 or exercise of a statutory function in connection with a s17 assessment or s47 enquiries may offer justification for information sharing.
For more detailed information see Information Commissioner's Office website
For the NHS and councils with social services responsibilities, the Caldicott principles and processes provide a framework of quality standards for the management of confidentiality and access to personal information under the leadership of a Caldicott Guardian.
This includes 'Safe Haven' principles on the secure storage and transfer of confidential information.
These Standards apply to NHS organisations and Councils with Social Services Responsibilities in order to provide an effective framework to operationalise the Data Protection Act 1998 and underpin appropriate information sharing.
Health and Children's Social Care must ensure that their information sharing arrangements are compliant with their own local procedures based on the Caldicott Standard (see Health Service Circular/LAC circular HSC 2002/003/LAC (2002) 2 'Implementing the Caldicott Standard into Social Care').Each Health Service and Children's Social Care will have its own Caldicott Guardian who should be able to provide advice and guidance.
The latest government view of best professional practice is detailed in the Information Sharing booklet, available at the Department for Education, which includes:
The above practitioners' guide Information Sharing: Practitioners' Guide (modified by the authors of these procedures at the italicised section of the 3rd bullet point) may be summarised as follows:
The above guidance indicates that in the following circumstances, sharing confidential information without consent will normally be justified in the public interest:
Thus, in general, the law does not prevent an individual sharing information with other practitioners if:
'To fulfil their commitment to safeguard and promote the welfare of children, all organisations that provide services for, or work with, children must have: ... arrangements to work effectively with other organisations to safeguard and promote the welfare of children, including arrangements for sharing information.' (Working Together to Safeguard Children, 2010, paragraph 2.12, now archived)
Further information is available at the Department for Education.
|3.2||'What To Do If You're Worried a Child is Being Abused' superseded 'Guidance to Doctors Working with Child Protection Agencies' (itself an addendum to Working Together to Safeguard Children 1999).|
Updated General Medical Council (GMC) guidance - 'Confidentiality: Protecting and Providing Information' (2004) emphasises the importance generally of obtaining a patient's consent to disclosure of personal information but makes it clear it may be released without consent to 3rd parties e.g. statutory agencies such as Children's Social Care and police, in exceptional circumstances if:
The GMC has confirmed that its guidance refers to information about:
|3.5||'What To Do If You're Worried a Child is Being Abused' superseded 'Child Protection: Guidance for Senior Nurses, Health Visitors, Midwives and their Managers'|
The Nursing and Midwifery Council (NMC) has produced a code of professional conduct which contains the advice that disclosure of information may occur:
|3.7||The Health and Care Professions Council which governs therapies and professions allied to medicine has produced a statement on confidentiality and individual professional bodies produce their own, essentially similar guidance.|
|3.8||When in doubt health staff may consult the named professional who may in turn seek advice from the designated doctor or nurse and/or the Caldicott guardian or solicitor of the Trust.|
|3.9||Police are lawfully able to supply information to relevant third parties for defined categories of request.|
|3.10||Care must be taken in all cases to ensure that all information disclosed is accurate, topical, factual, proportionate for the purpose for which it is passed and above all, relevant and necessary to the issue and the individual concerned|
The 6 categories of request for information which police CAIUs can lawfully respond to are those in which:
|3.12||Any request for information that does not fall within these categories must be declined. Where there is doubt, the police legal services or the Data Protection Unit will be consulted.|
|3.13||Information will be provided by police on the strict understanding that it is confidential in nature, will only be used for the purposes of a child protection or child in need assessment and that it may not be passed on to any third party without express permission of the police.|
|3.14||In urgent cases, information shared as part of a Section 47 Enquiry may be provided verbally prior to being confirmed in writing.|
|3.15||Police information sharing protocols must be reviewed annually and be capable of audit. Thames Valley Police has indicated that in addition to the guidance and agreed multi agency practices described in this chapter, there remains a need to develop additional local information sharing protocols.|
|3.16||Education staff have a responsibility to share information about the protection of children with other professionals, particularly investigative agencies e.g. police and Children's Social Care|
|3.17||S.27 Children Act 1989 imposed a duty on other local authorities to assist Children's Social Care in the exercise of their functions e.g. child protection, if requested to do so and if it is not prejudicial to the discharge of their own functions.|
|3.18||S.175 Education Act 2002 introduced additional duties on Children's Services (Education) to 'make arrangements for ensuring that the functions conferred upon them in their capacity as Children's Services (Education) are exercised with a view to safeguarding and promoting the welfare of children'.|
|3.19||The current duties and expectations of educational institutions are described in the Agency Roles and Responsibilities Procedure.|
|3.20||The Health and Care Professions Council and British Association of Social Workers (BASW) Codes of Ethics allow for divulging confidential information without consent of the service user or informant when there is clear evidence of serious danger to the service user, worker or other persons.|
The net result of legislation and professional guidance as summarised above is that professionals may share information for a child protection purpose without the consent of the subject:
|4.2||It is important that each professional accept responsibility for her/his own referrals and should not seek to provide information to another agency anonymously.|
The permission of the subject (child or parent) must ordinarily be sought on those occasions when there is a need to gather further information via checks with other agencies, in order to:
Such checks may be completed without such permission if:
|4.5||The person requesting information from another agency and the person in that agency who provides it must record the event in accordance with her/his own agency procedures.|
|4.6||The recording must indicate if the consent of the relevant person was sought and obtained, sought and refused or not sought.|
|4.7||If information was provided without consent, reason/s for so doing must be made clear and the record indicate whether the person in question was subsequently informed of the information transfer.|
|4.8||Unless s/he is already known, a phone call received from a professional seeking information must be verified before information is divulged, by calling her/his agency back.|
|4.9||A record of any information relayed by phone or in person must be made.|
|4.10||Transmission of personal and sensitive information by fax should only happen when absolutely necessary. The number / address to which it is being sent should be checked very carefully (preferably by a colleague) and reassurance provided and recorded about the security of its handling by the other agency.|
|4.11||When sending out e-mails containing confidential information, a confidentiality warning should be used. Wherever possible confidential information should only be sent by secure electronic systems and not by internet e-mail.|
|4.12||All agencies must ensure that their record keeping is maintained in accordance with statute and guidance (both national and local).|