CHAPTER 4: Information Sharing & Confidentiality
AMENDMENTThis chapter was reviewed locally and updated in May 2014.
|1.1||Information Sharing and Assessment is a central government statutory requirement based on the Children Act 2004, which required all Local Authorities & Partner Agencies to introduce and monitor local information sharing process from 1 April 2005.|
|1.2||Information sharing guidance is designed to help every worker to be able to share information about vulnerable children consistently and with confidence. It primarily focuses on the levels of need below the risk of Significant Harm; it does not replace Child Protection processes.|
|1.3||Research and experience has demonstrated that to keep children safe from harm it is essential that workers maximise the potential for safe partnership with parent/s and share relevant information across geographical and worker boundaries.|
|1.4||Often it is only when information from a number of sources has been shared, collated and analysed, that it becomes clear a child is suffering, or is likely to suffer Significant Harm.|
Information relevant to child protection will be about:
|1.6||The informed consent of a person under the age of 18 is as significant as that of an adult where s/he is the subject of information, provided s/he has sufficient emotional maturity and intellectual competence to understand the consequences of their consent and consider alternative options. If a member of staff is in doubt about a child's competence s/he should seek legal advice.|
|1.7||Where a child does not have the capacity to consent, it should be sought, if it does not place her/him at additional risk, from a person with Parental Responsibility for that child.|
|1.8||Where possible, informed consent should be provided in writing.|
|1.9||It is the duty of workers, whether they are providing services to adults or children, to place the needs of the child first.|
|1.10||Each case will depend on its own facts and legal advice should always be sought from agencies' own legal advisers where the worker is concerned about the legality of sharing information.|
|1.11||Limitations to informed consent must be made clear at the point of information exchange (e.g. a request that information is not shared with a particular service/agency).|
|1.12||Informed consent can be withdrawn at any stage. In this event, all professional parties involved in information exchange must be informed as soon as possible. Information exchange should cease at this point, unless there is justification to continue sharing information without consent.|
|1.13||Particular care should be exercised sharing sensitive information (e.g. sexual health, emotional health needs, etc.). The rule of proportionality should be applied in these instances i.e. what does the other worker 'need to know' to inform their judgement or service.|
|1.14||Information should be stored safely and securely at all times.|
Please see the national Department for Education for a more detailed explanation of the national context for information sharing.
The 'Common Law Duty of Confidence' arises when a person shares information with another in circumstances where it is reasonable to expect that the information will be kept confidential e.g. a contract, a patient-doctor, solicitor-client, pupil-teacher relationship.
Personal information about children and families kept by workers and agencies should not generally be disclosed without the consent of the subject.
The duty of confidence is not absolute and disclosure can be justified if:
The disclosure of information should not be an obstacle if an individual has particular concerns about the welfare of a child, the information is disclosed to another worker and the disclosure is justified under the common law duty of confidence.
The key factor in deciding whether or not to disclose confidential information is 'proportionality' i.e. is the proposed disclosure a proportionate response to the need to protect the child's welfare? The amount of confidential information disclosed and the number of people to whom it is disclosed should be no more than is necessary to meet the public interest in protecting the health and well-being of the child.
The approach to confidential information should be the same whether any proposed disclosure is internally within an organisation e.g. within a school or Children's Social Care or between agencies e.g. a teacher to a social worker.
European Convention on Human Rights
Article 8 of the above Convention states that:
The right is not absolute and in certain situations Article 8 enables workers to disclose information without consent - e.g. to:
As with the common law described above, the principle of 'proportionality' applies to sharing confidential information i.e. when disclosing information without consent one must limit the extent of the disclosure to that which is absolutely necessary to achieve the aim of disclosure e.g. child protection.
Data Protection Act 1998
The Data Protection Act 1998 (as amended) regulates the handling of information kept about an individual on a computer or in a manual filing system and requires of public authorities that any personal information is:
The amendments to the Data Protection Act 1998 introduced by the Freedom of Information Act 2000 mean that any incidental personal information held in loose papers etc. (as opposed to a structured filing system) is now also covered by subject access and accuracy obligations.
Legitimate conditions (in Schedule 2 of the Data Protection Act 1998) for sharing information include that:
Many of the above conditions, especially the latter one offer a justification for sharing information (mindful of the proportionality principle).
If the information being shared is 'sensitive personal data' e.g. racial or ethnic origin, religious beliefs or political opinions, trade union membership, sexual life, criminal offences, one of the following additional conditions of Schedule 3 must be met:
Defence of a child's 'legal rights' under the Human Rights Act 1998 or exercise of a statutory function in connection with a s17 assessment or s47 enquiries may offer justification for information sharing.
For more detailed information see Information Commissioner's Office website
For the NHS and councils with social services responsibilities, the Caldicott principles and processes provide a framework of quality standards for the management of confidentiality and access to personal information under the leadership of a Caldicott Guardian.
This includes 'Safe Haven' principles on the secure storage and transfer of confidential information.
These Standards apply to NHS organisations and Councils with Social Services Responsibilities in order to provide an effective framework to operationalise the Data Protection Act 1998 and underpin appropriate information sharing.
Health and Children's Social Care must ensure that their information sharing arrangements are compliant with their own local procedures based on the Caldicott Standard (see Health Service Circular/LAC circular HSC 2002/003/LAC (2002) 2 'Implementing the Caldicott Standard into Social Care').Each Health Service and Children's Social Care will have its own Caldicott Guardian who should be able to provide advice and guidance.
The latest government view of best worker practice is detailed in the Information Sharing booklet, available at the Department for Education, which includes:
The above practitioners' guide Information Sharing: Practitioners' Guide (modified by the authors of these procedures at the italicised section of the 3rd bullet point) may be summarised as follows:
The above guidance indicates that in the following circumstances, sharing confidential information without consent will normally be justified in the public interest:
Thus, in general, the law does not prevent an individual sharing information with other practitioners if:
'To fulfil their commitment to safeguard and promote the welfare of children, all organisations that provide services for, or work with, children must have: ... arrangements to work effectively with other organisations to safeguard and promote the welfare of children, including arrangements for sharing information.' (Working Together to Safeguard Children, 2010, paragraph 2.12, now archived)
Further information is available at the Department for Education.
|3.2||'What To Do If You're Worried a Child is Being Abused' superseded 'Guidance to Doctors Working with Child Protection Agencies' (itself an addendum to Working Together to Safeguard Children 1999).|
Updated General Medical Council (GMC) guidance - 'Confidentiality: Protecting and Providing Information' (2004) emphasises the importance generally of obtaining a patient's consent to disclosure of personal information but makes it clear it may be released without consent to 3rd parties e.g. statutory agencies such as Children's Social Care and police, in exceptional circumstances if:
The GMC has confirmed that its guidance refers to information about:
|3.5||'What To Do If You're Worried a Child is Being Abused' superseded 'Child Protection: Guidance for Senior Nurses, Health Visitors, Midwives and their Managers'|
The Nursing and Midwifery Council (NMC) has produced a code of professional conduct which contains the advice that disclosure of information may occur:
|3.7||The Health and Care Professions Council which governs therapies and professions allied to medicine has produced a statement on confidentiality and individual worker bodies produce their own, essentially similar guidance.|
|3.8||When in doubt health staff may consult the named worker who may in turn seek advice from the designated doctor or nurse and/or the Caldicott guardian or solicitor of the Trust.|
|3.9||Police are lawfully able to supply information to relevant third parties for defined categories of request.|
|3.10||Care must be taken in all cases to ensure that all information disclosed is accurate, topical, factual, proportionate for the purpose for which it is passed and above all, relevant and necessary to the issue and the individual concerned. Information shared which is discovered to be inaccurate or inadequate will be notified to the data owner, who will be responsible for correcting the data and notifying all other recipients of the data who must ensure the correction is made.|
The 6 categories of request for information which police CAIUs can lawfully respond to are those in which:
|3.12||Any request for information that does not fall within these categories must be declined. Where there is doubt, the police legal services or the Data Protection Unit will be consulted.|
|3.13||Information will be provided by police on the strict understanding that it is confidential in nature, will only be used for the purposes of a child protection or child in need assessment and that it may not be passed on to any third party without express permission of the police.|
|3.14||In urgent cases, information shared as part of a Section 47 Enquiry may be provided verbally prior to being confirmed in writing.|
The police can share information if its disclosure is believed to be necessary and proportionate and supports the common policing purpose of:
Police information sharing protocols must be reviewed annually and be capable of audit. Thames Valley Police has indicated that in addition to the guidance and agreed multi agency practices described in this chapter, there remains a need to develop additional local information sharing protocols.
|3.16||Education staff have a responsibility to share information about the protection of children with other worker, particularly investigative agencies e.g. police and Children's Social Care|
|3.17||S.27 Children Act 1989 imposed a duty on other local authorities to assist Children's Social Care in the exercise of their functions e.g. child protection, if requested to do so and if it is not prejudicial to the discharge of their own functions.|
|3.18||S.175 Education Act 2002 introduced additional duties on Children's Services (Education) to 'make arrangements for ensuring that the functions conferred upon them in their capacity as Children's Services (Education) are exercised with a view to safeguarding and promoting the welfare of children'.|
|3.19||The current duties and expectations of educational institutions are described in the Agency Roles and Responsibilities Procedure.|
|3.20||The Health and Care Professions Council and British Association of Social Workers (BASW) Codes of Ethics allow for divulging confidential information without consent of the service user or informant when there is clear evidence of serious danger to the service user, worker or other persons.|
The net result of legislation and worker guidance as summarised above is that workers may share information for a child protection purpose without the consent of the subject:
|4.2||It is important that each worker accept responsibility for her/his own referrals and should not seek to provide information to another agency anonymously.|
The permission of the subject (child or parent) must ordinarily be sought on those occasions when there is a need to gather further information via checks with other agencies, in order to:
Such checks may be completed without such permission if:
|4.5||The person requesting information from another agency and the person in that agency who provides it must record the event in accordance with her/his own agency procedures.|
|4.6||The recording must indicate if the consent of the relevant person was sought and obtained, sought and refused or not sought.|
|4.7||If information was provided without consent, reason/s for so doing must be made clear and the record indicate whether the person in question was subsequently informed of the information transfer.|
|4.8||Unless s/he is already known, a phone call received from a worker seeking information must be verified before information is divulged, by calling her/his agency back.|
|4.9||A record of any information relayed by phone or in person must be made.|
|4.10||Transmission of personal and sensitive information by fax should only happen when absolutely necessary. The number / address to which it is being sent should be checked very carefully (preferably by a colleague) and reassurance provided and recorded about the security of its handling by the other agency.|
When sending out e-mails containing confidential information, a confidentiality warning should be used. Wherever possible Confidential information should only be sent by secure electronic systems and not by internet e-mail.Thames Valley Police will only share information via e-mail where a secure network is available.
|4.12||All agencies must ensure that their record keeping is maintained in accordance with statute and guidance (both national and local).|
|4.13||Any information that is shared should contain the appropriate marking as stated by the Government Protective Marking Scheme.|
If a party to this agreement receives a subject access application under section 7 of the Data Protection Act and personal data is identified as having originated from another signatory agency, it will be the responsibility of the receiving agency to contact the originating organisation to determine whether the latter wishes to advise use of any statutory exemption under the provisions of the Data Protection Act.
If an agency receives a request for information under the Freedom of Information Act 2000 and the information requested is identified as belonging to another Organisation, it will be the responsibility of the receiving agency to contact the data owner to determine whether the latter wishes to rely on any statutory exemption under the provisions of the Freedom of Information Act and to identify any perceived harm.