Introduction
The Springfield Project is committed to offering a confidential service to all adults, children, young people and families who use its services. In practice this means that all information collected during the course of delivering services will be treated with respect, and processed and shared only in accordance with the Data Protection Act 2018 (DPA), our Data Protection Policy and the ICO Code of Practice on Data Sharing (the Data Sharing Code of Practice).
Everyone using the Springfield Project’s services will be made aware that their information will be kept confidential unless there is a concern regarding the safety and wellbeing of a vulnerable adult, child or children, or in circumstances where the law requires that information is disclosed.
All staff have a responsibility to keep service user information confidential.
This Policy should be read in conjunction with the Data Protection Policy, Subject Access Request Policy, Data Security Policy, Data Retention Policy, Data Breach Policy, HR Data Protection Policy and Privacy Notice.
Service Users
The term ‘service user’ is used in this policy to refer to all adults using our services. It also relates to young people who are of sufficient age and understanding to give or withhold consent on their own behalf. The ability to give or withhold consent on behalf of a child rests with adults with parental responsibility.
Data Collection and Security
All information collected in relation to service users must be recorded accurately, be relevant and factual. All service users are made aware of the purpose for which their information is being collected as well as the extent of their right to access their information. Only the adults with parental responsibility may complete information in relation to a child. This is particularly important in relation to extended families and children attending the Centre with their childminder. All records are to be kept securely in accordance with the Data Security Policy.
Information Sharing Within the Springfield Project Team
On a day-to-day basis, staff will need to share information with their line manager to ensure safe practice and accountability. Sharing information with other staff members will be on a need-to-know basis. Staff members need to be mindful of where and when they discuss confidential service user information to ensure that other staff members do not overhear confidential information.
Access to Information
The following Caldicott principles are relevant and Springfield Project staff should:
• Justify the purpose for requiring information (improving quality of care, monitoring, planning services)
• Only use when absolutely necessary
• Use the minimum level of information required. If required for monitoring or evaluation then information should be anonymised
• Access is strictly on a need-to-know basis
• Everyone must understand their responsibilities
• Any access to information must comply with the law
• Inform service users about how their information will be used
Multi Agency Information Sharing
Multi agency involvement and the sharing of information is vital for early intervention to ensure that vulnerable adults, children and young people with identified needs get the services they require. It is also essential to protect vulnerable adults, children and young people from suffering harm from abuse or neglect and to prevent them from offending. Information sharing should only occur where there is a clear reason for it to happen and legal powers exists that enable the agencies involved to do so. The information concerned should be both relevant to and proportional for the purpose concerned. Any information that partners share with the Project will be treated in accordance with the Data Protection Principles.
The Springfield Project will have a Data Sharing Agreement in place with partners with whom they regularly share data. This will comply with the Data Sharing Code of Practice,
The Key Principles for Information Sharing are:
• Safeguarding and promoting the welfare of a vulnerable adult, child or young person is the prime consideration in all decision making about information sharing.
• Every proposal to share service user identifiable information between organisations must have a defined and justifiable purpose.
• Any service user identifiable information must be accurate and objective and the minimum information required for the stated purpose.
• Article 8 of the European Convention on Human Rights gives everyone the right to respect for family life, home and correspondence.
• Authorities can only interfere with this if they are acting lawfully, are pursuing a legitimate aim, which includes protection of health and the rights of others and the action is no more than is needed. Sometimes this may mean a worker has to balance one individual’s rights against another’s e.g. a child’s rights against the parents.
• Access to service user identifiable information will be restricted on a ‘need to share’ basis. Key responsibilities on Information Sharing
• The Springfield project will ensure that all service users are aware of the circumstances in which their information would or could be shared with the reasons for it and will ask for their consent.
• The Springfield Project will ensure that service users understand that there are times when their information must be shared, with or without their consent; where to withhold information would put that vulnerable adult, child, young person or others at risk of significant harm or an adult at risk of significant harm, or if it would undermine the prevention, detection or prosecution of a serious crime, including where seeking consent might lead to interference with any potential investigation.
• All decisions taken about sharing information about a vulnerable adult, child or young person will consider the safety and welfare of that vulnerable adult, child or a young person. • Where there is concern that the vulnerable adult or child may be suffering or is at risk of suffering significant harm, the vulnerable adult’s or child’s safety and welfare will be the overriding consideration.
• Where possible the wishes of adults, children, young people and families who do not consent to share confidential information will be respected as long as they do not conflict with the safety or welfare of any vulnerable adult, child or young person.
• If, in the judgement of a Designated Safeguarding Lead, there is sufficient need, then the lack of consent from the individual concerned will be overridden. The rationale for the decision will be recorded in that individual’s record.
• If there is any doubt as to sharing a vulnerable adult, child or young person’s information, especially where the doubt relates to a concern about possible significant harm to a vulnerable adult, child or young person, or serious harm to others then advice will be sought from The Local Authority’s Children’s Advice and Support Service or the Adult and Communities Access Point.
• Any information that is shared must be accurate and up to date, necessary for the purpose for which it is being shared, shared only with those people who need to see it and shared securely.
• The member of staff sharing information will be responsible to ensure that the decision and reasons for the decision are clearly and concisely recorded in the service user record. • In deciding whether there is a need to share information the Springfield Project’s legal obligations will be considered including whether the information is confidential and if it is confidential, whether there is a public interest sufficient to justify sharing. This decision will always be made at Designated Safeguarding Lead or Senior Leader.
• Information will be given to all service users to ensure they understand that any information provided may be shared with a limited range of people or for limited purposes and this will not be a breach of confidentiality.
Information Sharing Procedure
This procedure is based on the 6 points for Good Practice as set out in Information Sharing: Practitioners’ Guide (HMG 2006)
1. At the first point of contact all service users will receive an explanation of how, when and why information will be shared about them and with whom; and that consent is normally obtained, unless it puts the vulnerable adult or child at risk or undermines a criminal investigation. Project staff ensure adults and parents have information about the Safeguarding of Vulnerable Adults Policy, the Safeguarding Children and Child Protection Policy.
2. Consider the safety and welfare of the child or vulnerable adult when making a decision about sharing information.
If there are concerns regarding ‘significant harm’ the vulnerable adult or child’s welfare and safety is always paramount. Any concerns are recorded and discussed with the Designated Safeguarding Lead. The decisions made are recorded accurately along with the reasons why information will be shared and with whom. All staff follow the policy and procedures for reporting concerns and record keeping.
3. Respect the wishes of vulnerable adults, children and parents not to consent to share confidential information.
Where an individual does not consent to share their confidential information, this must be respected. However, when it is in the best interests of a vulnerable adult, child or young person, a judgement will be made as to whether it is reasonable to override an individual’s wishes. Guidelines
for consent form part of this procedure. Designated Safeguarding Leads are able to advise individual practitioners accordingly.
4. Seek advice when there are doubts about possible significant harm to a vulnerable adult, child or others.
Staff will seek advice from the Designated Safeguarding Lead for Children or Vulnerable Adults. If there are doubts or they are unsure then The Local Authority’s Children’s Advice and Support Service or the Adults and Communities Access Point will be contacted for advice.
5. Information shared should be accurate and up-to-date, necessary for the purpose it is being shared for and shared only with those who need to know and shared securely. The Safeguarding Adults Policy and Procedures, The Safeguarding and Child Protection Policy and Procedures and Record Keeping Policy set out how and where information should be recorded and what information should be shared with another agency when making a referral and how confidential information will be stored.
6. Reasons for decisions to share information, or not, are recorded.
Provision for this is set out in the Record Keeping Policy. The decision made and rationale will be recorded and signed in the service user record. Service Users have a right to be informed that their consent to share information will be sought in most cases, as well as the kinds of circumstances when their consent may not be sought, or their refusal to give consent overridden.
In making the decision to share information, the following questions are considered:
• Is there legitimate purpose to sharing the information?
• Does the information enable the person to be identified?
• Is the information confidential?
• If the information is confidential, do you have consent to share?
• Is there a statutory duty or court order to share information?
• If consent is refused, or there are good reasons not to seek consent, is there sufficient public interest to share information?
• If the decision is to share, is the right information being shared in the right way? • Has the decision been properly recorded?
All the undertakings above are subject to the paramount commitment of the Springfield Project which is to the safety and welfare of the vulnerable adult, child or children involved. Please also see the Safeguarding and Child Protection Policy and Procedure, the Data Protection policy, and the Safeguarding Adults Policy.
Confidential Information Relating to the Business of The Springfield Project and Partners
The Project operates a strict policy with regard to The Project’s own confidential information. Staff members will not use or divulge to any person or firm, any confidential information identifying or relating to the Project, except in the proper course of their duties. This includes information which has come to their knowledge during their employment, details of which are not in the public domain, or such confidential information or trade secrets relating to the business of any client or supplier of the Project. This includes, but is not limited to, information to the detriment or prejudice of the Project or any of the Project’s clients or suppliers. Staff members accept that this obligation will continue at all times both during and after the termination of their employment unless and until the confidential information has come into the public domain.
The Project will regard any breach of confidentiality as a serious disciplinary offence and it may lead to action under the Project’s disciplinary procedure. Depending on the seriousness of the offence, this may also amount to potential gross misconduct and may result in your summary dismissal.
| Policy review | |
| Responsibility | The Data Protection Manager |
| Procedure | In partnership with the senior leadership team. |
| Timing | Next review May 2027 unless legislation changes |