17 May 20101 SHARING INFORMATION: HOW DO I MAKE SURE ITS SAFE, LEGAL AND CONFIDENTIAL? NIGB Welcome to the Joint Information Sharing Workshop.

17 May 20101

SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?

NIGB

Welcome to the Joint Information Sharing Workshop

17 May 20102


NIGB

Introduction to the Information Sharing Workshop

NIGB would like to thank County Durham and Tees Valley Information Governance Leads Group who allowed us to adapt this

workshop from their original workshop materials

17 May 20103


NIGB

To support improvements in information governance in health and social care

To advise on the use of powers under section 251 of the NHS Act 2006

The role of the National Information Governance Board

(NIGB)

17 May 20104


NIGB

Our definition‘Information governance describes the structures,

policies and practices which are used to ensure the confidentiality and security of records of

individuals Correctly developed and implemented it enables

the appropriate and ethical use of information for the benefit of individuals and the public good’.

17 May 20105


NIGB

History of NIGB 2005 – review of IG in DH and wider NHS

2007 – ‘shadow’ NIGB takes over functions of the Care Record Development Board

2008 – NIGB becomes a statutory body 2009 – NIGB takes over the functions of the

Patient Information Advisory Group (PIAG)

17 May 20106


NIGB

The NIGB as a Statutory Body The NIGB is an Advisory Non-departmental

Public body

Reports to the Secretary of State and of Health

It’s Statutory powers support it in delivering it’s terms of reference

17 May 20107


NIGB

Who are we? 22 members -

12 public members appointed by Appointments Commission

10 organisations invited to be represented by Secretary of State for Health

Corresponding Advisors Observers Statements of Collaborative Working

17 May 20108


NIGB

Dealing with complex issues NIGB regularly has to deal with complex,

often ethical, issues No right or wrong answer – the best

answer using available evidence Varied background of members makes it

ideally placed to do this

17 May 20109


NIGB

Importance of multi-agency information sharing and information sharing protocols

Stockton Information Sharing Workshop Pilot NIGB analysis and review of the pilot materials To be made available on NIGB website for

training

17 May 201010


NIGB

Role of the Caldicott Guardian

17 May 201011


NIGB

History of Caldicott In 1997 the NHS established a Caldicott Committee led by Dame Fiona

Caldicott Caldicott Committee (1996-97)

Review of patient-identifiable information commissioned by the Chief Medical Officer of England . . .

“owing to increasing concern about the ways in which patient information is being used in the NHS in England and Wales and the need to ensure that confidentiality is not undermined.”

17 May 201012


NIGB

History of Caldicott cont. The review recommended that “Guardians” of

personal information be created to safeguard and govern the uses made of confidential information with the NHS

In 2002 Calidcott standards were extended into Social Care

17 May 201013


NIGB

So what are the Caldicott principles? The Caldicott principles and processes provide

a framework of quality standards for the management of confidentiality and access to personal information

17 May 201014


NIGB

The Caldicott Report ( Sept ’97)Six key principles: Principle 1 – Justify the purpose for using confidential

information Principle 2 – Only use it when absolutely necessary Principle 3 – Use the minimum that is required Principle 4 – Access should be on a strict need to know

basis Principle 5 – Everyone must understand their

responsibilities Principle 6 – Understand and comply with the law.

17 May 201015


NIGB

Key Caldicott Guardian responsibilities

Supported by the Information Governance Team the Caldicott Guardian has responsibility for:

Strategy and Governance

Confidentiality and Data Protection expertise

Internal Information Processing

Information

17 May 201016


NIGB

The Caldicott Report

Sixteen specific recommendations, one of which was that:

“A senior person, preferably a health professional, should be nominated in each health organisation to act as a guardian, responsible for safeguarding the confidentiality of patient information.”

17 May 201017


NIGB

The role of the Caldicott Guardian To play a key role in ensuring Health & Social Care

organisations satisfy the highest practical standards for handling an individuals identifiable data.

To work as part of the broader Information Governance function with support staff

To have a strategic role representing and championing Information Governance requirements and issues at senior management level

Advise on the implementation of the Electronic Social Care Record and Common Assessment Framework

17 May 201018


NIGB

Caldicott Guardian Role

“The conscience of the organisation”

Establish the highest practical standards for handling personally identifiable information in the NHS and Social Care monitoring process against an

annual improvement plan

17 May 201019


NIGB

Presenters

17 May 201020


NIGB

Today is About…

. . . knowing how to share information: Safely Legally and Confidentially

. . . and an opportunity for you to share knowledge and concerns with other professionals to improve multi-agency information sharing

17 May 201021


NIGB

Why is information sharing so important?

it is essential to safeguard and promote the welfare of children, young people and vulnerable adults

to achieve the best outcome for the individual To prevent death or serious harm as a result of:

Failing to record information To share it To understand the significance of the information shared To take appropriate action in relation to known or suspected

abuse or neglect

17 May 201022


NIGB

Consequences of not sharing information appropriately

1973 – Maria Colwell – killed by her stepfather sustaining severe internal injuries and brain damage

2000 – Victoria Climbie – died of hypothermia after months of sustained abuse by her guardians

2002 - Soham Murders – death of 2 ten year old girls by Ian Huntley a school caretaker

2007 - Baby Peter, died of horrific injuries inflicted by his carers - Laming enquiry criticised failings in information sharing between agencies

17 May 201023


NIGB

Adult Safeguarding 2006 – Steven Hoskin had learning disabilities and was

39 years old Sustained repeated abuse by youths including assault,

forced to take drink and drugs and made to falsely confess to being a paedophile

Reports of anti-social behaviour connected to the flat Steven was marched to top of a viaduct and forced over

the edge Serious Case Review – ‘information sharing poor’

17 May 201024


NIGB

Adult Safeguarding 2007 - Death of Francesca Hardwick (daughter), severe

learning disabilities, Fiona Pilkington (mother) primary carer.

After 10 years of repeated verbal abuse, a sustained campaign of vandalism, harassment and intimidation by local youths, Fiona set light to their car

Inquest criticised ‘failure to share information between the Police and local councils’

17 May 201025


NIGB

Local Case - Adult Safeguarding 2007 - Susan Hale (service user) and Sarah Merritt

(agency carer) murdered by David Tiley a convicted rapist

Police were monitoring Tiley as one of 300 violent or sex offenders in Southampton

Tiley had been on sex offenders’ register after being convicted of two counts of rape

In and out of prison for breaching order for failing to notify Police of his address

17 May 201026


NIGB

Local Case - Adult Safeguarding Living with Ms Hale following release in 2007 Tiley was

subject to MAPPA (multi-agency public protection arrangements)

Review led by a member of the Prison Service concluded that there ‘needed to be improved relations between agencies’ and

Lessons needed to be learned

17 May 201027


NIGB

The Legal Context The Data Protection Act 1998 The Human Rights Act 1998 The Health and Social Care Act 2008 Common Law of Confidentiality Administrative Law FOI Act 2000 Other Legislation e.g.

Children Act, Mental Capacity Act, Gender recognition Act, Adoption Act

17 May 201028


NIGB

So, what about Data Protection? The Data Protection Act is not a barrier to sharing

information Confidentiality is a boundary to be negotiated and can

be a barrier sometimes but not where there is a public interest justification such as the protection of others

Practitioners should understand when, why and how they should share information to do so confidently and appropriately

It provides a framework to ensure information is shared appropriately

Consent should be best practice

17 May 201029


NIGB

A Duty of ConfidenceA duty of confidence arises when one person discloses information to another (e.g. patient to clinician, client to social worker) in circumstances where it is reasonable to expect that the information will be held in confidence or where it is obvious the information is confidential in nature.

The duty of confidence - Is a legal obligation derived from case-law. Is a requirement within professional codes of conduct. Is included within many employment contracts as a specific

requirement linked to disciplinary procedures.

17 May 201030


NIGB

Exemptions to the Duty of Confidence Where there is legal requirement (either under

statute or a court order) to disclose the information (for instance, notification of certain diseases to public health authorities);

Where there is an overriding duty to the public (for instance, the information concerns the commission of a criminal offence or relates to life-threatening circumstances); or

Where the individual to whom the information relates has consented to the disclosure

17 May 201031


NIGB

How do we obtain consent? Consent should be sought at the earliest opportunity Social Care record consent on the Permission to Share form signed by

both social work professional and the individual or their representative. In Heath this should be recorded in the patient notes

Clear explanation should be given to the individual on what they are consenting to and for how long

It should be made clear that consent can be withdrawn at any time but we will share when there is a legal requirement to do so

Individuals should understand that if they withdraw their consent this may affect services we can provide to them

Revisiting consent – at least annually or when a new event/episode of care happens

17 May 201032


NIGB

Implied Consent Consent not expressly given:

Often consent is assumed for sharing information with colleagues within an organisation i.e. in Health if a patient sees a nurse for a test, it is assumed that the patient will consent for the results to be shared with the treating doctor.

In Social Care sharing with other departments in the Local Authority would require explicit consent for another purpose unless there is a legal reason for sharing.

Sharing information between health care colleagues in different organisations e.g. ambulance crews to A & E staff

17 May 201033


NIGB

Explicit or Informed Consent Agreement to sharing should be recorded Individuals should be made aware of: -

What information is to be shared What is the purpose of sharing it Who it is to be shared with How the information will be protected Whether it may be further shared That they have the right to refuse (if they do) The consequences of refusal and agreement to consent

17 May 201034


NIGB

Competence to Consent Children and young people

16 assumed to be competent Under 16 competent if they have the capacity to

understand and take own decisions Otherwise consent from whoever has parental

responsibility Onus of proof shifts from being on the child to being on

the person wanting to assert lack of capacity.

17 May 201035


NIGB

Competence to Consent Adult unable to give consent?

Take into account the views of relatives or carers Respect any previously expressed wishes Mental Capacity Act (MCA) Adults lacking capacity may have an advocate Provision under MCA for proxy consent via LPA or Court

appointed deputy Ultimately, the professional must act in individuals best

interests Record the decision and the reasons for it

17 May 201036


NIGB

Understanding consequences

Explain consequences of agreeing to consent Explain consequences of refusing consent i.e.

Limiting services – housing etc.

17 May 201037


NIGB

Sharing without consent There are some circumstances in which sharing confidential

information without consent will normally be justified in the public interest:

When there is evidence that the child/vulnerable adult is suffering or is at risk of suffering harm; or

Where there is reasonable cause to believe that a child /vulnerable adult may be suffering or at risk of significant harm; or

To prevent significant harm arising to children/vulnerable adults including through the prevention, detection and prosecution of serious crime

17 May 201038


NIGB

So, what if they say No? Consider Public Interest justification before seeking

consent which could affect approach to consent. I.e. need to provide the information but would prefer

to disclose with their agreement. Give an opportunity for them to state their case for non-disclosure.

May not be appropriate if there is risk to staff or others.

17 May 201039


NIGB

So, what if they say No? If the individual is competent to make the decision and

they fully understand the consequences of the decision for care or treatment: Understand their reasons and see if they can be

satisfied Can care be provided in different way? (Must be

practical) Balance the risks – consider ‘public interest’ – you

may need to share anyway . . .- Harm to self- Harm or risk to others

17 May 201040


NIGB

Even Worse!What if they say “Yes” . . .

and then change their mind!

17 May 201041


NIGB

QUESTIONS TO ASK BEFORE SHARING INFORMATION

Q: Can I still disclose if they don’t consent?

“There must never be another tragic case where a child suffers as a result of professionals not sharing what they know.” Margaret Hodge

“…in every judgment they make, staff have to balance the right of a parent with that of the protection of the child.” Lord Laming,

The Victoria Climbié Inquiry

17 May 201042


NIGB

QUESTIONS TO ASK BEFORE SHARING INFORMATIONQ: Can I still disclose if they don’t consent?

Failure to share information appropriately can be a serious breach of care

Sharing without consent may be necessary and appropriate under some circumstances:

When a child is believed to be at serious risk of harm When there is evidence of serious public harm or risk to

others or and individual For the prevention, detection or prosecution of serious

crime When instructed to do so by a court

17 May 201043


NIGB

Proportionality The proposed disclosure should be proportionate to the

need to protect the child’s/vulnerable adult’s welfare

The amount of information disclosed and the number of people to whom it is disclosed should be no more than is necessary to meet the public interest in protecting the health and well-being of the child/vulnerable adult

17 May 201044


NIGB

When in Doubt Consult a Manager/Caldicott Guardian or Data

Protection/Information Governance Officer Obtain advice from legal services if

appropriate Record reasons why a decision was made to:

Override the requirement to seek consent

Share information without consent

17 May 201045


NIGB

Difficult Areas Power of Attorney

May not include access to records Pre Adoption records

Only medical history should be in new record – procedures Protected AddressesGillick Competency Father and son same name Parental rights

Gender Re-assignment Deceased Records

Not covered by DP Act – remove anything the patient would have expected to keep private and third party data

Police requests Section 29 forms

17 May 201046


NIGB

Why do we need an Information Sharing Protocol ?

What data do we want to share? With whom do we want to share it? Why do we want to share it? How can we justify sharing it? How do we comply with the law? PROACTIVE FRAMEWORK

17 May 201047


NIGB

Using the Three Tier Model at local level

Principles we all will work to contained in the high level Protocol

Purpose for Sharing Information e.g. Care of Adults

Process of how we will share the information in the Service Level Information Sharing protocol

1

2

3

17 May 201048


NIGB

The Protocol should describe How we comply with the Law Why we need to share the information How we justify sharing the information What information we want to share With whom we will share the information How we will protect the information

17 May 201049


NIGB

How We Comply With The Law How we restrict access to the information -consent Who needs to know, how much What security will protect it How long it will be kept for What format will it be in When it can be destroyed or Archived Subject Access rights Data Quality Hiding behind legislation and red tape!!!

17 May 201050


NIGB

Coffee Break!

17 May 201051


NIGB

Breakout Objectives A more informed understanding about why

information should be shared, when and with whom.

Clarification of the legal and ethical issues that surround information sharing.

A toolkit to support information sharing

17 May 201052


NIGB

Breakout Objectives Increased awareness of partner agencies and

their responsibilities and concerns in relation to information sharing.

Strategies for disseminating these ideas to others in your organisations.

Impact of new technology on information sharing.

17 May 201053


NIGB

Delegate Objective Clarification on safe, legal and confidential

ways to send information via computer To get a more informed understanding about

sharing information To link/network with other delegates with the

same remit as myself To widen my knowledge of the subject area To explore issues/dilemmas/barriers with

other professionals

17 May 201054


NIGB

Group Work OneRaising the issues – ? What will happen if we Do share information?? What could happen if we Don’t

share information?

17 May 201055


NIGB

Instructions With the help of your facilitator Work through the two stories on your table Pick up each card in turn Read the scenario and decide who you would or

wouldn’t share the information with Debate in your groups whether or not having all of

the information would change any decisions made

You have 40 minutes to complete this exercise

17 May 201056


NIGB

Group Work Two

Deciding What to Share- Would We?- Could We?- Should We?

17 May 201057


NIGB

Instructions Pick a scenario card, work through as many

scenarios as you have time for Discuss and decide if you would share the

information Discuss and decide if you could share the

information Discuss and decide if you should share the

information

You have 40 minutes to complete this exercise

17 May 201058


NIGB

Feedback from Tables and any questions Each table to raise one question for the panel

of experts during the feedback session Any issues arising from exercises

Thank you to all our expert IG facilitators today!

17 May 201059


NIGB

Key messages Remember the Data Protection Act is not a barrier to

sharing information Be open and honest Seek advice Share with appropriate consent Consider safety and well-being Necessary, proportionate, relevant, accurate, timely and

secure Keep a record

17 May 20101 SHARING INFORMATION: HOW DO I MAKE SURE ITS SAFE, LEGAL AND CONFIDENTIAL? NIGB Welcome to the Joint Information Sharing Workshop.

Documents

sharing information

nigb history of nigb

identifiable information

personal information

nigb role

information governance

shadow nigb

nigb welcome