The Pennine Acute Hospitals NHS Trust MEDISCREEN OCCUPATIONAL HEALTH DEPARTMENT CONFIDENTIALITY POLICY Author Halina Greer, Practice Development Lead Nurse Date of approval Review date June 2010 May 2012 CONFIDENTIALITY POLICY INDEX 1 2 3 4 5 6 7 8 9 AIMS PROFESSIONAL CODE OF CONDUCT FUNDAMENTAL PRINCIPLES 3.1 Confidentiality 3.2 Consent 3.3 Confidential Information 3.4 Disclosure of Information COMMUNICATION OF SENSITIVE DATA TO AND FROM THE OCCUPATIONAL HEALTH DEPARTMENT 4.1 Mail received into Department 4.2 E-Mail 3 3 3 4 4 4 5 5 6 CONFIDENTIALITY - FOR NON-MEDICAL STAFF REFERENCES 6 APPENDIX 1 - CONFIDENTIALITY STATEMENT 8 APPENDIX 2 Confidentiality Leaflet – NMC Confidentiality - GMC APPENDIX 3 BACP – Ethical Framework for Good Practice in Counselling & Psychotherapy Ethical Framework for Good Practice in Counselling & Psychotherapy 1 2 AIMS To ensure that all staff working within Occupational Health, including non-clinical staff, understand their ethical responsibilities and compliance with The Data Protection Act (1998). To provide occupational health staff with an evidence-based frame of reference to use in all aspects of the role relating to confidentiality. To provide occupational health staff with guidelines on when it may be appropriate to disclose confidential information. To provide occupational health staff with guidance relating to the sharing of information in compliance with The Data Protection Act (1998). PROFESSIONAL CODE OF CONDUCT The NMC code of professional conduct: standards for conduct, performance and ethics states that; As a registered nurse/specialist community public health nurse, you are personally accountable for your practice. In caring for patients and clients, you must: respect the patient or client as an individual obtain consent before you give any treatment or care protect confidential information co-operate with others in the team maintain your professional knowledge and competence be trustworthy act to identify and minimise risk to patients and clients. These are the shared values of all the United Kingdom health care regulatory bodies. Doctors have a duty to meet the standards of competence, care and conduct set out by the GMC. Good Medical Practice makes clear that patients have a right to expect that information about them will be held in confidence by their doctors. Counsellors governing body is (BACP) British Association for Counsellors and Psychotherapists and they abide by the BACP Ethical Framework. Appendix 3 3 FUNDAMENTAL PRINCIPLES 3.1 Confidentiality The Occupational Health Department has a duty of care to take reasonable steps to ensure that confidential information that is held on record (electronically and manually) remains confidential. Occupational health records are classed as “sensitive personal data”. Sensitive personal data is defined by The Data Protection Act as information relating to an employee’s race, ethnicity, political and religious beliefs, trade union membership, sex life, and criminal record, physical or mental health. Although the duty of confidentiality gives control over the content of the record to the data subject (the employee/client to whom the data applies) the content of the record is the property of the occupational health professional. Under The Data Protection Act (1998), individuals have a right to ‘personal data’ held on them by the Occupational Health Department and can therefore have access to their OH records. Medical records are the property of the organisation but the information that is held within them belongs to the data subject. The content of a record generally remains the property of the person who made the record, namely the occupational health professional. Even then, the duty of confidentiality gives control over the content of the record to its subject, the employee/client. All staff working within the Occupational Health Department will sign a statement regarding confidentiality. This will include a clause on non-disclosure of any information to a third party outside of the Occupational Health Department without prior consent. 3.2 Consent Informed consent is required before disclosing details of a confidential nature to a third party e.g. Managers, HR, General Practitioners. The employee/client should be made aware of the reason why information is being disclosed and to whom. Information should only be disclosed on a “need to know” basis. Although a verbal consent is valid in law, it is prudent to obtain it in writing before disclosing. The occupational health professional should ensure that the employee/client understands precisely what information/documentation will be disclosed. An employee/client may be held to have given implied consent for disclosure of confidential information to others who are part of the Occupational Health team and who need to know in order to carry out the employee/clients care. The OHN does not need consent from the employee/client to inform managers of: An employee/client’s fitness for work An employee/client’s unfitness for work Reasonable adjustments that could be made to the role to accommodate the individual. Under The Data Protection Act (1998), individuals have a right to ‘personal data’ held on them by the Occupational Health Department and can therefore have access to their OH records. If the occupational health physician/advisors wishes to view employee/clients occupational health records that are not pertaining to the current post, written consent is required. If the occupational health physician/advisor wishes to view employee/clients hospital medical records, written consent is required. When a patient or client is considered incapable of giving consent experienced colleagues should be consulted. 3.3 Confidential Information As a registered nurse/specialist community public health nurse, you must protect confidential information; Treat all information about patients and clients as confidential and use it only for the purposes for which it was given. As it is impractical to obtain consent every time you need to share information with others, you should ensure that patients and clients understand that some information may be made available to other members of the team involved in the delivery of care. You must guard against breaches of confidentiality by protecting information from improper disclosure at all times. 3.4 Disclosure of Information If you are required to disclose information outside the team that will have personal consequences for patients or clients, you must obtain their consent. If the patient or client withholds consent, or if consent cannot be obtained for whatever reason, disclosures may be made only where: They can be justified in the public interest (usually where disclosure is essential to protect the patient or client or someone else from the risk of significant harm) They are required by law or by order of a court. Where there is an issue of child protection, you must act at all times in accordance with national and local policies. The clear principle running through all professional codes is that without consent disclosure must only take place in exceptional circumstances. If disclosure is clearly in the employee/clients interest but it is not possible or is undesirable to seek consent i.e. If the employee/client is thought to be a real danger to themselves and cannot be persuaded to seek help e.g. if they are displaying suicidal tendencies. If it is required by law If it is unequivocally in the public interest If it is necessary to safeguard national security or to prevent a serious crime If it will prevent a serious risk to public health In certain circumstances for the purposes of medical research. In all cases of disclosure of information, the member of staff is accountable for their actions. It is therefore advisable that the reasons are documented and that advice is sought from the Occupational Health Physician, experienced colleagues, Caldicott Guardian and/or a professional or regulatory body if in doubt. In all cases of disclosure of information, the member of staff is accountable for their actions. It is therefore advisable that the reasons are documented and that advice is sought from the manager, Occupational Health Physician, experienced colleagues and/or a professional body such as the Royal College of Nursing or the NMC if necessary. All staff working within the Occupational Health Department will sign a statement regarding confidentiality. This will include not disclosing any information to a third party outside of the Occupational Health Department without prior consent. 4 COMMUNICATION OF SENSITIVE DATA TO AND FROM THE OCCUPATIONAL HEALTH DEPARTMENT 4.1 Mail received into Department Any mail received into the Occupational Health Department marked ‘personal and confidential’ or ‘addressee only’ should only be opened by the name individual. Letters marked ‘Private and Confidential’ may be opened by any of Occupational Health staff that has a legitimate role in providing care for the client. 4.2 E-Mail The use of e-mail to communicate to colleagues, managers and HR is an important aspect of the Occupational Health Department’s role. Care must be taken to ensure that adequate measures have been taken to ensure that sensitive personal data is kept confidential. Some outgoing e-mail will contain general information such as appointment details, recommendations for reasonable adjustments etc however; some in-coming e-mail may contain sensitive personal data. In the interests of best practice, Occupational Health will act as though the e-mail does contain sensitive personal data in all cases to reduce the chances of breach of confidence: The following steps are recommended: 5 Attach a confidentiality statement to all correspondence that relates to an occupational health issue that involves an employee/client, whether it contains sensitive personal data or not. Ensure that, consent has been obtained from the individual before forwarding sensitive personal data – (remember that an incoming e-mail that contains sensitive personal data that is then forwarded with your e-mail requires consent because it is you who is processing the data). Print off and store a copy of all outgoing e-mails that relate to employees/client in the medical notes. In the event of your e-mail being altered or changed, this is your record that identifies your data entry. CONFIDENTIALITY - FOR NON-MEDICAL STAFF Non-Medical staff will have access to, gain knowledge of, or be entrusted with medical and/or personnel information concerning employees/clients. This information may include matters of a highly sensitive and/or personal nature. All staff must not at any time, whether during or after employment with the Trust, disclose to any person or make use of such confidential information without exception. This duty includes keeping strictly confidential the names and other details relating to individuals making and keeping appointments with the occupational health service. It should be noted that any breaches of confidentially will be subject to disciplinary action. Enquiries about health of an individual, or individuals, whether made by a third person or from the individual personally, must be referred to the occupational health advisor. Any advice sought and/or given, whether from employee/clients’ records or from other sources, must not then be divulged to any third party by administrative staff without exception. No medical or health advice, information, recommendation or opinion is to be given by administrative staff without exception. Access to this data, including computerised or manual record, should only be available to those members of staff who have an absolute right and need to know – i.e. professionally qualified medical and nursing personnel. As a direct consequence of carrying out duties non-medical staff may at sometime have or gain access to individual’s medical records or other confidential information. Any matters relating to clients of the Occupational Health Service must not be divulged to any third party by administrative staff without exception. Examples of such information include: 6 1 2 Personal details Health or medical information Diagnosis Clinical investigation Treatment REFERENCES GMC ‘Confidentiality’ published October 1995 NMC– ‘Code of Professional Conduct’ 2005 7 APPENDIX 1 - CONFIDENTIALITY STATEMENT The Pennine Acute Hospitals NHS Trust MEDISCREEN OCCUPATIONAL HEALTH DEPARTMENT CONFIDENTIALITY POLICY STATEMENT Aims To ensure that all staff working within Occupational Health, including non-clinical staff, understand their ethical responsibilities and compliance with The Data Protection Act (1998). Confidentiality Statement All staff working in the Occupational Health Department must sign a confidentiality statement to state that they have read the Confidentiality Policy, understand the contents and will apply the policy in practice. This will include not disclosing any information to a third party outside of the Occupational Health Department without prior consent. Fundamental Principles A medical record is created for each employee referred to the Occupational Health Department. The Counselling service holds separate records for clients which do not form part of the Occupational Health records Information (data) is stored in both paper and electronic forms. Both types of storage are covered by the Data Protection Act 1998. Paper and electronic records and correspondence pertaining to any aspect of occupational health activities must be kept securely at all times. Medical records are the legal property of the Trust but the duty of confidentiality gives control over the content of its record to its subject the employee. Clients have the right to expect that their medical and personal information will only be used for the purpose for which it was given and not be passed on to a third party without informed consent Clients requesting access to their health record may do so in writing and will be required to provide photographic proof of their identity. Access to data, including computerised or manual record, should only be available to those members of staff who are authorised and ‘need to know’ All Occupational Health staff, including non-clinical staff, must treat all information about clients as confidential, use it only for the purposes for which it was given and protect confidential information from improper disclosure. In all cases of disclosure of information, the member of staff is accountable for their actions. It should be noted that any breaches of confidentially will be subject to disciplinary action. Disclosure of information Confidential information can be disclosed where informed consent is clearly provided by the client. Without consent disclosure must only take place in exceptional circumstances; If it is required by court of law If it is unequivocally in the public interest Where the harm in maintaining confidentiality is greater than that in disclosing the information for example - If disclosure is clearly in the employee/clients interest but it is not possible or is undesirable to seek consent i.e. If the employee/client is thought to be a real danger to themselves or others and cannot be persuaded to seek help e.g. if they are displaying suicidal tendencies. If it is necessary to safeguard national security or to prevent a serious crime If it will prevent a serious risk to public health In certain circumstances for the purposes of medical research. If it is unequivocally in the public interest Confidentiality Statement During the course of employment you may have access to, gain knowledge of, or be entrusted with medical and/or sensitive personal information concerning clients. I understand that access to this information, whether in electronic or manual records, is made available only to those members of staff who have authorisation and ‘need to know’ I agree not to disclose to any person or make any use of such confidential information as described above at any time, whether during or after the end of employment with the Occupational Health Department. Breach of confidentiality is viewed very seriously. Any such breach may be regarded as misconduct or gross misconduct and could result in disciplinary action. I, the undersigned, have read the confidentiality policy and understand and accept the above. Name……………………………………………………… Job Title…………………………………………………… Signature…………………………………………………..Date………………………………. 8 APPENDIX 2 Confidentiality Leaflet – NMC Confidentiality - GMC