Add to collection(s) Add to saved
  1. Science
  2. Health Science

confidentiality policy

advertisement 
The Pennine Acute Hospitals
NHS Trust
MEDISCREEN OCCUPATIONAL HEALTH DEPARTMENT
CONFIDENTIALITY POLICY
Author
Halina Greer, Practice Development Lead Nurse
Date of approval
Review date
June 2010
May 2012
CONFIDENTIALITY POLICY
INDEX
1
2
3
4
5
6
7
8
9
AIMS
PROFESSIONAL CODE OF CONDUCT
FUNDAMENTAL PRINCIPLES
3.1
Confidentiality
3.2
Consent
3.3
Confidential Information
3.4
Disclosure of Information
COMMUNICATION OF SENSITIVE DATA TO AND FROM THE
OCCUPATIONAL HEALTH DEPARTMENT
4.1
Mail received into Department
4.2
E-Mail
3
3
3
4
4
4
5
5
6
CONFIDENTIALITY - FOR NON-MEDICAL STAFF
REFERENCES
6
APPENDIX 1 - CONFIDENTIALITY STATEMENT
8
APPENDIX 2
Confidentiality Leaflet – NMC
Confidentiality - GMC
APPENDIX 3
BACP – Ethical Framework for Good Practice in Counselling & Psychotherapy
Ethical Framework for Good Practice
in Counselling & Psychotherapy
1
2
AIMS

To ensure that all staff working within Occupational Health, including non-clinical staff,
understand their ethical responsibilities and compliance with The Data Protection Act
(1998).

To provide occupational health staff with an evidence-based frame of reference to use in
all aspects of the role relating to confidentiality.

To provide occupational health staff with guidelines on when it may be appropriate to
disclose confidential information.

To provide occupational health staff with guidance relating to the sharing of information
in compliance with The Data Protection Act (1998).
PROFESSIONAL CODE OF CONDUCT
The NMC code of professional conduct: standards for conduct, performance and ethics states
that;
As a registered nurse/specialist community public health nurse, you are personally accountable
for your practice. In caring for patients and clients, you must:







respect the patient or client as an individual
obtain consent before you give any treatment or care
protect confidential information
co-operate with others in the team
maintain your professional knowledge and competence
be trustworthy
act to identify and minimise risk to patients and clients.
These are the shared values of all the United Kingdom health care regulatory bodies. Doctors
have a duty to meet the standards of competence, care and conduct set out by the GMC. Good
Medical Practice makes clear that patients have a right to expect that information about them
will be held in confidence by their doctors.
Counsellors governing body is (BACP) British Association for Counsellors and Psychotherapists
and they abide by the BACP Ethical Framework. Appendix 3
3
FUNDAMENTAL PRINCIPLES
3.1
Confidentiality
The Occupational Health Department has a duty of care to take reasonable steps to ensure
that confidential information that is held on record (electronically and manually) remains
confidential.
Occupational health records are classed as “sensitive personal data”. Sensitive personal data
is defined by The Data Protection Act as information relating to an employee’s race, ethnicity,
political and religious beliefs, trade union membership, sex life, and criminal record, physical or
mental health.
Although the duty of confidentiality gives control over the content of the record to the data
subject (the employee/client to whom the data applies) the content of the record is the property
of the occupational health professional.
Under The Data Protection Act (1998), individuals have a right to ‘personal data’ held on them
by the Occupational Health Department and can therefore have access to their OH records.
Medical records are the property of the organisation but the information that is held within them
belongs to the data subject. The content of a record generally remains the property of the
person who made the record, namely the occupational health professional. Even then, the
duty of confidentiality gives control over the content of the record to its subject, the
employee/client.
All staff working within the Occupational Health Department will sign a statement regarding
confidentiality. This will include a clause on non-disclosure of any information to a third party
outside of the Occupational Health Department without prior consent.
3.2
Consent
Informed consent is required before disclosing details of a confidential nature to a third party
e.g. Managers, HR, General Practitioners. The employee/client should be made aware of the
reason why information is being disclosed and to whom. Information should only be disclosed
on a “need to know” basis.
Although a verbal consent is valid in law, it is prudent to obtain it in writing before disclosing.
The occupational health professional should ensure that the employee/client understands
precisely what information/documentation will be disclosed.
An employee/client may be held to have given implied consent for disclosure of confidential
information to others who are part of the Occupational Health team and who need to know in
order to carry out the employee/clients care.
The OHN does not need consent from the employee/client to inform managers of:



An employee/client’s fitness for work
An employee/client’s unfitness for work
Reasonable adjustments that could be made to the role to accommodate the
individual.
Under The Data Protection Act (1998), individuals have a right to ‘personal data’ held on them
by the Occupational Health Department and can therefore have access to their OH records.
If the occupational health physician/advisors wishes to view employee/clients occupational
health records that are not pertaining to the current post, written consent is required.
If the occupational health physician/advisor wishes to view employee/clients hospital medical
records, written consent is required.
When a patient or client is considered incapable of giving consent experienced colleagues
should be consulted.
3.3
Confidential Information
As a registered nurse/specialist community public health nurse, you must protect confidential
information;
Treat all information about patients and clients as confidential and use it only for the purposes
for which it was given. As it is impractical to obtain consent every time you need to share
information with others, you should ensure that patients and clients understand that some
information may be made available to other members of the team involved in the delivery of
care. You must guard against breaches of confidentiality by protecting information from
improper disclosure at all times.
3.4
Disclosure of Information
If you are required to disclose information outside the team that will have personal
consequences for patients or clients, you must obtain their consent. If the patient or client
withholds consent, or if consent cannot be obtained for whatever reason, disclosures may be
made only where:


They can be justified in the public interest (usually where disclosure is essential to
protect the patient or client or someone else from the risk of significant harm)
They are required by law or by order of a court.
Where there is an issue of child protection, you must act at all times in accordance with
national and local policies.
The clear principle running through all professional codes is that without consent disclosure
must only take place in exceptional circumstances.






If disclosure is clearly in the employee/clients interest but it is not possible or is
undesirable to seek consent i.e. If the employee/client is thought to be a real danger to
themselves and cannot be persuaded to seek help e.g. if they are displaying suicidal
tendencies.
If it is required by law
If it is unequivocally in the public interest
If it is necessary to safeguard national security or to prevent a serious crime
If it will prevent a serious risk to public health
In certain circumstances for the purposes of medical research.
In all cases of disclosure of information, the member of staff is accountable for their actions. It
is therefore advisable that the reasons are documented and that advice is sought from the
Occupational Health Physician, experienced colleagues, Caldicott Guardian and/or a
professional or regulatory body if in doubt.
In all cases of disclosure of information, the member of staff is accountable for their actions. It
is therefore advisable that the reasons are documented and that advice is sought from the
manager, Occupational Health Physician, experienced colleagues and/or a professional body
such as the Royal College of Nursing or the NMC if necessary.
All staff working within the Occupational Health Department will sign a statement regarding
confidentiality. This will include not disclosing any information to a third party outside of the
Occupational Health Department without prior consent.
4
COMMUNICATION OF SENSITIVE DATA TO AND FROM THE OCCUPATIONAL
HEALTH DEPARTMENT
4.1
Mail received into Department
Any mail received into the Occupational Health Department marked ‘personal and confidential’
or ‘addressee only’ should only be opened by the name individual.
Letters marked ‘Private and Confidential’ may be opened by any of Occupational Health staff
that has a legitimate role in providing care for the client.
4.2
E-Mail
The use of e-mail to communicate to colleagues, managers and HR is an important aspect of
the Occupational Health Department’s role. Care must be taken to ensure that adequate
measures have been taken to ensure that sensitive personal data is kept confidential.
Some outgoing e-mail will contain general information such as appointment details,
recommendations for reasonable adjustments etc however; some in-coming e-mail may
contain sensitive personal data. In the interests of best practice, Occupational Health will act as
though the e-mail does contain sensitive personal data in all cases to reduce the chances of
breach of confidence:
The following steps are recommended:



5
Attach a confidentiality statement to all correspondence that relates to an
occupational health issue that involves an employee/client, whether it contains
sensitive personal data or not.
Ensure that, consent has been obtained from the individual before forwarding
sensitive personal data – (remember that an incoming e-mail that contains
sensitive personal data that is then forwarded with your e-mail requires consent
because it is you who is processing the data).
Print off and store a copy of all outgoing e-mails that relate to employees/client in
the medical notes. In the event of your e-mail being altered or changed, this is
your record that identifies your data entry.
CONFIDENTIALITY - FOR NON-MEDICAL STAFF
Non-Medical staff will have access to, gain knowledge of, or be entrusted with medical and/or
personnel information concerning employees/clients. This information may include matters of a
highly sensitive and/or personal nature.

All staff must not at any time, whether during or after employment with the Trust,
disclose to any person or make use of such confidential information without exception.
This duty includes keeping strictly confidential the names and other details relating to
individuals making and keeping appointments with the occupational health service. It
should be noted that any breaches of confidentially will be subject to disciplinary action.

Enquiries about health of an individual, or individuals, whether made by a third person or
from the individual personally, must be referred to the occupational health advisor. Any
advice sought and/or given, whether from employee/clients’ records or from other
sources, must not then be divulged to any third party by administrative staff without
exception.

No medical or health advice, information, recommendation or opinion is to be given by
administrative staff without exception.

Access to this data, including computerised or manual record, should only be available
to those members of staff who have an absolute right and need to know – i.e.
professionally qualified medical and nursing personnel. As a direct consequence of
carrying out duties non-medical staff may at sometime have or gain access to
individual’s medical records or other confidential information.
Any matters relating to clients of the Occupational Health Service must not be divulged to any
third party by administrative staff without exception. Examples of such information include:





6
1
2
Personal details
Health or medical information
Diagnosis
Clinical investigation
Treatment
REFERENCES
GMC ‘Confidentiality’ published October 1995
NMC– ‘Code of Professional Conduct’ 2005
7
APPENDIX 1 - CONFIDENTIALITY STATEMENT
The Pennine Acute Hospitals
NHS Trust
MEDISCREEN OCCUPATIONAL HEALTH DEPARTMENT
CONFIDENTIALITY POLICY STATEMENT
Aims
To ensure that all staff working within Occupational Health, including non-clinical staff, understand their
ethical responsibilities and compliance with The Data Protection Act (1998).
Confidentiality Statement
All staff working in the Occupational Health Department must sign a confidentiality statement to state
that they have read the Confidentiality Policy, understand the contents and will apply the policy in
practice. This will include not disclosing any information to a third party outside of the Occupational
Health Department without prior consent.
Fundamental Principles
A medical record is created for each employee referred to the Occupational Health Department. The
Counselling service holds separate records for clients which do not form part of the Occupational Health
records
Information (data) is stored in both paper and electronic forms. Both types of storage are covered by
the Data Protection Act 1998. Paper and electronic records and correspondence pertaining to any
aspect of occupational health activities must be kept securely at all times.
Medical records are the legal property of the Trust but the duty of confidentiality gives control over the
content of its record to its subject the employee.
Clients have the right to expect that their medical and personal information will only be used for the
purpose for which it was given and not be passed on to a third party without informed consent
Clients requesting access to their health record may do so in writing and will be required to provide
photographic proof of their identity.
Access to data, including computerised or manual record, should only be available to those members of
staff who are authorised and ‘need to know’
All Occupational Health staff, including non-clinical staff, must treat all information about clients as
confidential, use it only for the purposes for which it was given and protect confidential information from
improper disclosure.
In all cases of disclosure of information, the member of staff is accountable for their actions. It should
be noted that any breaches of confidentially will be subject to disciplinary action.
Disclosure of information
Confidential information can be disclosed where informed consent is clearly provided by the client.
Without consent disclosure must only take place in exceptional circumstances;

If it is required by court of law






If it is unequivocally in the public interest
Where the harm in maintaining confidentiality is greater than that in disclosing the information for
example - If disclosure is clearly in the employee/clients interest but it is not possible or is
undesirable to seek consent i.e. If the employee/client is thought to be a real danger to
themselves or others and cannot be persuaded to seek help e.g. if they are displaying suicidal
tendencies.
If it is necessary to safeguard national security or to prevent a serious crime
If it will prevent a serious risk to public health
In certain circumstances for the purposes of medical research.
If it is unequivocally in the public interest
Confidentiality Statement
During the course of employment you may have access to, gain knowledge of, or be entrusted with
medical and/or sensitive personal information concerning clients.
I understand that access to this information, whether in electronic or manual records, is made available
only to those members of staff who have authorisation and ‘need to know’
I agree not to disclose to any person or make any use of such confidential information as described
above at any time, whether during or after the end of employment with the Occupational Health
Department.
Breach of confidentiality is viewed very seriously. Any such breach may be regarded as misconduct or
gross misconduct and could result in disciplinary action.
I, the undersigned, have read the confidentiality policy and understand and accept the above.
Name………………………………………………………
Job Title……………………………………………………
Signature…………………………………………………..Date……………………………….
8
APPENDIX 2
Confidentiality Leaflet – NMC
Confidentiality - GMC
Related documents
Confidentiality Agreement
Confidentiality Agreement
Integrated Occupational Program Policy
Integrated Occupational Program Policy
Confidentiality and information sharing policy
Confidentiality and information sharing policy
Business Integrity Program-Confidentiality
Business Integrity Program-Confidentiality
Sample Oath of Confidentiality
Sample Oath of Confidentiality
COTSSPLD Conference Application form 2014
COTSSPLD Conference Application form 2014
Download
advertisement