SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Welcome to the
Joint Information Sharing Workshop
1
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Introduction to the
Information Sharing Workshop
NIGB would like to thank County Durham and Tees Valley
Information Governance Leads Group who allowed us to adapt this
workshop from their original workshop materials
2
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The role of the
National Information Governance Board
(NIGB)
3

To support improvements in information
governance in health and social care

To advise on the use of powers under section
251 of the NHS Act 2006
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Our definition
‘Information governance describes the structures,
policies and practices which are used to ensure
the confidentiality and security of records of
individuals
Correctly developed and implemented it enables
the appropriate and ethical use of information for
the benefit of individuals and the public good’.
4
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
History of NIGB

2005 – review of IG in DH and wider NHS

2007 – ‘shadow’ NIGB takes over functions of
the Care Record Development Board
2008 – NIGB becomes a statutory body
2009 – NIGB takes over the functions of the
Patient Information Advisory Group (PIAG)


5
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The NIGB as a Statutory Body
6

The NIGB is an Advisory Non-departmental
Public body

Reports to the Secretary of State and of
Health

It’s Statutory powers support it in delivering
it’s terms of reference
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Who are we?

22 members 
12 public members appointed by Appointments
Commission
 10 organisations invited to be represented by
Secretary of State for Health



7
Corresponding Advisors
Observers
Statements of Collaborative Working
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Dealing with complex issues
NIGB regularly has to deal with complex,
often ethical, issues
 No right or wrong answer – the best
answer using available evidence
 Varied background of members makes it
ideally placed to do this

8
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?




9
Importance of multi-agency information
sharing and information sharing protocols
Stockton Information Sharing Workshop Pilot
NIGB analysis and review of the pilot
materials
To be made available on NIGB website for
training
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Role of the Caldicott Guardian
10
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
History of Caldicott
 In 1997 the NHS established a Caldicott
Committee led by Dame Fiona Caldicott
 Caldicott Committee (1996-97)
Review of patient-identifiable information commissioned
by the Chief Medical Officer of England . . .
“owing to increasing concern about the ways in
which patient information is being used in the NHS
in England and Wales and the need to ensure that
confidentiality is not undermined.”
11
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
History of Caldicott cont.


12
The review recommended that “Guardians” of
personal information be created to safeguard
and govern the uses made of confidential
information with the NHS
In 2002 Calidcott standards were extended
into Social Care
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
So what are the Caldicott principles?

13
The Caldicott principles and processes provide
a framework of quality standards for the
management of confidentiality and access to
personal information
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The Caldicott Report ( Sept ’97)
Six key principles:
 Principle 1 – Justify the purpose for using confidential
information
 Principle 2 – Only use it when absolutely necessary
 Principle 3 – Use the minimum that is required
 Principle 4 – Access should be on a strict need to know
basis
 Principle 5 – Everyone must understand their
responsibilities
 Principle 6 – Understand and comply with the law.
14
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Key Caldicott Guardian responsibilities
Supported by the Information Governance Team
the Caldicott Guardian has responsibility for:
15

Strategy and Governance

Confidentiality and Data Protection expertise

Internal Information Processing

Information
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The Caldicott Report
Sixteen specific recommendations, one of which
was that:
“A senior person, preferably a health professional, should
be nominated in each health organisation to act as a
guardian, responsible for safeguarding the confidentiality
of patient information.”
16
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The role of the Caldicott Guardian
To play a key role in ensuring Health & Social Care
organisations satisfy the highest practical standards for
handling an individuals identifiable data.
 To work as part of the broader Information Governance
function with support staff
 To have a strategic role representing and championing
Information Governance requirements and issues at
senior management level
 Advise on the implementation of the Electronic Social
Care Record and Common Assessment Framework

17
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Caldicott Guardian Role
“The conscience of the organisation”
Establish the highest practical standards for
handling personally identifiable information in the
NHS and Social Care monitoring process against an
annual improvement plan
18
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Presenters
19
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Today is About…
. . . knowing how to share information:
 Safely
 Legally and
 Confidentially
. . . and an opportunity for you to share knowledge
and concerns with other professionals to improve
multi-agency information sharing
20
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Why is information sharing so
important?
it is essential to safeguard and promote the welfare of
children, young people and vulnerable adults
 to achieve the best outcome for the individual
 To prevent death or serious harm as a result of:





21
Failing to record information
To share it
To understand the significance of the information shared
To take appropriate action in relation to known or suspected
abuse or neglect
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Consequences of not sharing
information appropriately
1973 – Maria Colwell – killed by her stepfather
sustaining severe internal injuries and brain damage
 2000 – Victoria Climbie – died of hypothermia after
months of sustained abuse by her guardians
 2002 - Soham Murders – death of 2 ten year old girls
by Ian Huntley a school caretaker
 2007 - Baby Peter, died of horrific injuries inflicted by
his carers - Laming enquiry criticised failings in
information sharing between agencies

22
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Adult Safeguarding





23
2006 – Steven Hoskin had learning disabilities and was
39 years old
Sustained repeated abuse by youths including assault,
forced to take drink and drugs and made to falsely
confess to being a paedophile
Reports of anti-social behaviour connected to the flat
Steven was marched to top of a viaduct and forced over
the edge
Serious Case Review – ‘information sharing poor’
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Adult Safeguarding
2007 - Death of Francesca Hardwick (daughter), severe
learning disabilities, Fiona Pilkington (mother) primary
carer.
 After 10 years of repeated verbal abuse, a sustained
campaign of vandalism, harassment and intimidation by
local youths, Fiona set light to their car
 Inquest criticised ‘failure to share information between
the Police and local councils’

24
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Local Case - Adult Safeguarding
2007 - Susan Hale (service user) and Sarah Merritt
(agency carer) murdered by David Tiley a convicted
rapist
 Police were monitoring Tiley as one of 300 violent or
sex offenders in Southampton
 Tiley had been on sex offenders’ register after being
convicted of two counts of rape
 In and out of prison for breaching order for failing to
notify Police of his address

25
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Local Case - Adult Safeguarding
Living with Ms Hale following release in 2007 Tiley was
subject to MAPPA (multi-agency public protection
arrangements)
 Review led by a member of the Prison Service
concluded that there ‘needed to be improved relations
between agencies’ and
 Lessons needed to be learned

26
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The Legal Context







The Data Protection Act 1998
The Human Rights Act 1998
The Health and Social Care Act 2008
Common Law of Confidentiality
Administrative Law
FOI Act 2000
Other Legislation e.g.

27
Children Act, Mental Capacity Act, Gender recognition Act,
Adoption Act
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
So, what about Data Protection?





28
The Data Protection Act is not a barrier to sharing
information
Confidentiality is a boundary to be negotiated and can
be a barrier sometimes but not where there is a public
interest justification such as the protection of others
Practitioners should understand when, why and how
they should share information to do so confidently and
appropriately
It provides a framework to ensure information is shared
appropriately
Consent should be best practice
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
A Duty of Confidence
A duty of confidence arises when one person discloses information
to another (e.g. patient to clinician, client to social worker) in
circumstances where it is reasonable to expect that the information
will be held in confidence or where it is obvious the information is
confidential in nature.
The duty of confidence 


29
Is a legal obligation derived from case-law.
Is a requirement within professional codes of conduct.
Is included within many employment contracts as a specific
requirement linked to disciplinary procedures.
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Exemptions to the Duty of Confidence
Where there is legal requirement (either under
statute or a court order) to disclose the information
(for instance, notification of certain diseases to public
health authorities);
 Where there is an overriding duty to the public (for
instance, the information concerns the commission of
a criminal offence or relates to life-threatening
circumstances); or
 Where the individual to whom the information relates
has consented to the disclosure

30
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
How do we obtain consent?






31
Consent should be sought at the earliest opportunity
Social Care record consent on the Permission to Share form signed by
both social work professional and the individual or their
representative. In Heath this should be recorded in the patient notes
Clear explanation should be given to the individual on what they are
consenting to and for how long
It should be made clear that consent can be withdrawn at any time
but we will share when there is a legal requirement to do so
Individuals should understand that if they withdraw their consent
this may affect services we can provide to them
Revisiting consent – at least annually or when a new event/episode
of care happens
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Implied Consent

32
Consent not expressly given:
 Often consent is assumed for sharing information with
colleagues within an organisation i.e. in Health if a patient
sees a nurse for a test, it is assumed that the patient will
consent for the results to be shared with the treating
doctor.
 In Social Care sharing with other departments in the Local
Authority would require explicit consent for another
purpose unless there is a legal reason for sharing.
 Sharing information between health care colleagues in
different organisations e.g. ambulance crews to A & E staff
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Explicit or Informed Consent
Agreement to sharing should be recorded
 Individuals should be made aware of: 

What information is to be shared
 What is the purpose of sharing it
 Who it is to be shared with
 How the information will be protected
 Whether it may be further shared
 That they have the right to refuse (if they do)
 The consequences of refusal and agreement to consent
33
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Competence to Consent
Children and young people
 16 assumed to be competent
 Under 16 competent if they have the capacity to
understand and take own decisions
 Otherwise consent from whoever has parental
responsibility
 Onus of proof shifts from being on the child to being on
the person wanting to assert lack of capacity.

34
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Competence to Consent

Adult unable to give consent?

Take into account the views of relatives or carers
 Respect any previously expressed wishes
 Mental Capacity Act (MCA)
 Adults lacking capacity may have an advocate
 Provision under MCA for proxy consent via LPA or Court
appointed deputy
 Ultimately, the professional must act in individuals best
interests
 Record the decision and the reasons for it
35
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Understanding consequences


36
Explain consequences of agreeing to consent
Explain consequences of refusing consent i.e.
Limiting services – housing etc.
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Sharing without consent

37
There are some circumstances in which sharing confidential
information without consent will normally be justified in the
public interest:
 When there is evidence that the child/vulnerable adult is
suffering or is at risk of suffering harm; or
 Where there is reasonable cause to believe that a child
/vulnerable adult may be suffering or at risk of significant
harm; or
 To prevent significant harm arising to children/vulnerable
adults including through the prevention, detection and
prosecution of serious crime
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
So, what if they say No?
Consider Public Interest justification before seeking
consent which could affect approach to consent.
 I.e. need to provide the information but would prefer
to disclose with their agreement. Give an opportunity
for them to state their case for non-disclosure.
 May not be appropriate if there is risk to staff or
others.

38
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
So, what if they say No?

If the individual is competent to make the decision and
they fully understand the consequences of the decision
for care or treatment:
 Understand their reasons and see if they can be
satisfied
 Can care be provided in different way? (Must be
practical)
 Balance the risks – consider ‘public interest’ – you
may need to share anyway . . .
- Harm to self
- Harm or risk to others
39
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Even Worse!
What if they say “Yes” . . .
and then change their mind!
40
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
QUESTIONS TO ASK BEFORE SHARING INFORMATION
Q: Can I still disclose if they don’t consent?
“There must never be another tragic
case where a child suffers as a result of
professionals not sharing what they
know.”
Margaret Hodge
“…in every judgment they make, staff
have to balance the right of a parent
with that of the protection of the
child.”
Lord Laming,
The Victoria Climbié Inquiry
41
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
QUESTIONS TO ASK BEFORE SHARING INFORMATION
Q: Can I still disclose if they don’t consent?
 Failure to share information appropriately can be a
serious breach of care
 Sharing without consent may be necessary and
appropriate under some circumstances:




42
When a child is believed to be at serious risk of harm
When there is evidence of serious public harm or risk to
others or and individual
For the prevention, detection or prosecution of serious
crime
When instructed to do so by a court
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Proportionality

The proposed disclosure should be proportionate to the
need to protect the child’s/vulnerable adult’s welfare

The amount of information disclosed and the number of
people to whom it is disclosed should be no more than is
necessary to meet the public interest in protecting the
health and well-being of the child/vulnerable adult
43
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
When in Doubt



44
Consult a Manager/Caldicott Guardian or Data
Protection/Information Governance Officer
Obtain advice from legal services if
appropriate
Record reasons why a decision was made to:
 Override the requirement to seek
consent
 Share information without consent
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?

Power of Attorney


Difficult Areas
May not include access to records
Pre Adoption records

Only medical history should be in new record – procedures
 Protected Addresses
Gillick Competency
 Father and son same name
 Parental rights


Gender Re-assignment
Deceased Records


Police requests

45
Not covered by DP Act – remove anything the patient would have expected
to keep private and third party data
Section 29 forms
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Why do we need an
Information Sharing Protocol ?





46
What data do we want to share?
With whom do we want to share it?
Why do we want to share it?
How can we justify sharing it?
How do we comply with the law?
PROACTIVE FRAMEWORK
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
1
Using the Three Tier Model at local
level
Principles we all will work to contained in the
high level Protocol
2 Purpose for Sharing Information e.g. Care of Adults
3 Process of how we will share the information in the
Service Level Information Sharing protocol
47
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
The Protocol should describe






48
How we comply with the Law
Why we need to share the information
How we justify sharing the information
What information we want to share
With whom we will share the information
How we will protect the information
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
How We Comply With The Law









49
How we restrict access to the information -consent
Who needs to know, how much
What security will protect it
How long it will be kept for
What format will it be in
When it can be destroyed or Archived
Subject Access rights
Data Quality
Hiding behind legislation and red tape!!!
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Coffee Break!
50
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Breakout Objectives



51
A more informed understanding about why
information should be shared, when and with
whom.
Clarification of the legal and ethical issues that
surround information sharing.
A toolkit to support information sharing
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Breakout Objectives



52
Increased awareness of partner agencies and
their responsibilities and concerns in relation
to information sharing.
Strategies for disseminating these ideas to
others in your organisations.
Impact of new technology on information
sharing.
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Delegate Objective





53
Clarification on safe, legal and confidential
ways to send information via computer
To get a more informed understanding about
sharing information
To link/network with other delegates with the
same remit as myself
To widen my knowledge of the subject area
To explore issues/dilemmas/barriers with
other professionals
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Group Work One
Raising the issues –
? What will happen if we Do share information?
? What could happen if we Don’t
share information?
54
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Instructions





With the help of your facilitator
Work through the two stories on your table
Pick up each card in turn
Read the scenario and decide who you would or
wouldn’t share the information with
Debate in your groups whether or not having all of
the information would change any decisions made
You have 40 minutes to complete this exercise
55
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Group Work Two
Deciding What to Share
- Would We?
- Could We?
- Should We?
56
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Instructions




Pick a scenario card, work through as many
scenarios as you have time for
Discuss and decide if you would share the
information
Discuss and decide if you could share the
information
Discuss and decide if you should share the
information
You have 40 minutes to complete this exercise
57
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Feedback from Tables and any questions


Each table to raise one question for the panel
of experts during the feedback session
Any issues arising from exercises
Thank you to all our expert IG facilitators today!
58
NIGB
17 May 2010
SHARING INFORMATION: HOW DO I MAKE SURE IT’S SAFE, LEGAL AND CONFIDENTIAL?
Key messages
 Remember the Data Protection Act is not a barrier to
sharing information
 Be open and honest




Seek advice
Share with appropriate consent
Consider safety and well-being
Necessary, proportionate, relevant, accurate, timely and
secure
 Keep a record
59
NIGB
17 May 2010