p1 Information

Health and social care staff members: What you should know about Information Governance p2 Information Governance What is Information Governance?

You have probably heard of Clinical or Information Governance provides a framework Social Care Governance, which is a way for to bring together all the legal rules, guidance organisations and individuals to continuously and best practice that apply to the handling improve the quality of health and social care of information, allowing: and ensure high standards of care are provided. • implementation of central advice and You may be aware of Research Governance, guidance; which defines the good practice guidelines • compliance with the law; necessary to ensure health and social care • year on year improvements. research complies with scientific and ethical standards. At its heart, Information Governance is about setting a high standard for the handling of Senior personnel will be involved in Corporate information and giving organisations the tools Governance, which is the way that organisations to achieve that standard. are able to achieve their business objectives and meet the necessary standards of accountability The ultimate aim is to demonstrate that and integrity. an organisation can be trusted to maintain the confidentiality and security of personal Information Governance sits alongside these information by helping individuals to practice other governance initiatives, it is to do with good information governance and be consistent the way organisations process or handle in the way they handle personal and corporate information. It covers personal information, information and avoid duplication of effort, ie that relating to patients/service users and leading to improvements in: employees, and corporate information, eg financial and accounting records. • information handling activities; • patient and service user confidence in Information Governance allows organisations care providers; and individuals to ensure that personal • employee training and development. information is handled legally, securely, efficiently and effectively, in order to deliver the best possible care. It additionally enables organisations to put in place procedures and processes for their corporate information that support the efficient location and retrieval of corporate records where and when needed, in particular to meet requests for information and assist compliance with standards. p3 Information Governance What are the standards and requirements that make up Information Governance?

Information Governance provides a consistent The Department of Health has developed sets way for employees to deal with the many of information governance requirements, different standards and legal rules that apply which enable NHS and partner organisations to to information handling, including: measure their compliance with the information handling standards and legal rules. The • The Data Protection Act 1998. requirements cover all aspects of information • The common law duty of confidence. governance including: • The Confidentiality NHS Code of Practice. • The NHS Care Record Guarantee for England. • data protection and confidentiality; • The Social Care Record Guarantee for • ; England. • information quality; • The international information security • health / care ; standard: ISO/IEC 27002: 2005. • corporate information. • The Information Security NHS Code of Practice. • The Records Management NHS Code of Practice. • The Freedom of Information Act 2000. p4 Information Governance Why should you learn about it?

Information Governance helps ensure that all Records Management NHS Code of Practice employees are following best practice guidelines and equivalent codes for social care records; on information handling. • seek assistance if required.

Information Governance helps all employees Information Governance helps employees to providing care services to manage personal work with others outside of their own area information for the benefit of the patient or and organisation. service user. It depends on teamwork and good Your patients and service users will know communication among all staff to encourage: that their records will not be disclosed inappropriately, which will: • sharing of good practice ideas across departmental and organisational boundaries; • give them greater trust in NHS and social • joint initiatives between health, social care care working practices, and and partner organisations; • encourage them to be more open to sharing • shared efforts and reduced duplication. important personal information with you.

Thereby ensuring they receive care of the best quality.

Information Governance includes training requirements to help ensure that all employees comply with the law and best practice when handling information.

Training and development is a vital component of Information Governance. If you attend or participate in the available training and evaluation, you can ensure you are adequately informed how to:

• respect patient/service user information rights; • use personal information appropriately and legally; • create, file and store corporate documents in line with the best practice records management standards outlined in the p5 Information Governance Information Governance leads to improvements in information handling

The Department of Health has developed Annual Information Governance assessments clear requirements for information handling are performed to help identify good practice to ensure that information is: and highlight areas that need improvement.

• Held securely and confidentially. When assessing information handling, • Obtained fairly and efficiently. Information Governance staff review the • Recorded accurately and reliably. existing policies, procedures and processes • Used effectively and ethically. in place throughout the organisation. They • Shared appropriately and lawfully. ensure that the policies, etc are relevant, understandable and are published and widely The requirements help organisations to distributed throughout an organisation; and ensure that: that employees in general are aware of and comply with them. Where documentation is • appropriate management structures absent or outdated, they arrange for it to be and personnel are in place to oversee IG written or updated. They identify areas of arrangements; good practice and enable them to be shared • information within computerised and paper- with others. based systems is held securely, is accurate and is available when and where needed Your responsibility is to comply with the (for example in the event of an unplanned policies, procedures and processes, and share attendance/admission); any good practice in information handling • processes and procedures for information with the IG staff. and records are efficient and effective; • employees are provided with guidance and appropriate, effective training. p6 Information Governance

It is the responsibility of all organisations to Your responsibility is to undertake the IG comply with the law. The organisation can training specified by your organisation and achieve this by assigning responsibilities for seek assistance from an appropriate source Information Governance issues to named staff, if you require it. and by ensuring that all employees are made aware of their individual responsibilities and Information Governance staff regularly of any penalties for non-compliance. review policies, procedures and processes and employee compliance with them. The Training and awareness raising sessions can outcomes are measured against the Information help to ensure that all employees practice Governance requirements, allowing year in accordance with policies, procedures and on year improvements to be made and any processes and ultimately with the law. Your deterioration in standards to be quickly tackled. organisation will have personnel and/or structures in place to provide you with The outcomes may indicate that further assistance on Information Governance issues. training is required in some areas, or better staff guidance materials are needed that can The Department of Health has made an IG be easily accessed at all times (for example Training Tool available to assist organisations in should an issue arise with a patient/service user ensuring their staff members are appropriately late at night when IG staff are not around to trained in Information Governance. offer advice or assistance).

Users can self-register to use the products in Your responsibility is to participate in the tool or take a guest tour. The tool can be Information Governance surveys carried out by accessed at: www.connectingforhealth.nhs. IG staff so that compliance can be monitored. uk/igtrainingtool. p7 Information Governance Information Governance can help improve patient/service user care

Information Governance can help to improve The NHS and Social Care Record Guarantees the care and services that patients and service for England users receive by: Individuals’ rights regarding the sharing of their Improving the quality of information - accurate personal information are supported by the Care and complete patient/service user information Record Guarantees, which set out high-level means: commitments to patients/service users that their records will be used in ways which respect their • care professionals will be able to rely on the rights and promote their health and wellbeing. information to make decisions about care, treatment and services; Your organisation may make copies of the • care professionals will be able to rely on the Guarantee available to patients/service users, information to communicate effectively with if not; they can be downloaded from the other professionals involved in providing National Information Governance Board for services for the patient/service user; Health and Social Care website: www.nigb.nhs. • patients and service users will receive the uk/guarantee and www.nigb.nhs.uk/social most appropriate treatment or care in a timely manner; • the risks posed by duplicate records will be minimised; • organisations will be correctly paid for the care and services they provide meaning that appropriate services are made available for the local population.

Improving the security of patient/service user information - using robust security processes, controls and management means:

• that the confidentiality of patient/service user information will be maintained; • patients/service users will have increased confidence in the care organisation’s ability to manage their information securely and are therefore more likely to provide accurate, up-to-date information which ultimately improves the quality of care and services they receive. p8 Information Governance

Local guidance Organisations should ensure that there are defined reporting and investigation procedures Your organisation will have patient and service so that employees have access to clear advice user information materials that explain how and guidance networks. personal information is used and how concerns about use can be expressed. Adhering to the Incidents and “near misses” should become guidance will mean that patients/service users’ learning opportunities, to enable employees rights are respected, and they will be assured to avoid similar problems in the future. The that their information is handled in accordance reporting of incidents both actual and potential with the law. Organisations should have an is essential to raising Information Governance effective and well-advertised procedure to standards in the organisation, so you should enable patients/service users to make known make sure you know how to report potential any concerns they have. and actual breaches.

Your responsibilities are to comply with the If you witness an actual or potential breach of promises in the Guarantee and any local Information Governance, your responsibility is guidance, to make sure you know how patients/ to advise the responsible person of their failure service users can obtain a copy of the Guarantee to comply and in most circumstances, to report and/or any locally produced guidance/materials, the matter to your line manager or to the and be prepared to discuss any concerns that are appropriate IG staff. raised, or be able to direct patients/service users to a more knowledgeable member of staff. p9 Information Governance Information Governance will improve records management

NHS organisations: Your responsibility is to make sure you comply The Records Management: NHS Code of Practice with the standards and assist your organisation sets out the required standards of practice for to achieve efficient and effective records all NHS records. management through:

The standards in the Code apply to all those • standardised records creation, including who work within or under contract to NHS naming and filing; organisations in England. It is based on • appropriate storage of records; current legal requirements and professional • controlled access to records; best practice and contains details of the • speedy location and retrieval of records, recommended minimum retention period when and where needed. for each record type.

Social care organisations: There are similar standards of practice contained within legal regulations, National Minimum Standards, local guidance and professional codes of conduct.

These standards apply to all those who provide social care services in care homes and in the service user’s own home. They provide guidance on record creation, security, confidentiality and retention. p10 Information Governance Information Governance involves new ways of working

Multidisciplinary teams should work more Your responsibility is to make patients and closely together to help to reduce repetitive service users aware of any surveys being carried practices and minimise duplication of effort. out regarding Information Governance.

The focus will be on appropriately sharing the A National Information Governance Board for information between professions, leading to: Health and Social Care has been established to support those working in information • a single assessment process for care purposes; governance by providing oversight, developing • joint working between IT and Information and interpreting best practice, promoting Governance employees; consistency and arbitrating on the interpretation • employee time and skills put to more of policy, procedure and legal requirements. effective use; The National Information Governance Board • less annoyance to the patient or service has a web site at www.nigb.nhs.uk/ and can user at having to repeat information be contacted by email at [email protected] or on already given. 020 7633 7052.

IG requires greater patient/service user participation, therefore it is important that the NHS and social care providers listen to the opinions of patients and service users and where appropriate act on those opinions.

Organisations should actively seek patient/ service user participation in decisions about treatment and uses of their personal information and monitor “user satisfaction”, eg by way of public and patient/service user involvement groups or surveys. p11 Information Governance What can you do to make Information Governance a success?

There are several general things you can do Share your good practice to assist your organisation: If you identify ways in which information handling can be improved in your work area Don’t be afraid of change share your ideas with your colleagues. Information Governance merely pulls together all the information handling standards and Encourage others to share their good practice legal rules into one framework. Your colleagues will feel more valued and respected if they know that their ideas are Participate in education and training listened to and where appropriate, action opportunities taken to implement them. Take up any education and training offered to develop your awareness of the legal and organisational requirements when handling information.

Participate in assessments of Information Governance in your area This will enable you to develop and strengthen your understanding of Information Governance, and also assist your organisation to improve the way in which information is handled.

Help your team achieve best practice Make sure you follow the relevant procedures or processes in your organisation, as failure to do so could impact on the whole team.

Don’t be afraid to speak up about shortcomings If you have any concerns about standards or practices in your department, talk with other members of your team or your supervisor or manager.

Ensure that errors give rise to learning A culture of blame is not conducive to improvement being made and lessons can usually be learnt from shortcomings allowing good practice for the future. p12 Information Governance There are also more specific actions you can take to assist the success of Information Governance

Keep personal information secure: whether any potential use of their information Ensure confidential information is not is optional, eg automatic referrals to other unlawfully or inappropriately accessed. agencies.

Comply with your organisation’s computer Make sure the information you use is correct: safety procedures. Do not share your access Ensure the information you record is passwords with others. Ensure you “log out” accurate, legible and complete and if possible, once you have finished using a computer. Do verify personal information with patients/ not leave paper records unattended. Lock service users. rooms and cupboards where personal information is stored. Information quality is an important part of Information Governance. There is little point Keep personal information confidential: in putting procedures in place to protect Only disclose personal information to those information if the information is inaccurate. who legitimately need to know to carry out You should give patients and service users their role. the opportunity to check information held about them and allow them to point out The information the care team needs to know any mistakes. You should encourage them to may be different from the requirements of some inform the organisation if any of their details admin and clerical support staff. Bear in mind have changed. If your organisation has an that you could be overheard and do not discuss information leaflet about the importance of personal information about your patients/service providing accurate information, ensure users on the bus, in corridors, lifts or patients/service users have access to it. the canteen! Please note: Under the Data Protection Act 1998, Ensure that the personal information you use is individuals have the right to request that inaccuracies obtained fairly: in their records are corrected. Inform patients/service users of the reason their information is being collected. Make sure the records/documents you create are appropriately accessible: Organisational compliance with the Data Where there are locally determined rules for Protection Act 1998 depends on employees record/document creation and filing ensure acting in accordance with the law. The Act you comply with them. states information is obtained lawfully and fairly if individuals are informed of the reason Organisations need to be able to locate and their information is required, what will retrieve information, where and when it is generally be done with that information and needed; you can assist this process by adhering who the information is likely to be shared with. to the procedures for record/document creation, Patients/service users should also be informed eg file names, version control and filing/storage. p13 Information Governance

Only use personal information for the purpose for which it was given: Use the information in an ethical way.

This means that personal information that was given for one purpose, eg hospital treatment, should not be used for a totally separate purpose, eg research, unless the individual consents to the new purpose.

Share personal information appropriately and lawfully: Obtain consent before sharing personal information with others.

If you are providing social care and you believe that a service user requires NHS treatment, you should ordinarily obtain the individual’s consent before sharing their details, eg with a health visitor or GP. Similarly, if a patient requires referral to another agency, eg from NHS to social services, check that the patient has agreed to be referred, and is fully aware of and consents to their personal information being passed to that other agency.

Comply with the law and local policies and procedures: Ignorance of the law is not usually a defence for breach.

Your organisation will have spent time and money ensuring that its policies and procedures comply with the law and do not breach patient/ service user rights. Whilst you may not need to know what all the specific rights are, if you comply with these policies and procedures you are unlikely to break the law. p14 Information Governance Work with your patients and service users and take steps to ensure their rights and choices are respected

Don’t be persuaded to break the law: Encourage patients and service users to be You have a duty to protect the confidentiality actively involved in decisions about their care: of patient/service user personal information, Patients/service users have a right to be both under the common law and through Acts involved in decisions about the use of of Parliament. their information.

If anyone asks or pressures you to breach Be open and honest with your patients and this duty discuss the issue with your manager service users and ensure they have sufficient and/or Caldicott Guardian. If a legitimate information to make an informed decision need to disclose without consent is identified about the use of their personal information. senior personnel must make the decision. For example, make sure that there are copies A Caldicott Guardian is a senior person of the Care Record Guarantee available in your responsible for protecting the confidentiality department, or know where to obtain them of patient and service-user information and from if they are stored elsewhere. enabling appropriate information-sharing. The Guardian plays a key role in ensuring Know who to contact for advice: that NHS, Councils with Social Services Make sure that patients and service users are Responsibilities and partner organisations aware of the routes through which a complaint satisfy the highest practical standards for about the use of their information can be made. handling patient identifiable information. You can find out more about Caldicott Guardians Your organisation will have assigned at: www.connectingforhealth.nhs.uk/ responsibility for dealing with complaints about systemsandservices/infogov/caldicott the use of patient/service user information. Often responsibility will have been assigned to You can also contact Public Concern at Work, the Patient Advice and Liaison Service (PALS), an independent body providing free legal advice Complaints Officer or similar, to deal with initial to individuals concerned about wrongdoing complaints, which may then be escalated to in the workplace, on 020 7404 6609 or email: other staff such as the Caldicott Guardian or IG [email protected]. Lead. You must make sure you know who to contact in your organisation and how to contact Communicate clearly: them, and provide this information to patients/ Ensure that the advice and guidance you give service users if asked. to patients/service users is clear.

You should be able to clearly explain why you require the information you have requested, the purposes to which personal information may be put and with whom the information may be shared. If your organisation has an information leaflet, use it to reinforce what you have said. p15 Information Governance So - Information Governance ensures that personal information is dealt with legally, securely, efficiently and effectively

• Understand what Information Governance is.

• Know how Information Governance applies to your role.

• Do your best to improve and encourage good practices in your department.

• Support information handling improvement efforts across your organisation.

• Be receptive to the change process.

• Be a team player.

• Ensure your patients / service users are fully informed.

• Take advantage of training and development opportunities.

Remember: Contacts Information Governance is the responsibility For assistance with: of every employee. You must treat all personal information with respect and regard for • Information Governance Policy confidentiality, information security and • The Information Governance Training Tool information quality. (content issues and technical advice) • The Information Governance Toolkit (content, technical advice and administration issues)

Please contact the Helpdesk on 01392 251289 or by email at: [email protected] p16 Information Governance

For more information about NHS Connecting for Health please visit www.connectingforhealth.nhs.uk

For more information about Information Governance or to download further copies of this brochure, please visit www.connectingforhealth.nhs.uk/ systemsandservices/infogov/links

If you require printed copies of this publication please order via NHS Connecting for Health resources, quoting reference number 4691 www.connectingforheath.nhs.uk/resources

Crown copyright 2010 Information Sharing: Pocket guide This pocket guide • This pocket guide is part of the HM Government information sharing guidance package (2008), which aims to support good practice in information sharing by offering clarity on when and how information can be shared legally and professionally, in order to achieve improved outcomes. • This package of guidance is for practitioners who have to make decisions about information sharing on a case-by-case basis. It is also for managers and advisors who support these practitioners in their decision making and for others with responsibility for information governance. • This pocket guide presents a summary of the key decision making considerations which are detailed in Information Sharing: Guidance for practitioners and managers. It is not designed to be read as a stand alone document, rather to be a helpful tool in reminding the practitioner of the key messages received during training on information sharing and the detailed messages contained in the guidance. Information Sharing: Pocket guide 1

Alongside this document, we have published: • Information Sharing: Guidance for practitioners and managers; • Information Sharing: Case examples which illustrate best practice in information sharing situations; • Information Sharing: Training materials available for local agency and multi-agency training, and for use by training providers; and • Information Sharing: Further guidance on legal issues which is a summary of the laws affecting information sharing. This pocket guide and the other documents can be located at www.everychildmatters.gov.uk/ informationsharing 2 Information Sharing: Pocket guide

Introduction Information sharing is key to the Government’s goal of delivering better, more efficient public services that are coordinated around the needs of the individual. It is essential to enable early intervention and preventative work, for safeguarding and promoting welfare and for wider public protection. Information sharing is a vital element in improving outcomes for all. The Government understands that it is important that people remain confident that their personal information is kept safe and secure and that practitioners maintain the privacy rights of the individual, whilst sharing information to deliver better services. It is therefore important that practitioners can share information appropriately as part of their day-to- day practice and do so confidently. It is important to remember there can be significant consequences to not sharing information as there can be to sharing information. You must use your professional judgement to decide whether to share or not, and what information is appropriate to share. Information Sharing: Pocket guide 3

Myth buster on data protection • The Data Protection Act 1998 is not a barrier to sharing information but provides a framework to ensure that personal information is shared appropriately. • Data protection law reinforces common sense rules of information handling. It is there to ensure personal information is managed in a sensible way. • It helps us strike a balance between the many benefits of public organisations sharing information, and maintaining and strengthening safeguards and privacy of the individual. • It also helps us balance the need to preserve a trusted relationship between practitioner and client with the need to share information to benefit and improve the life chances of the client or protect the public. 4 Information Sharing: Pocket guide

Seven golden rules for information sharing 1. Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately. 2. Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so. 3. Seek advice if you are in any doubt, without disclosing the identity of the person where possible. 4. Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case. 5. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions. Information Sharing: Pocket guide 5

6. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely. 7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose. The ‘ Seven Golden Rules’ and the following Questions 1- 7 will help support your decision making so you can be more confident that information is being shared legally and professionally. If you answer ‘not sure’ to any of the questions, seek advice from your supervisor, manager, nominated person within your organisation or area, or from a professional body. 6 Information Sharing: Pocket guide Seek advice No Not sure Yes Yes Yes to be identified? Do you have consent? for sharing information? Is the information confidential? Does the information enable a person Is there a clear and legitimate purpose You are asked to or wish share information No No Yes Flowchart of key questions for information sharing Information Sharing: Pocket guide 7 share Do not No No to share? Is there sufficient public interest in line with your agency’s or local procedures. Record the information sharing decision and your reasons, not aware of this and it would create or increase risk harm. Yes Share information: • Identify how much information to share. • Distinguish fact from opinion. • Ensure that you are giving the right information to person. • Ensure you are sharing the information securely. Inform the person that information has been shared if they were • share If there are concerns that a child may be at risk of significant harm or an adult of serious harm, then follow the relevant procedures without delay. Seek advice if you are not sure what to do at any stage and ensure that the outcome of the discussion is recorded. You can 8 Information Sharing: Pocket guide

Question 1 Is there a clear and legitimate purpose for sharing information? • Why do you or the other person want the information? • What is the outcome you are trying to achieve? • Could the aims be achieved without sharing the information? Information Sharing: Pocket guide 9

Golden rule Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately. Other things to consider: • Do not assume that you need to share the whole case file. • Different agencies may have different processes for sharing information. You will need to be guided by your agency’s policies and procedures and, where applicable, by your professional code. For more details, see the Information Sharing: Guidance for practitioners and managers paragraphs 3.3 – 3.9. 10 Information Sharing: Pocket guide

Question 2 Does the information enable a living person to be identified? • If the information is about an identifiable living individual, or could enable a living person to be identified when considered with other information, it is personal information and is subject to data protection law. This is likely to be the case in the course of your work. You should be open about what information you might need to share and why. • However, it may not be appropriate to inform a person that information is being shared, or seek consent to this sharing. This is the case if informing them is likely to hamper the prevention or investigation of a serious crime, or put a child at risk of significant harm or an adult at risk of serious harm. Information Sharing: Pocket guide 11

Golden rule Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so. Other things to consider: • If the person was informed about how and with whom their personal information might be shared at the outset, it will usually not be necessary to inform them again as long as the use as described in the original notification is the same. For more details, see the Information Sharing: Guidance for practitioners and managers paragraph 3.10 – 3.11. 12 Information Sharing: Pocket guide

Question 3 Is the information confidential? • Not all information is confidential. • Confidential information is information of a private or sensitive nature that is: • not already lawfully in the public domain or readily available from another public source; and • has been provided in circumstances where the person giving the information could reasonably expect that it would not be shared with others. Information Sharing: Pocket guide 13

Golden rule Seek advice if you are in any doubt, without disclosing the identity of the person where possible. For more details, see the Information Sharing: Guidance for practitioners and managers paragraphs 3.12 – 3.16. If the information is not confidential you must now consider Question 6. If the information is confidential you must now consider Question 4. 14 Information Sharing: Pocket guide

Question 4 Do you have consent to share? • You should seek consent where possible and respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement on the facts of the case, that lack of consent can be overridden in the public interest. • You do not always need consent to share personal information. There will be some circumstances where you should not seek consent, for example, where doing so would: • place a child at increased risk of significant harm; or • place an adult at increased risk of serious harm; or • prejudice the prevention, detection or prosecution of a serious crime; or • lead to unjustified delay in making enquiries about allegations of significant harm or serious harm. Information Sharing: Pocket guide 15

Golden rule Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You need to base your judgement on the facts of the case. Other things to consider: • Generally, there should be ‘no surprises’. • Obtaining explicit consent is best practice. It can be expressed either verbally or in writing, although written consent is preferable since that reduces the scope for subsequent dispute. • You will need to consider whose consent should be sought. Does the person have the capacity to understand and make their own decisions on this occasion? If not, is someone else authorised to act on their behalf? • Consent must be informed, i.e. when people agree to information sharing, they must understand how much of their information needs to be shared, who will see it, why it is necessary to share the information and any implications of sharing or not sharing. • Consent can be withdrawn at any time. For more details, see the Information sharing: Guidance for practitioners and managers paragraphs 3.17 – 3.37. 16 Information Sharing: Pocket guide

Question 5 Is there sufficient public interest to share the information? • Even where you do not have consent to share confidential information, you may lawfully share if this can be justified in the public interest. Where consent cannot be obtained or is refused, or where seeking it is unsafe or inappropriate (as explained at Question 4), the question of whether there is a sufficient public interest must be judged by the practitioner on the facts of each case. A public interest can arise in a wide range of circumstances. For a fuller definition of public interest refer to the Glossary in Information Sharing: Guidance for practitioners and managers. • Where you have a concern about a person, you should not regard refusal of consent as necessarily to mean that you cannot share confidential information. • In making the decision you must weigh up what might happen if the information is shared against what might happen if it is not, and make a decision based on professional judgement. Information Sharing: Pocket guide 17

Golden rule Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions. Other things to consider: • A competent adult has the right to make decisions which may put themselves at risk but which present no risk of significant harm to children or serious harm to other adults. In this case it may not be justifiable to share information without consent. For more details, see the Information Sharing: Guidance for practitioners and managers paragraphs 3.38 – 3.47. If you decide not to share information you must consider Question 7. If you decide to share information you must consider Question 6. 18 Information Sharing: Pocket guide

Question 6 Are you sharing information appropriately and securely? • Only share what is necessary to achieve the purpose, distinguishing clearly between fact and opinion. • Share only with the person or people who really need to know the information. • Make sure the information is accurate and up-to-date. • Understand the limits of any consent given and especially if the information has been provided by a third party. • Check who will see the information and share the information in a secure way. For example, confirm the identity of the person you are talking to; ensure a conversation or phone call cannot be overheard; use secure email; ensure that the intended person will be on hand to receive a fax. • Establish with the recipient whether they intend to pass it on to other people and ensure that they understand the limits of any consent that has been given. • Inform the person to whom the information relates that you are sharing the information, if it is safe to do so, and if you have not already told them that their information may be shared. Information Sharing: Pocket guide 19

Golden rule Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely. For more details, see the Information sharing: Guidance for practitioners and managers paragraphs 3.48 – 3.49. 20 Information Sharing: Pocket guide

Question 7 Have you properly recorded your information sharing decision? • Record your information sharing decision and your reasons, including what information you have shared and with whom, following your agency’s arrangements for recording information and in line with any local information sharing procedures in place. • If, at any stage, you decide not to share information, you should record this decision and the reasons for it.

Golden rule Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose. For more details, see the Information Sharing: Guidance for practitioners and managers paragraphs 3.50 – 3.51. Information Sharing: Pocket guide 21

Local contacts Insert names and numbers of your local information sharing contacts here. You can download this publication or order copies online at: www.teachernet.gov.uk/publications Search using the ref: DCSF-00808-2008 Copies of this publication can also be obtained from: Department for Children, Schools and Families Publications PO Box 5050 Sherwood Park, Annesley Nottingham NG15 ODJ Tel 0845 60 222 60 Fax 0845 60 333 60 Textphone 0845 60 555 60 Please quote ref 00808-2008BKT-EN ISBN: 978-1-84775-274-1 PPCOL/D35(3933)/1008/55 © Crown Copyright 2008 Published by the Department for Children, Schools and Families, and Communities and Local Government Extracts from this document may be reproduced for non-commercial research, education or training purposes on the condition that the source is acknowledged. For any other use please contact [email protected]