Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Share London Train-the-Trainer “Best Practice in Information Sharing” London Councils and Private Public Ltd would like to thank NIGB who allowed.

Published byAndrew Pereira Modified over 10 years ago

Similar presentations

Presentation on theme: "Data Share London Train-the-Trainer “Best Practice in Information Sharing” London Councils and Private Public Ltd would like to thank NIGB who allowed."— Presentation transcript:

1 Data Share London Train-the-Trainer “Best Practice in Information Sharing”
London Councils and Private Public Ltd would like to thank NIGB who allowed us to include their materials into this workshop

2 Why are we here today? To share key resources about data sharing
To share tools and materials that will support you in training your staff To meet colleagues and exchange experience To exchange and generate ideas about good practice and the way forward

3 Training Session Plan Introduction Warm-up session: Group Exercise
Presentation: Key Training Areas & Training Tips Coffee Forum Feedback forms

4 You have 30 minutes to complete this exercise
Warm-up: Group Exercise Choose 1 of the 3 scenarios on the table As instructed by your facilitator each person takes a card Beginning with the oldest date each person decides who they would or would not share the information with, they then read the card to the group Debate in your groups whether or not having all of the information would change any decisions made You have 30 minutes to complete this exercise

5 Outcomes of Your Training Session
By the end of the session, you expect your trainees to be... Familiar with the principles of data sharing Aware of resources and support materials Able to ask and answer the key questions More confident about sharing data Understand key processes better Other?

6 What are we trying to achieve?
Excellent Customer Service Data Protection Compliance with law, local agreements and practice Confidence & Engagement of Staff Safeguarding Efficiency and Productivity Other outcomes?

7 Partners: With whom do we share information?
Examples of multi-agency provision of public services – Inside and outside government networks Local Authorities Movement of homeless household to a new temporary accommodation Revenues and customs send info to the Department for Work and Pensions Sharing data about children subject to Child Protection Plans Children's Services send case information to the police Child Abuse Investigation Team Central Government Health Police

8 Partners: With whom do we share information?
Examples of multi-agency provision of public services – Inside and outside government networks Criminal Justice Exchange of Child Protection Plans with probation and other agencies Information exchange relating to a common assessment of a young person Children's Services placing a child in a care home and communicating sensitive care assessment details Schools Private / Third Sector

9 Partners: Mapping out the interactions
Take a typical service user for your area, and describe a map of the relevant data sharing interactions, by answering the following questions: Why information is to be shared What information to share What consent exists to share information Who information is to be sent to How to securely share information What to do with the information

10 Judgement of frontline professionals
Principles Ad-hoc data sharing Judgement of frontline professionals Pre-planned / regular data sharing Pre-designed routine mark brangwyn 18/10/2010 see cut

11 Information Sharing Protocols & Agreements
Principles Information Sharing Protocols & Agreements Not legally required But can help in a complex legal environment Partners Sign up to rules and processes But there is a wide agreement on the key questions and issues – and these form the basis of the best information sharing agreements

12 Guidelines and Procedures
Most effectively, various guidance documents can be used if selected and combined for your particular organisation. These guidelines are usually not legally binding but they outline key procedures and help share data confidently. They can be used to help trainees better understand: How and why specific information is being shared Key processes and procedures for routine or exceptional situations Roles and structures supporting data exchange Legal issues and how compliance with the Data Protection Act is established Security procedures to mitigate risks and ensure confidentiality. HM Government Government departments & public sector organisations Individual protocols and agreements E.g., Department for Education, NHS, local councils etc E.g., Purpose / Subject / Situation Specific Information Sharing Agreement

13 Public sector organisations Individual protocols and agreements
Guidelines and Procedures A protocol is “not intended to be a substitute for the professional judgement which an experienced practitioner will use in those cases and should not be used instead of that judgement” The ICO It is important to be confident in sharing data where necessary in order to safeguard an individual. HM Government Public sector organisations Individual protocols and agreements Individual Judgement

14 Some Key Concepts Informed Consent
Gillick Competency and Fraser Guidelines The Six Caldicott Principles Social Care and NHS Care Record Guarantees Pseudonymisation and de-identification

15 Informed Consent What constitutes consent? How to seek consent?
How to explain information sharing? How to ensure that consent is informed? How to decide whose consent to seek? When and how to share information without consent?

16 Informed Consent Consent is an agreement to an action based on the knowledge of what the action involves and its likely consequences. To be valid, consent should be informed and freely given. Informed consent means that the person giving consent understands why information needs to be shared, who may see their information, what it will be used for and the implications of not sharing that information.

17 The Period of Consent The period of consent is not the same as the period during which the shared information is kept by the receiving organisation. “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.” Data Protection Act 1998, Principle 5 The period of consent lasts for as long as the service(s) is (are) provided. However, service users can withdraw consent at any time and should be advised how to do that.

18 Implied vs Explicit Consent
Consent does not need to be written, though a signed consent form, as evidence of consent, is good practice. Consent can also be expressed orally, or can be inferred from circumstances in which the information was given (implied consent). Reliance on implied consent is particularly common in the healthcare context. Implied consent is defined as ‘consent which is inferred from a persons’ conduct in the light of facts and matters which they are aware of, or ought reasonably to be aware of, including the option of saying ‘no’ (DoH Information Policy Unit, January 2001). However, if consent is relied on to meet the Data Protection Act schedule 3 condition to share sensitive personal data that consent must be explicit.

19 When is Consent not Required?
There are circumstances under which information can be shared without consent. These include: where the subject does not have mental capacity and it is in their best interest to share information to prevent or assist in the detection of crime to protect the vital interest of the person concerned or another person, such as a life and death situation to comply with a court order. For more details see: Data Protection Act 1998 and exemptions from the DPA The Assessment of Mental Capacity Audit Tool Mental Capacity Act 2005: Deprivation of liberty safeguards - Code of Practice to supplement the main Mental Capacity Act 2005

20 Golden Rule for Data Sharing
Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case.*

21 Gillick Competency-Fraser Guidelines
Children and Informed Consent When deciding whether a child is mature enough to make decisions, people often talk about whether a child is 'Gillick competent' or whether they meet the 'Fraser guidelines'. For detailed guidance on children and informed consent see: Confidentiality and information sharing: children and young people (PDF, 143KB) In: NSPCC Practice Guidance. London: NSPCC, 2010 London Child Protection Procedures. London Safeguarding Children Board, 2010 Unaccompanied Children Seeking Asylum: Privacy, Consent and Data Protection. ARCH, 2010

22 Six Caldicott Principles
In the NHS and Social Care services, the Caldicott principles have been adopted to guide the use of personal information. Justify the purpose(s) of using confidential information Don't use patient identifiable information unless it is absolutely necessary Use the minimum necessary patient-identifiable information Access to patient identifiable information should be on a strict need-to-know basis Everyone with access to patient identifiable information should be aware of their responsibilities Understand and comply with the law Each NHS Trust and local council has designated a Caldicott Guardian, who is responsible for adherence to the Caldicott principles and who can be asked for advice.

23 Social & NHS Care Record Guarantee
The Social Care Record Guarantee (SCRG) The SCRG for England explains in a clear and concise manner how personal information is used in social care and what controls an individual has over it. It applies to both electronic and paper social care records for both Adults and Children's Services in England. The NHS Care Record Guarantee The NHS Care Record Guarantee for England sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It also applies to both paper and electronic records. Whilst not a legal document, the Guarantee could be used as the basis for a complaint.

24 Pseudonymisation Pseudonymisation is concerned with enabling the NHS to undertake secondary (non-medical) use of patient data in a legal, safe and secure manner. The overall aim of implementing pseudonymisation is to facilitate: The legal and secure use of patient data for secondary purposes by the NHS (and other organisations involved in the commissioning and provision of NHS-commissioned care) NHS business to no longer use identifiable data in its non-direct care related work wherever possible NHS business processes to continue to be effective in supporting the day-to-date operation of the NHS. The implementation of pseudonymisation is based on each local organisation undertaking its own pseudonymisation as appropriate.

25 Pseudonymisation techniques
There is no universal technique of effective pseudonymisation Rather, combinations of techniques applied to the data and controls on the recipient will need to be chosen as appropriate for the given circumstances to ensure the recipient cannot infer identities from the data. Example techniques include: stripping out / not displaying person identifiers; replacing person identifiers with other values; aggregating data; using derivations (displaying values that reflect the character of the source data); using synthetic data (mixing up elements of a dataset) etc. Reversible or irreversible pseudonymisation There may be a need to see identifiers, e.g. to check data quality issues (which are masked once data has been pseudonymised).

26 Pseudonymisation: Key Challenges
Organisation and Processes Culture & Skills Technology Selecting techniques Ensuring lawful outcome Volume of data flows Data quality Pseudonymisation facilities Safe Havens to store identifiable data Other?

27 Process Flow: What do I do?
Obtain Consent Decide on data, recipient and time Decide on data share method Send data securely

28 Process Flow: What do I do?
Obtain Consent Decide on data, recipient and time Decide on data share method Send data securely Inform Display posters and / or leaflets Explain to the individual concerned Ensure info is understood (provide interpreter etc if needed) Seek consent Identify if individual is able to give consent Identify if the situation is covered by ‘direct continuing care’ Check whether law requires data share irrespective of consent Record Record consent / refusal in individual’s record dated and time stamped Refer to the form in Appendix 1 Section 9.0 in LO ISP How and when to complete form – App. 1 Section & 11.00

29 Decide on data, recipient and time
Process Flow: What do I do? Obtain Consent Decide on data, recipient and time Decide on data share method Send data securely Data Establish the required content and format of the data to share Identify the necessary minimum information to meet the purpose Ensure confidentiality unless there is a robust public interest or a legal justification in disclosure What? Recipient Decide on the recipient. See example in LO ISP Appendix 1 Verify the identity of the person making request Record their name, position, organisation and contact details Who? Time Ad hoc or regular? If regular, how often? KPIs in your organisation? (E.g., How quickly should you respond to a data share request?) When?

30 Decide on data share method
Process Flow: What do I do? Obtain Consent Decide on data, recipient and time Decide on data share method Send data securely Assess security Assess the risk and potential impact of security breach Use your organisation’s Info security policies etc Establish the legal gateway to share this data Risks? Decide on risk controls For example see Wandsworth Borough Council ISF Decide on level of risk that is relevant to the case Controls? Decide on technology Across government networks Outside government networks GCmail, CJSM etc - See Data Share London website Solutions?

31 Store and dispose of data
Process Flow: What do I do? Obtain Consent Decide on data, recipient and time Decide on data share method Send data securely Transfer data Track the data transfer Obtain assurances from partners about their security controls Ensure secure levels of password / data encryption Ensure secure premises and containers Use approved waste disposal company / cross cut shredder (paper) Ensure securely overwritten / physical destruction (electronic) Store and dispose of data Record Record your decision, how you made and what data was shared Record why you decided to override the requirement to seek consent Report security breaches

32 Process Flow: What do I do?
Request & Receive data Use & Store data Dispose of data Request & Receive data Decide on the required content and format of data to be requested Decide on technology / means of data transfer Ensure secure levels of password / data encryption Ensure secure premises and containers Safe Havens Check organisational rules and procedures Use & Store data Dispose of data Ensure securely overwritten / physical destruction Use approved waste disposal company etc Check organisational rules and procedures

33 Infrastructure Across government networks Outside government networks
The first choice if available Jointly accessible online application or database Third party encryption tools Secure web spaces or extranets Clearly branded LA solution GCmail Secure fax Low cost & wide usage but Criminal Justice focus CJSM Anything else? Applying for accounts with partners Partner system, e.g. NHSmail, GSI For more details:

34 Training Tips: Warm-up Brainstorming
Partners Information types Please name your top three... Organisations you share data with most often The sort of data you share most often Issues Technical terms Problems you encounter when sharing data Terminology useful to know

35 Training Tips: Group Work
Group work is a very effective training tool and should be included in all training sessions. Group work can focus on collective problem solving and discussion of selected issues, using various “cases of failure” scenarios. Productive discussions can be designed around process flow, collaborative working, ambiguous situations.

36 Sample Group Work One Understanding the process flow
What actions do I need to take and when? What concepts do I need to be familiar with at each stage?

37 Sample Group Work One Sample Scenarios
A pharmaceutical company contacts you and requests contact details of patients with a certain condition to invite them to a drug trial. A parent of a 14 year old calls the GP to confirm the time of their son’s drugs related appointment. An insurance company asks for medical records of one of your patients. Discuss a recent case when you had to share data. What did you do?

38 Sample Group Work One Together with your team, put these actions (rectangles) in the right order and link concepts (ovals) to relevant actions Record data share event Seek authorisation Identify the minimum info required Record consent Evaluate individual’s capacity Risk controls Establish if disclosure is legally required Robust public interest Ensure individual understands the leaflets Other? Consult a Caldicott Guardian Give a copy of consent form to individual Direct continuing care Best interest Capacity Purpose specific info sharing agreement Other?

39 Group Work One: Instructions
Together with your team, put the actions (rectangles) in the right order, using the provided scenarios Link the concepts (ovals) to the relevant actions Discuss in your group which actions or concepts have been left out and need to be added to the list Discuss differences in process for different scenarios You have 20 minutes to complete this exercise

40 Sample Group Work Two Raising the issues
What Will Happen if we Do Share Information? What Could Happen if we Don’t Share Information?

41 Group Work Two: Instructions
Choose 1 of the 3 scenarios on the table As instructed by your facilitator each person takes a card Beginning with the oldest date each person decides who they would or would not share the information with, they then read the card to the group Debate in your groups whether or not having all of the information would change any decisions made You have 30 minutes to complete this exercise

42 Sample Group Work Three
Deciding What to Share Would We? Could We? Should We?

43 Group Work Three: Instructions
Pick a scenario card, work through as many scenarios as you have time for Discuss and decide if you would share the information Discuss and decide if you could share the information Discuss and decide if you should share the information You have 30 minutes to complete this exercise

44 Training Tips: Effective Signposting
What is Data Share London? “...promotes good practice in data sharing and helps people ensure that data sharing is completed legally and fairly...” Long history of collaboration – roots in attempts to devise a London-wide info sharing protocol Jointly funded by Capital Ambition and the NHS Advisory board with members from across Local Government and health

45 Training Tips: Effective Signposting
Useful Resources London Data Share: Information Sharing: Guidance for practitioners and managers (HM Government, 2008) Department for Education Information Sharing: How to judge capacity to give consent. DfE, 2011 NHS Services and Children’s Centres - how to share information appropriately with children’s centre staff. DfE and DH, 2010 Information Sharing: How to seek Consent? Department for Education, 2011 Health care Confidentiality: Guidance for doctors. General Medical Council, 2009 Confidentiality: Nursing and Midwifery Council, 2009 Confidentiality: NHS Code of Practice. 2003 The Care record guarantee. NHS, 2011 Record keeping: Guidance for nurses and midwives. Nursing and Midwifery Council, 2009 (to be reviewed in 2012) Confidentiality and Information Sharing. NHS National Treatment Agency for Substance Misuse, 2003

46 Training Tips: Effective Signposting
Useful Resources Other departments & non-governmental organisations Information sharing for community safety: Guidance and practice advice. Home Office, 2010 Sharing Information on Children and Young People at Risk of Offending. Youth Justice Board, 2005 The Social care record guarantee. NIGB, 2009 Requesting amendments to health and social care records: Guidance for patients, service users and professionals. NIGB, 2010 More information on consent and information sharing practice

47 Forum: Questions for discussion
Have you encountered any issues with XX in your organisation? What are the main roots of the problems? Which solutions work well for you? Which technical tools work well / do not work for you? What are the key five things you would explain to a new member of staff involved in data sharing / about XX? Which area raises most questions from your staff? Which areas need collaborative pan-London working the most? How do you see the future of XX (data sharing)?

48 Feedback forms – Thank you!

Download ppt "Data Share London Train-the-Trainer “Best Practice in Information Sharing” London Councils and Private Public Ltd would like to thank NIGB who allowed."

Similar presentations

NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.

NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.
NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Pregnancy and complex social factors

Pregnancy and complex social factors
To Halton Youth Service 

To Halton Youth Service 
Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
THE DEPRIVATION OF LIBERTY SAFEGUARDS

THE DEPRIVATION OF LIBERTY SAFEGUARDS
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Health Records Management Practitioner

Health Records Management Practitioner
Information: to share or not to share? BCS HC 2012 Conference London 2 nd May Dame Fiona Caldicott.

Information: to share or not to share? BCS HC 2012 Conference London 2 nd May Dame Fiona Caldicott.
Care and support planning Care Act 2014. Outline of content  Introduction Introduction  Production of the plan Production of the plan  Planning for.

Care and support planning Care Act Outline of content  Introduction Introduction  Production of the plan Production of the plan  Planning for.
Child Safeguarding Standards

Child Safeguarding Standards
Workshop for Birmingham City Council: Risking your Dignity: hearing the citizen’s voice The tension between ‘empowering’ and ‘protecting’ people: Have.

Workshop for Birmingham City Council: Risking your Dignity: hearing the citizen’s voice The tension between ‘empowering’ and ‘protecting’ people: Have.
Confidentiality and HIPAA

Confidentiality and HIPAA
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.

Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.
Workshop 501 and 505 Review barriers to communication

Workshop 501 and 505 Review barriers to communication
School Development Planning Initiative

School Development Planning Initiative
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

Similar presentations

Ads by Google