Presentation on theme: "Welcome to the Joint Information Sharing Workshop"— Presentation transcript:
1Welcome to the Joint Information Sharing Workshop
2Introduction to the Information Sharing Workshop NIGB would like to thank County Durham and Tees Valley Information Governance Leads Group who allowed us to adapt this workshop from their original workshop materials
3The role of the National Information Governance Board (NIGB) To support improvements in information governance in health and social careTo advise on the use of powers under section 251 of the NHS Act 2006
4Our definition‘Information governance describes the structures, policies and practices which are used to ensure the confidentiality and security of records of individualsCorrectly developed and implemented it enables the appropriate and ethical use of information for the benefit of individuals and the public good’.
5History of NIGB 2005 – review of IG in DH and wider NHS 2007 – ‘shadow’ NIGB takes over functions of the Care Record Development Board2008 – NIGB becomes a statutory body2009 – NIGB takes over the functions of the Patient Information Advisory Group (PIAG)
6The NIGB as a Statutory Body The NIGB is an Advisory Non-departmental Public bodyReports to the Secretary of State and of HealthIt’s Statutory powers support it in delivering it’s terms of reference
7Who are we? 22 members - Corresponding Advisors Observers 12 public members appointed by Appointments Commission10 organisations invited to be represented by Secretary of State for HealthCorresponding AdvisorsObserversStatements of Collaborative Working
8Dealing with complex issues NIGB regularly has to deal with complex, often ethical, issuesNo right or wrong answer – the best answer using available evidenceVaried background of members makes it ideally placed to do this
9Importance of multi-agency information sharing and information sharing protocols Stockton Information Sharing Workshop PilotNIGB analysis and review of the pilot materialsTo be made available on NIGB website for training
11History of CaldicottIn 1997 the NHS established a Caldicott Committee led by Dame Fiona CaldicottCaldicott Committee ( ) Review of patient-identifiable information commissioned by the Chief Medical Officer of England . . .“owing to increasing concern about the ways in which patient information is being used in the NHS in England and Wales and the need to ensure that confidentiality is not undermined.”
12History of Caldicott cont. The review recommended that “Guardians” of personal information be created to safeguard and govern the uses made of confidential information with the NHSIn 2002 Calidcott standards were extended into Social Care
13So what are the Caldicott principles? The Caldicott principles and processes provide a framework of quality standards for the management of confidentiality and access to personal information
14The Caldicott Report ( Sept ’97) Six key principles:Principle 1 – Justify the purpose for using confidential informationPrinciple 2 – Only use it when absolutely necessaryPrinciple 3 – Use the minimum that is requiredPrinciple 4 – Access should be on a strict need to know basisPrinciple 5 – Everyone must understand their responsibilitiesPrinciple 6 – Understand and comply with the law.
15Key Caldicott Guardian responsibilities Supported by the Information Governance Team the Caldicott Guardian has responsibility for:Strategy and GovernanceConfidentiality and Data Protection expertiseInternal Information ProcessingInformation
16The Caldicott ReportSixteen specific recommendations, one of which was that:“A senior person, preferably a health professional, should be nominated in each health organisation to act as a guardian, responsible for safeguarding the confidentiality of patient information.”
17The role of the Caldicott Guardian To play a key role in ensuring Health & Social Care organisations satisfy the highest practical standards for handling an individuals identifiable data.To work as part of the broader Information Governance function with support staffTo have a strategic role representing and championing Information Governance requirements and issues at senior management levelAdvise on the implementation of the Electronic Social Care Record and Common Assessment Framework
18Caldicott Guardian Role “The conscience of the organisation”Establish the highest practical standards for handling personally identifiable information in the NHS and Social Care monitoring process against an annual improvement plan
20Today is About…. . . knowing how to share information:SafelyLegally andConfidentially. . . and an opportunity for you to share knowledge and concerns with other professionals to improve multi-agency information sharing
21Why is information sharing so important? it is essential to safeguard and promote the welfare of children, young people and vulnerable adultsto achieve the best outcome for the individualTo prevent death or serious harm as a result of:Failing to record informationTo share itTo understand the significance of the information sharedTo take appropriate action in relation to known or suspected abuse or neglect
22Consequences of not sharing information appropriately 1973 – Maria Colwell – killed by her stepfather sustaining severe internal injuries and brain damage2000 – Victoria Climbie – died of hypothermia after months of sustained abuse by her guardiansSoham Murders – death of 2 ten year old girls by Ian Huntley a school caretakerBaby Peter, died of horrific injuries inflicted by his carers - Laming enquiry criticised failings in information sharing between agencies
23Adult Safeguarding2006 – Steven Hoskin had learning disabilities and was 39 years oldSustained repeated abuse by youths including assault, forced to take drink and drugs and made to falsely confess to being a paedophileReports of anti-social behaviour connected to the flatSteven was marched to top of a viaduct and forced over the edgeSerious Case Review – ‘information sharing poor’
24Adult SafeguardingDeath of Francesca Hardwick (daughter), severe learning disabilities, Fiona Pilkington (mother) primary carer.After 10 years of repeated verbal abuse, a sustained campaign of vandalism, harassment and intimidation by local youths, Fiona set light to their carInquest criticised ‘failure to share information between the Police and local councils’
25Local Case - Adult Safeguarding Susan Hale (service user) and Sarah Merritt (agency carer) murdered by David Tiley a convicted rapistPolice were monitoring Tiley as one of 300 violent or sex offenders in SouthamptonTiley had been on sex offenders’ register after being convicted of two counts of rapeIn and out of prison for breaching order for failing to notify Police of his address
26Local Case - Adult Safeguarding Living with Ms Hale following release in 2007 Tiley was subject to MAPPA (multi-agency public protection arrangements)Review led by a member of the Prison Service concluded that there ‘needed to be improved relations between agencies’ andLessons needed to be learned
27The Legal Context The Data Protection Act 1998 The Human Rights Act 1998The Health and Social Care Act 2008Common Law of ConfidentialityAdministrative LawFOI Act 2000Other Legislation e.g.Children Act, Mental Capacity Act, Gender recognition Act, Adoption Act
28So, what about Data Protection? The Data Protection Act is not a barrier to sharing informationConfidentiality is a boundary to be negotiated and can be a barrier sometimes but not where there is a public interest justification such as the protection of othersPractitioners should understand when, why and how they should share information to do so confidently and appropriatelyIt provides a framework to ensure information is shared appropriatelyConsent should be best practice
29A Duty of Confidence The duty of confidence - A duty of confidence arises when one person discloses information to another (e.g. patient to clinician, client to social worker) in circumstances where it is reasonable to expect that the information will be held in confidence or where it is obvious the information is confidential in nature.The duty of confidence -Is a legal obligation derived from case-law.Is a requirement within professional codes of conduct.Is included within many employment contracts as a specific requirement linked to disciplinary procedures.
30Exemptions to the Duty of Confidence Where there is legal requirement (either under statute or a court order) to disclose the information (for instance, notification of certain diseases to public health authorities);Where there is an overriding duty to the public (for instance, the information concerns the commission of a criminal offence or relates to life-threatening circumstances); orWhere the individual to whom the information relates has consented to the disclosure
31How do we obtain consent? Consent should be sought at the earliest opportunitySocial Care record consent on the Permission to Share form signed by both social work professional and the individual or their representative. In Heath this should be recorded in the patient notesClear explanation should be given to the individual on what they are consenting to and for how longIt should be made clear that consent can be withdrawn at any time but we will share when there is a legal requirement to do soIndividuals should understand that if they withdraw their consent this may affect services we can provide to themRevisiting consent – at least annually or when a new event/episode of care happens
32Implied Consent Consent not expressly given: Often consent is assumed for sharing information with colleagues within an organisation i.e. in Health if a patient sees a nurse for a test, it is assumed that the patient will consent for the results to be shared with the treating doctor.In Social Care sharing with other departments in the Local Authority would require explicit consent for another purpose unless there is a legal reason for sharing.Sharing information between health care colleagues in different organisations e.g. ambulance crews to A & E staff
33Explicit or Informed Consent Agreement to sharing should be recordedIndividuals should be made aware of: -What information is to be sharedWhat is the purpose of sharing itWho it is to be shared withHow the information will be protectedWhether it may be further sharedThat they have the right to refuse (if they do)The consequences of refusal and agreement to consent
34Competence to Consent Children and young people 16 assumed to be competentUnder 16 competent if they have the capacity to understand and take own decisionsOtherwise consent from whoever has parental responsibilityOnus of proof shifts from being on the child to being on the person wanting to assert lack of capacity.
35Competence to Consent Adult unable to give consent? Take into account the views of relatives or carersRespect any previously expressed wishesMental Capacity Act (MCA)Adults lacking capacity may have an advocateProvision under MCA for proxy consent via LPA or Court appointed deputyUltimately, the professional must act in individuals best interestsRecord the decision and the reasons for itMention Mental Capacity Act 2005 – In force February 2007.
36Understanding consequences Explain consequences of agreeing to consentExplain consequences of refusing consent i.e. Limiting services – housing etc.Mention Mental Capacity Act 2005 – In force February 2007.
37Sharing without consent There are some circumstances in which sharing confidential information without consent will normally be justified in the public interest:When there is evidence that the child/vulnerable adult is suffering or is at risk of suffering harm; orWhere there is reasonable cause to believe that a child /vulnerable adult may be suffering or at risk of significant harm; orTo prevent significant harm arising to children/vulnerable adults including through the prevention, detection and prosecution of serious crimeMention Mental Capacity Act 2005 – In force February 2007.
38So, what if they say No?Consider Public Interest justification before seeking consent which could affect approach to consent.I.e. need to provide the information but would prefer to disclose with their agreement. Give an opportunity for them to state their case for non-disclosure.May not be appropriate if there is risk to staff or others.Mental Capacity Act 2005.
39So, what if they say No?If the individual is competent to make the decision and they fully understand the consequences of the decision for care or treatment:Understand their reasons and see if they can be satisfiedCan care be provided in different way? (Must be practical)Balance the risks – consider ‘public interest’ – you may need to share anyway . . .- Harm to self- Harm or risk to othersMental Capacity Act 2005.
40What if they say “Yes” . . . and then change their mind! Even Worse!What if they say “Yes” . . .and then change their mind!
41QUESTIONS TO ASK BEFORE SHARING INFORMATION Q: Can I still disclose if they don’t consent?“There must never be another tragic case where a child suffers as a result of professionals not sharing what they know.” Margaret Hodge“…in every judgment they make, staff have to balance the right of a parent with that of the protection of the child.” Lord Laming,The Victoria Climbié InquiryShould not be sharing without an explicit reasonOnly justified if the purpose of the sharing is clearly in the best interests of the data subjectPractitioners must be able to state the purpose of the request for information. This can be expressed in general terms, but needs to relate to the welfare of the data subject. The gathering/ documentation of evidence may call for some thought and judgement, but should not be used as a barrier to information sharing.
42QUESTIONS TO ASK BEFORE SHARING INFORMATION Q: Can I still disclose if they don’t consent?Failure to share information appropriately can be a serious breach of careSharing without consent may be necessary and appropriate under some circumstances:When a child is believed to be at serious risk of harmWhen there is evidence of serious public harm or risk to others or and individualFor the prevention, detection or prosecution of serious crimeWhen instructed to do so by a courtShould not be sharing without an explicit reasonOnly justified if the purpose of the sharing is clearly in the best interests of the data subjectPractitioners must be able to state the purpose of the request for information. This can be expressed in general terms, but needs to relate to the welfare of the data subject. The gathering/ documentation of evidence may call for some thought and judgement, but should not be used as a barrier to information sharing.
43ProportionalityThe proposed disclosure should be proportionate to the need to protect the child’s/vulnerable adult’s welfareThe amount of information disclosed and the number of people to whom it is disclosed should be no more than is necessary to meet the public interest in protecting the health and well-being of the child/vulnerable adult
44When in DoubtConsult a Manager/Caldicott Guardian or Data Protection/Information Governance OfficerObtain advice from legal services if appropriateRecord reasons why a decision was made to:Override the requirement to seek consentShare information without consent
45Difficult Areas Power of Attorney Pre Adoption records May not include access to recordsPre Adoption recordsOnly medical history should be in new record – proceduresProtected AddressesGillick CompetencyFather and son same nameParental rightsGender Re-assignmentDeceased RecordsNot covered by DP Act – remove anything the patient would have expected to keep private and third party dataPolice requestsSection 29 formsPower of Attorney – next of Kin – respect for what the patient may have wanted to keep confidentialPre Adoption protocol for Community records – what happens now and what needs to happen to meet the legislation. Blanket StoryGP pre adoption process Back Office – Contractor ServicesProtected Addresses – protocolDivorced parentsGender Reassignment – how records should be handled entitled to a new record old information archived.Deceased records – what the patient would have wanted – son and Mother access – traffic accident –electronic process for marking a patient deceasedDerwentside Rape Case
46Why do we need an Information Sharing Protocol ? What data do we want to share?With whom do we want to share it?Why do we want to share it?How can we justify sharing it?How do we comply with the law?PROACTIVE FRAMEWORKExampleCare Homes – expectations of those we share information with
47Using the Three Tier Model at local level 1Principles we all will work to contained in the high level Protocol2Purpose for Sharing Information e.g. Care of AdultsProcess of how we will share the information in the Service Level Information Sharing protocolExample of a local protocol – Child Protection – Single Assessment Process – Sure start3
48The Protocol should describe How we comply with the LawWhy we need to share the informationHow we justify sharing the informationWhat information we want to shareWith whom we will share the informationHow we will protect the informationData Protection Act, Human Rights, Common Law of Confidentiality, Mental Capacity Act 2005 etc
49How We Comply With The Law How we restrict access to the information -consentWho needs to know, how muchWhat security will protect itHow long it will be kept forWhat format will it be inWhen it can be destroyed or ArchivedSubject Access rightsData QualityHiding behind legislation and red tape!!!Access by staff to information, Cannot do the job without the information accessPaper locked away, Policies for passwords, Safe Haven Faxes, subject access requests, Records Management etcRecord keeping, retention and destruction
51Breakout ObjectivesA more informed understanding about why information should be shared, when and with whom.Clarification of the legal and ethical issues that surround information sharing.A toolkit to support information sharing
52Breakout ObjectivesIncreased awareness of partner agencies and their responsibilities and concerns in relation to information sharing.Strategies for disseminating these ideas to others in your organisations.Impact of new technology on information sharing.
53Delegate ObjectiveClarification on safe, legal and confidential ways to send information via computerTo get a more informed understanding about sharing informationTo link/network with other delegates with the same remit as myselfTo widen my knowledge of the subject areaTo explore issues/dilemmas/barriers with other professionals
54Group Work One Raising the issues – What will happen if we Do share information?What could happen if we Don’t share information?
55You have 40 minutes to complete this exercise InstructionsWith the help of your facilitatorWork through the two stories on your tablePick up each card in turnRead the scenario and decide who you would or wouldn’t share the information withDebate in your groups whether or not having all of the information would change any decisions madeYou have 40 minutes to complete this exercise
56Group Work Two Deciding What to Share - Would We? - Could We? - Should We?
57InstructionsPick a scenario card, work through as many scenarios as you have time forDiscuss and decide if you would share the informationDiscuss and decide if you could share the informationDiscuss and decide if you should share the informationYou have 40 minutes to complete this exercise
58Feedback from Tables and any questions Each table to raise one question for the panel of experts during the feedback sessionAny issues arising from exercisesThank you to all our expert IG facilitators today!
59Key messagesRemember the Data Protection Act is not a barrier to sharing informationBe open and honestSeek adviceShare with appropriate consentConsider safety and well-beingNecessary, proportionate, relevant, accurate, timely and secureKeep a record