The Scottish Government

« Previous | Contents | Next »

Listen

Chapter 6: Information Sharing

What is Information Sharing?

The purpose of sharing personal information on individuals between partner agencies is to ensure access to the appropriate treatment, care and support services for those individuals. This requires:

• a culture of openness and trust between agencies
• agreement on the core elements of information to be transferred
• agreement on the circumstances when additional, possibly sensitive, information should be shared
• agreed inter-agency protocols governing information sharing
• respect for patient's/client's rights to privacy, confidentiality and consent to the sharing of their personal information.

There are various stages at which information sharing should take place, beginning at referral stage when the sharing of information between staff will assist decision making on the level of assessment required and the speed of response needed to address the individual's circumstances, continuing through assessment, care planning and delivery.

The Rationale: Why is Information Sharing Important?

A commitment from partner agencies to the sharing and the safeguarding of client information is essential to the development and delivery of integrated services for drug or alcohol users. The exchange of information will assist service providers to provide individuals with the best possible service. A common criticism, when things go wrong, is that the right information was not provided to the right people at the right time. For the client, deficiencies in information sharing may result, for example, in delays in getting access to treatment, care and support, or referral on to an inappropriate service. This, in turn, may reduce the chances of a positive outcome and lead to disillusion and non-attendance. A bad experience of attending a service in the past may also reduce the motivation to seek treatment in the future.

Where a service provider has access to an individual's personal information and is referring them on to another provider, they should be mindful of the information needs of the receiving service. At the same time, service providers have a responsibility to clients to share only that information which is necessary to ensure that they benefit fully from the service.

Improving Information Sharing

Information sharing should take place within an environment of informed client consent. In order to achieve informed consent, the client must be advised of the implications of giving or of refusing consent, amongst whom their personal information is being shared and the purposes for which it is being shared. It is important that this process is not undertaken in a manner divorced from the rest of the dialogue between practitioner and client. For example, it makes good sense to embed the seeking of consent for the sharing of referral information within the dialogue over making the referral itself and the treatment, care and support that it is intended to set in motion.

'Protecting the Rights of the Individual - The Regulatory Framework'

• The Data Protection Act 1998 places a legal duty on data controllers to process data fairly and lawfully, to use no more data than is necessary for the task and to retain it for only as long as it is needed.
• The Human Rights Act 1998 guarantees respect for a person's private and family life. Under the terms of the Act, this right to privacy may be overridden, but only when there is a lawful reason to do so.
• The common law reinforces the need to obtain patient/client consent before sharing information.
• Professional guidelines require clinicians to ensure patients/clients are informed about how information about them is used and that consent requirements are met.
• A substantial organisational framework for protecting the use of patient/client identifying information already exists in Scotland. An example is the Caldicott Framework, set up in March 1999 in response to the Caldicott Committee Report on the Review of Patient-Identifiable Information. This requires all NHS Scotland organisations to appoint a senior clinician as Caldicott Guardian.

Recent Developments

There have been a number of new initiatives aimed at assisting service providers to better manage the processes of information sharing and confidentiality. Examples of these are set out below.

Confidentiality and Security Advisory Group Scotland ( CSAGS)

Data Protection

In order to provide guidance on the Data Protection Act 1998 staff information leaflets have been made available to NHS Scotland staff. The CSAGS website provides the following link to an example leaflet produced by Lothian Universities NHS Trust: http://www.confidentiality.scot.nhs.uk/publications/LUNT-%20DPA%20Leaflet.pdf

Confidentiality

The CSAGS sets out the following eight principles to protect patient and service user confidentiality:

1. Involve patients and service users

• Let patients and service users know what information you wish to record.
• Explain why you need the information and what it may be used for.

2. Inform patients and service users of their rights

• Make sure patients and service users know their rights to confidentiality and how to exercise them.
• Respect the right of patients and service users to have access to their health records.

3. Respect individual choice

• If patients and service users do not want information about them to be used for a particular purpose, try to respect their wishes.
• Make sure that patients and service users are aware of the implications of their decision.
• If you cannot respect a patient's wishes on the use of personal health information, guidance must be sought from the local Caldicott Guardian.

4. Get it right

• Make sure health records are accurate, complete and up-to-date.

5. Keep health records secure

• Store and send personal health and care information securely at all times to ensure that it cannot fall in to the wrong hands.
• Ensure requests to see health information are from those with a legitimate right.

6. Only record what you need

• Only record the information relevant to caring for the patient or service user.
• This may include collecting information needed for the administration of care and information required for any research projects in which a patient or service user has agreed to participate.

7. Share with care

• Share personal health information required for the treatment and care of patients or service users only on a need-to-know basis.
• Share personal health information outside the NHS only with your patient's knowledge and express consent.
• You may share information without consent if you are obliged to by law, if required to do so to protect life and limb, or if you must do so in the public interest. You must always however be prepared to defend the basis of such disclosure.

8. Know your obligations to your patients, service users and others

• All staff dealing with personal health and care information should be aware of the issues surrounding confidentiality and be trained to deal with them in an appropriate manner.
• The need for confidentiality should be a contractual obligation for all those employed by NHS Scotland, its contractors and volunteers.

Department of Health: Social Care Information Governance Toolkit ( SCIGT)

The Department of Health website provides the following link to the Social Care Information Governance Toolkit ( SCIGT): https://www.igt.connectingforhealth.nhs.uk/Requirements.aspx?tk=653799462&lnv=4&cb=09%3a48%3a57&sViewOrgType=10&sDesc=Social+Care

National Treatment Agency for Substance Misuse

The NTA published two briefings in 2003, Confidentiality and information sharing and Data protection and record retention. Briefing 1 outlines definitions, good practice and current legislation with regard to confidentiality and information sharing and Briefing 2 outlines the background to the Data Protection Act, providing definitions, procedures and defining the eight key principles in relation to information handling.

Briefing 1: http://www.nta.nhs.uk/publications/documents/nta_confidentiality_and_info_sharing_2003_dsp1.pdf

Briefing 2: http://www.nta.nhs.uk/publications/documents/nta_data_protection_and_record_sharing_2003_dsp2.pdf

Key Principles of Effective Practice: Information Sharing

These 10 key principles should underpin the sharing of person identifiable information between those 'partner agencies' who agree to an 'information sharing protocol'. These are:

1. All staff will respect the service user's rights to privacy and confidentiality.

2. No information will be shared without the prior consent ¹ of the service user (or their representative), except in the circumstances referred to in Principle 10 below.

3. Information will only be shared for the purposes agreed to by the service user.

4. The partner agencies will only use shared information for the purposes set out in the information sharing protocol.

5. Service users have a right of access ².

6. If service users refuse consent to the sharing of information, the partner agencies will ensure that they are aware of the implications of their decision.

7. Access to person identifiable information will be on a need to know basis.

8. The partner agencies will ensure records are accurate, complete and up-to-date.

9. The partner agencies will make sure that person identifiable information is safe and secure.

10. You may share information without consent if you are obliged to by law, if required to do so to protect an individual's vital interests, or if you must do so in the public interest.

Glossary of Terms

Actions Points: Information Sharing

« Previous | Contents | Next »