| Who is the policy for? |
Policy reference |
| All staff, residents, families and external professionals |
CR07 |
| What should be confidential (secret)? |
CR07 |
- Information about residents
- Information about staff (except their name and job title)
Information about someone is their personal data. It belongs to them.
Sensitive personal information is where the personal information contains details of that person's:
- Health or physical condition
- Sexual life
- Ethnic origin
- Religious beliefs
- Political views
- Criminal convictions
When someone dies information should remain confidential
|
| Why should you keep things confidential? |
CR07 |
- You should follow your code of conduct:
Care/Support Workers: Skills for Care Code of Conduct
Nurses: Nursing and Midwifery Council
- You signed an agreement as part of your contract (when you agreed to the job)
|
| What happens if you do not keep things confidential? |
CR07 |
- You can lose your job
- You may have to pay a fine (£)
|
| Why is data security important? |
CR07 |
- Information about us can be used for good reasons and bad.
- Keeping this safe is important for a person's health (❤) , wealth (£) and happiness (☺)
- It's the law (Data Protection Act 2018, Human Rights Act 1998)
- We need to be safe and keep information secure to get funding (£) from the NHS and the council
|
| What do we need to check? |
AB37 |
- Before we take information that we let the person know what their information will be used for
- Talk to them (or their family) about any information that is particularly important and that might cause distress to others.
- That we use information for the reason it was given (you cannot use information given to help care for someone, for marketing for example)
- Only take/store and use the information that you need. You may need to explain your decision
- That all information is handled, stored and sent securely (paper or electronic)
- Personal confidential information is only shared with those who are allowed to see it and for the reasons it was given
- All staff understand their responsibilities and make sure only those who are meant to see information do so.
- All staff must pass a test every year
|
CR07 |
| Who is allowed to see the information? |
AB37 |
- The person themselves
- Anyone that the person who the information is about wants to see it
- If it is to help someone remain healthy and well, those who 'need to know' this information to do their job to support and care for them
- If the person has given someone else 'Power of Attorney' they can see their information about their:
- Money (£) if they have power of attorney for Property and Finance
- Health (❤) if they have power of attorney for Health and Welfare
- After a person has died the 'executor' of the Will
|
|
What do we need to know?
|
AB37
|
- How does the person want this information to be shared? (writing/speaking, sensitively, in a way they can understand)
- We know who has looked at/changed/moved what data
- All processes every year to make sure staff are following them
- People trying to get information illegally (Cyber-attacks) are found and avoided
- We have a back up plan if any data is stolen/lost
|
|
Data breaches - lost, stolen or seen/heard by someone who should not
|
AB37
|
|
These are often accidents, staff conversations being overheard, folders being left out, poor computer security however this is still serious.
When information is seen/changed/moved/copied or deleted by accident or on purpose when it should not have been.
What to do
- Report this immediately to your supervisor/manager
- We have 72 hours to tell the Information Commissioner so the faster you report it the more time everyone else has to act!
|
CR07
|
|
What if someone isn't safe or they have been hurt or upset?
|
CR03
|
- If you are worried someone is not safe you must report this even if they ask you to keep it secret. This is called Safeguarding and this is what you need to do:
- Tell them that you are worried that they might be hurt/upset
- That you need to tell someone else what they have told you/you have seen
- Tell your supervisor/manager and complete a written report
- Do not tell anyone else
|
|
What about opt-out?
|
GDPR11
|
|
Have you been asked for information for general research or planning?
If the people are:
- Swallowcourt residents, paid for by the council/NHS and live in England they can choose not to share information about themselves (this is called opt-out)
Consider the following:
- Could you work out who the information is about (e.g. initials, date of birth, place)
- Is it supposed to be kept confidential (care records, personal information)
- Is it about the physical or mental health or condition of a person (diagnosis of their condition and/or their care or treatment)
|
|
Consent
|
GDPR11
|
- If a person wants to share their information (e.g. with a son/mother) then they can by giving their 'consent' this is usually in writing.
- If they do not have capacity to decide this can be discussed at a Best Interest Meeting
- Information can be shared with those caring for them and with those who plan and pay for their care (with or without their consent)
- If the person has a communicable disease (COVID-19, measles, food poisoning) where other people might also become ill then this information can be shared (with or without their consent)
- If there is a legal reason that information must be shared it can be with or without the persons consent
|
|
Keeping information/deleting information
|
CR07
|
- There is a list of how long we can keep information for based on what it is and who might need to see it.
|
|
Social Media
|
CR07
|
- Staff are not allowed to talk about resident or staff past or present, on any social networking site as this may breach confidentiality. Staff must also be aware that this applies to taking and posting photographs of residents
|
|
Media
|
CR07
|
- Staff are not allowed to talk about resident or staff past or present, or make comment, to the press or other media. Media enquiries should be referred to the CEO
|