CONFIDENTIALITY POLICY POLICY ... - Pilgrims Hospices

CONFIDENTIALITY POLICY
POLICY STATEMENT
This policy is designed to make all staff and volunteers who work for, or on behalf of,
Pilgrims Hospices in East Kent aware of their responsibilities with regard to
confidentiality. They shall keep confidential, unless exceptional circumstances apply,
all information about the organisation including information about patients and their
carers, friends and relatives.
SCOPE OF THIS POLICY
This policy relates to the exchange of all information included in the policy by staff
and volunteers to other staff and volunteers within Pilgrims Hospices and with
individuals and members of other organisations outside Pilgrims Hospices.
DEFINITION OF CONFIDENTIALITY
The principle of keeping secure and secret from others, information given by or about
an individual in the course of a professional relationship.
This definition is about the relationship between a professional carer and patient but
can be extended to an employee and employer or employment organisation.
WHAT IS INCLUDED IN THE CONFIDENTIALITY POLICY
This covers protecting any information as to the business, dealings, practice,
accounts, finances, human resources, trading, software, know-how, affairs of
Pilgrims Hospices or any of Pilgrims Hospices’ patients or prospective patients,
distributors, suppliers or persons, firms or companies otherwise connected with
Pilgrims Hospices.
All information held about Pilgrims Hospices or in connection with Pilgrims Hospices
and any of the above is to be regarded as confidential. Information may be recorded
on paper or computer or it may be exchanged by word of mouth. Much of the
information the Hospice has about patients comes from the NHS (acute care) and
General Practice (Primary Care) and District Nurses (Community Care). The Hospice
has a responsibility to these sources of information (see Caldicott Report).
Most of the more sensitive information will relate to patients. The types of confidential
information at different levels are:
1. IDENTITY – (Name, address, sex, age in sufficient combination to identify the
Patient) available to a wide range of permanent and attached staff. (“Hotel”
services)
2. MEDICAL – Available to medical staff who give treatment and palliative care and
administration staff who process the information. This information will be patient
identifiable for direct clinical purposes.
3. SOCIAL – Available to medical and nursing staff and social workers.
4. PSYCHOLOGICAL – Available to Counsellors.
In the Palliative Care environment, 2 - 4 are available to a wider range of
professionals in the multi-disciplinary team.
RELATED POLICIES AND DOCUMENTS
Information Technology Policy
Information Security Policy
Reporting Information Security Incidents (Procedure)
Information Governance Committee Terms of Reference
Scanning Policy
Clinical Records Management Policy
Data Protection Policy
Decisions Consent Policy
1

Decisions Loss of Capacity Policy
Whistleblowing Policy
RESPONSIBILITIES OF STAFF AND VOLUNTEERS
Multi-disciplinary team members
The multi-disciplinary team is composed of doctors, nurses and allied health
professionals (AHPs). All professionals are required to comply with their professional
code(s) of conduct. Those who do not have a professional code of conduct should
adopt one from a colleague that meets their needs. All members of the
multidisciplinary
team will familiarise themselves with the codes of conduct of their fellow
professionals.
Administrative Staff
All members of staff handle confidential information and are accountable to the
professional for whom they are acting within Pilgrims Hospices for keeping the
information confidential. Professionals outside Pilgrims may ask them from time to
time for information about patients. Staff should follow the six principles laid down by
the Caldicott Report as follows:
• Principle 1 - Justify the purpose(s) the purpose being to assist with the
care of the patient.
• Principle 2 - Don’t use patient-identifiable information unless it is
absolutely necessary
• Principle 3 - Use the minimum necessary patient identifiable information
• Principle 4 - Access to patient-identifiable information should be on a
strict need-to-know basis
• Principle 5 - Everyone with access to patient-identifiable information
should be aware of their responsibilities
• Principle 6 - Understand and comply with the law
Information should only be provided if the enquirer can be identified. If in doubt,
members of staff will refer to the professional within Pilgrims Hospices for whom they
are acting in each case who will liaise with the Caldicott Guardian.
VOLUNTEERS
Volunteers should follow the same guidance as administrative staff above except
they should not be asked to give information about patients to professionals from
organisations outside Pilgrims Hospices.
DISCLOSURE
The Courts can order disclosure of information. Disclosure may be required to
comply with the law. Full details of the organisations requirements regarding
disclosure is incorporated in the Records Management Policy. In the context of
disclosure it should be noted that the Freedom of Information Act does not apply to
the hospice. This aspect of access to patient records is covered in the Records
Management Policy.
PROTECTION OF RECORDS AND REPORTING INCIDENTS
Confidential records of any kind must never be left unsupervised so that a person
who has no right to see them has access to them or could remove them from
Pilgrims Hospices premises.
If any member of staff is aware of a breach of confidentiality that person will report
the incident to their line manager. If the breach is serious and needs action
immediately, the line manager or a senior member of staff should be contacted
without delay. The line manager will decide if further action, including disciplinary
proceedings, may be necessary.
Full details of the organisations requirements with regard to protecting records and
2

eporting a breach of confidentiality or other breach in the protection of the security of
information is in the Information Security Policy and Reporting Information Security
Incidents procedure.
CONSENT TO SHARE INFORMATION
Knowing when to share information to assist the care of patients and when to
withhold information is a matter of professional judgement and experience. It is also
important to determine whether or not the information needs to be patient-identifiable.
All matters relating to the obtaining of consent and validity and capacity are covered
in the Pilgrims Hospices Consent Policy.
CONFIDENTIALITY STATEMENT
The Patient’s Handbook spells out quite clearly to patients what they can expect from
us: “We believe that staff working together as a team improves the care we can offer.
No one of us can do all the nursing, the medicating, the counselling and the family
support. If we work together that means that all the different aspects of care can be
more effectively done. But that means we all need to know about our patients and
their families and so we need to share information. If you tell us that a particular
matter is for the hearer’s ears only, it will remain confidential; if you do not so specify
we will share matters with other members of the team if they need to know for your
better care.” A Confidentiality Statement is also on Infoflex for staff to explain to
patients on admission and first encounter.
DISCLOSING WITHOUT CONSENT
Staff must only disclose confidential information without the patient’s consent in the
following circumstances
IN THE PUBLIC INTEREST
1. Where a serious crime could be prevented, detected or is being investigated.
2. To prevent abuse or serious harm to themselves and others.
LEGALLY REQUIRED
1. Some disclosures are mandatory such as the reporting to Health Authorities of
infectious diseases.
2. The courts may require disclosure; in this case, only what is required to comply
with the court order may be disclosed.
In all cases where disclosure is required without consent, where possible and/or
desirable consent should be sought before the disclosure or the patient informed of
the disclosure after the event.
The professionals’ codes of conduct give guidance on disclosure without the consent
of the patient
Where disclosure is made without the consent of the patient, a written record must be
made.
THE MULTI-DISCIPLINARY TEAM
Discussions of confidential information about patients by the Multi-Disciplinary Team
must conform to the consent obtained from the patient specifically or in accordance
with the information provided to the patient in the Patient’s Handbook.
3

RESEARCH AND AUDIT
Information requested from patients for the purposes of research and/or audit will
normally be obtained with their consent. Information from their records will be
anonymous or pseudonymous.
REFERENCES AND BIBLIOGRAPHY
Care Quality Commission, 2010, Guidance About Compliance Essential Standards of
Safety and Quality , Care Quality Commission, London,
http://www.cqc.org.uk/_db/_documents/Essential_standards_of_quality_and_safety_
March_2010_FINAL.pdf last accessed 27-7-2010
Department of Health, 2003, Confidentiality. NHS Code of Practice, DH Publications.
London,
http://www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/document
s/digitalasset/dh_4069254.pdf , last accessed 27-7-2010
Department of Health, 2010, Guidance for Access to Health Records Requests, DH
Informatics Policy & Planning Directorate, Leeds,
http://www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/@ps/docu
ments/digitalasset/dh_113206.pdf last accessed 27-7-2010
Department of Health 1997. The Caldicott Committee Report on the Review of
Patient-Identifiable Information. Dept of Health.
http://www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/@dh/@en/document
s/digitalasset/dh_4068404.pdf last accessed 27-7-2010
General Medical Council 2009, Guidance for doctors: Confidentiality. GMC London
http://www.gmc-uk.org/static/documents/content/Confidentiality_core_2009.pdf last
accessed 27-7-2010
Nursing and Midwifery Council, 2009, redesign 2010. Record keeping Guidance for
nurses and midwives. NMC London. http://www.nmcuk.
org/Documents/Guidance/nmcGuidanceRecordKeepingGuidanceforNursesandMi
dwives.pdf last accessed 27-7-2010
Nursing and Midwifery Council, 2008, redesign 2010. The code: Standards of
conduct, performance and ethics for nurses and midwives. NMC London
http://www.nmcuk.
org/Documents/Standards/nmcTheCodeStandardsofConductPerformanceAndEthi
csForNursesAndMidwives_LargePrintVersion.PDF last accessed 27-7-2010
Author
Simon Fisher Audit Facilitator
Date 27 th September 2010
Policy Version No 2 nd review
Policy application Clinical
Approving body Clinical Practice Development Forum
Review September 2012
4

CONFIDENTIALITY POLICY
PROTECTING AND USING PATIENT INFORMATION
The Legal Responsibility of staff and volunteers
All members of staff including volunteers must be aware of the legislation in place to
protect personal information (confidentiality). These include computer held records,
printouts and any written information used (personal files, payroll records etc.).
Misuse of information may lead to prosecution of an individual under the Data
Protection Act.
1. Data Protection Act 1998 This applies to personal information, such as employee
and Patient manual records, records held on computer, microfiche and CCTV.
The Act dictates that information should only be disclosed on a need to know
basis
2. The Copyright Designs And Patents Act 1988. This Act makes the use of
unlicensed (pirated) software a criminal offence, which could lead to fines or
imprisonment.
3. The Computer Misuse Act 1990 This Act makes it a criminal offence to access
any part of a computer system programs and/or data that you are not set up to
access, e.g. access a record of someone you may know, share someone’s
password or access a system which is not for the Pilgrims Hospices purposes.
Each system/network has an individual user id and password. This should remain
confidential to those authorised to access those records.
Confidentiality
All information you come in contact with during the course of your work must be
deemed to be confidential. This will apply to records relating to patients and their
friends and relatives, applicants, staff, volunteers, contractors, community members,
and other medical personnel and may also include business information. Under no
circumstances should any of this information be divulged or passed on to any
unauthorised persons by you whilst you are employed or after you leave the
employment of Pilgrims Hospices. A breach of confidentiality may lead to disciplinary
or legal action.
I understand my responsibilities and agree to abide by this Policy.
Name _______________________________ Job Title ______________________
Signature ____________________________
Date __________________
5