Confidentiality Policy

Rationale and statement on the importance of confidentiality

We believe that:
The safety, wellbeing and protection of our students and young people is the paramount consideration in all decisions staff at St Rose’s and St Martin’s make about confidentiality. The appropriate sharing of information between staff is an essential element in ensuring our students’ well-being and safety.
It is an essential part of the ethos of our organisation that trust is established to enable students, staff, and parents/carers to seek help both within and outside the organisation and minimise the number of situations when personal information is shared to ensure students and staff are supported and safe.
Students, parents/carers and staff need to know the boundaries of confidentiality in order to feel safe and comfortable in discussing personal issues and concerns, including sex and relationships.
St Rose’s and St Martin’s attitude to confidentiality is open and easily understood and everyone should be able to trust the boundaries of confidentiality operating within the organisation.
Issues concerning personal information including sex and relationships and other personal matters can arise at any time.
Everyone in our community needs to know that no one can offer absolute confidentiality. Everyone in our community needs to know the limits of confidentiality that can be offered by individuals within the community so they can make informed decisions about the most appropriate person to talk to about any health, sex and relationship or other personal issue they want to discuss.
We believe that confidentiality and privacy is an absolute right of every member of the St Rose’s community and that breaches of confidentiality may lead to distress and harm.

AIMS
• To give clear guidance to all staff about confidentiality
• To ensure that the privacy and confidentiality of all of the young people and staff at St Rose’s and St Martin’s is respected and that confidential personal data held is maintained securely and not shared without their consent
• To encourage young people to talk to a trusted adult if they are having problems
• To give staff confidence to deal with sensitive issues

Staff will always seek to ask permission before any information is shared or given to anyone else.
Staff will not provide information to relatives, spouses, friends or advocates without the consent of the individual concerned.
All enquiries for information, even if they are from close relatives, should be referred back to the young person or their permission sought before disclosure.
If being asked for information over the telephone staff should obtain the caller’s details and ring them back before handing over any service user information – staff should always check the identity of callers.
Staff should only disclose information:
• with the permission of the individual
• in compliance with any statutory or legal obligations
• for the legitimate interests of a third party who has a legal right to such information
• where the courts have ordered such a disclosure.
Before responding to requests for confidential information from insurance companies, solicitors, employers and so on, staff should seek written consent from the individual concerned – they should never divulge information without consent unless obliged to by law.
All files or written information of a confidential nature will be stored in a secure manner – paper files will be kept in a locked filing cabinet and electronic information will be stored on password protected secure networks.
Confidential information will only be accessed by staff who have a need and a right to access it – staff should never share passwords.
Staff should ensure that all care records and notes are signed and dated.
Staff should never:
– discuss young people’s personal business in public areas where conversations might be overheard
– discuss young people’s personal business on the phone where their call might be overheard
– gossip about our young people
– discuss young people with other staff, volunteers or healthcare professionals who are not directly involved in their care
– send unsecured emails, faxes or documents containing personal information pertaining to individuals – any personal information must be sent via secure email, mail or fax and should be marked ‘confidential’
– save confidential information on an unsecured or unencrypted laptop or data storage device
– save confidential information into unsecured parts of the IT network
– dispose of documents containing personal information in standard waste streams – any confidential documents that are to be disposed of should be confidentially shredded.
• In exceptional circumstances a member of staff may be required to breach confidentiality in order to safeguard a young person, or another person, or protect their best interests – all such cases should be immediately reported to a manager and will be thoroughly investigated.
• Breaches of confidentiality will be regarded as serious matters – disregard of this policy may be regarded as a disciplinary offence and investigated according to the organisation’s disciplinary policy.

Definition of Confidentiality
The dictionary definition of confidential is “something which is spoken or given in confidence; private, entrusted with another’s secret affairs”
When speaking confidentially to someone, the confider has the belief that the confidant will not discuss the content of the conversation with another. The confider is asking for the content of the conversation to be kept secret. Anyone offering absolute confidentiality to someone else would be offering to keep the content of his or her conversation completely secret and discuss it with no one.
In practice, there are few situations where absolute confidentiality is offered in school and college. We have tried to strike a balance between ensuring the safety, well-being and protection of our students and staff, ensuring there is an ethos of trust where students and staff can ask for help when they need it and ensuring that when it is essential to share personal information child protection issues and good practice is followed.
This means that in most cases what is on offer is limited confidentiality. Disclosure of the content of a conversation could be discussed with professional colleagues but the confider would not be identified except in certain circumstances.

The general rule is that staff should make clear that there are limits to confidentiality, at the beginning of the conversation. These limits relate to ensuring young people’s safety and well-being. The student will be informed when a confidence has to be broken for this reason and will be encouraged to do this for himself or herself whenever this is possible. Different levels of confidentiality are appropriate for different circumstances.

It is essential all members of staff know the limits of the confidentiality they can offer to both students and parents/carers and any required actions and sources of further support or help available both for the student or parent/carer and for the staff member within the organisation and from other agencies, where appropriate.

Staff at St. Rose’s are required to keep all information confidential and not disclose information about any individual. It is important that the whole school/college follows the same clear and explicit policy. Students, parents and carers should be made aware of this and how it works in practise.

It is recognised that there are occasions when staff will need to discuss a young person and their progress, however these discussions are confidential and should not take place away from the premises or in a public situation

Education
When staff at St. Rose’s are working with students on personal, social and health education programmes, or in the teaching of any sensitive or controversial issue, it is possible that some students will want to discuss information and how it may affect them personally. This policy aims to set out guidelines for responding to such situations.

GUIDELINES
The Confidentiality Policy is particularly relevant to the teaching of Personal Social Development, Drug Education and Relationships and Sex Education. However, it also covers all situations both in and outside the classroom.

Ground rules will be made explicit in lessons wherever appropriate. Staff should outline the following:

• To respect each others views
• To listen carefully to one another
• To respect each other’s privacy. (Staff will not pressure students to disclose personal information)
• During PSD lessons when discussing sensitive matters such as puberty, sex or drug education staff will encourage students to be aware that whatever is talked about in lessons will stay between us and should not be discussed out of the classroom
• Staff should respect student privacy. If students are taking phone calls or receive letters, their privacy should be respected. Any personal information should be regarded as private and not passed on indiscriminately e.g. in the staff room
• Information about students will be on a need to know basis.
• Following the guidance in our Safeguarding Policies, where information of a sensitive nature is disclosed, this must be treated seriously and with sensitivity. Under no circumstances must a promise be made that the staff member will not tell anyone. Explain that in order to help, you may need to talk to other people. If a student discloses information that indicates that they may be at risk of abuse, neglect or harm, staff must seek advice as indicated in the school and college Safeguarding Policies. Staff should refer such issues to the named designated safeguarding lead.
• Students should know that staff cannot offer unconditional confidentiality. If confidentiality has to be broken, students should be reassured that they will be informed first and then supported appropriately

FURTHER GUIDANCE

• Members of staff are expected to respect the confidentiality of the St Rose’s community as a whole. Therefore, the sharing of personal or sensitive information regarding a student with anyone outside the St Rose’s and St Martin’s community is not permitted. Should a member of staff be found to have disclosed confidential information to an inappropriate source then it will be dealt with through the official employment procedure
• Staff must not discuss details of individual cases arising in staff meetings with any persons (other than persons with direct professional connection to and interest in the welfare and education of the individual concerned)
• No member of staff should discuss an individual student’s behaviour in the presence of another student in school or college
• Staff must not enter into detailed discussion about a student’s behaviour with other students or their parents
• It is important that class teachers and support staff are aware of some confidential matters in order to support individuals. These staff will respect the sensitivity of such cases and not divulge information unconnected professionally with the individual concerned.
• When visiting professionals, volunteers and those on work experience are working with the students, they do not discuss educational/care matters outside St. Rose’s
We expect all visiting professionals, including voluntary staff to report any disclosures by students or parents/carers, of a concerning personal nature to the designated safeguarding lead as soon as possible after the disclosure and in an appropriate setting ,so that others cannot overhear. The designated safeguarding lead will decide what, if any further action needs to be taken.
• Governors must not divulge details about individuals, (be they staff, families or individual students) to any person outside the meeting unless they need further legal or other professional advice.
• At full governing body meetings, matters such as student exclusion, personnel issues and personal details of any member of the school or college community will be dealt with in the Principal’s report under Part 2 confidential. This is not for the knowledge of persons outside the Governing body meeting. Minutes in Part 2 are minuted separately and minutes are not published.
• Confidential matters concerning staff are reviewed by the Governing Body in an item on ‘Reserved Business’ when the only staff governors present are the Principal or Vice Principal.

Residential

CQC regulation and the 5 key-question test
Fundamental standards requirements
The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 apply to adult social care service providers. The regulations include the fundamental standards, below which care must not fall. They are enforced by the Care Quality Commission through inspection and registration.
With respect to confidentiality, Regulation 17: Good governance, applies. It states that providers must maintain securely data and records about service users.
Guidance for providers on meeting the regulations, published by CQC in March 2015, provides guidance on how service providers should comply with the regulations.
The guidance states that records relating to the care and treatment of each person using the service must:
• be complete, legible, indelible, accurate and up-to-date, with no undue delays in adding and filing information, as far as is reasonable.
• include an accurate record of all decisions taken in relation to care and treatment, including consent records and advance decisions to refuse treatment
• be accessible to authorised people as necessary in order to deliver people’s care and treatment in a way that meets their needs and keeps them safe
• be created, amended, stored and destroyed in line with current legislation and nationally recognised guidance
• be kept secure at all times and only accessed, amended, or securely destroyed by authorised people.
The guidance also states that:
• Information in all formats must be managed in line with current legislation and guidance.
• Systems and processes must support the confidentiality of people using the service and not contravene the Data Protection Act 1998.
• Consent and confidentiality must not be compromised during any complaints process unless there are professional or statutory obligations that make this necessary, such as safeguarding.
• Subject to statutory consent and applicable confidentiality requirements, providers must share relevant information, such as information about incidents or risks, with other relevant individuals or bodies.
The 5 key-question test
When inspecting a residential care home service, this organisation understands that inspectors are prompted by CQC guidance on the 5 key-question test

Management duties
Managers and supervisors in the organisation have a duty to:
• ensure that appropriate confidentiality policies, procedures and protocols are in place, are effectively implemented, are clearly understood by all members of staff, including temporary and agency staff, and are regularly reviewed and revised in light of the most recent best practice guidelines and reported incidents
• ensure that the organisation has clear procedures about what to do when staff think there is a confidentiality breach, what to do during and after an incident, and what follow-up there should be
• monitor complaints and compliments relating to confidentiality, consent and data protection issues, taking action as required and fully investigating any complaints
• ensure that young people, and their relatives and representatives, have adequate processes in place to be able to register queries or complaints about confidentiality or consent issues and to have their thoughts listened to and acted upon
• ensure that an effective incident reporting process is in place and that any data protection incidents or near misses or breaches of confidentiality are accurately reported and investigated
• monitor carefully any incident reports, including those regarding near misses, relating to data protection and confidentiality issues in order to identify and address any trends or patterns and to identify if risks are being effectively controlled, that is, if reported incidents are reducing in number
• ensure that adequate and suitable training programmes are carried out which includes induction training on data protection and confidentiality for new staff
• regularly audit the use of this policy and the effectiveness of procedures to maintain confidentiality.
Staff duties
Staff in this organisation have a duty to:
• always respect the privacy of the young people and their rights to have their confidentiality protected
• always act in full compliance with the Data Protection Act 1998 and GDPR regulations and with associated guidelines and best practice
• understand the importance of obtaining consent before they divulge any confidential information and acquaint themselves with the procedures for obtaining consent operated in this organisation
• comply fully with organisational policies on confidentiality and data protection
• attend appropriate training.

Training
• all new staff will be required to read and understand the policies on data protection, record keeping and confidentiality as part of their induction process
• existing staff will be offered ongoing update training on confidentiality, data protection, information governance and access to records
• all staff who record, store or use personal data will be trained in the use of manual and computerised records systems.

This policy statement is considered part of the terms and conditions of employment of all staff at St. Rose’s.

Appendix 1
What are the Caldicott Principles?
The Caldicott Principles were developed in 1997 following a review of how patient information was handled across the NHS. The Review Panel was chaired by Dame Fiona Caldicott and it set out six principles that organisations should follow to ensure that information that can identify a patient is protected and only used when it is appropriate to do so. Since then, when deciding whether they needed to use information that would identify an individual, an organisation should use the Principles as a test. The Principles were extended to adult social care records in 2000.
The Caldicott Principles revised 2013 are:
Principle 1 – Justify the purpose(s) for using confidential information
Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian.

Principle 2 – Don’t use personal confidential data unless it is absolutely necessary
Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

Principle 3 – Use the minimum necessary personal confidential data
Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out.

Principle 4 – Access to personal confidential data should be on a strict need-to-know basis
Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.

Principle 5 – Everyone with access to personal confidential data should be aware of their responsibilities
Action should be taken to ensure that those handling personal confidential data – both clinical and non-clinical staff – are made fully aware of their responsibilities and obligations to respect patient confidentiality.

Principle 6 – Comply with the law
Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.
In April 2013, Dame Fiona Caldicott reported on her second review of information governance, her report “Information: To Share Or Not To Share? The Information Governance Review”, informally known as the Caldicott2 Review, introduced a new 7th Caldicott Principle.

Principle 7 – The duty to share information can be as important as the duty to protect patient confidentiality
Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.