This is a short unit that highlights the importance of secure information systems in care settings, what to do if you have concerns about handling information and why you should the follow the agreed ways of working set out by your organisation.
- Understand the need for secure handling of information in care settings
- Know how to access support for handling information
- Be able to handle information in accordance with agreed ways of working
1.1 Identify the legislation that relates to the recording, storage and sharing of information in care settings
The Data Protection Act 2018 repeals and replaces the Data Protection Act 1998 and implements the EU’s General Data Protection Regulation (GDPR).
This is the primary piece of legislation that relates to the recording, storage and sharing of information in care settings and beyond. Everyone that uses personal data has the responsibility to make sure that this information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, access, loss, destruction or damage
These are the data protection principles.
For public bodies such as local authorities or the NHS, the Freedom of Information Act 2000 also applies.
This means that they are obliged to publish certain information and that members of the public are entitled to request certain information from them. This does not give people the right to request personal information about themselves – this should be requested under the Data Protection Act 2018.
1.2 Explain why it is important to have secure systems for recording and storing information in care settings
In a care setting, it is important to ensure that information is recorded and stored using secure systems.
This is because we have a responsibility under the Data Protection Act 2018 to keep everyone’s personal data secure.
Personal data is information that can directly or indirectly (when combined with other information) identify a person. Examples of identifiable information are names, photographs or passport numbers.
We also have a duty towards the individuals that we work with to respect their right to privacy and confidentiality.
By recording and storing personal data on secure systems, we can ensure that this information is only available to those people that need to know and cannot be accessed accidentally or deliberately by unauthorised persons. This guarantees that we:
- do not break the law
- work within best practices
- adhere to our organisation’s agreed ways of working
- respect our client’s rights
- fulfill our moral and ethical obligations
You can access guidance, information and advice about handling information from several sources.
Of course, you can refer to the legislation listed above. You don’t have to know the Acts by heart but should have an understanding of their main points.
You should also be familiar with your organisation’s agreed ways of working which will be documented in their policies and procedures. Your induction and other training should also keep you up to speed with any changes to work practices.
Industry best practices can also offer guidance on information handling related issues. For example:
Respect People’s Right to Confidentiality
As a Healthcare Support Worker or Adult Social Care Worker in England you must:
1. treat all information about people who use health and care services and their carers as confidential.
2. only discuss or disclose information about people who use health and care services and their carers in accordance with legislation and agreed ways of working.
3. always seek guidance from a senior member of staff regarding any information or issues that you are concerned about.
4. always discuss issues of disclosure with a senior member of staff.Department of Health Code of Conduct for Healthcare Support Workers and Adult Social Care Workers in England Section 5
You can seek advice from your line manager and more experienced colleagues. There may be other people within your organisation that can offer specialised knowledge such as a HR Manager (for personnel records) or IT Manger (for computer-based information systems).
2.2 Explain what actions to take when there are concerns over the recording, storing or sharing of information
If you have any concerns about the recording, storing or sharing information, you should judge whether it is something that you can resolve yourself or if you need to get others involved.
For example, if you find an individual’s bank statement in a communal area, you would (hopefully) return it to the individual or move it to a more secure location. Having done this, you would report it to your line manager, however as it is relatively minor you would perhaps mention it in passing next time you saw them.
For more serious concerns, you would usually (in the first instance) raise them with your manager or a senior member of staff. This should be done immediately and you should ensure you keep a log of what you have done including times, dates and who you spoke to. If it is not dealt with to your satisfaction, you would probably escalate it to a more senior manager – your organisation’s agreed ways of working should provide the correct procedure for this.
If your organisation does not take your concerns seriously, you will have a responsibility to report it to a regulatory body (such as the CQC) under the whistleblowing policy.
Sometimes, you may need to share information with outside agencies such as the individual’s GP or social worker. In such cases, especially if it concerns an individual’s privacy, you will usually need to obtain their consent before passing the information on. This is to protect the individual’s right to privacy.
However, there may be mitigating circumstances which mean that you can share certain information without the individual’s permission. This is usually if there is a suspicion of abuse having occurred (or is likely to occur) or if it is likely that the individual or other person(s) may come to harm if the information is not passed on.
Accurate, complete, legible and up to date documentation and record-keeping is essential in a health and social care environment because without it communications between co-workers and outside agencies is at risk of being misunderstood. Effective written communication ensures the quality and consistency of the service. Records that you use in your daily role could also be used as evidence in court so it is a legal requirement that they are completed correctly.
To keep records up to date, you must ensure they are written in a timely manner, although this will depend of the type of information that you are recording. For example, signing a MAR sheet should be done immediately after administering medication whereas filling in your timesheet could be done at a quieter time, perhaps when the individual you are supporting has gone to bed.
Documentation will also need to be checked and reviewed regularly to ensure that they are up to date. The frequency will depend on your organisation’s agreed ways of working and the needs and preferences of the individuals you support. For example, an individual’s care plan may need to be reviewed and updated every 3 months, whereas their budget plan may only need doing annually. However, even when the review dates are explicit, you should still update records more frequently if circumstances change.
Keeping complete records means that there shouldn’t be any essential information missing. If you are filling in a form, you should ensure that no sections are left incomplete – if certain information is not relevant you could write not applicable or n/a instead of leaving it blank. If you make a mistake, put a single line through it. Do not use tippex.
For the reasons listed above, accuracy is of paramount importance, so you should always check what you have written to ensure that it will be understandable to anyone reading it in the future. Be objective in your written descriptions, sticking to the facts and avoiding personal conjecture.
Similarly, you should always make sure that your record-keeping is legible. Write in black ink and keep your handwriting readable by others. This may mean taking your time and writing slower and writing in block capitals rather than joined-up. Also ensure spelling and grammar is correct. With the advancement of the digital age, more and more systems are becoming computer-based which has reduced the issue of legibility as the typed/printed word is always readable. However there are still many many systems that require hand-written records so you will need to make sure that your handwriting is legible.
In addition, it is prudent to ensure that all your records are signed and dated.
3.2 Follow agreed ways of working for recording information, storing information and sharing information
Agreed ways of working are the policies and procedures that your organisation has put in place to ensure that there is consistency across the workforce and that everybody is working within the legal framework and best practices.
There will be agreed ways of working for all aspects of your job role including the recording, storing and sharing of information. You will need to demonstrate to your diploma assessor that you adhere to these when going about your daily practice.
Recording information will generally be done using forms that are either paper or digitally based. Examples include MAR sheets, care plans, financial paperwork such as balance checks and client daily records.
Once recorded, the information should be stored securely.
If it is completed on computer then the system will store it on a server, which can only be accessed by authorised persons. Authentication will usually be via passwords.
Paper-based records may need to be kept in a locked filing cabinet or behind a locked door. You should ensure that you file records correctly as directed by your organisation.
Information sharing should only be done on a need-to-know basis, whether verbally or through written media. If talking with others about sensitive information you should ensure that you have adequate privacy and no-one can overhear what is being said. If you are sending an email ensure that everyone that receives it should have access to the information and edit accordingly.
If you do need to share personal information with third-parties, you should always gain the consent of the individual first unless there are exceptional circumstances that could result in harm to somebody.
It is our policy that, by default, when communicating with an individual’s family, we refer to the people that they live with as ‘their housemates‘ rather than by their names. This is to protect the privacy of the other individuals. There are occasions where we do use names, however we always ensure that we have the consent of the other individuals first.Dan Dutton, DUTTONCARE