Information Sharing Guidance for Children, Families and Community Health
1. Background and Overview
Organisations must ensure that staff are trained to understand that they have a duty of confidentiality and a personal responsibility to safeguard any official information that they are entrusted with. This includes ensuring that they comply with the legal and regulatory requirements and standards, for example the encryption of personal data on removable media.
Incident management policies and procedures should be readily accessible and supported by common sense local business processes and guidance that make it easier for staff to follow the rules (e.g. clear desk policies, guidance on the transmission of personal data, proper disposal, etc).
The potential sanctions (criminal, disciplinary and corporate) for inappropriate behaviours should be clearly explained to staff and where inappropriate behaviours or security breaches occur they should be dealt with. HR policies and procedures should complement security policies and any disciplinary sanctions should be applied in a measured and proportionate way.
2. Information Sharing
2.1 Basic Principles
Swindon's Children, Families and Community Health service recognises its common law duties to safeguard the confidentiality of all personal information. Wherever disclosure of confidential information to another person or organisation is being considered, a check will always be made to ensure that such disclosure is lawful.
All Council staff must be made aware and undertake training regarding the Data Protection Act (DPA) which applies to the processing of all personal data, both in paper and electronic records. Where disclosure is proposed, and there is any doubt as to whether the DPA applies or whether only the common law of confidentiality applies, advice will always be sought from the Council's Data Protection Officer and Caldicott Guardian. The Council will always record its reasons for deciding not to observe any duty of confidence it owes to a person who is the subject of information disclosed.
In order for agencies to plan for and provide services in a coordinated way, they are frequently required to share personal information about children and young people across professional and geographical boundaries. Anything that applies to an individual, and by which they can be identified, is personal information.
The approach to information sharing with others is the same whether practitioners are part of the same organisation or not. For instance, it is in the interests of a child with an Education, Health and Care (EHC) Plan, that teachers working closely with the child should have full knowledge of the plan. However, it may not always be necessary to share all information: for example, it is probably not necessary to share details of a parent's criminal convictions when looking to support their child's educational progress. Practitioners must build good relationships with colleagues, based on professional respect and trust to help break down organisational and cultural obstacles towards an open and positive approach to information sharing. At the same time there is a requirement to protect the privacy of children/young people and their families and maintain the highest standards of security and good data management.
Practitioners who wish to share information must be clear about their responsibilities under current legislation so that families can be confident that their personal data is being handled appropriately. In practice, there is likely to be implied consent for sharing between practitioners in the same organisation. A concern for confidentiality must never be used as a justification for withholding information when it would be in the child's best interest to share it. A practitioner must balance the risk of sharing information with the risk of not sharing it.
2.2 Secure information exchange - good practice guidance
It is our duty to ensure that personal information is kept safe and secure, and only shared with those who have a legitimate reason to receive it. When information is in transit between individuals or information systems, it is at risk of loss, damage, theft and inappropriate or accidental disclosure.
This section sets out guidance on what to do when transferring information about identifiable individuals.
However, this guidance does not override the information governance procedures of individual organisations.
Agencies should consult their own local procedures, guided by their own professional code of conduct. Swindon Borough Council's Information Management policy can be found within the ICT and Information Governance Policy Library on the SBC intranet.
All practitioners providing services to children, young people, adults and/or families, whether working in the public, private or voluntary sectors as employee, contractor or volunteer, must follow HM Government's guidance on information sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers (which is available on the GOV.UK website) when considering whether to share information on a case by case basis. This guidance, (and further associated materials available on the GOV.UK website), informed by training and experience, aims to support professional judgment and good practice by offering clarity on when and how information about a child's safety and well-being can be shared legally, ethically and professionally, in order to achieve improved outcomes.
Whether integrated working is through specific multi-agency structures or existing services, success for those at risk of poor outcomes depends upon effective partnership working and appropriate information sharing between services.
A practitioner must seek advice from their manager, supervisor, child protection advisor or Caldicott Guardian if they are not sure what to do at any stage, and they must ensure that the outcome of the discussion is recorded. Further, if planning bulk sharing of personal information between IT systems or organisations, advice must be sought through their agency Information Governance lead or Caldicott Guardian.
2.3 The Seven Rules of Information Sharing
Although information sharing can appear complex and rule bound, the principles are clear and encompassed in the Seven Golden Rules for Information Sharing as defined in HM Government's guidance on information sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers.
The Seven Rules are:
- Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.
- Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
- Seek advice if you are in any doubt, without disclosing the identity of the person where possible.
- Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case.
- Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions.
- Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely.
- Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.
3. Arrangements for Consent
Consent is the key to successful information sharing. It is important that:
- Consent is obtained where it is sensible, in the child's best interest, and practical. Even where the Data Protection Act does not demand it, operating with consent is good practice;
- To give informed consent, a child/young person and/or their parent/carer must be entirely clear about the purpose of the information; how it will be used; who it may be shared with and how it will be shared; how long it will be held and in what form. This must include making them aware of circumstances where information may be shared without consent and where confidentiality cannot be maintained;
- Consent can be withdrawn at any time: giving of consent is not a one-off event. It is a continuous and ongoing issue which needs to be revisited at regular and reasonable intervals. The child/young person and/or their parent/carer should be informed that they can withdraw consent at any time.
4. Methods of Sharing Information
4.1 Sharing information by TELEPHONE
- Always ask the caller to confirm their name, address and other identifying information. Be sure you know who you are talking to;
- If you don't know the caller, be careful about disclosing information. If they are calling from another organisation you should call them back through their organisation's published switchboard number. Do not disclose information when a return telephone number cannot be supplied;
- Only provide the information to the person who has requested it. If they are not there you should leave a message for them to call you back;
- If the fact that someone has contacted your service is confidential, do not leave a message with someone else or on a voicemail unless you have their permission to do so;
- Be aware of who might overhear your call;
- Keep a record of any confidential information disclosed during the call.
4.2 Sharing information by POST
- Posting documents is sometimes the only way to securely exchange documentation. Registered post is also the best way to send confidential data on an encrypted CD. Different levels of security can be used depending on the information being sent;
- Consider sending the package as registered or 'signed for' delivery or by courier if confidential;
- Reliable transport couriers should be used at all times. Consult with your Post Room;
- Confidential information sent electronically must be protected by encryption;
- Packaging must be adequate to protect the contents from damage during transit;
- Ensure that you have the correct name and address. Sending material that is only addressed to an organisation is no guarantee that it will reach the intended recipient;
- Where appropriate, mark the envelope 'Addressee Only';
- This envelope may now be placed inside a larger envelope with only the correct name and address on it. This adds an additional level of security as the package is not easily identifiable as 'valuable' and administrative staff should only open the outer envelope;
- Ask the recipient to confirm receipt;
- Record the disclosure.
4.3 Sharing information IN PERSON
- Confidential information may be delivered personally by members of staff. Such information may be held in paper or electronic form. Where laptops, PDAs or other electronic devices are used, precautions must be taken to ensure the security of your IT systems as well as any data held on the device itself;
- Personal information should only be taken off site where necessary, either in accordance with local policy or with the agreement of your line manager;
- Log any confidential information you are taking off site and the reason why;
- Paper based information must be transported in a sealed file or envelope;
- Electronic information must be protected by appropriate electronic security measures: password protection or encryption;
- If transferring information by car, put the information in the boot and lock it;
- Ensure the information is returned back on site as soon as possible;
- Record that the information has been returned.
4.4 Sharing information BY FAX
4.4.1 Sending confidential information by fax
- Paper documents can be sent by fax. Precautions must be taken when sending information by fax because the receiving machine may be sited in an open office, meaning the document is visible to other staff, contractors or visitors;
- Telephone the recipient of the fax to let them know you are about to send it;
- Check the fax number. If the information is confidential ask them to wait by the fax;
- Consider asking the recipient to confirm receipt of the fax; or call them to ensure the fax has arrived;
- Use pre-programmed fax numbers where possible to reduce the chance of the fax being sent to the wrong machine;
- Ensure that you use an appropriate fax cover sheet;
- Keep a record that you have sent the fax.
4.4.2 Receiving confidential information by fax
- If the information is not for you, either pass it to the proper recipient or inform the sender. Do not ignore it;
- Consider the location of your fax machine. Is it in a secure environment?
- If your fax machine is not in a secure environment or you receive faxes outside office hours, you should consider a 'fax to email' solution.
4.5 Sharing information by REGULAR EMAIL
Huge amounts of information are sent by email, within and across agencies. Whilst internal messages within the Council are secure, those sent to addresses externally are not considered secure enough for confidential information exchange. Confidential information must be sent by other methods - several options follow below:
- Ensure all recipients need to receive the information. Think twice before responding to a group email or copying others in;
- When replying to emails or group emails always ensure the correct use of reply, reply to all, cc and bcc;
- Mark the message 'confidential';
- Do not include confidential information in the Subject field;
- If you have to send a document containing personal information to an external recipient, use a secure method such as GCSx or Egress encrypted (see later section on secure email). Do not use regular email with password protection as this is not sufficiently secure.
For more information please see the ICT and Information Governance Policy Library on the SBC intranet.
4.6 Sharing information by SECURE EMAIL
When a regular email is sent between different organisations it is transmitted over the Internet. This means that the contents of that email are not secure. Email can be intercepted or misdirected, either by accident or for criminal purposes.
While the risk of interception is quite low – the public do expect us to keep sensitive personal information confidential. They also expect us to protect information which identifies large numbers of people. Therefore a secure email facility should be used to share information identifying large numbers of people as well as sensitive or confidential information about a single individual.
Secure email involves sending information to trusted partners through a network of secure, encrypted servers. The secure email facility encrypts the contents of an email when it is sent. This encryption ensures that the email, if intercepted, will be unreadable. Once the email reaches its secure destination it will be decrypted so that the intended recipient can read it.
An email sent within large organisations such as NHS, Police, Central Government, the court service or within a particular local authority is secure because it stays within that network's firewalled security system. For example when an email is shared between email@example.com and firstname.lastname@example.org an email will be completely secure and always protected "within these walls". In addition, currently all emails sent from Swindon Borough Council to Great Western Hospital (and vice versa) are secure by utilising the secure N3 connection.
BUT sharing emails between organisations, such as, email@example.com sharing with firstname.lastname@example.org, is NOT secure because the bridge between these separate secure platforms is through the internet which is not itself secure.
Normal email from Swindon.gov.uk to anyone outside of the Council is just like a postcard. It is possible to read the full text and attachments if intercepted during delivery over the internet. If the email contains personal, sensitive personal or confidential information this would constitute an information security breach.
And so, alternative options should be used:
4.6.1 GCSx (Government Connect Secure Extranet)
If you need to send personal, sensitive personal or confidential information outside of the Council to another government or local government agency you may be able to do this by using a GCSx account to their secure email address within the secure email network.
GCSx is a secure, private, Wide Area Network (WAN) that forms part of the Government Secure Intranet (GSi) – a collective term used for the various Government networks that are connected together by the Public Sector Interconnect (PSI) – including CJSM. All local authorities in England and Wales currently have the option to be connected to GCSx, allowing the potential for secure exchange with each other, with central government departments or with any other GSi organisations.
This service is suitable for messages to and from other bodies connected to GCSx - generally restricted to central government departments and local authorities. You will need to check that the person to whom you want to send messages has a GCSx connection.
Only emails sent from a GCSx account between any of the following email endings will be secure and encrypted:-
If the recipient does not have one of the email addresses above, then the email will not be secure or encrypted, even if sent from a GCSX account.
The sender and recipient must have one of the above accounts i.e. not a GOV.UK or other type email address.
If you need to send emails in this way, you will first of all need to get a special mail account set up for yourself. To do this you need to apply for a GCSx account via the IT Service Portal or Desk.
4.6.2 Egress Switch encrypted email
Egress is to be used when you require to send an email securely, but you cannot use either the Council's internal secure system or GCSx.
If you need to send personal, or sensitive personal information outside of the Council and the recipient does not have a GCSX-type secure email account (as listed above) then you will need to use Egress Switch encryption to ensure that the email can be time-limited, encrypted and secure with a full audit trail.
An additional secure option from Egress Switch, not configured by default, but available from the Information & Technology Service upon request ensures that any email and its attachments can only be viewed via the Egress portal and cannot be downloaded, printed, or forwarded.
4.7 Using Removable Media and Mobile Devices to share information
Mobile Devices include iPads, tablets, smartphones, mobiles, lap tops and other gadgets. Removable electronic storage media include CD or DVD, memory sticks and even floppy discs. These devices and media are particularly vulnerable to loss or theft. Any confidential information on them must be protected in accordance with local policy.
Additionally, the following principles must be followed when using removable media
- The information must be backed up automatically, so that if the device is lost a risk assessment will facilitate appropriate follow-up action;
- Any loss must be reported immediately;
- Information must be securely deleted after use. It is not acceptable to carry confidential information on a mobile device or memory stick any longer than necessary. CDs or DVDs should be broken before disposal.
Staff should always ensure appropriate care and protection to prevent damage, loss or theft of laptops, tablets and phones. Full details of actions required can be found in Policy 6 of the Communication, Mobile Devices and Laptop Policy available on the SBC intranet.
4.8 Use of public Wi-Fi
The Council's laptops may use any public Wi-Fi to connect to the Council's network via Microsoft Direct Access, which is enabled by default. Direct Access ensures that all work is fully secure and encrypted between the laptop and our network. Some public Wi-Fi will be set up in such a way as to not work with our Direct Access system, but if you can connect, it will always be secure.
You will need to read the Terms and Conditions of Use when intending to use public Wi-Fi, as in many cases its use is only intended/reserved for private users and prohibited for commercial, or work purposes.
When working in a public place, please be aware of the need to maintain privacy. Always ensure that your screen can't be overlooked and also ensure that telephone conversations can't be overheard.
5. Dealing with personal information losses or breaches
Appropriate measures should be taken in order to prevent the occurrence of data losses or breaches. If a situation does arise then measures should be taken to ensure that the loss or breach is limited as much as possible, e.g. if a letter is sent mistakenly to the wrong person, then attempts should be made to retrieve the letter. All losses or breaches should be reported to the worker's line manager, the IT Service Desk and Data Protection Officer who will inform the officers who need to be advised.
6. Further information
Any further information regarding information sharing can be obtained from the Information Governance page of the SBC intranet.
See also the Children's Services Confidentiality Policy.