• Always be yourself, everyone else is already taken

Confidentiality  Policy

AUTHOR(S): Tess Gregson
DATE: 15/1/2011
RESTRICTIONS [circulation]: External
SEE ALSO: Data Protection
Information Governance Policy
Safeguarding: Children (Youth) & Vulnerable Adults Policies
Case Recording & Information Policy & Procedures
Whistleblowing & Duty of Candour Policy
Monitoring and Evaluation Policy and Procedures
REVIEWED: April 2013; October 2014; November 2015; March 2016; March 2017; March 2018; March 2020
NEXT REVIEW: March 2021

1.0 Introduction

1.1 42nd Street has a general duty of confidentiality to young people who use the service and that providing a confidential service is essential to our work. The presumption of confidentially is essential in developing trusting and therapeutic relationships with young people.

1.2 Furthermore 42nd Street has a duty to protect the confidentiality of personal and sensitive information shared by staff, volunteers, students, trustees, members, supporters, donors and others involved with 42nd Street services.

1.3 42nd Street will at all times operate within the principles of the Data Protection Act (1998) and General Data Protection Regulation (2018) in the collection, storage, processing and destruction of personal and sensitive information.

2.0 Scope

2.1 This policy relates to confidentiality with respect to personal and sensitive information held by the organisation in relation to staff, volunteers, students, trustees, members, young people, supporters, donors or those contracted by 42nd Street.

3.0 Authorisation and access

3.1 All members of staff, students, volunteers, trustees and agents conducting business for 42nd Street are bound by this Policy. No member of staff, students, trustee, volunteers, partners or visitors to 42nd Street may have access to any confidential files or systems unless they have signed a statement or a formal contract in which this is included that they are bound by the Confidentiality Policy.

3.2 All those working for or on behalf of 42nd Street in whatever capacity must at all times ensure that confidential information and especially that containing personal and sensitive information is held securely and that all responsible measures are made to prevent unauthorised access.

3.3 Operational responsibility for compliance with data protection legislation is held by the Chief Executive. 42nd Street staff and students will have access to confidential information relating to young people as part of their work or student placement. Such information (e.g. case files) should only be accessed on a ‘need to know’ basis and for the purposes of fulfilling their role.

3.4 Confidential information should only be shared within the team on a ‘need to know’ basis and the rights and needs of young people should be at the forefront of any such decisions.

4.0 Confidentiality of young people’s information

4.1 All referrals must state that a young person has consented to a referral prior to its acceptance. Specific consent is required with regards to communication methods. Our referral form enables young people to identify that that they do not wish their data to be shared with their GP. Young people’s consent to flow data is optional. Our Management Information System records each of these items on case records.

4.2 42nd Street understands confidentiality to mean that no personal information regarding a user of its services (including the fact that the young person has contacted 42nd Street) will be shared with any third party without that young person’s explicit prior consent. Exceptions to this will follow where there is risk of harm.

4.3 42nd Street will seek to ensure that no breach of confidentiality occurs. Procedures for maintaining confidentiality for users of the service and information about them have must be followed at all times.

4.4 42nd Street is involved in partnership work with other agencies in order to meet the needs of young people. 42nd Street will ensure that any user of such additional services has given their express consent for their details to be shared with the other organisation and that the organisation in question has a confidentiality policy which will protect the user’s privacy and the confidentiality of any information shared.

4.5 42nd Street will not normally hold information shared by another agency that the agency does not wish to be accessed by a named young person. Decisions about specific circumstances will be made by the Head of Services.

4.6 42nd Street will provide a confidential service to young people under 16 years of age in line with the Fraser Principles i.e. where it is deemed that the child is competent to consent to receive the service (without the consent of parents / guardians) and where the provision of a confidential service is in the best interests of the child. The consent of parents / carers will be encouraged where appropriate.

4.7 Where 42nd Street delivers services with or on behalf of another agency (e.g. a school) prior agreement will be made about arrangements with respect to confidentiality and set out in the Service Level Agreement or contract.

5.0 Risk of Harm

5.1 Confidentiality will normally be assured to any user of 42nd Street’s services. However, there are exceptions to this general principle. It may be necessary for 42nd Street to disclose information to a relevant statutory service (or other e.g. parents or carers) without consent if:

  • We have reasonable cause to believe that a child is at risk of significant harm;
  • We have reasonable cause to believe that a vulnerable adult is at risk of significant harm;
  • Where there is risk of harm to third parties (e.g. where we have reason to believe that a service user may pose a risk to other professionals, etc.);
  • Where we receive information that relates to a terrorist threat.

5.2 Relevant statutory services may include local authority children’s services, adult social care, GPs, mental health services, schools and the police. This is not an exhaustive list.

5.3 Where a young person makes a disclosure which gives us reasonable cause to believe that they or someone else is suffering from or at risk of significant harm, every attempt will be made to inform the young person of any action we intend to take, including any sharing of information.

5.4 Any decisions relating to sharing of information without a service user’s consent will be made by the Duty Manager ideally in conjunction with the Head of Service or the Chief Executive.

5.5 42nd Street will endeavour to follow the appropriate local multi-agency procedures in relation to safeguarding children and vulnerable adults. Safeguarding policy and practice are set out within the 42nd Street Youth (Child) Safeguarding Policy and the 42nd Street Policy for the Safeguarding of Vulnerable Young Adults (18-25 years) from Abuse Policy.

5.6 The circumstances and reasons for any such sharing of information should be fully and accurately recorded in the young person’s case file and the Duty Management book (or other required location).

6.0 Confidentiality, Job Applicants and staff details

6.1 Personal details of job applicants and staff must not normally be disclosed to third parties without the prior agreement of the individual concerned.

6.2 All applications for jobs at 42nd Street are confidential and held securely for a period of one year for unsuccessful candidates in line with our Data Retention schedule. Successful candidates’ applications form part of their employee records and are stored securely and confidentially on site. When the employee leaves the organisation they are held in secure storage for a period of 25 years.

6.3 Staff records must only be accessed by the Senior Management Team and the authorised member of the Admin Team. Personnel records should only be accessed on a ‘need to know’ basis. Staff have access to their own personnel records upon request.

6.4 In exceptional circumstances (such as those relating to serious criminal proceedings or safeguarding investigations), information about employees, trustees, students, etc. may be shared with third parties without their consent. In such cases the person concerned will be informed unless to do so would hinder any investigation. Such circumstances are detailed within the 42nd Street Whistleblowing and Duty of Candour policy.

7.0 Security.

7.1 All staff have a responsibility to ensure that confidential information relating to service users, staff, volunteers, trustees, etc. is stored securely in line with the requirements set out the relevant policies including those relating to use of ICT equipment, recording and case notes, monitoring and evaluation, etc.

8.0 Access to records

8.1 All young people have a right to see any records held by 42nd Street containing personal information about them.

8.2 Young people have a statutory right to make a Subject Access Request and can access data held about them within the statutory 40 days; all requests by a young person to see their case file or other records held about them should be handled sensitively and appropriately. The first point of contact for a young person making such a request is their case manager or a Duty Manager.

8.3 Access to records is in line with the procedures set out in the 42nd Street Recording and Case Notes policy.

8.4 Police and Solicitors may make a formal request for information held about a young person and the support they accessed at 42nd Street. We comply with such requests upon suitable checks on the identity of the individual/organisation making the request and upon sight of consent given by the young person. Such requests are managed by the Leadership Team with oversight by the Safeguarding Lead.

8.5 Staff have a right to see their personnel file and such requests should be made to their line manager.

9.0 Monitoring & reporting

9.1 42nd Street is passionate about ensuring that we monitor and evaluate the impact of our services. We do this via a number of methods:

  • Internal analysis. All data is anonymous and any qualitative material is presented in non-identifiable ways and consent from young people is sought prior to insertion in reports.
  • We flow therapeutic data nationally to the NHS to both the Mental Health Services Dataset (MHSDS) and the IAPT dataset. All data is pseudonymised and flowed via the NHS Digital Cloud Service.
  • Commission external evaluations of our service using quantitative and qualitative data. Where qualitative interviews are carried out, separate informed consent is sought by all participants, whether that be staff, commissioners or young people. All such evaluations are subject to contracts and Data Protection Impact Assessments (DPIAs) and information sharing agreements. All qualitative data is anonymous and transferred via secure means.

9.2 42nd Street has a responsibility to monitor and report on information such as uptake of services and service user profile for the purposes of quality assurance and contractual reporting. For example, monitoring of ethnicity of staff and service users is a statutory duty. This includes quantitative and qualitative data including quotes and professional case studies. All data shared is fully anonymised.

9.3 42nd Street is committed to effective statistical monitoring and reporting. It is the Senior Leadership Team’s responsibility to ensure that all monitoring information provided to third parties is produced in a form such that individuals cannot be identified.

10.0 Breaches of Confidentiality

10.1 Section 5 above sets out the procedure where there is a risk of harm to a child or any other person.

10.2 In other circumstances where confidential information may need to be shared with a third party without the consent of the person concerned, this must only happen with the authorisation of the Chief Executive or other identified manager or Trustee with delegated authority.

10.3 Information deemed to be commercially sensitive can only be shared with the permission of the Chief Executive or other identified manager or Trustee with delegated authority.

10.4 Any accidental breach of confidentiality (or near miss) should be reported immediately to the Duty Manager and to a member of the Senior Management Team. 42nd Street complies with external reporting procedures both in relation to reporting to service commissioners and national regulators such as the Information Commissioners Office (ICO).

10.5 Unauthorised breaches of confidentiality or failure to follow this or other policies relating to confidentiality or data protection may result in disciplinary action.

11.0 Legislative framework

11.1 42nd Street will monitor this policy to ensure it meets statutory and legal requirements including those outlined in legislation relating to data protection, safeguarding, employment and the prevention of terrorism.