Understand requirements for handling information in health and social care settings
1. Identify legislation and codes of practice that relate to handling information in health and social care
The right to confidentiality is guaranteed partly by the Data Protection Act 1998, partly by the Human Rights Act 1998, and partly by principles established by judges on a case by case basis (the common law). The Data protection Act 1998 sets out eight principles which are in essence a code of good practice for processing personal data. Your workplace policies and procedures will be based around those principles. The Human Rights Act 1998 details the right to a private life. There is also the GSCC code of practice for social care workers, which provides a clear guide for all those who work in social work, setting out the standards of practice and conduct workers and their employers should meet with regards the handling of information. There is also Caldecott standards which govern the sharing of information based on the Data protection Act
2. Summarise the main points of legal requirements and codes of practice for handling information in health and social care.
DATA PROTECTION ACT 1998
The data protection act sets out 8 principles governing the use of personal information • Personal data shall be processed fairly and lawfully • Personal data shall be obtained only for one or more specified and lawful purposes • Personal data shall be adequate, relevant and not excessive • Personal data shall be accurate and, where necessary, kept up to date. • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary • Personal data shall be processed in accordance with the rights of data subjects under this Act • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. • Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Human Rights Act 1998 (HRA98)
Article 8 of the European Convention on Human Rights establishes a right to ‘respect for private and family life’. This underscores the duty to protect individual privacy and preserve the confidentiality of health and social care records. Current understanding is that compliance with the Data Protection Act 1998 and the common law of confidentiality should satisfy Human Rights requirements.
GSCC Code of practice
The code of practice states social worker should/not
• Respecting confidential information and clearly explaining agency policies about confidentiality to service users and carers • Abuse the trust of service users and carers or the access you have to personal information about them or to their property, home or workplace • Maintaining clear and accurate records as required by procedures established for your work.
The Caldicott Report set out a number of general principles that health and social care organisations should use when reviewing its use of client information • Justify the purpose(s)
• Do not use personally identifiable information unless it is absolutely necessary. • Use the minimum personally identifiable information. • Access to personally identifiable information should be on a strict need to know basis. • Everyone should be aware of their responsibilities.
• Understand and comply with the law.
FREEDOM OF INFORMATION ACT (2000)
The Act provides a general right of access to information held by Public Authorities (PA). Anyone can request...