Confidentiality policy

Home-Start in Suffolk Confidentiality policy

Home-Start in Suffolk recognises that the legitimate use of information underpins our service.

1         Introduction

1.1        Background and Confidentiality Principles

  • Those who share sensitive personal information with Home-Start have a right to expect that it will be treated as confidential
  • Personal and confidential information in any form obtained by Home-Start will be handled in compliance with data protection law and only in the ways relevant to the purpose of providing support as set out in our Privacy Notice
  • Access to the information we hold is limited to those who have a genuine need to see and use it in order to fulfil their roles in delivering our service
  • Everyone who works for or with Home-Start understands their duty to maintain the confidentiality and relevance of information that is shared with or by them and the consequences of breaching that confidentiality

1.2        Responsibility for the Principles in Practice

 For Trustees that means:

  • being fully committing to the principles of confidentiality and the management and security of information they receive in the course of their duties
  • being responsible for ensuring that everyone in Home-Start understands and is committed to maintaining confidentiality
  • ensuring that dated and signed records are kept of where access to sensitive information is required along with the reasons for that access
  • ensuring that procedures are in place that mean that the information collected is only what is needed to deliver the service, that it is kept securely in whichever form it takes and is only available to those who need to know (see Data Protection policy)
  • ensuring that procedures are in place for sharing information securely and in line with the Privacy Notice
  • being responsible for dealing with any breach of confidentiality including, if necessary, ending an individual’s association with Home-Start, reporting breaches to the relevant authority and Home-Start UK, and cooperating with any investigation/ prosecution.

For Staff that means:

  • following the principles set out in the policy and the associated Privacy Notice in all their work
  • maintaining the confidentiality and security of all their records in line with our Data Protection policy
  • ensuring that information they hold about others and information they provide about themselves is accurate, up to date and only what is needed to provide the service
  • recognising that everyone involved with Home-Start has a right to confidentiality
  • following the systems and procedures to maintain confidentiality including when sharing with other agencies
  • knowing that where there are concerns about the safety or wellbeing of a child or vulnerable adult, the families, or individual members within the family, need not be informed that their information is being passed on to the relevant authorities if telling them has the potential to cause further harm, or may jeopardise any investigation by Police, Social Care services or other agencies with legal investigatory powers
  • knowing and following the procedures for dealing with a request for information from the police, courts or other agencies with legal powers to collect information
  • being aware that breaches of confidentiality are serious matters and could result in disciplinary action, including dismissal or potential prosecution.

For Volunteers that means:

  • making sure they understand and follow the principles of confidentiality and understand the limits around what information is collected and shared (set out in the Privacy Notice and Data Protection policy) and follow the procedures put in place by Home-Start to maintain that confidentiality
  • being careful not to discuss families they support in ways that would identify them to others, making sure that any information they record about their families is held securely and is destroyed as soon as support is ended in line with our Data Protection policy
  • knowing that breaches of confidentiality are serious and could result in ending their volunteering role and could make them liable to prosecution.

For Families that means:

  • knowing how and why Home-Start will collect information from and about them and in what circumstances it could be shared (set out in the Privacy Notice)
  • having confidence that Home-Start will respect their right to confidentiality and will let them know wherever possible before sharing information about them
  • being aware that if Home-Start believes that telling them that we will share their information might put them or a child at risk of harm we will not tell them first
  • knowing that Home-Start will keep accurate and up to date records and that there are clear limits to how long information is kept in an identifiable form as per our Data Protection policy.

 

Below is a list of policies that are also relevant to confidentiality. You may find it helpful to refer to any of these additional documents when reading and using this policy.

 

Other sources of advice or guidance on issues relating to GDPR/Data Protection/Confidentiality can be obtained from the Information Commissioners Office https://ico.org.uk/

Appendix 1

These are the types procedures you must have in place.

  1. Induction and training

For trustees, staff and volunteers

During induction or the Volunteer Course of Preparation everyone should be made aware of and asked to commit to the Home-Starts Confidentiality principles and procedures by signing the Safeguarding Code of Conduct

For families

During the initial visit the coordinator will go through the Privacy Notice, explaining and trying to ensure understanding. They will also do their best to make any partner not present at the meeting aware of the privacy notice

 

  1. Safeguarding

There are times when trustees, staff and volunteers may need to break confidentiality. If there are concerns about the safety or wellbeing of a child, or a vulnerable adult, data protection law allows the sharing of relevant personal information. In fact, there is a legal and moral obligation to report safety or wellbeing concerns to the relevant authorities. Information shared in these circumstances must be shared in a secure manner and only the minimum personal information necessary for the purpose must be shared. The parties involved should not be informed that information about them has been shared if doing so would jeopardise an investigation by police, social care or other agency with investigatory powers.

  1. Sharing information

3.1 Trustees

Trustees may have access to confidential information.

Where the board has to discuss confidential personnel matters or operationally sensitive items the minutes are taken separately from the normal minutes and their circulation restricted to only those who need to know.

Generally, however, reports to the board about operational matters, services, needs, case studies, etc, will be in an anonymised form.

Trustees are responsible for monitoring how Home-Start handles confidential information and for ensuring there are appropriately secure storage arrangements maintained.

3.2 Staff

When staff share information with other agencies they will need to ensure such agencies have a legitimate interest in knowing the information and that they have appropriate confidentiality, data protection and privacy notices in place which conform with the law.

When discussing families with other staff or volunteers confidentiality should be maintained at all times – in line with this policy and the Data Protection policy. Such discussions should take place in a confidential setting.

When formal requests from courts or police for information are made to Home-Start the trustees should be informed[1]and the material supplied in the form of a witness statement drawn up from actual dated and signed records.

3.3 Volunteers

When meeting for peer support, or training events, volunteers should not discuss the families that they are supporting/have supported in a way which would identify them to others and breach that family’s right to confidentiality.

Diary sheets, and any information held by the volunteer that might identify families, should be stored securely.

 

3.4 Other agencies and external contractors

Confidential information may be shared with relevant agencies who have a legitimate interest in supporting the families in line with the consent given when accepting support.

Families are informed of when such sharing takes place unless to do so would put anyone at risk (see point 2)

Statistical information and case studies for funders or other stakeholders are provided in an anonymous form.

Any third party contractor (e.g. an IT engineer) accessing personal, sensitive information incidental to their work will sign an undertaking ensuring strict confidentiality will be maintained and be under contract to protect the confidentiality and security of the information.

4 Record Keeping

All records are kept securely

Access to records is monitored and restricted to those who have a need to know or a particular role to fulfil (including QA and external auditors)

Trustee, Staff, Volunteer and Family files have a record of access form which is signed and dated by anyone accessing them.

Information in files is the minimum necessary to provide effective support

Publicly accessible displays/notice boards etc should not contain identifiable information about families

Statistical information about families and the service may be shared in an anonymous form

Trustees, staff and volunteers are made aware of their rights under data protection law to access what information Home-Start holds about them.

 

Appendix 2Breach Flow chart

  • A decision will be taken by the Data Protection Trustee on whether to report a breach[2]
  • If a breach may result in adversely affecting individuals’ rights you must also inform those individuals without undue delay.
  • You must keep a record of any personal data breaches regardless of whether you are required to notify.
  • Failing to notify a breach can result in a significant fine.

 

 

[1] Report to Board as at Oct 2021

[2] If breach occurs it is the duty of lead trustee/chair to determine whether the breach is reportable (not all are)