DHS 2: Promote Good Practice in Handling Information in Health and Social Care Settings1. Understand requirements for handling information in health and social care settings. 1.1 Identify legislation and codes of practice that relate to handling information in health and social care. Legislation and codes of practice that relate to handling information in health and social care are as follows: * Data Protection Act 1998 * Freedom of Information Act 2000 * Carers Code of Practice * Caldecott Principles * Human Rights Act1998 * Caldecott Principles * Care Standards Act The Data Protection Act 1998 is a key piece of legislation to ensure people’s rights regarding the confidentiality of their personal information.
It highlights 8 principles that define good practice when handling someone else’s personal data and breaching these principles can lead to serious legal implications. In health and social care many policies and procedures are based on the principles of the Data Protection Act to ensure that client details remain confidential. The Human Rights Act 1998 also states the right to a private life.
The right to have one’s private life respected also includes that private and confidential information gets respected and that details are shared and stored in accordance with strict rules and regulations. The Caldecott Standards also provide additional guidance for health and social care providers on how to manage confidentiality and access personal information in accordance with the Data Protection Act. It highlights 6 principles on how to protect and handle personal information correctly. The Freedom of Information act 2000 creates the right of access’ to the public of general information help by public authorities, local authorities and the National Health Service. Personal data cannot be accessed as this is protected by the Data Protection Act 1998. Carers Code of Practice One of the central codes of practice in health and social care has been provided by the GSCC and it sets standards of practice and behaviour for staff working in that field, including standards for handling information and maintaining confidentiality. Other legal sources of information regarding handling information are stipulated through common law and the rulings of individual cases. 1.2 Summarise the main points of legal requirements and codes of practice for handling information in a health and social care. The main points of legal requirements and codes of practice for handling information in health and social care are as follows: The data must be * fairly and lawfully processed * processed for limited purposes * Adequate, relevant and not excessive * Accurate * Not kept for longer than necessary * processed in accordance with the data subject’s rights * kept secure * Not transferred to countries without adequate protection Data Protection Act 1998 – 8 principles: * Personal data needs to be processed fairly and lawfully * Personal data needs to only be processed for one or more specified and lawful purposes * Personal data needs to be adequate, relevant and not excessive * Personal data needs to be accurate and (where appropriate) kept up to date * Personal data shall not be kept for longer than necessary * Personal data needs to be processed in accordance with the Data Protection Act 1998 and the many rights of individuals * appropriate measures need to be taken to ensure that personal data does not get lost, damaged or destructed and that it cannot be unlawfully processed or access without authorisation * Personal data shall not be transferred to countries outside the European Economic Area – the EU plus Norway, Iceland and Liechtenstein – that do not have adequate protection for individuals’ personal information; unless a condition from Schedule four of the Act can be met. Human Rights Act 1998: * Article 8 highlights the right to private and family life, which consequently put a duty on health and social care providers to protect clients’ privacy and maintain confidentiality of their personal information. * Providing that organisations work in accordance with the Data Protection Act and rulings from the common law, they should be in line with the requirements of the Human Rights Act. Codes of practice from GSCC: * Care employees need to respect confidential information and clearly explain agency policies about confidentiality to service users and carers * They must not abuse the trust of service users and carers or the access they have to personal information about them or to their property, home or workplace * Care employees need to maintain clear and accurate records as required by procedures established for their work Caldecott principles: * justify the purpose for processing the client information* Only use personally identifiable information if absolutely necessary * use the minimum personally identifiable information * Employees should only have access to confidential information on a need to know basis * All care staff need to be aware of their responsibilities with regards to confidential information * Staff and organisations need to understand and comply with the law.2. Be able to implement good practice in handling information. 2.1 Describe features of manual and electronic information storage systems that help ensure security. * Use passwords on computers and files, frequently change passwords * Lock the computer when leaving the desk * Lock confidential papers in a cabinet * Only unlock cabinets when they are needed * Shred confidential paper waste * Ensure that telephone calls cannot be overheard * Meetings should be conducted in a separate area where they cannot be overheard * Only necessary information should be shared, on a need to know basis * For a telephone call, the identity of the caller needs to be clearly confirmed before sharing any information * Do not discuss confidential information or other clients in front others (e.g. in conversations with clients or double-ups with other colleagues) * Encrypt files and safely store any electronic data (e.g. USB sticks or discs in a safe of locked cabinet) * Manual security storage systems are locked away – usually via lock and key, such as cases, wardrobes, etc. Its better if they are stored in room with restricted access so, no any disentitled person will be able to read them at all. As a result, dates will be safer. * The electronic security systems are generally held on computer protected via passwords and firewall.