Data Management and Confidentiality in Information Governance Quiz

Questions and Answers

Which of the following types of information can be included in a service user's Electronic Health Records (EHRs)?

Financial records

Supervision notes (correct)

Educational certificates

Social media posts

Who has the legal right to access their Electronic Health Records (EHRs)?

Service users (correct)

Government agencies

Healthcare practitioners

Insurance companies

What should therapists consider when sharing sensitive information from a service user's health record?

The practitioner's convenience

The organization's policies

The service user's consent (correct)

The practitioner's personal opinion

What should therapists ensure about the records they make, keep, or access?

They are accurate and up to date

When is it necessary to obtain Caldicott Approval for research involving patient identifiable information?

For almost all research involving participant or participant data collected from an NHS Healthcare setting

True or false: Service users have the legal right to access their Electronic Health Records (EHRs).

True

True or false: Therapists should make, keep, and disclose information in records only in accordance with national policy and legislation.

True

True or false: Sharing records with service users supports a collaborative approach and enables full and effective involvement.

True

True or false: Caldicott approvals apply to most forms of service evaluation or audit data.

True

True or false: Research projects that are not service evaluation or audit will be required to go through formal IRAS REC procedures.

True

What is the purpose of obtaining Caldicott Approval for research involving patient identifiable information?

Obtaining Caldicott Approval for research involving patient identifiable information is necessary whenever the information is to be collected outside the protocols of normal clinical practice.

What variations may exist between health boards regarding Caldicott approval requirements?

There may be some variations between health boards regarding what level of service requires Caldicott approval.

What types of information can be included in a service user's Electronic Health Records (EHRs)?

The types of information that can be included in a service user's Electronic Health Records (EHRs) include clinical notes, emails, supervision notes, process notes, photos, and social networking exchanges.

Who is ultimately responsible for any consequences regarding requests for sharing a service user's health record with third-party practitioners?

A service user with competence, as determined by the practitioner, is ultimately responsible for any consequences regarding requests for sharing their own health record with any third-party practitioners.

What should therapists ensure about the records they make, keep, or access?

Therapists should ensure that the records they make, keep, or access are systematic, appropriately detailed, in clear language/format, accurate and up to date, relevant to professional work, and to the purpose for which they were collected.

Study Notes

Managing Data and Confidentiality

• Records made, kept, or accessed by therapists should be: systematic, appropriately detailed, in clear language/format, accurate, up to date, and relevant to professional work and purpose.

Information Governance

• Therapists should keep and disclose information in records only in accordance with national policy and legislation, and the policies and procedures of the organisation(s) they are employed by or working in collaboration with.
• Clients have a legal right to access records concerning them, and this right is enshrined in legislation.

Shared Records

• Client-based records are designed as shared documents to facilitate inter-professional communication and ensure safe and effective delivery of high-quality services.
• Records may be shared among organisations/agencies to facilitate care and/or safeguard the client or others, including the general public.
• Clients have the right to object to their data being disclosed to a third party, even someone who might provide essential healthcare.

Retention and Destruction of Records

• Independent practitioners: keep records relating to contact with adults for 7 years and follow NHS guidance in relation to children.
• In the NHS: records are kept until age 26 for people seen as children, 20 years after the last contact for adults, and 8 years after death if the death occurred while the person was in the care of the NHS.
• In education settings (Education Health and Care Plans): records are kept for 35 years after the case has been closed.

Duty to Maintain Confidentiality

• Clients are entitled to expect that the information they give to therapists about themselves and others will remain confidential.
• Therapists must inform clients of their confidentiality standards and practice, and the limits of confidentiality where information may be shared and confidentiality breached.
• Use of client data for audit must follow the Caldicott principles, which provide guidance on when to use client-identifiable data and when to use anonymised data.

Disclosure of Information

• Specific informed consent is required from clients for disclosure of information.
• There are circumstances where informed consent may not be possible or may not apply, such as where the health, safety, security, or welfare of the client or someone else may be at risk.
• Therapists must weigh the arguments for and against disclosure without a client's consent, and the responsibility for this decision lies with the individual psychologist.

Confidentiality with Children and Young People

• Discuss and agree with the child or young person who will have access to the information arising from the work, with direct reference to principles of 'Gillick competence'.
• The wishes of a 'Gillick competent' young person should take precedence unless there are safeguarding concerns.

Confidentiality during Training

• No academic/training documents should identify clients to whom they relate.
• Keep separate records that are part of the provision of psychological service and belong to the service organisation, and papers that are anonymised and part of the trainee's academic learning.
• Express consent should be obtained by trainees before audio- or video-recording their interactions with clients.

Legal Frameworks

• The legislation that is relevant to decisions around storing and sharing electronic health records and the use of record data includes: the UK Data Protection Act, 2018, the Freedom of Information Act, and the Mental Capacity Act.

• All personally identifiable data held about a service user in an electronic record, email, or document is subject to these regulations, even if pseudonymised.### Informed Consent and Data Protection

• Informed consent is required before publishing client material in an identifiable format in case studies, presentations, or research reports.

• The UK Data Protection Act (2018) and the EU General Data Protection Regulation (GDPR) are relevant to storing and sharing electronic health records and using record data.

• The Freedom of Information Act and the Mental Capacity Act are also relevant to decisions around storing and sharing electronic health records.

Electronic Health Records and Data

• All personally identifiable data held about a service user in an electronic record, email, or document is subject to data protection regulations, even if pseudonymised.
• This includes clinical notes, emails, supervision notes, process notes, photos, and social networking exchanges.
• Service users have the legal right to access their Electronic Health Records (EHRs).

Sensitive Information and Consent

• Additional considerations are needed when handling sensitive information, such as sexual or reproductive history.
• The service user is the owner of their health record and is ultimately responsible for any consequences regarding requests for sharing their own health record with third-party practitioners.

Information Governance

• Therapists must make, keep, and disclose information in records in accordance with national policy and legislation, and the policies and procedures of their organisation.
• Records must be: systematic, appropriately detailed, in clear language/format, accurate, up to date, and relevant to professional work and purpose.
• It is good practice to give service users feedback on the content of their records.

Sharing Records and Research

• Sharing records with service users supports a collaborative approach and enables full and effective involvement.
• The Caldicott Guardian approval is necessary for collecting patient identifiable information outside normal clinical practice protocols.
• This applies to almost all research involving participants or participant data collected from an NHS Healthcare setting.
• Caldicott approvals also apply to most forms of service evaluation or audit data.
• Research projects that are not service evaluation or audit will require formal IRAS REC procedures.

Description

Test your knowledge on managing data and confidentiality in information governance. Learn about the importance of following national policies and legislation, as well as organizational procedures, when it comes to keeping and disclosing information. Explore the key qualities of records made, kept, or accessed by therapists.