Data Management and Confidentiality in Information Governance Quiz

Managing Data and Confidentiality

• Records made, kept, or accessed by therapists should be: systematic, appropriately detailed, in clear language/format, accurate, up to date, and relevant to professional work and purpose.

Information Governance

• Therapists should keep and disclose information in records only in accordance with national policy and legislation, and the policies and procedures of the organisation(s) they are employed by or working in collaboration with.
• Clients have a legal right to access records concerning them, and this right is enshrined in legislation.

Shared Records

• Client-based records are designed as shared documents to facilitate inter-professional communication and ensure safe and effective delivery of high-quality services.
• Records may be shared among organisations/agencies to facilitate care and/or safeguard the client or others, including the general public.
• Clients have the right to object to their data being disclosed to a third party, even someone who might provide essential healthcare.

Retention and Destruction of Records

• Independent practitioners: keep records relating to contact with adults for 7 years and follow NHS guidance in relation to children.
• In the NHS: records are kept until age 26 for people seen as children, 20 years after the last contact for adults, and 8 years after death if the death occurred while the person was in the care of the NHS.
• In education settings (Education Health and Care Plans): records are kept for 35 years after the case has been closed.

Duty to Maintain Confidentiality

• Clients are entitled to expect that the information they give to therapists about themselves and others will remain confidential.
• Therapists must inform clients of their confidentiality standards and practice, and the limits of confidentiality where information may be shared and confidentiality breached.
• Use of client data for audit must follow the Caldicott principles, which provide guidance on when to use client-identifiable data and when to use anonymised data.

Disclosure of Information

• Specific informed consent is required from clients for disclosure of information.
• There are circumstances where informed consent may not be possible or may not apply, such as where the health, safety, security, or welfare of the client or someone else may be at risk.
• Therapists must weigh the arguments for and against disclosure without a client's consent, and the responsibility for this decision lies with the individual psychologist.

Confidentiality with Children and Young People

• Discuss and agree with the child or young person who will have access to the information arising from the work, with direct reference to principles of 'Gillick competence'.
• The wishes of a 'Gillick competent' young person should take precedence unless there are safeguarding concerns.

Confidentiality during Training

• No academic/training documents should identify clients to whom they relate.
• Keep separate records that are part of the provision of psychological service and belong to the service organisation, and papers that are anonymised and part of the trainee's academic learning.
• Express consent should be obtained by trainees before audio- or video-recording their interactions with clients.

Legal Frameworks

• The legislation that is relevant to decisions around storing and sharing electronic health records and the use of record data includes: the UK Data Protection Act, 2018, the Freedom of Information Act, and the Mental Capacity Act.

• All personally identifiable data held about a service user in an electronic record, email, or document is subject to these regulations, even if pseudonymised.### Informed Consent and Data Protection

• Informed consent is required before publishing client material in an identifiable format in case studies, presentations, or research reports.

• The UK Data Protection Act (2018) and the EU General Data Protection Regulation (GDPR) are relevant to storing and sharing electronic health records and using record data.

• The Freedom of Information Act and the Mental Capacity Act are also relevant to decisions around storing and sharing electronic health records.

Electronic Health Records and Data

• All personally identifiable data held about a service user in an electronic record, email, or document is subject to data protection regulations, even if pseudonymised.
• This includes clinical notes, emails, supervision notes, process notes, photos, and social networking exchanges.
• Service users have the legal right to access their Electronic Health Records (EHRs).

Sensitive Information and Consent

• Additional considerations are needed when handling sensitive information, such as sexual or reproductive history.
• The service user is the owner of their health record and is ultimately responsible for any consequences regarding requests for sharing their own health record with third-party practitioners.

Information Governance

• Therapists must make, keep, and disclose information in records in accordance with national policy and legislation, and the policies and procedures of their organisation.
• Records must be: systematic, appropriately detailed, in clear language/format, accurate, up to date, and relevant to professional work and purpose.
• It is good practice to give service users feedback on the content of their records.

Sharing Records and Research

• Sharing records with service users supports a collaborative approach and enables full and effective involvement.
• The Caldicott Guardian approval is necessary for collecting patient identifiable information outside normal clinical practice protocols.
• This applies to almost all research involving participants or participant data collected from an NHS Healthcare setting.
• Caldicott approvals also apply to most forms of service evaluation or audit data.
• Research projects that are not service evaluation or audit will require formal IRAS REC procedures.