Confidentiality requires safe keeping of records
Increasingly, service providers are expected to keep records of interventions with clients. While this can seem time-consuming and arduous, good record keeping is key to an effective service, and can help in monitoring and improvement of your service delivery. Records can also help you in obtaining funding - they are a way of demonstrating the work you do and the successes you have. This chapter will help you think about your record keeping process and consider important aspects such as confidentiality, knowledge management and the Data Protection Act.
- The provider has policies and procedures for handling information about clients, including confidentiality and data protection
- Record keeping systems are maintained and regularly monitored
- Staff are trained in the operation of recording systems and understand the scope of their authority to access information
- Staff understand and work in line with the requirements of the Data Protection Act
- Clients are aware of their rights to access information and are enabled to exercise these rights
- There are policies and procedures for sharing information with external agencies and clients are made aware of this on admission.
- Records are written in a clear, concise and impartial manner and are dated and signed by the author
- Statistical data is made available to inform development of local homelessness strategy
Most service providers keep records in order to:
- manage the daily operation of their projects
- provide better support to clients
- inform the project’s longer term development
- contribute to local homelessness strategies
Increasingly, recording statistical information about your clients and services is necessary to satisfy funders and to demonstrate equality of access and non-discriminatory practice. Remember that although it can seem onerous, recording such information need not be time consuming and may provide information to back up your funding bids and demonstrate outcomes.
The systems employed and what information is recorded varies between organisations. The present trend, however, is towards local co-ordination of recording, for example common needs assessment, common referral forms, etc.
There are a number of legal and good practice considerations in relation to record keeping. Therefore the collection and storage of this information needs careful planning, training, implementation and monitoring.
This section specifically addresses clients’ records. Good practice on records relating to staffing, finance or other matters can be found in publications such as NCVO guides and Housing Corporation regulations.
back to index
Service providers keep a large quantity of information relating to individual clients, often of a sensitive nature, contained in all or any of the following records:
- referral and admission forms
- keyworking notes, agreements, needs assessments, and plans
- resettlement agreements and plans
- needs assessments
- risk assessments and management plans
- minutes of meetings with clients
- records of warnings, exclusions and bans
- correspondence on behalf of or about clients.
These records are usually combined to form a ‘client file’. Some services have revolutionised the system of the client or client file by allowing people to look after their own file. In day centres this system is probably best administered where the worker takes copies for a central 'staff' file, but this is with the consent and sign off of the client. This system is felt to be empowering to the clients, and encourage real partnership working on keywork/support plans.
It is common for larger providers to make use of electronic means of storing data. This allows information about client to be available across several projects and prevents the need to duplicate information gathering as the client moves on. The Central Client Database at St Mungo’s is a good example. These systems also allow for statistical analysis of data concerning past and present client, which can be useful, for example, in identifying trends around changing profile of clients and their needs. Shekinah Mission in Plymouth has spearheaded a regional database of homeless people's details in order to better match provision and prevent people having to go over the same questions over and over again. [more...]
Even smaller providers could use computers to develop basic databases of information and to generate statistics.
As well as client’s records, other records need to be kept of daily operations:
- log book (day book)
- hand-over records
- medication records
- accident book (health and safety)
- incident reporting file.
“Nothing that detracts from the dignity or worth of the client should be included”
(Salvation Army QSM, May 2000, 3.3.1)
Confidentiality is about who knows what about whom. In service it involves monitoring who has access to information, what is written about people, and what information is passed on to external agencies.
There are many different approaches to confidentiality within the sector and there remains some confusion about confidentiality. Clients and staff need to be clear about the limits to confidentiality. In other words, under what circumstances staff will pass information to others without the expressed permission of the client.
Organisations collect and hold a lot of information about clients in order to provide effective support. Much of this information will be of a sensitive and personal nature. It is therefore not surprising that some clients feel very uneasy about disclosing information. They will only be reassured if they are confident that the information will be treated confidentially.
Unfortunately, there is scope for misunderstanding between staff and clients over what confidentiality means and the limits to it.
It is important, therefore, that all service providers have a confidentiality policy that addresses:
- what the organisation means by “confidentiality” and why it is important
- what information will be collected
- how it will be recorded
- who will have access to it
- how will it be used
- informed consent – how clients will be asked for consent
- sharing of information within the organisation
- sharing of information outside the organisation
- circumstances in which information may be shared without the client’s express consent
- security of electronically stored data (e.g. against hacking)
Some practitioners prefer to refer to the 'professional use of information'. This is to say that information on an individual of a personal nature is (only) disclosed where it is important professionally to do so, in order to provide a better, more joined-up service or to minimise and be aware of risks.
Confidentiality generally means information is kept within the project. This means that information given to one member of staff may be shared with other members of staff. Where the provider has several projects, the policy may state that confidentiality is within the organisation.
The policy should set out under what conditions staff will share information outside the organisation without the consent of the client. This may involve situations where not divulging information will create serious risk to the client or someone else, or where the provider is obliged to divulge the information by law to the police or other agency. Providers should be proactive in working with the local police to ensure mutual understanding about confidentiality and legal requirements. Clients should be aware of how information will be disclosed to the police.
The policy should be clear on staff responsibility around handling personal information to keeping records up-to-date. For example, staff need to be mindful of the environment in which they are collecting, receiving or viewing sensitive information. Letters, records, and files (both paper and electronic) should not be written or left where people without authority can see them. Confidential telephone calls should be conducted in private.
back to index
The organisation’s procedures should make clear who should have access to each type of record. The main principle is that clients have a right to see everything recorded about them. However, not every member of staff will need to have access to every piece of information.
It is important that staff:
- are aware that clients have a right to access the information about them
- enable clients to exercise this right.
Each organisation should have a procedure for enabling clients to view their records. Access to records is a fundamental right and guaranteed by the Data Protection Act. The procedure should make accessing records as straightforward as possible.
The procedure may include the following guidelines:
- find out why the client wants to see the records. they may want to see something specific, such as the record of a particular incident, and not their whole file
- make an appointment to meet the client with their records
- collate the records, removing all information relating to other people
- present the records to the client and offer to take them through it. when necessary, explain how the different records are used and be prepared to answer any questions clients may have
- give copies of the records to the client if requested.
Sometimes a client may disagree with what is written about them, for example when they believe that is not factually accurate. When appropriate, information should be corrected or deleted. If there is a disagreement about changes then this should be noted on the file and the matter referred to a manager for review. If there is no agreement then the client should be able to use the complaints procedure.
Some records may be difficult to share since they contain a lot of information about other clients. An example is the log book (sometimes called the ‘day book’). The policy should be clear about how a client may be able to see information relating to them in the log book. This may have to involve photocopying the parts with relevant information, blanking out sections referring to other clients.
Good practice for a log book or day book is to record only non-sensitive information about individuals in it, but refer the reader to the personal files of the individuals concerned, where they can find more information.
There are rare occasions when a provider may decide to deny a client access from certain information in their records when revealing it would create a serious risk to a client, staff or another person. In such cases, staff make a judgement to deny someone one their fundamental rights. Such decisions should be:
- allowed for in policy and procedures
- agreed by senior managers
- considered in the light of the legal duty under the Data Protection Act
- recorded appropriately.
Recording information in service and access by clients creates challenges for staff and managers. Staff may be reluctant to record information about a particularly difficult client if that person can access the file. These issues need to be addressed by management through team meetings and supervision.
back to index
The Data Protection Act (DPA) 1998 legislates for the way in which organisations can collect and process personal information. It sets down requirements for the transmission and use of data, and the rights of the individual to access and protect information about themselves.
Staff should be aware of the requirements of the Data Protection Act as:
- they affect their responsibilities and duties;
- they affect the rights of clients
A policy and procedure should be put in place to ensure that these requirements are adhered to.
Clients should be informed their rights under the DPA.
For further guidance, see Paul Ticher (2000), ‘Data Protection for Voluntary Organisations’, Directory of Social Change; London
or see the Department of Health's 2000 publication: The Data Protection Act 1998: Guidance for social services.
Writing records is a professional skill that develops with experience. Managers should assist their staff to see good record keeping as part of their professional development.
Extra care should be taken when recording information about clients: all information recorded should be
- indicate the source of the information
- in plain, jargon-free English
Generally, providers should only record information based on disclosure by the client themselves, agreed between staff and the client or from direct observation. Great care should be exercised in situations of uncertainty. Staff should avoid presenting opinion as fact. If it is necessary to record an opinion, the entry should be clear that it is an opinion and whose opinion it is. Information provided by other services or individuals should also be attributed. All entries should be signed / initialled by the person making the entry and dated.
Staff should bear in mind that anything they write in files may later be made accessible to an inquiry or court. They should not write anything they would not be prepared to justify in these situations.
When a client has been in the project for some time, new or locum staff will find it helpful if the main points / issues and progress is summarised on a sheet near the front of the file.
back to index
Service providers use many different systems of record-keeping, paper and electronic, which are often developed over time drawing on the experiences of staff.
In this section the records are assumed to belong to the organisation. However, in some projects clients keep their own file, which might include copies of their licence agreement, needs assessment and resettlement plan. They can then take this with them if they move to another project, preventing the need to start again from scratch. If client’s have their own file they should be able to have a secure place to keep it.
Systems should be as simple as possible and should be designed with the user in mind. They should aid the daily operation of the project and the support provided for clients, as well as the longer-term monitoring requirements of the organisation. Standardising the collection of information through standard forms or (pro formas) helps ensuring accessibility, consistency and easy maintenance.
Systems should be periodically evaluated taking into account feedback from all users. Staff will feel happier about using a system when they have been properly consulted on designing or improving it.
A system only operates effectively if it is regularly maintained and updated. Policies and job descriptions should make it clear what responsibility each staff member has with regards the upkeep of records. Systems should be flexible enough so that they can adapt to meet the needs of project development and organisational change.
New staff should be trained in the use of the organisation’s records systems, including:
- the various records and systems
- their responsibilities in recording information
- the confidentiality policy
- client access to records
- responsibilities under the Data Protection Act 1998.
Recording systems and procedures should be continually monitored to ensure that they meet the needs of staff, managers and the requirements of the law. This could include a regular review cycle as well as random checks. A considerable amount of staff time is wasted if systems are not maintained, and the daily operation and support provided to clients undermined.
back to index
Service projects can gather, collate and make available valuable evidence about the local homelessness situation. Providers should:
- ensure their systems are designed to streamline the collection of relevant data
- ensure staff are aware of the importance of this function.
Staff have a responsibility to ensure that they record statistical information accurately and consistently.
Information from service will be vital in terms of mapping needs for Supporting People and homelessness strategies
Most organisations will keep records for a period after a client leaves the project. It is good practice to keep all records for at least two years. Some types of records may need to be kept for longer under legal specifications, for example records relevant to financial auditing.
The organisation’s policy should outline when and how records are to be destroyed. Even old records contain sensitive information and steps should be taken to ensure they are not disposed of carelessly. Whenever possible old records should be shredded.
back to index
- Written confidentiality policy and procedure
- Staff trained in using recording systems and handling sensitive information
- Clients informed of their rights to access information and confidentiality
- Records are stored securely
- Quality of records monitored on a continuing basis
- Consent forms used when sharing information with external bodies, except in clearly defined exceptional circumstances
- Guidance for staff on handling requests from clients to view information held about them
- Access to records is limited to only those with authority and detailed in policy
- Access to information by law enforcement bodies is detailed in policy
- Procedure for the disposal of records
back to top