SupportActionNet's legal briefing on data protection and freedom of information for professionals working with vulnerable people
Confidentiality requires safe keeping of records
Increasingly, service providers are expected to keep records of interventions with clients. While this can seem time-consuming and arduous, good record keeping is key to an effective service, and can help in monitoring and improvement of your service delivery. Records can also help you in obtaining funding - they are a way of demonstrating the work you do and the successes you have. This chapter will help you think about your record keeping process and consider important aspects such as confidentiality, knowledge management and the Data Protection Act.
Minimum Standards | Introduction | Types of records | Confidentiality and recording sensitive information | Access to records | The Data Protection Act | Writing records | Systems and Storage | Training | Monitoring | Sharing Information | Statistical information | Disposal of records | Good Practice Checklist
Most service providers keep records in order to:
Increasingly, recording statistical information about your clients and services is necessary to satisfy funders and to demonstrate equality of access and non-discriminatory practice. Remember that although it can seem onerous, recording such information need not be time consuming and may provide information to back up your funding bids and demonstrate outcomes.
The systems employed and what information is recorded varies between organisations. The present trend, however, is towards local co-ordination of recording, for example common needs assessment, common referral forms, etc.
There are a number of legal and good practice considerations in relation to record keeping. Therefore the collection and storage of this information needs careful planning, training, implementation and monitoring.
This section specifically addresses clients’ records. Good practice on records relating to staffing, finance or other matters can be found in publications such as NCVO guides and Housing Corporation regulations.
back to index
Service providers keep a large quantity of information relating to individual clients, often of a sensitive nature, contained in all or any of the following records:
These records are usually combined to form a ‘client file’. Some services have revolutionised the system of the client or client file by allowing people to look after their own file. In day centres this system is probably best administered where the worker takes copies for a central 'staff' file, but this is with the consent and sign off of the client. This system is felt to be empowering to the clients, and encourage real partnership working on keywork/support plans.
It is common for larger providers to make use of electronic means of storing data. This allows information about client to be available across several projects and prevents the need to duplicate information gathering as the client moves on. The Central Client Database at St Mungo’s is a good example. These systems also allow for statistical analysis of data concerning past and present client, which can be useful, for example, in identifying trends around changing profile of clients and their needs. Shekinah Mission in Plymouth has spearheaded a regional database of homeless people's details in order to better match provision and prevent people having to go over the same questions over and over again. [more...]
Even smaller providers could use computers to develop basic databases of information and to generate statistics.
As well as client’s records, other records need to be kept of daily operations:
“Nothing that detracts from the dignity or worth of the client should be included”
(Salvation Army QSM, May 2000, 3.3.1)
Confidentiality
Confidentiality is about who knows what about whom. In service it involves monitoring who has access to information, what is written about people, and what information is passed on to external agencies.
There are many different approaches to confidentiality within the sector and there remains some confusion about confidentiality. Clients and staff need to be clear about the limits to confidentiality. In other words, under what circumstances staff will pass information to others without the expressed permission of the client.
Organisations collect and hold a lot of information about clients in order to provide effective support. Much of this information will be of a sensitive and personal nature. It is therefore not surprising that some clients feel very uneasy about disclosing information. They will only be reassured if they are confident that the information will be treated confidentially.
Unfortunately, there is scope for misunderstanding between staff and clients over what confidentiality means and the limits to it.
It is important, therefore, that all service providers have a confidentiality policy that addresses:
Principles:
Some practitioners prefer to refer to the 'professional use of information'. This is to say that information on an individual of a personal nature is (only) disclosed where it is important professionally to do so, in order to provide a better, more joined-up service or to minimise and be aware of risks.
Confidentiality generally means information is kept within the project. This means that information given to one member of staff may be shared with other members of staff. Where the provider has several projects, the policy may state that confidentiality is within the organisation.
The policy should set out under what conditions staff will share information outside the organisation without the consent of the client. This may involve situations where not divulging information will create serious risk to the client or someone else, or where the provider is obliged to divulge the information by law to the police or other agency. Providers should be proactive in working with the local police to ensure mutual understanding about confidentiality and legal requirements. Clients should be aware of how information will be disclosed to the police.
The policy should be clear on staff responsibility around handling personal information to keeping records up-to-date. For example, staff need to be mindful of the environment in which they are collecting, receiving or viewing sensitive information. Letters, records, and files (both paper and electronic) should not be written or left where people without authority can see them. Confidential telephone calls should be conducted in private.
back to index
The organisation’s procedures should make clear who should have access to each type of record. The main principle is that clients have a right to see everything recorded about them. However, not every member of staff will need to have access to every piece of information.
It is important that staff:
Each organisation should have a procedure for enabling clients to view their records. Access to records is a fundamental right and guaranteed by the Data Protection Act. The procedure should make accessing records as straightforward as possible.
The procedure may include the following guidelines:
Sometimes a client may disagree with what is written about them, for example when they believe that is not factually accurate. When appropriate, information should be corrected or deleted. If there is a disagreement about changes then this should be noted on the file and the matter referred to a manager for review. If there is no agreement then the client should be able to use the complaints procedure.
Some records may be difficult to share since they contain a lot of information about other clients. An example is the log book (sometimes called the ‘day book’). The policy should be clear about how a client may be able to see information relating to them in the log book. This may have to involve photocopying the parts with relevant information, blanking out sections referring to other clients.
Good practice for a log book or day book is to record only non-sensitive information about individuals in it, but refer the reader to the personal files of the individuals concerned, where they can find more information.
There are rare occasions when a provider may decide to deny a client access from certain information in their records when revealing it would create a serious risk to a client, staff or another person. In such cases, staff make a judgement to deny someone one their fundamental rights. Such decisions should be:
Recording information in service and access by clients creates challenges for staff and managers. Staff may be reluctant to record information about a particularly difficult client if that person can access the file. These issues need to be addressed by management through team meetings and supervision.
back to index
The Data Protection Act (DPA) 1998 legislates for the way in which organisations can collect and process personal information. It sets down requirements for the transmission and use of data, and the rights of the individual to access and protect information about themselves.
Staff should be aware of the requirements of the Data Protection Act as:
A policy and procedure should be put in place to ensure that these requirements are adhered to.
Clients should be informed their rights under the DPA.
For further guidance, see Paul Ticher (2000), ‘Data Protection for Voluntary Organisations’, Directory of Social Change; London
or see the Department of Health's 2000 publication: The Data Protection Act 1998: Guidance for social services.
Writing records is a professional skill that develops with experience. Managers should assist their staff to see good record keeping as part of their professional development.
Extra care should be taken when recording information about clients: all information recorded should be
Generally, providers should only record information based on disclosure by the client themselves, agreed between staff and the client or from direct observation. Great care should be exercised in situations of uncertainty. Staff should avoid presenting opinion as fact. If it is necessary to record an opinion, the entry should be clear that it is an opinion and whose opinion it is. Information provided by other services or individuals should also be attributed. All entries should be signed / initialled by the person making the entry and dated.
Staff should bear in mind that anything they write in files may later be made accessible to an inquiry or court. They should not write anything they would not be prepared to justify in these situations.
When a client has been in the project for some time, new or locum staff will find it helpful if the main points / issues and progress is summarised on a sheet near the front of the file.
back to index
Service providers use many different systems of record-keeping, paper and electronic, which are often developed over time drawing on the experiences of staff.
In this section the records are assumed to belong to the organisation. However, in some projects clients keep their own file, which might include copies of their licence agreement, needs assessment and resettlement plan. They can then take this with them if they move to another project, preventing the need to start again from scratch. If client’s have their own file they should be able to have a secure place to keep it.
Systems should be as simple as possible and should be designed with the user in mind. They should aid the daily operation of the project and the support provided for clients, as well as the longer-term monitoring requirements of the organisation. Standardising the collection of information through standard forms or (pro formas) helps ensuring accessibility, consistency and easy maintenance.
Systems should be periodically evaluated taking into account feedback from all users. Staff will feel happier about using a system when they have been properly consulted on designing or improving it.
A system only operates effectively if it is regularly maintained and updated. Policies and job descriptions should make it clear what responsibility each staff member has with regards the upkeep of records. Systems should be flexible enough so that they can adapt to meet the needs of project development and organisational change.
New staff should be trained in the use of the organisation’s records systems, including:
Recording systems and procedures should be continually monitored to ensure that they meet the needs of staff, managers and the requirements of the law. This could include a regular review cycle as well as random checks. A considerable amount of staff time is wasted if systems are not maintained, and the daily operation and support provided to clients undermined.
back to index
Most information that is recorded about clients will be kept confidential within the project and access only authorised to those who have a need to know within the staff team. However, there will be occasions when sharing information with outside agencies is necessary or in the interest of the client. Confidentiality policies should allow for this, and procedures devised to ensure that the rights of individuals are upheld.
Clients should give their informed and express consent before information is shared outside of the project. Informed consent means that the client understands and agrees what information will be passed on and to whom. They should understand when information will be shared and the possible consequences.
In certain situations, for example where a client presents a danger to themselves or others, information may have to be released without their knowledge or consent. This should be explained at admission and made clear in the house rules or client’s handbook.
In addition, organisations will have arrangements with local police and other organisations and may disclose information as part of this. Ultimately, files can be legally scrutinised by law enforcement agencies following the issue of a warrant. Staff and clients should be aware of when this is appropriate, and the procedures that are followed when this occurs.
In some areas, for example in Birmingham, protocols of information sharing exist in the network of organisations delivering services to homeless people. These protocols aim to ensure homeless people receive a good service and do not have to repeatedly face long interviews giving the same information.
Where these protocols do exist, staff should explain carefully at admission what and how information will be shared so that the client has some choice in what information he or she decides to disclose. Where a service is conditional on disclosure of information this also needs to be clearly stated and the reasons made clear.
If the project is involved in client case conferences involving other agencies, the organisation’s confidentiality policy should cover this and clients should be informed.
back to index
Service projects can gather, collate and make available valuable evidence about the local homelessness situation. Providers should:
Staff have a responsibility to ensure that they record statistical information accurately and consistently.
Information from service will be vital in terms of mapping needs for Supporting People and homelessness strategies
Most organisations will keep records for a period after a client leaves the project. It is good practice to keep all records for at least two years. Some types of records may need to be kept for longer under legal specifications, for example records relevant to financial auditing.
The organisation’s policy should outline when and how records are to be destroyed. Even old records contain sensitive information and steps should be taken to ensure they are not disposed of carelessly. Whenever possible old records should be shredded.
back to index
back to top
