Care Clarity Support & Advocacy

Data Protection Policy

Data Protection and Confidentiality Policy and Procedure message

CR07 – Data Protection and confidentiality Policy and

Procedure

This policy details the rights of Clients in relation to confidentiality, UK GDPR, data protection and the issues that staff need to be aware of. It has also been reviewed and updated in Section to present information about Values, Aims and Objectives. For these changes to reflect in the policy, the system details questionnaire will need to be updated. References and further reading links have also been checked and updated.

  • The Care Act 2014
  • Freedom of Information Act 2000
  • Human Rights Act 1998
  • Data Protection Act 2018
  • UK GDPR
  • The Health and Social Care (Safety and Quality) Act 2015
  • Author: NHS Digital, (2025), Code of Practice on confidential Information

Available from: https://digital.nhs.uk/data-and-information/looking-after-information/informa… data-security-and-information-governance/codes-of-practice-for-handling-information- in-health-and-care/code-of-practice-on-confidential-information

  • Author: GOV UK, (2024), Information Sharing Advice for Safeguarding Practitioners –

Guidance on information sharing for people who provide safeguarding services to children, young people, parents and carers Available from: https://www.gov.uk/ government/publications/safeguarding-practitioners-information-sharing-advice

  • Author: national Data Guardian, (2021), Guidance about the policy documentsointment of Caldicott

Guardians, Their Role and Responsibilities Available from: https://www.gov.uk/ government/publications/national-data-guardian-guidance-on-the-appointment-of- caldicott-guardians-their-role-and-responsibilities

  • Author: ICO, (2025), Getting Started with Data Protection – A step-by-step guide

Available from: https://ico.org.uk/ organisations/your-beginner-s-guide-to-data-protection/

  • Author: national Cyber Security Centre, (2025), small Business Guide: Cyber Security

Available from: https://www.ncsc.gov.uk/collection/small-business-guide

  • Author: NHS Digital, (2022), A Guide to confidentiality in Health and Social Care

Available from: https://digital.nhs.uk/data-and-information/looking-after-information/ information/data-security-and-information-governance/codes-of-practice-for-handling- information-in-health-and-care/a-guide-to-confidentiality-in-health-and-social-care

  • Author: NICE, (2018), Decision-Making and Mental Capacity

https://www.nice.org.uk/guidance/ng108

  • Author: Digital Care Hub, (2025), Advice and Support to the Adult Social Care Sector on Technology, Data Protection and Cyber Security Available from: https://www.digitalcarehub.co.uk/

The company aims to

*Offer skilled care to enable people supported by us to achieve their optimum state of health and well-being. *Treat all people supported by us and all people who work here with respect at all times. *Uphold the human and citizenship rights of all who work and visit here and of all Clients. *Support individual choice and personal decision-making as the right of all Clients. *Respect and encourage the right of independence of all Clients. *Recognise the individual uniqueness of Clients, staff and visitors, and treat them with dignity and respect at all times. *Respect individual requirement for privacy at all times and treat all information relating to individuals in a confidential manner. *Recognise the individual need for personal fulfilment and offer individualised programmes of meaningful activity to satisfy that need of Clients and staff. To detail the rights of Clients relating to confidentiality and data protection and issues that staff need to be aware of when processing confidential information within Care Clarity Support & Advocacy Ltd. This is one of a suite of policies that relates to Data Protection, Information governance, Data Quality and Security and the Human rights of Clients and dovetails to form a framework that ensures full legal compliance and best practice. To support Care Clarity Support & Advocacy Ltd in meeting the following Quality Statements:

Relevant Legislation

  • The Care Act 2014
  • Freedom of Information Act 2000
  • Human Rights Act 1998
  • Data Protection Act 2018
  • UK GDPR
  • The Health and Social Care (Safety and Quality) Act 2015

Roles Affected

  • all Staff

People Affected

  • Clients

Stakeholders Affected

  • Family
  • Advocates
  • Commissioners
  • external health professionals
  • Local Authority
  • NHS

To outline the principles related to confidentiality and to support staff in applying these principles. To establish the approach of Care Clarity Support & Advocacy Ltd to ensuring the confidentiality of personally identifiable information. To inform Clients, their families, legal representatives, stakeholders and Care Clarity Support & Advocacy Ltd confidentiality obligations of Care Clarity Support & Advocacy Ltd staff about the confidentiality obligations of Care Clarity Support & Advocacy Ltd and how we intend to meet them.

To inform staff working for, or on behalf of Care Clarity Support & Advocacy Ltd of their responsibilities with regards to confidentiality and personally identifiable information and how Care Clarity Support & Advocacy Ltd will enable these to be met. Care Clarity Support & Advocacy Ltd recognises that we have a duty of confidentiality to the Clients and staff. We believe that respecting a person’s right to a private life, which includes confidentiality, is important in ensuring a trusting, caring and supportive environment where both Clients and staff are confident that information about them will be protected safely and not shared inappropriately or unnecessarily. It is the policy of Care Clarity Support & Advocacy Ltd that we will only share information that is in the best interest of the Clients and with their consent. Sharing of information will be carried out in line with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Mental Capacity Act and Best Interests policies and procedures at Care Clarity Support & Advocacy Ltd. We aim to comply with the relevant legislation and include the Caldicott Principles. Care Clarity Support & Advocacy Ltd understands its obligations to appoint a Caldicott Guardian in line with guidance from the national Data Guardian for Health and Social Care. Further information is available in the Caldicott Guardian Policy and Procedure.

  • all staff will ensure that all Client information remains confidential. Clients have the right to expect that personal information held about them is not accessed, used or disclosed improperly
  • The same duty of confidentiality applies to personal information about staff with the exception of names and job titles. Information about Directors, which is published, and therefore is a matter of public record, is also excepted
  • all staff have the individual responsibility for ensuring that they conform to the Caldicott principles, UK GDPR, Data Protection Act (DPA) 2018 and Article 8 Human Rights Act (HRA) 1998
  • Staff must not inappropriately access, misuse or share any information or allow others to do so. Staff are personally liable for deliberate or reckless breaches of the UK GDPR, Data Protection Act and may be liable to disciplinary action and/or prosecution
  • Any personal information given or received in confidence for one purpose may not generally be used for a different purpose, or passed to anyone else without the consent of the provider of the information
  • We will share with Clients, their families and their carers, as far as the law allows, the information they want or need to know about their health, care and ongoing treatment, sensitively and in a way that they can understand
  • confidential information will not be used for a different purpose or passed on to anyone else without the consent of the information provider
  • There may be occasions when it could be detrimental to the Client or to another individual if this principle is strictly adhered to
  • There is a recognition that breaches of confidence are often unintentional. They are often caused by staff conversations being overheard, by files being left unattended, or by poor computer security. however, the consequences could be equally serious for all concerned Care Clarity Support & Advocacy Ltd will ensure that personally identifiable information will always be held securely and, when used, treated with respect. This rule will apply regardless of where the information is held
  • Although the UK General Data Protection Regulation (UK GDPR) and the Data

Protection Act no longer applies to identifiable data that relate to a person once they have died, we respect that any duty of confidence established prior to death continues after the Client has died

  • all information regarding the Clients we support will be treated with respect and integrity
  • We will be transparent in our approach to ensure that anyone associated with Care Clarity Support & Advocacy Ltd (whether Client, staff or visitor) is fully aware of how, what, when, who and why we share any information about them and source their agreement before doing so all relevant staff will be bound by their professional code of ethics issued by their relevant licensing body, such as the General Medical Council, The Nursing and Midwifery Council and the Royal Pharmaceutical Society. Care Workers will follow the skills for Care Code of Conduct for Healthcare Support Workers and Adult Social Care Workers in England. all staff must sign a confidentiality agreement as part of their contract of employment (a template can be found within the forms section of this policy). The confidentiality agreement also extends to agency and contract workers.
  • Ensuring that systems and processes are in place for the security of records and they are reviewed to ensure that they remain fit for purpose
  • Ensuring that all staff understand this policy at the start of employment and that its importance is reiterated during supervision or team meetings
  • Ensuring that staff have received the appropriate training and are competent in their role

Reviewing, monitoring and auditing practice within Care Clarity Support & Advocacy Ltd to ensure that staff remain knowledgeable

  • Acting on any breaches in confidentiality in a timely manner and notifying the appropriate bodies
  • Ensuring that confidentiality rules are never used as a barrier to sharing appropriate information and fulfilling Duty of Candour obligations
  • That information received is against improper disclosure when it is of
  • That confidential information is only accessed if it is appropriate to the job you undertake
  • That every effort is made to ensure that Clients understand how information about them will be used before they supply any confidential information
  • That when Clients give consent to the disclosure of information about them, they understand what will be disclosed, the reasons for disclosure and the likely consequence/s
  • That Clients understand when information about them is likely to be disclosed to others,

and that they have the opportunity to withhold their permission

  • If disclosing information outside the team that could have personal consequences for the Client, that consent is obtained from the Client
  • If the Client withholds consent, or if consent cannot be obtained for whatever reason,

disclosures may be made only where:

  • If required to disclose confidential information, staff will only release as much information as is necessary for the purpose
  • That the person(s) to whom information is disclosed understands that it is given to them in confidence which they must respect
  • When disclosing confidential information, staff must be prepared to explain and justify the decision. Where there are doubts, they will discuss them with Linda Akli Queries concerning this policy will be brought to the attention of Linda Akli
  • During the induction period for new staff, they will be made aware of this policy and their individual responsibilities

Care Clarity Support & Advocacy Ltd will detail with transparency how confidentiality is managed with Clients, employees and others at the earliest opportunity and seek their agreement, e.g. through existing systems such as recruitment and Care Clarity Support & Advocacy Ltd assessment processes. Staff should refer to the Data Privacy templates and the external and Employee Privacy Policy and Procedure for further information that details how information is processed within The Care Clarity Support & Advocacy Ltd. Information sharing between partners directly involved in the Client’s Care, and for the purpose of providing that Care, is essential to good practice. Consent from the Client for information sharing must be recorded following a discussion with the Client or, in the absence of capacity to consent, their designated other.

The principles of sharing information are

  • Only information that needs to be shared
  • Only with those who have a clear need to know, and
  • There is a lawful basis for sharing information
  • understand and follow the Caldicott Principles as detailed within the Forms section of this policy
  • Be aware that the Data Protection Act 2018 (DPA 2018), and the UK General Data

Protection Regulation (UK GDPR) are not barriers to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately

  • Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared and will seek their agreement unless it is unsafe or inappropriate to do so Seek advice from Linda Akli if they are in any doubt, without disclosing the identity of the person where possible
  • Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. Staff may still share information without consent if, in their judgment, that lack of consent can be overridden in the public interest
  • Consider safety and wellbeing. Staff must base information sharing decisions on considerations of the safety and wellbeing of the person and others who may be affected by their actions

Ensure that the information shared is necessary for the purpose for which it is being shared, is shared only with those people who need to have it, is accurate and up to date, is shared in a timely fashion, and is shared securely

  • Staff must keep a record of any decision and the reasons for it (to include what has been shared, with whom and for what purpose), and for a decision not to share
  • all information regarding the people we support will be treated with respect and integrity
  • In general, no information may be disclosed either verbally or in writing to other persons without the Client’s consent. This includes family, friends and private carers, and other professionals If in doubt, staff will consult the Line Manager or Linda Akli, Registered

Manager

  • Conversations relating to confidential matters affecting Clients will not take place anywhere that they may be overheard by others, i.e. in public places – such as supermarkets, public transport, open plan areas of the office, during training or group supervision where other staff not involved in the Client’s Care are present
  • Written records and correspondence must be kept securely at all times when not being used by a member of staff. Timesheets, rotas, etc. must not be left in unattended vehicles
  • Staff must not disclose any information that is confidential or that, if it were made public, may lead to a breakdown in the trust and confidence that the Client and their families have in Care Clarity Support & Advocacy Ltd
  • Staff must not pass on any information or make comments to the press or other media.

Media enquiries should be referred to the person responsible for handling any media enquiries Care Clarity Support & Advocacy Ltd can refer to the Caldicott Guardian Policy andProcedure for further guidance Wheresafeguarding issues arise and in order to fully understand what has gone wrong, Safeguarding Adult Boards may ask for information to be shared. Decisions about who needs to know and what needs to be known should be taken on a case-by-case basis, within locally agreed policies and the constraints of the legal framework. however:

  • Staff must verify the identity of the person requesting the information whilst establishing if it can be anonymised (refer to
  • Information will only be shared on a ‘need to know’ basis when it is in the best interests of the adult
  • confidentiality must not be confused with secrecy
  • Informed consent should be obtained but, if this is not possible and other adults are at risk of abuse or neglect, it may be necessary to override the requirement It is inappropriate for Care Clarity Support & Advocacy Ltd to give assurances of absolute conffidentiality in cases where there are concerns about abuse, particularly in those situations when other adults may be at risk

all Clients may view personal information we hold about them. Local and health authorities are not required to give access to information that is ‘hurtful’ or ‘that would breach the confidentiality of another Client?. The policy of Care Clarity Support & Advocacy Ltd is to record confidential information in a way that, as far as possible, avoids a need for this exclusion. If the Client believes their right to confidentiality is either being breached or undermined, they must have access to the complaint’s procedure at Care Clarity Support & Advocacy Ltd. Staff should refer to the Subject Access Requests Policy and Procedure for further details. all staff may view personal information held by Care Clarity Support & Advocacy Ltd that relates to them, by applying in writing to their Line Manager or Registered Manager, Linda Akli- will.

  • Any record that contains information about an individual must remain confidential unless it is in the public domain. all records must be factual and not include the personal opinions of the person writing the records. Staff should refer to the Record Keeping

Policy and Procedure for further details

  • Reproduction of information relating to the Client (for example photocopying documents) will only be done with the consent of the Client
  • confidential information to be posted must be marked ‘Private & confidential, for the attention of the addressee only’, and sent by recorded/special delivery Staff should refer to the guidance contained in the Forms section of this policy for best practice and requirements for data security. however, as a minimum: Information held within Care Clarity Support & Advocacy Ltd will not be shown tounauthorised individuals or be left where unauthorised personnel may access it. all records must be kept in a lockable cabinet in a lockable office, with restricted access
  • all written records must be kept securely and only disposed of by shredding, after appropriate timescales. Staff must take care when recording personal identifiable information into personal notebooks or paper during shift handover and ensure the safekeeping and destruction of the information
  • Written information also relates to door codes, lockers, key safe numbers and staff rotas. Staff must be provided only with secure information if required to carry out specific tasks in secure areas and locations with restricted access. Secure information must not be recorded on Client records for use outside the office or on rotas supplied to staff. Staff must ensure that if they record Client information to support the delivery of Care, for example a request to cover an unplanned absence, the information is recorded securely and safely destroyed after use
  • Any rotas must be returned to the office for confidential disposal
  • Any employee who breaches this policy may be subject to disciplinary action

Staff are not permifitted to discuss the people who use our services, other employees past or present, or Care Clarity Support & Advocacy Ltd on any social networking site as this may breach confidentiality and bring Care Clarity Support & Advocacy Ltd into disrepute. Staff must also be confident aware that this applies to taking and posting photographs or videos of Clients. The Mental Capacity Act 2005 and associated “Best Interest” applies to adults without capacity, and further details about the disclosure of confidential information about the Client lacking capacity can be found in the Mental Capacity Act Code of Practice.

Anonymised information (i.e. where personal information is removed and both the giver and the receiver are unable to identify the Client) is not confidential and may be used outside of data protection legislation. however, staff should be aware that information which contains small numbers of person identifiable information may lead to identification. For this reason, all disclosure of anonymised information should be reviewed on a case-by-case basis. Care Clarity Support & Advocacy Ltd will seek to anonymise collective data about individuals within The Care Clarity Support & Advocacy Ltd. is the practice of removing and replacing actual data with a coded reference (a?key?). Care Clarity Support & Advocacy Ltd will consider this practice where the use of the data needs to relate to individual records, but also needs to retain security and privacy for that individual. There is a higher privacy risk and security risk of the key system as the data will not truly be anonymised. personal data that has been pseudonymised can fall within the scope of data protection legislation depending on how difficult it is to assign it to a particular individual. Further information can be found within the ICO Anonymisation Code of Practice.

confidentiality when considering Care Clarity Staff must extend the principles of confidentiality obligations of Care Clarity Support & Advocacy Ltd sensitive information and the protection of any commercial data. When Care Clarity Support & Advocacy Ltd engages a software vendor or data processor it will ensure and evidence that the new supplier adheres to UK GDPR. Staff and/or external suppliers will ensure that information such as suppliers’ prices, performance and costs are not disclosed to other suppliers or unauthorised persons. The Care Clarity Support & Advocacy Ltd could consider requesting that suppliers sign a confidentiality agreement in order to protect the data of Care Clarity Support & Advocacy Ltd. If there are any queries about how to support commercially sensitive information, these should be discussed with Linda Akli. Care Clarity Support & Advocacy Ltd has a right to have confidential meetings where information is discussed and then held securely and confidentially. Information held will be in line with the Freedom of Information Act (FOIA) 2000 and UK GDPR, the Data Protection Act 2018. Complaints and investigations are treated confidentially and remain so unless there is a legal requirement to release information. Staff must not pass on any information, or make comments, to the press or other media. Media enquiries should be referred to the person responsible for handling any media enquiries.

Unauthorised access, use or disclosure may be in breach of the UK GDPR, DPA 2018, the Human Rights Act, and/or breach the policies of Care Clarity Support & Advocacy Ltd and may lead to disciplinary action. Where there has been a breach in confidentiality, this will be recorded on an incident form at Care Clarity Support & Advocacy Ltd and reported to Linda Akli. cant breaches will be reported to Linda Akli so that reporting to the relevant Signi regulatory, professional bodies and the ICO is considered. Breaches will be monitored by Linda Akli, reflected on with lessons learned and will form part of the quality assurance programme for Care Clarity Support & Advocacy Ltd. Staff will refer people to the Complaints, Suggestions and Compliments Policy and Procedure at Care Clarity Support & Advocacy Ltd. Alongside this policy the national Cyber Security Centre has provided a useful resource centre that will assist Care Clarity Support & Advocacy Ltd in improving and keeping up to date with Cyber Security. The small Business Guidance is formulated under five steps: Alongside this guidance there are additional resources that are available to use. Care Clarity Support & Advocacy Ltd will make full use of this tool, such as the Cyber Action plan; a link to which is in the Underpinning knowledge section.

  • The Data Protection Act 2018 is a United Kingdom Act of Parliament that updates data protection laws in the UK
  • It sits alongside the UK General Data Protection Regulation and implements the EU’s

law Enforcement Directive

  • The Caldicott Principles provide guidance to the NHS and adult social care records on the use and protection of personal, confidential data and emphasises the need for controls over the availability of such information and access to it
  • Caldicott Report
  • The Caldicott Report made a series of recommendations which led to the requirement for all NHS organisations (and adult social care records from the year 2000) to appoint a Caldicott Guardian who is responsible for compliance with the Caldicott confidentiality principles
  • A senior person responsible for protecting the confidentiality of people’s health and care information and making sure it is used properly
  • Prohibits the use and disclosure of information provided in confidence unless there is a statutory requirement or court order to do so
  • Such information may be disclosed only for purposes that the subject has been informed about and has consented to, provided also that there are no statutory restrictions on disclosure
  • This duty is not absolute, but should only be overridden if the holder of the information can justify disclosure as being in the public interest, for example, to protect the vital interests of the data subjects or another person, or for the prevention or detection of a serious crimeis a term used to explain an agreed set of arrangements that are in place in an organisation to ensure that confidential identifiable information (e.g. patient and staff information) can be communicated safely and securely
  • It is a recognised phrase within the NHS but has relevant underlying principles for all community based servicesis information that can identify a person, in which the person is the focus of the information and which links that individual to details which would be regarded as private, for example, name and private address, name and home telephone number, etc. is where the personal information contains details of that person’s:
  • Health or physical condition
  • Sexual life
  • Ethnic origin
  • Religious beliefs
  • Political views
  • criminal convictions
  • Information that, if disclosed, could harm or damage the reputation or image of an organisation
  • exceptional circumstances that justify overruling the right of an individual to confidentiality in order to serve a broader societal interest
  • Decisions about the are complex and must take account of both the potential harm that disclosure may cause and the interest of society in the continued provision of confidential services
  • The Public Interest Disclosure Act (Whistleblowing) has more information about this
  • The Health and Social Care (Safety and Quality) Act 2015 includes a requirement for health and adult social care organisations to use a (the NHS Number) for all data sharing associated with or facilitating care for an individual
  • The NHS Number is the national, unique that makes it possible to share patient and Client information across the NHS and social care safely, efficiently and accuratelymeans that professionals should not tell other people personal things about a Client unless the Client says they can, or if it is absolutely necessary
  • There are Acts of Parliament which require the production of confidential information
  • Prevention of Terrorism Acts
  • Road Traffic Act
  • Public Health Acts
  • Police and criminal Evidence Act 1984
  • Misuse of Drugs Act 1971
  • It is essential that there is good justification to disclose confidential information when relying upon an Act of Parliament. Public Health legislation requires the reporting of notifiable diseases
  • professionals can only tell other people the Client’s personal information if the Client says they can or if they have to
  • professionals can share information without the Client’s consent if there is a risk of serious harm to the Client or other or there is a risk of a serious crime
  • When the Client dies, the duty of confidentiality will continue to apply, even though the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act no longer applies
  • Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up to date, is shared in a timely fashion, and is shared securely
  • Every person has a right to confidentiality. however, staff may have to share information about you in your best interests
  • Where possible, staff will obtain your consent to share information about you
  • If you are unable to consent to share information because you lack mental capacity,

staff will need to follow the Mental Capacity Act Code of Practice As well as the information in the ‘Underpinning knowledge’ section of the review sheet, we recommend that you add to your understanding in this policy area by considering the following materials. https://www.gov.uk/government/publications/the-information-governance-review https://www.cqc.org.uk/guidance-providers/all-services/using-surveillance-you… https://www.dur.ac.uk/ig/dp/anonymisation/ https://www.sldo.ac.uk/media/1821/easy-read-gdpr-info-sheet.pdf https://www.gov.uk/government/groups/uk-caldicott-guardian-council Policies in the system at Care Clarity Support & Advocacy Ltd

Suite of Data Protection

  • Robust systems and governance processes ensure that staff and Client confidentiality is maintained at all times
  • Staff are registered as Dignity Champions and can evidence that they follow the ‘Dignity

Dos’

  • Each person’s privacy needs and expectations should be identified, recorded, and met as far as is reasonably possible
  • Staff treat Clients with kindness and respect and maintain Client and information confidentiality

The following forms are included as part of this policy

  • Staff confidentiality Agreement – CR07 This agreement is provided to clarify the responsibilities of those employed at this service in respect of maintaining confidential information gathered by the service in the course of its work.
  • Caldicott Principles – CR07 To offer guidance to staff around the principles.
  • Data Security Guidance – CR07 To detail the requirements for safe and secure records management.

This agreement is provided to clarify the responsibilities of those employed at The Care Clarity Support & Advocacy Ltd in respect of maintaining confidential information gathered by the service in the course of its work.

Queries and questions relating to this duty should be addressed to either the:

Registered Manager

all information given by Clients to staff is given on the understanding that it will be used solely for providing them with Care most suited to their needs. It is the duty of The Care Clarity Support & Advocacy Ltd to ensure that the confidentiality of that information is maintained within the boundaries of the law and professional standards and is not divulged without the consent of the Client. In the course of your work at Care Clarity Support & Advocacy Ltd, you will have access to person identifiable, confidential data concerning the medical or personal affairs of:

  • Clients and their families/significant others

Staff of Care Clarity Support & Advocacy Ltd

  • Associated health and social care professionals

Unless acting on practice policy or following the direct instructions of Care Clarity Support & Advocacy Ltd., or the Registered Manager, such information must not be divulged or discussed except in the performance of your normal duties. Breach of confidence, including the improper passing of computer data, may result in disciplinary action, your dismissal, and civil action against you for damages. In observation of the suite of UK GDPR, Data Protection Policies at Care Clarity Support & Advocacy Ltd, you must ensure that all records, including computer screens and computer- generated records or paper records of staff or Client data are never left where unauthorised persons can view them. Computer screens must always be cleared when left unattended and you must ensure that you log out of computer systems, removing your password. all passwords to the systems of Care Clarity Support & Advocacy Ltd must be kept confidential. No unauthorised use of the Internet or email is allowed.

Information concerning Clients or team members is strictly confidential and must not be disclosed to unauthorised persons. This obligation continues without end, during and after your employment at Care Clarity Support & Advocacy Ltd. Disclosures of confidential information or disclosures of any data of a personal nature can result in prosecution for an offence under UK GDPR and the Data Protection Act 2018. I have read, understand and agree to the terms and conditions set out above: Signature: Date:

Name

The Caldicott Principles revised in 2020 are: Principle 1 – Justify the purpose(s) for using confidential information Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian. Principle 2 – Don’t use personal confidential data unless it is absolutely necessary personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s). Principle 3 – Use the minimum necessary personal confidential data

Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out. Principle 4 – Access to personal confidential data should be on a strict need-to-know basis Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes. Principle 5 – Everyone with access to personal confidential data should be aware of their responsibilities Action should be taken to ensure that those handling personal confidential data – both clinical and non-clinical staff – are made fully aware of their responsibilities and obligations to respect patient confidentiality. Principle 6 – Comply with the law Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements. In April 2013, Dame Fiona Caldicott reported on her second review of information governance, her report “Information: To Share or Not to Share? The Information governance Review”, informally known as the “Caldicott2 Review”, introduced a new 7th Caldicott Principle. Principle 7 – The duty to share information can be as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies. Principle 8 – Inform patients and service users about how their confidential information is used A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information – in some cases, greater engagement will be required.

  • Fax machines must only be used to transfer personal information where it is absolutely necessary to do so. The following rules must apply: