This is a controlled document. Whilst this document may be printed, the electronic version stored within the organisational network is the controlled copy. Printed copies are available to all staff and volunteers of the LGBT Foundation and are stored in accordance with the Data Protection Act (1998).
The purpose of this document is to provide guidance to all LGBT Foundation staff and volunteers on Confidentiality. This is an evolving document because the standards and practice covered continue to change.
This policy is based on good practice guidance outlined by the Health and Social Care Information Centre (HSCIC) and associated legislation. It details both statutory requirements and good practice on how to manage confidential information within the working environment.
LGBT Foundation is committed to the delivery of a first class confidential service. This means ensuring that all client information is processed fairly, lawfully and as transparently as possible so that the public:
• understand the reasons for processing personal information;
• give their consent for the disclosure and use of their personal information;
• gain trust in the way LGBT Foundation handles information and;
• understand their rights to access information held about them.
Glossary of Terms
This is when confidential information is intentionally shared with a third party, in line with LGBT policies and procedures (such as Child Protection Policy). Third parties may include the emergency services, Social Services and GPs.
Confidential Within the System
In some circumstances, LGBT Foundation staff and volunteers will need to share confidential information with colleagues or external supervisors (who are bound by ethical and confidentiality codes of practice) as part of their practice. This may be in individual or group supervision, or when there are concerns or questions about a client or their situation. For example, a staff member may share concerns with their line manager if a client they are working with is at low to medium risk of harming themselves. Sharing this information ‘within the system’ ensures the client’s information remains confidential and assists LGBT Foundation in the effective management and safeguarding of the client.
Client Identifiable Information
Key identifiable information includes:
• client’s name, address, full post code, date of birth;
• pictures, photographs, videos, audio-tapes or other images of clients;
• NHS number;
• anything else that may be used to identify a client directly or indirectly. For example, distinguishable features, rare diseases, or statistical analyses which have very small numbers within a small population may allow individuals to be identified.
This is information which does not identify an individual directly, and which cannot reasonably be used to determine identity. Anonymisation requires the removal of name, address, full post code and any other detail or combination of details that might support identification.
This is like anonymised information in that in the possession of the holder it cannot reasonably be used by the holder to identify an individual. However it differs in that the original provider of the information may retain a means of identifying individuals. This will often be achieved by attaching codes or other unique references to information so that the data will only be identifiable to those who have access to the key or index, for example the LGBT Foundation client code. Pseudonymisation allows information about the same individual to be linked in a way that true anonymisation does not.
Explicit or Expressed Consent
This means articulated client agreement. The terms are interchangeable and relate to a clear and voluntary indication of preference or choice, usually given orally or in writing and freely given in circumstances where the available options and the consequences have been made clear. For example, when the Confidentiality Statement is provided verbally and/or a client signs the Client Agreement.
Freedom of Information
This refers to the right to request, in writing, information from public authorities/organisations. It is intended to promote a culture of openness and accountability amongst public and third sector bodies, and therefore facilitate better public understanding of how duties are carried out, why they make the decisions they do, and how they spend public money.
This means client agreement that has been signalled by behaviour of an informed client.
The sharing of information that could be deemed as sensitive and confidential. For example, service user may disclosesomething to someone on our Helpline.
Exceptional circumstances that justify overruling the right of an individual to confidentiality in order to serve a broader societal interest. Decisions about the public interest are complex and must take account of both the potential harm that disclosure may cause and the interest of society in the continued provision of confidential services.
Harm that could lead to:
Potentially life-threatening injury. Or;
Serious and/or likely long-term impairment of physical or mental health or physical, intellectual, emotional or behavioural functioning.
A set of guidelines that set out what is required to ensure that fair and equal access to information can be provided and is supported by a range of procedure.
This document outlines the circumstances in which information must remain confidential and when disclosure of information is allowed.Where the word confidentiality is used it means “Confidential within the system”. LGBT Foundation does not guarantee staff, volunteers or service users absolute confidentiality, as it may be necessary to pass information on to other LGBT Foundation staff or third parties (for example, if the person poses an risk to themselves or others) in order to take appropriate action or seek advice on decisions.
All information is treated in accordance with principles of the Data Protection Act 1998. For information on the organisational policy and protocol of Information Sharing, please reference the Information Sharing Policy.
This policy applies to all staff and volunteers.Each staff member or volunteer is responsible for providing LGBT Foundation with such information as is necessary for the organisation to fulfil it’s purpose as well as for complying with reasonable requests for information, i.e. timesheets, performance management etc.You should ensure that you understand this policy, in particular for understanding the glossary of terms so that you understand the information and practice guidelines outlined in this document.
In particular, staff and volunteers must understand the concept of information being “confidential within the system” before you disclose sensitive information.You are responsible for the disciplinary consequences that may accrue to you if you:
Roles and Responsibilities
When applying this policy, it is the responsibility of the staff member or volunteer to identify the appropriate course of action.Support and advice can be sought from their line manager or a more senior member of staff where the appropriate course of action is still unclear.
It is also the responsibility of the staff member or volunteer to refer to and apply other relevant policies, should the circumstances warrant it (for example, Child Protection).
If a volunteer or member of staff has a duty of confidentiality, it means that they must not disclose any client identifiable information unless:
Situations where a disclosure may be made under safeguarding or other legislation, under which there may be a duty to disclose information in certain circumstances, are:
If a service user shares information which leads the staff member or volunteer to believe that they may need to make a disclosure, we will always endeavour to inform the service user, unless:
All staff members and volunteers providing talking therapies must subscribe a Code of Ethics as defined by either: the British Association of Counselling and Psychotherapy (BACP), British Association of Behavioural Cognitive Psychotherapies (BABCP) or the UK charter for Psychotherapists (UKCP) or other recognised professional body. Confidentiality within the therapeutic relationship is essential, but not absolute.Prospective service users will be made aware of circumstances in which confidentiality may be broken from the first point of contact. This information is also available in both the application form and Client Agreement.Before any therapeutic work takes place, therapists will ensure that they reiterate this and advise service users of the circumstances in which confidentiality may be breached.
Therapists are responsible for maintaining and storing their own service user records in line with the Data Protection Act (1998) and LGBT Foundation’s Information Governance procedures. All records will be stored securely for seven years and then destroyed, in line with good practice guidelines provided by BACP.
Records stored on CORE and CRM client data management systems will be kept indefinitely, these are both secure systems with access limited to relevant members of staff.
Records of sessions will be used to produce statistical and narrative reports on the progress of the service through the CORE and CRM client data management systems. In all cases, client data is stored under a pseudonym and any data shared is amalgamated and anonymised.
Workers and volunteers undertaking detached work / training must not reveal confidential information (please see Client Identifiable Information definition in Glossary for information) pertaining to service users, which has been gathered during these sessions, outside the line management and support structures of LGBT Foundation, unless it falls into one of the areas of exclusion listed in the policy statement.
When referring service users to external organisations, information concerning service users may only be disclosed with the service user’s explicit consent and the means of making the referral must be in line with the Information Governance Policy.
Volunteer and staff personal details are to be kept confidential in accordance with the Data Protection and Information Governance Policies.
Disclosure and Barring Service (DBS) checks will be kept as confidential as possible with the results only being shown to the individual concerned and those staff and volunteers who would need the information to make a recruitment or operational decision based on the information.The restrictions of this, and use of DBS checks, are laid out in full in the Disclosure and Barring Service Checks Policy and Procedure document.
Monitoring and Management
LGBT Foundation will strive to ensure that monitoring and performance management information respects service user confidentiality.
How we share information
As part of our funding arrangements, we are frequently required to shared anonymised data on all aspects of our work, with funders and commissioners. All reports will use anonymised data except where service users have given their permission i.e. the use of personal testimonies and photographs.
We will also use anonymised data for LGBT Foundation publications such as our annual Impact Report.
For further details on how we collect and store data, please refer to the Data Protection Policy.
If confidentiality needs to be broken, then the process followed must be in line with the relevant policy (e.g. Child Protection Policy). However, it is important for staff and volunteers to be consistent when faced with a situation where they need to break confidentiality, the following recommendations ensure that good practice is followed in all circumstances:
Distribution, Implementation and Monitoring
This document will be made available to all staff and volunteers via the organisation’s network.
The document will be officially presented to all staff during Full Team Meetings on regular basis by the Office Manager.
The Office Manager is responsible for the dissemination and availability of this Policy for all staff and volunteers, including new starters.
The Assistant Director of Services is responsible for auditing and reviewing this Policy on an annual basis or in line with best practice recommendations or policy changes.