-
Digital & Information
GP/D3-14
Data Protection Coordinator
Head of Information Services
Director of Finance
01 August 2009
01 August 2013
01 August 2016
3
1. FUNCTION
1.1 To provide general guidance to staff when dealing with Police Scotland enquiries.
2. LOCATION
2.1 Throughout NHS Fife.
3. RESPONSIBILITY
3.1 This procedure applies to all staff and contractors working for NHS Fife. It is offered as advice to independent GP, Dental, Pharmacy and Optometry Contractors. It is acknowledged that the accountability arrangements of these independent contractors differ from those of NHS Fife employees, and therefore this Policy is to be seen as good practice guidance and used in conjunction with the requirements of their own professional body.
4. OPERATIONAL SYSTEM
In line with the Scottish Accord on the Sharing of Personal Information (SASPI) NHS Fife staff are required to share information in a manner which satisfies both legal and professional obligations and the legitimate expectations of service users. Where information is shared in good faith and in accordance with procedure, staff can expect to be fully supported by the Organisation. Staff are also reminded to consult NHS Fife Confidentiality Policy.
The usual way police request information from NHS Fife staff is in person or by telephone. Staff must therefore:
- check the identity of the person making the request. If there is any doubt, telephone the Police Scotland (tel: 101)
- be clear about what is being requested
- ascertain the reason for the request and be satisfied that the police have a legitimate reason to obtain the information.
Where staff are in any doubt about the release of the information, they should discuss the matter with colleagues and/or senior staff, thus ensuring that information being released (or withheld) is in accordance with the Caldicott Principles. Where a response is required urgently and out of hours, the Executive on Call may be reached via the switchboard.
Caldicott Principles – Implications for Staff
Justify the purpose
|
The information requested should be proportionate to reason for request
|
Only use person identifiable information where absolutely necessary
|
Patient identifiable information should not be included unless essential for purpose.
|
Use the minimum necessary person identifiable information at all times
|
Individual items of information should be considered and justified so that the minimum amount necessary is released.
|
Access to person identifiable information must be on a strict need to know basis
|
Staff must only access person identifiable information needed to do their job
|
Staff accessing patient identifiable information must be aware of their responsibilities
|
|
Understand and comply with the law
|
Every use of person identifiable information must be lawful
|
Where there is a risk of harm to patients, staff, any other individual or a threat to public safety, staff are expected to share information with the Police. If you are in any doubt, you must make your concerns known to and discuss with senior colleagues. Where a patient is subject to Multi Agency Public Protection Arrangements, please see Appendix 2.
The flowchart Appendix 1 overleaf describes how information may be shared where staff suspect a patient has been involved in a crime.
Most information will be exchanged verbally, but very occasionally the police will present a written request to disclose personal information. In this event, while it is not mandatory that information be released, there must be significant, justifiable reasons for withholding. Staff are therefore expected to seek the advice of their line manager and file a copy of the request (or enter details of a verbal request) in the patient’s notes along with details of information disclosed or withheld, the justification for disclosure or withholding and the names of those involved in reaching the decision. The entry must be dated and signed, and name printed.
5. RISK MANAGEMENT
This procedure is an integral part of NHS Fife’s system for managing risk as described in NHS Fife Risk Register & Risk Assessment Policy GP/R7.
6. RELATED DOCUMENTS
NHS Fife Data Protection Policy GP/D3
NHS Fife Confidentiality Policy GP/C9
SASPI Accord Agreement
7. REFERENCES
Data Protection Act (1998) http://www.opsi.gov.uk/ACTS/acts1998/19980029.htm
Human Rights Act (1998) http://www.opsi.gov.uk/ACTS/acts1998/19980042.htm
Common Law of Confidentiality http://www.sehd.scot.nhs.uk/publications/ppcr/ppcr-03.htm
NHS Scotland, Information Governance Standards, December 2005 http://www.igrep.scot.nhs.uk/IG_Standards_FINAL_22122005.pdf
NHS Code of Practice on Protecting Patient Confidentiality. Available from: http://www.confidentiality.scot.nhs.uk/publications/6074NHSCode.pdf