Already one of our tenants? Click here
Confidentiality Policy and Procedure
1. Policy

Promoveo and its staff will respect and protect all confidential information concerning its Service Users, always. All Service Users will be provided with Promoveos’ statements on confidentiality, which outlines the obligations placed upon Promoveo to safeguard confidential information, the circumstances whereby Promoveo may disclose confidential information, the circumstances where express consent is required and the Service User’s right to object to any disclosure. Staff are also provided a copy of this statement. Any failure to observe the principles outlined will lead to disciplinary action which, in more serious or repeated cases, may lead to the employee’s dismissal.

2. Procedure

Confidential information – what is it

It is likely that most Service Users of Promoveo (through age, illness, impairment, or disability for example) will have been involved in receiving healthcare treatment throughout their lives. As such they will probably be familiar with the requirements of the health service to protect the personal and often sensitive information that has been gathered as part of the treatment process.

The general duty to hold such information in confidence arises from:
A legal obligation which is derived from specific Acts and case law;

  • A requirement established within professional codes of conduct (which apply to many of the healthcare workers who may be part of the Client’s healthcare team);
  • A requirement for staff not to improperly divulge confidential information, which is incorporated into staff disciplinary procedures.

    The same duties and obligations apply to Promoveo in every respect, and all Service Users have the legitimate expectation Promoveo staff will respect their privacy and act appropriately.

    A key consideration is the direct link between an identifiable individual and the sensitive and personal information which is held about them. Key identifiable information includes:

  1. Client’s name, address, full post code, date of birth.
  2. Pictures, photographs, videos, audiotapes, or other images.
  3. NHS number and local patient identifiable codes.
  4. Anything else that may be used to identify a patient directly or

    indirectly. For example, rare diseases, drug treatments or statistical analyses which have very small numbers within a small population – making it easier for individuals to be identified.

It is generally accepted that information provided by Service Users to Promoveo is provided in confidence and must be treated as such so long as it remains capable of identifying the individual it relates to. This is an important point, as once information is effectively anonymised it is no longer confidential. The protection of confidential information is an important component of Promoveo procedures and protocols, and includes the following measures:

  • Procedures to ensure that all staff are always fully aware of their responsibilities regarding confidentiality.
  • Recording Client information accurately and consistently.
  • Keeping Client information private.
  • Keeping Client information physically secure.

    Disclosing and using information with appropriate acre.

    Procedures to ensure that all staff is fully aware of their responsibilities regarding confidentiality

    Promoveo will ensure that staff is aware of confidentiality issues through the creation of policy/procedure documents such as this one, and its policy/procedure entitled “Employee Responsibilities”, induction training and Promoveo disciplinary procedures

Recording Client information accurately and consistently

The Agency aims for best practice in keeping records of Service Users and the care delivered to them and will endeavour to maintain records that are factual, consistent, accurate, relevant, and useful. Client records will not include unnecessary abbreviations or jargon, meaningless phrases, irrelevant speculation, subjective statements, or irrelevant personal opinions.

Keeping Client information private

Promoveo requires staff not to gossip, and to take care when discussing cases in public.

Keeping Client information physically secure

Promoveo will take several measures to ensure that confidential Client information is secure including:

  • Not leaving portable computers, care case notes or files, unattended in cars, other Client’s houses or in easily accessible areas.
  • Storing all files and portable equipment under lock and key when not actually being used.
  • Keeping manual records secure by shutting/locking cabinets as required.
  • Not leaving Client information on computer screens when the computer isunattended.
  • Ensuring that the computer’s screen saver facility is applied, and secure passwords are used

    Disclosing and using information with appropriate care

    Promoveo will:

  • Ensure that established information-sharing protocols are always observed.
  • Identify enquirers so that information is only shared with the right people.
  • Ensure that appropriate standards of protection are applied in respect of emails, faxes, and surface mail.
  • §  Share the minimum necessary to provide safe care or to satisfy other

    purposes. (See the Caldicott principles below)

    Caldicott Principles

    Justify the purpose.
    Do not use Client identifiable information unless it is necessary.
    Use the minimum necessary patient identifiable information as possible.

  • Access to Client identifiable information should be on a strict need to know basis.
  • Everyone should be aware of their responsibilities.
  • Understand and comply with the law

    Disclosure of confidential information be the Agency

    Promoveo is expected, on occasion, to share confidential Client information between members of care teams and between different organisations, in order that the Client can receive, overall, the highest quality care. The information may be needed for care purposes involving the Client, (such as delivering the correct care, arranging for care or co-ordinating care) or for such matters as clinical governance or clinical audit. Service Users may object to the routine disclosure of information described above if they wish, although they will be advised that this may not be in their best interests, as Clinicians cannot usually treat patients safely, nor provide continuity of care, without having relevant information about a patient’s condition and medical history.

    In circumstances where Service Users have been informed of:

  • The use and disclosure of their information associated with their care; and
  • The choices that they have and the implications of choosing to limit how

    information may be used or shared.

    Then explicit consent is not usually required for information disclosures needed to provide that care. However, any explicit objection to disclosure must be acted upon, and fully documented in the Client’s file. It will be made clear to the Client that they are able to change their mind later.

    Promoveo is not normally associated with any activities which are not directly related to the provision of care to Service Users. However, where confidential information is requested but does not satisfy the tests of necessity and appropriateness that must govern the use of identifiable Client information, then it will, where possible, be anonymised to protect the Client. In all other circumstance’s efforts will be made to obtain and record consent from the Client unless there are statutory grounds for setting confidentiality aside or robust public interest or important safety/security issues exist.

    The legal considerations in more detail

    There are a range of statutory provisions that limit or prohibit the use and disclosure of information in specific circumstances and, similarly a range of statutory provisions that require information to be used or disclosed. Generally, there are three main areas of law which constrain the use and disclosure of confidential personal health information, and which relate to the conduct and performance of Promoveo

  • Common Law of Confidentiality.
  • Data Protection Act 1998.
  • Human Rights Act 1998

Common Law of Confidentiality

The common law has been built has been built up from case law where practice has been established by individual judgements. They key principle is that information confided should not be used or disclosed further, except as originally understood by the confider, or with their subsequent permission. Promoveo will therefore ensure that Service Users are properly informed of the use of their personal information, and will, where necessary, seek explicit permission to disclose in circumstances where consent has not been reasonably implied or assumed.

Data Protection Act 1998

This act provides a framework that governs the processing of information that identifies personal data relating to living individual. Processing includes holding, obtaining, recording, using and disclosing of information and the Act applies to all forms of media, including paper and images. In the context of confidentiality, the most important data principles, outlined in the Act refer to data and information being processed lawfully and fairly; personal data being processed for one or more lawful purposes and the protection of personal data against accidental loss, destruction or damage.

Promoveo has registered with the Information Commissioner and complies with its Code of Practice.

Human Rights Act 1998

Article 8 of the Human Rights Act 1998 establishes a right to “respect for private and family life” this underscores the duty to protect the privacy of individuals and preserve the confidentiality of their health records. Current understanding is that compliance with the Data Protection Act 1998 and the common law of confidentiality should satisfy Human Rights requirements.