Authorising Sharing Medical Info Form by qmu98440

VIEWS: 8 PAGES: 17

Authorising Sharing Medical Info Form document sample

More Info
									   Formal Access to Service User Records Policy & Procedure

Authorising Officer
                                                     Geraldine O’Sullivan
Signature Of Authorising Officer:


Version:                                             2
Ratified By:                                         Workforce & Organisation Development
                                                     Group
Date Ratified:
Name of originator/author:                           Nicola Whiter
Name of responsible committee/lead                   Information Governance & Records Group
individual:
Date issued:                                         November 2008
Review date:                                         November 2009
Summary:
                                                     To make sure requests from service users
                                                     (or their nominated representative) to see
                                                     their care record are dealt with in
                                                     accordance with the Data Protection Act
                                                     1998 and Access to Health Records Act
                                                     1990.

Target audience: All staff who come into contact with service user information

Hertfordshire Partnership NHS Foundation Trust is committed to providing an
environment where all staff, service users and carers enjoy equality of opportunity.
The Trust works to eliminate all forms of discrimination and recognise that this requires,
not only a commitment to remove discrimination, but also action through positive policies
to redress inequalities. Providing equality of opportunity means understanding and
appreciating the diversity of our staff, service users & carers and ensuring a supportive
environment free from harassment.
Because of this Hertfordshire Partnership NHS Foundation Trust actively encourages its
staff to challenge discrimination and promote equality of opportunity for all.




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 1
Formal Access to Service User Records Policy & Procedure

Content Page
1.     Introduction ...........................................................................................................4

2.     Principles with regard to access ..........................................................................4

3.     Recognised applicants..........................................................................................4

4.     Application criteria ................................................................................................5

5.     Duty to Consult on a Valid Application for Access to a Service User’s Health
       Record....................................................................................................................6

6.     Denial of access ....................................................................................................7

7.     Time Limits for Disclosure....................................................................................8

8.     Amendments.........................................................................................................8

9.     Advice to Managers and Health/Social Care Professionals ..............................9

10. Confidentiality........................................................................................................9

11. Accountability and Responsibilities ....................................................................9

11.2                 Chief Executive ........................................................................................9
11.3                 Head of Records & Access to Information ................................................9
11.4                 Information Governance & Records Group.............................................10
11.5                 Managers ...............................................................................................10
11.6                 Responsibilities of all Staff and Non-Executive Directors........................10

12. Training ................................................................................................................10

13. Policy Review, Consultation and Monitoring.....................................................10

13.1                 Consultation ...........................................................................................11
13.2                 Review ...................................................................................................11
13.3                 Dissemination of this Policy....................................................................11

14. Related Policies ...................................................................................................12

Appendix 1            The Trust’s Designated Records Officers/Data Controllers...................14

Equality Impact Assessment (EIA) Stage 1 ..............................................................15




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                                          Page 2
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure

Version Control

 Version              Date              Author           Status                     Comment
V2               16 6 08              N Whiter,         Draft 1                Made changes to policy in
                                                                               light of recent Information
                                                                               Commissioner’s
                                                                               assessments. Policy now
                                                                               reflects that subject access
                                                                               request could be wider
                                                                               than medical record.
                                                                               Contact details have been
                                                                               amended to Head of
                                                                               Records & Access to
                                                                               Information
                                                                               Added performance
                                                                               indicators
V2               3.11.08              N Whiter          Draft 2        Add sections to ensure policy is in
                                                                       line with NHSLA

Distribution List for Comment

Staff Member                                                            Date
John Hepburn, Information & Security Advisor                            9 September 2008
Vivienne Smith, Records & Access to Information Officer                 9 September 2008
Rona Taylor Watkins, Records & Access to Information Officer            9 September 2008
Alison Jarman, Records & Access to Information Officer                  9 September 2008
Information Governance & Records Group                                  6 October 2008
Workforce & Organisational Development Group                            4 November 2008



Performance Indicators

Standards for Better Health C9, 13b

Information Governance Standards : Confidentiality & Data Protection
                                   Clinical Assurance




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 3
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure


1.      Introduction
The purpose of this policy is to define the precepts guiding managers, health
professionals and social workers when formal requests are received from or on
behalf of service user for access to the information the Trust holds on them e.g.
health and social care records1, irrespective of the medium on which the
information may be held.


2.      Principles with regard to access

•    Personal Data shall be processed fairly and lawfully.

•    Data control, processing and provision of access will be carried out with
     appropriate safeguards for the rights and freedoms of data subjects.

•    The data subject must have given his or her explicit consent.

•    The Trust data controller shall ensure that even where consent for access to
     care records has been lawfully given, the records themselves have been fairly
     and lawfully obtained.

•    Where the records officer responsible for giving access is authorised or
     required to supply information by any enactment of law, it is deemed to have
     been done fairly.

•    The data controller shall make available fair processing information to data
     subjects in relation to records obtained from them and from others. This will
     include the identity of the Trust officers fulfilling the role of data controller (See
     Appendix 1), the purposes of any processing and evidence that the
     processing was fair.

•    For joint health and social care records, the procedure in the document
     "Information Sharing Protocol between HPT and Hertfordshire County
     Council" must be followed.


3.      Recognised applicants

1
  Under the Data Protection Act 1998, service users are entitled to request to see all the
information we hold on them. This may be wider than the information contained in their health
and social care record.
Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 4
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure

The Trust will recognise under the above legal provisions the right to access by:

a)      The service user in person; provided that he or she is of an age and
        capacity to understand the documents.

b)      A person with ‘parental responsibility’ for a child in common law, subject to
        a declaration by the parent that the child is not of sufficient age or mental
        capacity to understand.

        The interests of the parent should be compatible with those of the child. If
        there is a possibility of serious harm to either the child or a third party by
        allowing access, the Trust can refuse access.

c)      An agent, such as a legal representative acting for a patient or client,
        subject to receipt by the record-holder of a duly signed and dated
        declaration from the patient/client consenting to disclosure of the records
        to a third party.

d)      When the patient or client has died, that person’s ‘personal representative’
        or anyone who may have a claim arising out of the death.


4.      Application criteria
As ‘data controller’ the Trust will recognise the following criteria for application for
access to health and social care records.

a)      The application will be in writing, addressed to a Designated Records
        Officer of the Trust and not to individual health professionals. (See
        Appendix 1 for current Designated Records Officers fulfilling the role of
        data controller for the purposes of the Act).

b)      Applications will be signed and dated by the applicant.

c)      Where an application is made on behalf of a service user, the application
        must be accompanied by a signed declaration of consent, as in Section 2
        above.

d)      The application sets out a clear means of identifying the service user and
        the associated records.

e)      The right of the Trust to charge such fee for disclosure as may from time
        to time be set out in the Acts is acknowledged. The Trust is empowered to
        request the payment of the fee in advance before the search is
        commenced.
Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 5
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure


        The fee currently prescribed under the Act from the 24th October 2001 is a
        maximum of £10.00 for records held on computer and £50 for paper
        records or other media. The person granting access has discretion to
        waive or reduce any fee, where it is considered appropriate.

f)      Wherever possible the data controller will ensure that all requested record
        sets are provided from a single application. However, separate
        applications may be needed for records held in different record and data
        sets.

g)      The data controller will ensure that all internal available information
        relating to the enquiry has been searched for, including manual records
        and word-processing sources. This may include several teams and
        department and may even include Finance and the Complaints
        Department depending on the nature of the request.

         Only the information highlighted in the application should be considered
        e.g. if the Applicant has only specified information relating to his/her care
        and treatment relating to the past 6 months, this is all that would be
        supplied.


5.      Duty to Consult on a Valid Application for Access to
        a Service User’s Health Record
On receipt of a valid application for access to a service user’s health
 record, the person responding to the request for records has a duty to consult
the appropriate health professional, particularly but not exclusively, on the
following issues:

a)      To confirm that the applicant is of an age and capacity to understand the
        nature of the application.

b)      Where a judgement needs to be made regarding the withholding of access
        to all or part of a record set.

c)      Where an applicant will need to be assisted with an intelligible explanation
        of any entry in a record.

        Where a number of health professionals have equal rights to entering and
        modifying records and data; the responsibility of designating the
        responsible health professional in terms of any single application will rest
        with the Caldicott Guardian or ultimately with the Chief Executive.
Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 6
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure



6.      Denial of access
Access to all or part of a service user’s record will not be given:

a)      Where in the opinion of the responsible health/social care professional, the
        information to be disclosed would be likely to cause serious harm to the
        physical or mental health of the person. Professionals will bear in mind the
        potentially harming effect of the denial of access.

b)      Where the record relates to or has been provided by an identifiable third
        party, unless that third party consents to the disclosure. Where the third
        party is a health professional who has contributed to the record - it is not a
        lawful reason to withhold access to the data subject or their
        representative.

c)     In cases where the applicant is not the data subject, in the opinion of the
        holder of the record, an investigation or examination of the information to
        which the data subject would not have consented, except in the
        expectation that the information would not be disclosed.

d)      Where access to personal information would prejudice the prevention or
        detection of a crime or would cause serious harm either to the subject or
        another person.

e)      Where in the case of a deceased person, the record contains a note that
        that person has expressed a wish that access should not be granted after
        death. If there is no such note the data controller may exercise his or her
        own judgement as to which element of the information held may be
        relevant to a claim. In the event of a claim arising from death, entries not
        relevant to that claim will be withheld.

f)      Where the record is concerned with personal data held for the purpose of
        preparing statistics or carrying out research and is not otherwise available
        or disclosed for any other purpose. The information must not be in any
        form which identifies the subject of the record.

g)      Where the information is the subject of legal professional privilege,
        customarily in the form of communication between the Trust and its legal
        representatives, whether or not those representatives are Trust
        employees.



Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 7
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure

h)      Where the Secretary of State has examined the information and so
        decided. At present these relate to adoption records and reports and
        statements and records of the special educational needs of children.

i)      Where information is held solely for the purpose of replacing other
        information if lost or destroyed.

j)     Where disclosure would place the data controller liable to proceedings for
       any offence other than an offence under the Data Protection and Access
       to Health Records Acts.

k)      Where the information has previously been disclosed within a reasonable
        period of time.


7.      Time Limits for Disclosure
The Trust will observe the time limits for disclosure set out from time to time in
the Acts. Currently, these are:

a)      Forty days from the date of application for records covered by the Data
        Protection and Access to Health Records Acts, where the records have
        been made more than forty days prior to the date of application.

b)      Fourteen days where an ‘acknowledgement of service’ under the
        Supreme Court Act is required.

c)      The data controller should check to see whether a person has made a
        previous subject access request and if so whether it is reasonable to
        provide a further response.


8.       Amendments
Where an applicant has indicated in writing that information held on record is
inaccurate, the data controller will:

a)      Verify that the information is inaccurate and make the necessary
        correction, deletion or erasure.

b)      If unable to verify the inaccuracy will note in the record the submission of
        the applicant.



Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 8
         Hertfordshire Partnership NHS Foundation Trust
     Formal Access to Service User Records Policy & Procedure

c)      Provide the applicant with a written copy of the correction or note, without
        fee.



9.      Advice to Managers and Health/Social Care
        Professionals
Where applications are received which are not addressed in the first instance to
the Designated Record Officer, that officer will be informed. The Designated
Records Officer, on behalf of the Chief Executive, will then advise on the process
to be followed and is available in any case for advice on appropriate procedures.

Managers and health professionals will not refer directly to the Trust’s external
legal representatives without initially receiving the advice of the Designated
Records Officer, the Trust’s Legal Adviser or his or her representative. Details of
the Designated Record Officers are given in Appendix 1.


10. Confidentiality
Managers and health professionals will at all times bear in mind the duties of
confidentiality both ethical and legal borne by the Trust officers in so far as they
relate to access to health records.

11. Accountability and Responsibilities
11.1    The Trust recognises its responsibilities in respect of subject access requests
        under the Data Protection Act 1998 (DPA) and will make sure all its employees
        understand and these.


11.2    Chief Executive
        The Chief Executive has overall responsibility for the performance of the Trust in
        respect of formal access requests from service users under the DPA Act.


11.3    Head of Records & Access to Information
        The Chief Executive nominates the Head of Records & Access to Information to
        be the Trust’s nominated Lead in respect of service user access requests. She
        will develop the procedures and give advice on this Policy.




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                            Page 9
              Hertfordshire Partnership NHS Foundation Trust
          Formal Access to Service User Records Policy & Procedure

       11.4    Information Governance & Records Group
               Ongoing monitoring of the Policy and issues relating to contentious subject
               access requests from service users is the responsibility of the Information
               Governance & Records Group chaired by the Caldicott Guardian and Information
               Governance Lead. This Group covers a wide range of Information Governance
               issues such as Caldicott, Data Protection and Data Quality and has
               representatives from all areas of the Trust.


       11.5    Managers
               Managers at all levels are responsible for ensuring that the staff for whom they
               are responsible are aware of and adhere to this Policy. They are also
               responsible for ensuring staff are updated on any changes in this Policy.


       11.6    Responsibilities of all Staff and Non-Executive Directors
               All staff and Non-Executive Directors should work to this policy. Staff are
               responsible for making sure they identify and report access requests to the
               Records & Access to Information Department. Staff are also responsible for
               assisting service user’s to complete and submit access requests wherever
               possible.



12.        Training
12.1       The Trust provides a quarterly mandatory training programme for all managers
           including clinicians on the Data Protection Act 1998, sharing service user information
           and the importance of confidentiality. The Records & Access to Information Team
           will also work with managers to ensure that training is available to staff and Non-
           Executive Directors who require it.



13. Policy Review, Consultation and Monitoring
       This policy is subject to regular review to reflect, for example, changes to legislation or to
       the structure or policies of the Hertfordshire Partnership NHS Foundation Trust.

       All staff are expected to apply the policy and to seek advice from the Records & Access
       to Information Team when required.

       The effectiveness of this policy will be monitored by the Information Governance &
       Records Group. Issues such as breaches in confidentiality, changes in legislation will be
       taken to the Group for action.

       Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
       and Procedure.doc

                                                  Page 10
            Hertfordshire Partnership NHS Foundation Trust
        Formal Access to Service User Records Policy & Procedure

     A quarterly report will be submitted to the Information Governance & Records Group
     highlighting occasions where:

         •   The Trust has not been able to meet the 40 day response deadline
         •   Contentious requests that may be referred to the Information Commissioner

13.1 Consultation
     The following staff and groups will be consulted with prior to this policy being approved.

                 o   Practice Governance Leads
                 o   Heads of Service
                 o   Information Governance Lead
                 o   Data Quality Trainers




13.2 Review
     This policy was written by the Information Governance & Records Group which reports to the
     Workforce & Organisational Development Group. The group will be responsible for reviewing
     the policy annually to meet changes in:

             Legislation
             National standards such as the NHS Litigation Authority, Standards for Better Health
             and the Information Governance Toolkit
             National guidance such as Department of Health, National Programme for IT etc.

     The Information Governance & Records Group will commission audits of practice as required.
     The outcome of the audits will also influence changes in policy.

13.3 Dissemination of this Policy
     This policy is disseminated throughout the Trust following ratification via the policy
     guardians and will be published on the HPFT staff intranet and public website. Access
     to this document is open to all via the intranet. A briefing paper is circulated by the
     author to teams via the Weekly news bulletin.


     All procedural documents are retained and archived as set out in the Trust document,
     “The development and management of procedural documents” which is also available
     on the intranet.
     Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
     and Procedure.doc

                                                Page 11
       Hertfordshire Partnership NHS Foundation Trust
   Formal Access to Service User Records Policy & Procedure




14. Related Policies

This policy is part of the Trust’s Records Management Policy set. The following
documents must also be referred to:


          Records Management Policies, Procedures and Guidance


Archiving Procedure

Care Records Policy

CareNotes Training Manual

Clinical Information Filing Policy

Corporate Records Policy

Data Protection Act Policy

Data Quality Policy

Data Quality & Records Keeping Supervision Guide

Formal Access of Service User Records

Freedom of Information Act Policy

IM&T Security Policy
Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                           Page 12
       Hertfordshire Partnership NHS Foundation Trust
   Formal Access to Service User Records Policy & Procedure


Management Guidelines on the FOI Exemptions

Policy & Procedure on the Protection and Use of Service User Information


Written & Electronic Communications Policy

All policies are available on the staff intranet and public website.




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                           Page 13
       Hertfordshire Partnership NHS Foundation Trust
   Formal Access to Service User Records Policy & Procedure


Appendix 1              The Trust’s Designated Records Officers/Data
                        Controllers

The Trust’s Designated Records Officers who fulfil the role of Data Controller for
the purpose of the Data Protection Act 1998, are:

For personal information relating to service users:

Nicola Whiter
Head of Records & Access to Information
99 Waverley Road
St Albans
AL3 5TL

01727 897279

For personal information relating to staff:

Larry Fisher
Head of Operational Human Resources
99 Waverley Road
St Albans
AL3 5TL

01727 897168




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                           Page 14
             Hertfordshire Partnership NHS Foundation Trust
         Formal Access to Service User Records Policy & Procedure

                       Equality Impact Assessment (EIA) Stage 1

Policy or service being assessed: Formal Access to Service User Records

Lead Person: Nicola Whiter

Person(s) responsible for carrying out the assessment (if not the Lead Person.)


1. Is this a new or existing policy or                  New:                    Existing: x
   service?
2. What is the expected outcome of the                  To guide managers, health
service/policy (e.g. aims, objectives and               professionals and social workers when
purpose of the service/policy, standards for            formal requests are received from or on
practice)                                               behalf of a service user for access to
                                                        their health and social care records.

3. Does this policy/service link to others. If          Yes: x                  No:
yes please state link below:

• Clinical Information Filing Policy
• Protection & Use of Service User Information
• DoH NHS Confidentiality Code of Practice
• Management of Care Records Policy
• Non-Clinical Records Policy
• Data Quality Policy
• Data Protection Act Policy
4. Who is intended to benefit from the                  Staff are aware of the process and how
policy/service: In what way.                            it is handled.

                                                        Service users have the right to request
                                                        access to their information under the
                                                        DPA Act. This policy will assist in
                                                        ensuring requests can be dealt with
                                                        within the 40 day deadline and that all
                                                        information relating to the request has
                                                        been considered.

5. How is the policy/service to be put into                • Staff awareness sessions.
practice. Who is responsible.
6. How and where is information about the                 • Staff intranet
policy/service publicised?                                  Publicised on the Trust
                                                            Screensaver
7. What regular consultation do you carry out           The Policy is sent to the members of
with different communities and groups re the            the Information Governance & Records
policy/service?                                         Group.

8. Are there concerns that the policy/service           Yes:                    No: X
      Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
      and Procedure.doc

                                                 Page 15
             Hertfordshire Partnership NHS Foundation Trust
         Formal Access to Service User Records Policy & Procedure

could have an adverse impact* because of:
Age                                                                             x
Disability                                                                      x
Gender                                                                          x
Ethnicity                                                                       x
Sexual Orientation                                                              x
Religion/Belief                                                                 x
9. If YES to one or more of the above please
state evidence.
10. Do the differences amount to                  Yes:                          No: x
discrimination?*
11. If YES could it still be justifiable e.g. on  Yes:                          No:
grounds of promoting equality of opportunity
for one group?
I.e. Indirect discrimination can be justifiable
sometimes when a service is being provided for a
particular target group E.g. Asian women’s breast
screening, Gay men’s sexual health clinic,
MHSOP etc.
If Yes: Please give reasons below:


12. Do you think this policy/service                    No
specifically contributes to promoting equality
and diversity in Hertfordshire? If so, in what
way? Please note any examples of good
practice.
                                                        Discuss assessment with:
13. What approaches will you take to get                Members of Information Governance &
feedback on your assessment?                            Records Group
                                                        Records & Access to Information Team
14. How will the assessment link to other
mainstream service planning or review
processes?
15. Should there now be a Full Impact
Assessment and if so what are the reasons?              No
16. What further data or information do you
need to carry out a full assessment?                    None

17. Do you need any additional assistance to
help you carry out the full assessment?                 No
Yes/No
18. Date of assessment:                                 30 October 2008


      GETTING FEEDBACK AND ADVICE



      Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
      and Procedure.doc

                                                 Page 16
       Hertfordshire Partnership NHS Foundation Trust
   Formal Access to Service User Records Policy & Procedure

Feedback should now be sought from representatives of the Equality Impact
Assessment Scrutiny Group or other agreed forum. Details can be found in Appendix 3.

 What feedback was given about Stage 1?

 All policies are available to the Public on the Trust website. Consideration needs to
 be given to members of the public who may have different needs, for example:

 English is not their first language
 Those with a sight difficulties




Z:\Governance\RM\FOI\2009-2010 Requests\(317) Buckley\Formal Access to Service User Records Policy
and Procedure.doc

                                           Page 17

								
To top