Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Safe Havens Policy

VIEWS: 63 PAGES: 34

  • pg 1
									Document name:                        Safe Havens


Document type:                        Policy and guidance


Staff group to whom it applies:       All staff within the Trust


Distribution:                         The whole of the Trust


How to access:                        Intranet


Version:                              Version 2


Issue date:                           October 2007
                                      Revised November 2008
                                      Approved 23rd February 2009
Next review:                          2010


Approved by:                          EMT


Developed by:                         Portfolio Manager: Information
                                      governance and Health records

Director leads:                       Director of nursing, compliance and
                                      innovation

Contacts for advice:                  Portfolio Manager: Information
                                      governance and Health records




                                  Page 1 of 34
CONTENTS
 1. Introduction and Purpose ....................................................................................... 4
 2. Scope ..................................................................................................................... 4
 3. Links to other Policies ............................................................................................ 4
 4. Data flows ............................................................................................................. 4
    4.1 Overseas Transfers .......................................................................................... 5
 5. Definition of a Safe-haven ...................................................................................... 5
    5.1 Telephone calls ................................................................................................ 5
    5.2 Leaving Telephone Messages .......................................................................... 5
    5.3 Recording and Passing on Messages .............................................................. 5
    5.4 Fax ................................................................................................................... 6
    5.5 E-mail ............................................................................................................... 6
    5.6 Post .................................................................................................................. 6
 6. Risks to person identifiable information in transit ................................................... 7
    6.1 Theft or Malicious damage ............................................................................... 7
    6.2 Casual unauthorised access ............................................................................ 7
    6.3 Damage due to accidents ................................................................................. 7
    6.4 Loss .................................................................................................................. 7
 7. Procedures for handling person identifiable information ........................................ 7
    7.1 Bulk transfer of personal information by post ................................................... 7
    7.2 Internal transfers............................................................................................... 8
    7.3 Transfer of Casenotes ...................................................................................... 8
    7.4 Sending person identifiable information by Fax ................................................ 8
    7.5 If a fax goes astray ........................................................................................... 8
    7.6 If post goes astray ............................................................................................ 9
    7.7 Transfer of clinical information .......................................................................... 9
    7.8 Non Clinical Information ................................................................................... 9
 8. Duties ..................................................................................................................... 9
    8.1 Line Management responsibilities .................................................................... 9
    8.2 Facilities ......................................................................................................... 10
    8.3 IG TAG responsibilities ................................................................................... 10
    8.4 Senior Information Risk Officer (SIRO) responsibilities .................................. 10
    8.5 Board responsibilities ..................................................................................... 10
    8.6 Staff .................................................................................................................. 9
 9. Monitoring ............................................................................................................ 11
 10. Training .............................................................................................................. 12
 12. References......................................................................................................... 12
 Appendix A.............................................................................................................. 14
    Safe Haven locations within SWYMHT................................................................. 14
 Appendix B............................................................................................................... 16
    Safe Haven label and instructions for Fax transfers ............................................. 16
 Appendix C .............................................................................................................. 17
    Not a Safe Haven Fax label.................................................................................. 17
 Appendix D .............................................................................................................. 18
    Fax disclaimer ...................................................................................................... 18
 Appendix E............................................................................................................... 19
    Legislation and Guidance ..................................................................................... 19
    Crime and Disorder Act 1998 .............................................................................. 20
    Human Rights Act 1998....................................................................................... 20
    Common law duty of Confidentiality ..................................................................... 21

                                                            Page 2 of 34
  Caldicott Report 1997 ........................................................................................... 21
Appendix G .............................................................................................................. 24
APPENDIX H ........................................................................................................... 26
APPENDIX I ............................................................................................................. 27
Appendix J ............................................................................................................... 28
Appendix K............................................................................................................... 30
Appendix L ............................................................................................................... 32




                                                        Page 3 of 34
Safe Havens Policy
1. Introduction and Purpose

The Trust is required to have a safe-havens policy to ensure that the transfer of person
identifiable information into and out of the Trust and within the trust between
departments and sites, is as secure as possible. All media are included i.e phone, fax,
electronic media, etc. This policy follows on from previously developed procedures
relating to the transfer of person identifiable data and is intended to meet Caldicott,
Data Protection, Statement of Compliance and Information Governance requirements.

2. Scope

The policy covers all person identifiable information which may relate to staff, or
service users, or carers or third parties about whom we hold information such as
complainants, members etc. Person identifiable information is any information which
alone or in combination would allow an individual to be identified. For example name,
address, date of birth, NHS number, NI number, description, photograph etc. An
unusual surname or isolated postcode alone may allow an individual to be identified.
Information requiring particular protection is bulk information defined as lists of more
than 50 persons or smaller quantities where the information contains confidential
details such as bank or health details. Confidential information where its loss could be
detrimental to the individual will require safe haven protection in some cases even
when only one persons data is transferred.

3. Links to other Policies

This policy is closely linked to the following Trust policies.

Data Protection Policy
Information Governance Policy
Clinical Records Management Policy
Casenote Management Policy
Information Security Policy
Interagency Information Sharing protocol

4. Data flows

All routine flows of personally identifiable information either in or out of the department
or service, should be recorded (see Appendix H) Incoming flows are documented in
Appendix I. The flows should be justified, in accordance with the Caldicott Principles.

The flows will be reviewed regularly by the Information Governance TAG (IG TAG).
Where a new flow of information is started a request will be made to the IG TAG for
authorisation. The IG TAG will risk assess the transfer of information and either
approve the proposed transfer or provide advice. Where necessary the IG TAG will
inform the SIRO of risks with the transfer of person identifiable information and the
SIRO will place the risk on the Trust risk register.




                                            Page 4 of 34
4.1 Overseas Transfers

The Trust does not routinely transfer any person identifiable information outside of the
UK. The only potential flow of person identifiable information overseas is via the
electronic staff record because of the 24/7 cover provided by the supplier sometimes
from overseas. This would be on an adhoc basis and the contractual arrangement lies
with the NHS as a whole and not the Trust. Where a potential overseas flow of
information is identified via the mapping process it will be risk assessed and approval
sought for the Trust Senior Information Risk Officer (SIRO) and Caldicott Guardian. If
the routine flow is approved appropriate contractual provision will be made with the
organisation concerned following the Information Commissioners specialist advice.
Arrangements implemented, to protect the transfer of information, will be documented.
The Trust data protection registration will be updated to reflect the overseas transfer
and the flow will be reviewed against the data protection principles. Should it be
necessary to inform service users or other individuals about an overseas transfer of
their information this will be incorporated into the confidentiality leaflet or other
appropriate means. Any overseas transfers of information will be subject to annual
review.

5. Definition of a Safe-haven

A safe haven is a location which is set up to receive and manage confidential
information appropriately. It may be a post room or fax machine, or anywhere were
messages may be taken and held before being passed onto the appropriate recipient.

5.1 Telephone calls

Where an answer phone is receiving messages which may be confidential – such as
an out of hours job application phone, where callers leave names and addresses the
messages should be transcribed in a location where they cannot be overheard. The
answer phone should be protected by pin number access or being in a locked room
when unattended to prevent unauthorised access.

5.2 Leaving Telephone Messages

Where information is of a confidential nature it should be given over the telephone only
to the intended recipient or their agreed representative. Messages should not be left
on answer phones unless this is the specific agreement. The person making the call
should always check whether it is convenient for the recipient to receive the
information before passing it on. The intended recipient should be asked for by name,
assumptions should not be made that the person answering the phone is the intended
recipient. Calls should not be made where they may be overheard by unauthorised
individuals when passing on or receiving confidential information

5.3 Recording and Passing on Messages

When receiving messages where you are not the intended recipient the procedure
below should be followed:




                                         Page 5 of 34
   1. Make a note of the date and time the message was given, who recorded the
       message, who gave the message, who the message relates to, the content of
       the message and who the message is intended for.
   2. If messages are routinely taken on behalf of another person which are about
       service users a book should be used for the message as post-its and loose leaf
       paper can go astray.
   3. Messages should be recorded for specific individuals only or in some cases for
       all team members.
   4. There should be space for the recipient to indicate that they have read the
       message and to date and sign it.
   5. It is the responsibility of the intended recipient to ensure that any service user
       records are updated as a result of the message.
   6. The message book should be checked to ensure that all the messages have
       been signed off in a timely manner.
   7. There should be cover arrangements in place where the recipient is away or
       has left to ensure that all messages are appropriately responded to.
   8. Where you are the occasional recipient of messages about individuals – for
       example member of staff phoning in sick a book may not be appropriate but if
       the information is confidential it can be placed in a sealed envelope and directed
       to the intended recipient.
   9. Where messages are received for a number of individuals then each individual
       should have a separate book in order to preserve confidentiality.
   10. Message books should be secured when unattended and should not be
       available for access by anyone other than the intended message recipient.

5.4 Fax

 A safe haven fax must be located where no unauthorised person can access it. In
practice this means that the fax should be kept in a separately locked room or
cupboard or should be protected from access by a password known only to the
appropriate person. There should be a named person who checks it regularly and
deals with the information appropriately.

5.5 E-mail

The Trust policy states that e-mails should not contain personally identifiable
information and as such the Trust does not have any safe-haven e-mail addresses.

5.6 Post

Much of the post received and sent by the Trust contains personally identifiable
information. A number of different organisations manage the postal services across
the Trusts numerous sites. Whilst the post is within the Trusts sites or management by
subcontractors i.e. before it is passed to the Royal Mail it should be held and
transported in secured containers and not left unattended unless it is secured. The
containers should be „tamper evidenced‟, for instance it should be possible to tell if a
seal has been broken in transit.

Where post has been opened on behalf of the intended recipient it must be stored
where no-one can gain unauthorised access. Items marked Private and Confidential
may only be opened by the addressee.

                                         Page 6 of 34
Each site will have a designated safe-haven point where mail which has been
incorrectly addressed or the intended recipient is unclear can be opened and
processed. All items dealt with in such a way should be recorded including the
eventual destination of the item of post. Where a member of staff has left any post
should be redirected to that persons line manager, who will decide what should be
done with the item.


6. Risks to person identifiable information in transit
6.1 Theft or Malicious damage

The records should not be left unattended in an open area.

6.2 Casual unauthorised access

Again, the records should not be left unattended in an open area. Identifying details on
the records should not be visible to the general public. Large quantities of records
such as notes being transferred to or from clinics should be transferred in a covered
and sealed container. Where a single set of records is being transferred, it may be
placed in a sealed envelope.

6.3 Damage due to accidents

Records should be protected from damage by spillage, or impact by using a sealed
container for large volumes of records and a sealed envelope for single items.

6.4 Loss

Records need to be transported in a container or envelope to prevent individual sheets
from falling out and becoming lost. Records in transit should be clearly labelled with
the addressee on the outside of the container/envelope as well as the return to sender
details in case the message is undeliverable. The recipient should be aware that the
item is being sent to them and should acknowledge receipt.

7. Procedures for handling person identifiable information
7.1 Bulk transfer of personal information by post

Where the bulk transfer of personally identifiable information is required special
precautions should be taken, because the risk to the Trust and to the persons
identified is greater.
 For a disk, the disk and the data files should be encrypted and a padded envelope
   used to protect the disk. If the information is to be sent externally then it should be
   sent by special delivery.

   Do not send the password with the disk but ask the recipient to contact you
    separately for the password.



                                          Page 7 of 34
   Use special delivery (next day delivery not via the ordinary mail) to reduce the risk
    of the data being lost.

   For paper based information use special delivery if the information cannot be
    transported by a member of staff.

7.2 Internal transfers

Where the transfer is internal to the Trust i.e. between different sites and departments,
transport via an individual member of staff where possible. The containers should be
„tamper evidenced‟, for instance it should be possible to tell if a seal has been broken
in transit. (see transfer of casenotes)
All such transfers should be marked confidential and should have a return address on
the outside in the event of non delivery. They should be clearly addressed preferably
to a named person not just a department or ward.

7.3 Transfer of Casenotes

Where a service user is being transferred the casenotes should be transferred with the service
user escort. Where it is necessary to transport the casenotes either to another provider or to
another location within SWYMHT, the casenotes should be placed in a sealed envelope. The
seal should be signed and then sellotaped over in order to reduce the risk of tampering with
the records in transit. Where the transfer of notes is carried out by a Trust employee they
should follow Trust guidance on the transport of confidential material.
Trust approved taxis should be used where necessary and the envelope should be addressed
to a named responsible person (not a ward or department)

When transporting records individuals are tasked with ensuring their security and
confidentiality. Records should not be left unattended or in cars or stored at home.

7.4 Sending person identifiable information by Fax

See Appendix B for fax do‟s and don‟t‟s

    1. Where person identifiable information data is to be sent by fax the sender
       should ensure that an appropriate fax header with a disclaimer is used.
    2. Check that the fax is going to an appropriate safe haven fax .
    3. Use the machine to confirm the fax was sent.
    4. Ask the recipient to acknowledge receipt.
    5. Send the service user demographics separately to the clinical information for
       service user information.
    6. Double check the number after it has been typed into the machine and before
       sending. [use pre programmed numbers if at all possible]

7.5 If a fax goes astray

    1. Complete an incident form.
    2. Ask the recipient to shred the information which they have received.
    3. Make a note of the name and fax number of the unintended recipient.
    4. Review the risk to the person whose personal information has been breached.
       Inform the person affected including any risk that you think has been caused.
    5. Tell them how they may make a complaint if they wish to.

                                           Page 8 of 34
   6. If the person affected is a service user make a note in the clinical record or ask
      an appropriate member of the care team to do so stating how they were
      informed.

7.6 If post goes astray

Make arrangements to collect the item (don‟t expect the unintended recipient to send it
on for you) Otherwise as above.

7.7 Transfer of clinical information

Because of the diverse nature of the service provided it is impractical to insist that all
clinical information is sent to and from a safehaven. As such all areas receiving clinical
information should have in place their own arrangements to protect the information
which is sent or received. The procedure should cover the following:
Once the information is received from Royal Mail or other sources it should be
protected from theft, unauthorised access whether accidental or malicious and
damage. As such it should not be left unattended unless locked away.
Mail sent to a named recipient should be opened by the named recipient. Procedures
should be in place to cover staff who have left or are away and whose post may need
to be opened. Where the post is marked Private and Confidential it should only be
opened by the recipient except in exceptional circumstances.
Where the post is opened on behalf of another person for instance by a Medical
secretary on behalf of a clinical team a record should be kept of the date and time of
receipt, the sender and who the item has been passed to for action. Folders
containing opened mail for assessment should be secured when unattended.

7.8 Non Clinical Information

Where post is opened and then distributed according to agreed procedures, for
instance mail directed to the Chief Executive a record should be kept by the
designated opener as above.

All post received should be date stamped when opened and include the name of the
receiving department. For smaller services it is appropriate to write the date of receipt
on the letter and initial it. Any large discrepancies between the date on the letter or the
postmark and the date of receipt should be investigated.

8. Duties


8.1 Staff

Before transferring personally identifiable information anywhere always consider the
following:

   1. Is the transfer of information necessary in a personally identifiable form – follow
      the Caldicott principles
   2. Have the appropriate consents been obtained
   3. Is the transfer legal


                                          Page 9 of 34
     4. Have you established that the intended recipient needs this information and is
        entitled to see it.
     5. Does the recipient have an obligation similar to yours to protect the information
        – refer to the Interagency Information Sharing Protocol.
If in doubt discuss the transfer with your line manager, or contact the Portfolio
Manager: Information governance and Health records or the Caldicott Guardian.

8.2 Line Management responsibilities

Managers should ensure that safe haven faxes are available to staff and that
appropriate arrangements are in place to manage post and telephone calls in
accordance with the guidance in this policy. Line managers should also ensure that all
fax machines are appropriately labelled in line with the policy and that the fax
disclaimer is available on cover sheets. Line managers should ensure that all staff are
made aware of the provisions in this policy at induction. Briefing on this policy and
refresher training should be made available for all staff.

8.3 Facilities

Facilities should ensure that the principles in this policy are adhered to in the
arrangements for Trust post with SWYMT staff and other organisations providing
postal services to SWYMHT. Advice should be available on devices for bulk transfer
of casenotes and post which are secure and where any unauthorised access would be
evident.


8.4 IG TAG responsibilities

The IG TAG is responsible for monitoring and reviewing arrangements for this policy.
The TAG will also:
          Ensure that the principles in this policy are complied with when
             applications and systems are under development or enhancement.
          Review the recommendations of audit reports and the progress with
             action plans.
          Review this policy
          Commission audits to ensure the implementation of the policy
          Communicate the policy requirements across the Trust
          Review progress with action plans developed following audits
          Identify any risk associated with the transfers of information


8.5 Senior Information Risk Officer (SIRO) responsibilities

The SIRO will report any risk associated with this policy to the Trust Board via the
appropriate risk reporting arrangements.


8.6 Board responsibilities

The Trust Board will receive assurance from the SIRO.

                                          Page 10 of 34
8.7 Portfolio Manager: Information governance & health records

        Support the SIRO and Trust staff in ensuring that the policy complies with
         Information Governance(208, 209), NHSLARMS (1.1.8) and SbH requirements
         (C13c), and that there is appropriate evidence of its implementation.
        Advise, staff, managers and Trust board on this policy
        Provide briefings on this policy on request
        Incorporate this policy into Data Protection and information governance training
         sessions.

9. Monitoring

The IGTAG will be responsible for monitoring arrangements to check on the
implementation of these procedures.

The Information governance TAG will support the SIRO in managing the risks
associated with data transfers.

     Standard                                  Monitoring process - evidence:
1.   This document is reviewed and                The document on the intranet is up-
     updated in accordance with Trust                to-date
     policy.
2.   Relevant staff will be made aware of             Document is on the intranet
     the policy and offered support and               Reference in team brief
     training                                         Record of meetings where
                                                       implementation discussed
                                                      Content of and attendance at relevant
                                                       training

3.   Each team will have appropriate                  The approved safe haven fax list,
     postal and safe haven fax                         will be reviewed annually.
     arrangements                                     The IG Tag will carry out spot
                                                       checks on the safe haven
                                                       arrangements in teams

4.   IG TAG will use the incident reporting           Number, severity, location and type
     on Datix to monitor the number of                 of incidents, relating to transfers of
     incidents.                                        personal data.




5.   Routine flows of person identifiable             Routine flows will be reviewed
     information will be risk assessed                 annually
                                                      All new flows of information will be
                                                       risk assessed by the TAG.




                                            Page 11 of 34
6.   Review of action plans                         IG TAG to review recommendations
                                                     and action plans for audits.




10. Training

The Policy will be available on the intranet and awareness will be raised via the
Service Delivery Groups for the clinical services. Managers will be expected to
incorporate local arrangements into staff induction and team meetings. The Policy will
be covered at Information Governance and Data Protection training sessions and the
Portfolio Manager: Information Governance & Health Records, is available to give
briefings to individual groups on request.

11. Dissemination

This policy once approved will be notified to staff via the Team brief and will be placed
on the Trust intranet. SDGs will be responsible for more detailed briefings to
appropriate staff.

12. Implementation

An overarching implementation plan for this policy has been developed (Appendix K).
.

13. Review

This policy will be reviewed at 3 yearly intervals by the IG TAG unless there is a need
to review earlier. The next review date will be in October 2010.

14. Development

This policy has been developed in consultation with:

               IG TAG
               Admin managers


15. References

SWYMHT
Documents which work alongside the safe havens policy.

        Information Governance Policy
        Confidentiality Policy
        Data Protection Policy

                                          Page 12 of 34
      Information Security Policy




External


IG toolkit standards 208 and 209




                                     Page 13 of 34
                                                                          Appendix A
Safe Haven locations within SWYMHT
                                                                                                     P
  ID                    Unit                 Sitename               Fax          ContactName
                                                                01422
         Elmdale Ward                 The Dales                 222907     Karen Snowden             Y
                                                                01422
   170   Savile Close Day Unit        Savile Close Day Unit     250828     Shirley Hasler            Y
                                                                01422
    31   CMHT East                    CMHT East                 252423     Sue Jennings              Y
                                      4th Floor, F Mill, Dean   01422
    62   Dean Clough, Admin           Clough                    281568     Anne Booth                Y
                                      Beechwood Health          01422
         Beechwood Health Centre      Centre                    300481     Helen Belgrave            Y
                                      Kershaw Grange Day        01422
    96   Kershaw Grange Day Unit      Unit                      883242     Janet Blackler            Y
                                                                01484
         Memory monitoring Service    St Lukes                  343221     Secretary                 Y
                                                                01484
         Service Managers Office      Ward 7 St Luke's          343379     Zoe Whitaker              Y
                                                                01484
   108   Medical Records              Medical Recs St Lukes     343288     Christine Parker          Y
         Mental Health Act            MHAct administrator, St   01484
   114   Administrator                LukesOffice               343345     Christine Parker          Y
         Psychological Services -     Psychological Services    01484
   154   Working Age Adults           - Working Age Adults      343409     Secretaries               Y
                                      Psychological Services
                                      (Learning Disabilities,   01484
   152   Psychological Services       S. Kirklees)              343409     Secretaries               Y

                                      Crisis Resolution and
         Crisis Resolution and Home   Home Treatment            01484
    56   Treatment Service            Service (S. Kirklees)     343614     Secretaries               Y
                                                                01484
   201   Ward 6                       Ward 6 - St Luke's        343660     Medical Secs              Y

                                      Psychological Services
                                      (Older People, S.         01484
   153   Psychological Services       Kirklees)                 347618     Secretaries               Y
                                                                01484      Jude Holland Consultant
    33   CMHT West                    CMHT West                 343666     Secretary                 Y
                                      Enfield Down (Older       01484
    78   Enfield Down                 People)                   347718     Jo Cheesbrough            Y
                                      Batley Enterprise         01924
    14   Batley Enterprise Centre     Centre                    326956     Deborah Walton            Y
                                                                01924
         Horizon Centre               Horizon Centre            327001     Eileen Tennant            Y
                                                                01924
   194   Wakefield North CMHT         Wakefield North CMHT      327115     Susan Wilkinson           Y
                                                                01924      Shirley Akroyde/Susan
         Bretton Centre               Bretton Centre            327222     Potts                     Y
                                                                01924
         Chantry Unit                 Chantry Unit              327306     Margret Walstow           Y


                                         Page 14 of 34
                                                                01924
30    Clinical Security               Clinical Security         327399   Jeff Layton                  Y
                                                                01924
187   Treatment Area                  Treatment Area            327440   Deirdre Conlon               Y
                                                                01924
148   Chantry Unit                    Chantry Unit              327456   Dr Masu's Secretary          Y
                                                                01924
      Trinity One                     Trinity One               327465   Linsey Pickering             Y
                                                                01924    Adrian Deakin/James
      Bretton Centre Reception        Bretton Centre            327575   Biggott                      Y
                                                                01924
97    Legal                                                     327668   Ruth Foxcroft                Y
                                                                01924
  2   The Sycamores                   Ossett                    327803   Andy Dunne                   Y
                                                                01924
20    Calder Unit                     Calder Unit               328665   Cindy Bernard                Y
                                                                01924
189   Trinity One                     Trinity One               328677   Linsey Pickering             Y
                                                                01924
      Ravensleigh Cottage             Ravensleigh Cottage       516151   Zoe Whitaker/Asma Sacha      Y
                                      Assertive Outreach (N.    01924
12    Assertive Outreach              Kirklees)                 516163   Julie Goodall                Y

                                      Dewsbury Two Sector       01924
64    Dewsbury 2 Sector Team          Team                      516163   Julie Goodall                Y
                                      Spenborough Sector        01924
177   Spenborough Sector Team         Team                      516163   Julie Goodall                Y
                                      HIV Counselling and       01924
94    HIV counselling and Support     Support                   814561   Dianne Wynn/Jill Schofield   Y

                                      Community Learning
      Community Learning Disability   Disability Team - Adult   01924
36    Team (CLDT) - Adult Nursing     Nursing                   816082   Inara Bennett/Heidi Curry    Y
                                                                01924
84    Fox View Annexe                 Fox View Annexe           816082   Inara Bennett/Heidi Curry    Y
                                      Occupational Therapy
                                      (Learning Disabilities,   01924
129   Occupational Therapy            N. Kirklees)              816082   Inara Bennett/Heidi Curry    Y
                                                                01977
144   Pontefract CMHT                 Pontefract CMHT           465490   Ann Dunn                     Y
                                                                01977
145   Poplars C U E                   Poplars C U E             465693   Janette Mulroe               Y
                                                                01977
143   PLATT Service                   PLATT Service             468673   Karen Backhouse              Y
      CMHT Older Peoples Services     CMHT Older Peoples        01977
32    - CNDH                          Services - CNDH           605542   Elaine Deeley                Y
                                                                01977
  4   ?                               ?                         605572   Deirdre Simpson              Y
                                      Psychological             01977
161   Psychological Therapies         Therapies (Castleford)    628000   Carol Ducker                 Y




                                          Page 15 of 34
                                                                           Appendix B


Safe Haven label and instructions for Fax transfers

              This is a Safe Haven Fax - Fax no

You may send or receive personally identifiable
    information from here. Please take the
            following precautions:
Do’s
    Do check and double check that you have typed the recipients number correctly

      Do use pre-programmed numbers where possible.

      Do use a SWMHT cover sheet with instructions on it should the fax be received
       by the wrong person.

      Do print a confirmation sheet for the transmission.

      Do follow Caldicott principles when sending person identifiable information so:

          Do use the NHS number or other identifying number instead of name
           address and date of birth details if possible.

          Do separate the clinical and demographic details if possible

Don’t’s

      Don‟t send person identifiable information unless you can justify that it is
       necessary

      Don‟t include person identifiable information details on the Cover sheet




                                          Page 16 of 34
                                              Appendix C


Not a Safe Haven Fax label

              This is not a Safe Haven Fax.

   If you are sending or receiving personally
 identifiable information you should use a Safe
 Haven Fax. Your nearest Safe Haven Fax is at
                       …….

   Location of all Trust Safe Haven faxes are
 included in the Safe Haven Policy available on
                   the intranet.




                             Page 17 of 34
                                                                         Appendix D
Fax disclaimer

The fax should be sent on SWYMHT cover sheet. No Personally identifiable details
should be included on the cover sheets except for the sender and recipients. The
senders telephone contact details must be clearly shown. The number of pages being
faxed including the cover sheet should be clearly stated. A message should be
included on the cover sheet

“The details included in this transmission are intended for the named recipient only. If
you are not the recipient named on this cover sheet you are not authorised to see the
information in this transmission. If you have received this transmission and are not the
authorised recipient we would be grateful if you could contact the sender immediately
via the contact details above and inform them. “




                                         Page 18 of 34
                                                                         Appendix E


Legislation and Guidance
Access to Health Records Act 1990

This Act provides rights of access to the health records of deceased individuals for
their personal representatives and others having a claim on the deceased‟s estate. In
other circumstances, disclosure of health records relating to the deceased should
satisfy common law duty of confidence requirements. The Data Protection Act 1998
supersedes the Access to Health Records Act 1990 apart from the sections dealing
with access to information about the deceased

Data Protection Act 1998

The key legislation governing the protection and use of identifiable patient/client
information (Personal Data) is the Data Protection Act 1998. The Act does not apply to
information relating to the deceased.

This Act gives seven rights to individuals in respect of their own personal data held by
others. They are:

   Right of subject access
   Right to prevent processing likely to cause damage or distress
   Right to prevent processing for the purposes of direct marketing
   Rights in relation to automated decision making
   Right to take action for compensation if the individual suffers damage
   Right to take action to rectify, block, erase or destroy inaccurate data
   Right to make a request to the Commissioner for an assessment to be made as to
    whether any provision of the Act has been contravened.

In addition, the Act stipulates that anyone processing personal data comply with eight
principles of good practice. These principles are legally enforceable.

Principle 1 – Personal data shall be processed fairly and lawfully
Principle 2 – Personal data shall be obtained only for one or more specified lawful
purposes
Principle 3 – Personal data shall be adequate, relevant and not excessive in relation
to the purposes for which they are processed.
Principle 4 – Personal data shall be accurate and, where necessary, kept up to date.
Principle 5 – Personal data processed for any purpose or purposes shall not be kept
longer than is necessary for that or those purposes.
Principle 6 – Personal data shall be processed in accordance with the rights of data
subjects under this Act, including the right to access their own record.
Principle 7 – Appropriate technical and organisational measures shall be taken
against unauthorised or unlawful processing of personal data and against accidental
loss.
Principle 8 – Data shall not be transferred outside of the European Economic Area


                                         Page 19 of 34
Detailed information for staff about the requirements of the Act in relation to
information sharing are available in each agency.



Crime and Disorder Act 1998

The Crime and Disorder Act 1998 introduces measures to reduce crime and disorder,
including the introduction of local crime partnerships around local authority boundaries
to formulate and implement strategies for reducing crime and disorder in the local area.
Section 115 of the Act provides that any person has the power to lawfully disclose
information to the police, local authorities, probation service or health authorities (or
persons acting on their behalf) where they do not otherwise have the power but only
where it is necessary and expedient for the purposes of the Act. However, whilst all
agencies have the power to disclose, Section 115 does not impose a requirement on
them to exchange information and responsibility for the disclosure remains with the
agency that holds the data. It should be noted, however, that this does not exempt the
provider from the requirements of the 2nd Data Protection principle.

The Criminal Procedures and Investigations Act 1996 requires the police to record in
durable form any information that is relevant to an investigation. The information must
be disclosed to the Crown Prosecution Service, who must in turn disclose it to the
defence at the relevant time if it might undermine the prosecution case. In cases
where the information is deemed to be of a sensitive nature then the CPS can apply to
a judge or magistrate for a ruling as to whether it should be disclosed.


Human Rights Act 1998

Article 8.1 of the Human Rights Act 1998 provides that “everyone has the right to
respect for his private and family life, his home and his correspondence”. This is
however, a qualified right i.e., there are specified grounds upon which it may be
legitimate for authorities to infringe or limit those rights and Article 8.2 provides “there
shall be no interference by a public authority with the exercise of this right as it is in
accordance with the law and is necessary in a democratic society in the interests of
national security, public safety, or the economic well-being of the country, for the
prevention of disorder or crime, for the protection of health or morals or for the
protection of the rights and freedom of others”.

In the event of a claim arising from the Act that an organisation has acted in a way
which is incompatible with the Convention rights, a key factor will be whether the
organisation can show in relation to its decision to take a particular course of action: -

   That it has taken these rights into account
   That it considered whether any breach may result, directly or indirectly, from the
    action, or lack of action
   If there was the possibility of a breach, whether the particular rights which might be
    breached were absolute rights or qualified rights
   Whether one of the permitted grounds for interference could be relied upon
   Whether there was proportionality


                                           Page 20 of 34
The Act also requires public bodies to read and give effect to other legislation in a way
that is compatible with these rights and makes it unlawful to act incompatibly with
them. As a result these rights still need to be considered, even when there are special
statutory powers to share information.



Common law duty of Confidentiality

All staff working in both the public and private sector are aware that they are subject to
a common law Duty of Confidentiality and must abide by this. The duty of confidence
only applies to identifiable information and not to aggregate data derived from such
information or to information that has otherwise been effectively anonymised i.e., it is
not possible for anyone to link the information to a specified individual.

The Duty of Confidentiality requires that unless there is a statutory requirement to use
information that has been provided in confidence it should only be used for purposes
that the subject has been informed about and has consented to. This duty is not
absolute but should only be overridden if the holder of the information can justify
disclosure as being in the public interest (e.g., to protect others from harm). Whilst it is
not entirely clear under law whether or not a common law Duty of Confidence extends
to the deceased, the Department of Health and professional bodies responsible for
setting ethical standards for health professionals accept that this is the case.

Unless there is a sufficiently robust public interest justification for using identifiable
information that has been provided in confidence then the consent of the individual
concerned should be gained (deceased individuals may have provided their consent
prior to death). Schedules 2 and 3 of the Data Protection Act 1998 apply whether or
not the information was provided in confidence.

Where it is judged that an individual is unable to provide consent (for example due to
mental incapacity or unconsciousness) other conditions in schedule 2 and 3 of the
Data Protection Act 1998 must be satisfied (processing will normally need to be in the
vital interest of the individual).

Whilst under current law, no-one can provide consent on behalf of an adult in order to
satisfy the common law requirement, it is generally accepted that decisions about
treatment and the disclosure of information should be made by those responsible for
providing care and that they should be in the best interests of the individual concerned.

All agencies are subject to their own codes or standards relating to confidentiality.


Caldicott Report 1997

The Caldicott Committee (which reported in 1997) recommended a series of principles
that should be applied when considering whether confidential information should be
shared. The principles have been developed with the aim of establishing the highest
practical standards for handling confidential information. They apply equally to all
routine and ad hoc flows of patient information whether clinical or non-clinical, in
manual or electronic format. The principles are:

                                           Page 21 of 34
   Justify the purpose(s) for using confidential information

    Every proposed use or transfer of patient-identifiable information within or from an
    organisation should be clearly defined and scrutinised, with continuing uses
    regularly reviewed, by an appropriate guardian.

   Only transfer/use patient-identifiable information when absolutely necessary

    Patient-identifiable information items should not be included unless it is essential
    for the specified purpose(s) of that flow. The need for patients to be identified
    should be considered at each stage of satisfying the purpose.

   Use the minimum identifiable information that is required

    Where use of patient-identifiable information is considered to be essential, the
    inclusion of each individual item should be considered and justified so that the
    minimum amount of identifiable information is transferred or accessible as is
    necessary for a given function to be carried out.

   Access should be on a strict need to know basis

    Only those individuals who need access to patient-identifiable information should
    have access to it. They should only have access to the information items that they
    need to see. This may mean introducing access controls or splitting information
    flows where one flow is used for several purposes.

   Everyone with access to identifiable information must understand his or her
    responsibilities

    Action should be taken to ensure that those handling patient-identifiable
    information, both clinical and non-clinical staff, are made fully aware of their
    responsibilities and obligations to respect an individual‟s confidentiality.

   Understand and comply with the law

    Every use of patient-identifiable information must be lawful. Someone in each
    organisation handling patient information should be responsible for ensuring that
    the organisation complies with legal requirements.

All NHS and Social Services Department are now required to apply these principles
and to nominate a senior person to act as a Caldicott Guardian responsible for
safeguarding the confidentiality of patient information.

Freedom of Information Act 2000

 This Act provides clear statutory rights for those requesting information together with a
strong enforcement regime. Under the terms of the Act, any member of the public will
be able to apply for access to information held by bodies across the public sector. The
release of personal information remains protected by the Data Protection Act 1998.


                                          Page 22 of 34
NHS Code of Practice: Confidentiality

Provides guidance to the NHS staff about the confidentiality of patient information.
http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndG
uidance/DH_4069253




                                        Page 23 of 34
                                                                          Appendix G

SAFE HAVENS POLICY
Spot Check Audit

Name of Department

Name of Department Manager

Fax number

Is the fax accessible by public, service users or visitors

Is the fax locked away or does it have a pin number for access

Is the fax labelled correctly

Are fax cover sheets with the Trust disclaimer readily available.

Description of the last three items received/sent on the fax machine

Type of          Sender           Purpose              Recipient    Date and
Information                                                         time of
                                                                    transaction
e.g.             Ward 3           Communication Service user        Etc.
discharge                         of care needs GP
letter sent to
GP




Is there a message book

Is it stored appropriately

Does it have the proscribed information

(Date, time, receiver, intended recipient, sender, space for signature date and time of
intended recipient)

Arrangements for
Receipt of post,
opening of post,
recording of post received,
storage of opened post,

                                            Page 24 of 34
post for sending.

Date and time of spot check

Signature of checker

Designation of spot checker




                              Page 25 of 34
                                                                             APPENDIX H

Department /Service
Name & job title of person completing form
Contact details
Date Completed

Details of IT systems and data transfers


Details of the       Details of data      Number of     Frequency    Purpose of data transferred    Recipie
  IT system           transferred            records
e.g. Rio, ESR                               typically
      etc         e.g personal details,   transferred
                  bank details clinical
                       details etc.




                 Please complete and return this form as soon as possible to Nicola Smith - nicola.smith@swy




                                            Page 26 of 34
                                                      APPENDIX I
Incoming Information Flows of Personally identifiable
information

Clinical teams
Source of Information
GP
Service Users and Carers
Acute Trusts including A&E
departments
Other services within SWYMHT
LD service providers (Independent,
voluntary and NHS)
Social services teams
Social Care Direct
Asylum seekers Team
Tenancy support services and other
council run services
Police
Probation
Voluntary organisations such as CAB
Benefits agency
Housing departments
Service Commissioners
Advocacy Services
Charities including The Family Fund
and Independent Living fund
Education services

Complaints/ Legal /Claims

Source of Information
Solicitors on behalf of clients
Trust solicitors
Complainants
Managers and staff Trust-wide
Professional bodies re staff

Mental Health Act Office
Source of Information
Solicitors
RMOs
MH Tribunals

                                      Page 27 of 34
Ward staff trustwide

Other Corporate

Source of Information
Coroners
National confidential enquiry into
Homicides and Suicides by people
with a mental illness.
Inland revenue
Alerts about dangerous or missing
persons
Police




Human resources
Source of Information
Applicants
Referees
Managers and staff Trust-wide
Employment tribunals
Financial institutions
Pensions Agency
CRB




                                                                         Appendix J
                           Equality Impact Assessment Tool

                                                           Yes/No   Comments

 1.   Does the policy/guidance affect one group
      less or more favourably than another on the
      basis of:

      Race                                                   NO

      Ethnic origins (including gypsies and travellers)      NO

      Nationality                                            NO

      Gender                                                 NO

      Culture                                                NO

      Religion or belief                                     NO

      Sexual orientation including lesbian, gay and          NO
        bisexual people

                                                 Page 28 of 34
                                                       Yes/No   Comments

     Age                                                 NO

     Disability - learning disabilities, physical        NO
        disability, sensory impairment and mental
        health problems
2.   Is there any evidence that some groups are          NO
     affected differently?
3.   If you have identified potential                    NO
     discrimination, are any exceptions valid,
     legal and/or justifiable?
4.   Is the impact of the policy/guidance likely to      NO
     be negative?
5.   If so can the impact be avoided?                    N/A
6.   What alternatives are there to achieving the        N/A
     policy/guidance without the impact?
7.   Can we reduce the impact by taking                  N/A
     different action?




                                             Page 29 of 34
                                                                        Appendix K

     Checklist for the Review and Approval of Procedural Document


                                                         Yes/No/
      Title of document being reviewed:                            Comments
                                                         Unsure
1.    Title

      Is the title clear and unambiguous?                  YES

      Is it clear whether the document is a guideline,     YES
      policy, protocol or standard?
2.    Rationale

      Are reasons for development of the document          YES
      stated?
3.    Development Process

      Is the method described in brief?                    YES

      Are people involved in the development               YES
      identified?

      Do you feel a reasonable attempt has been            YES
      made to ensure relevant expertise has been
      used?

      Is there evidence of consultation with               YES
      stakeholders and users?
4.    Content

      Is the objective of the document clear?              YES

      Is the target population clear and                   YES
      unambiguous?

      Are the intended outcomes described?                 YES

      Are the statements clear and unambiguous?            YES
5.    Evidence Base

      Is the type of evidence to support the               YES
      document identified explicitly?
      Are key references cited?                            YES

      Are the references cited in full?                    YES
      Are supporting documents referenced?                 YES
6.    Approval

      Does the document identify which                     YES
      committee/group will approve it?
      If appropriate have the joint Human
      Resources/staff side committee (or equivalent)
      approved the document?


                                                Page 30 of 34
                                                            Yes/No/
      Title of document being reviewed:                               Comments
                                                            Unsure
7.    Dissemination and Implementation

      Is there an outline/plan to identify how this will      YES
      be done?
      Does the plan include the necessary                     YES
      training/support to ensure compliance?

8.    Document Control

      Does the document identify where it will be             YES
      held?

      Have archiving arrangements for superseded              YES
      documents been addressed?
9.    Process to Monitor Compliance and
      Effectiveness

      Are there measurable standards or KPIs to               YES
      support the monitoring of compliance with and
      effectiveness of the document?
      Is there a plan to review or audit compliance           YES
      with the document?

10.   Review Date

      Is the review date identified?                          YES

      Is the frequency of review identified? If so is it      YES
      acceptable?
11.   Overall Responsibility for the Document

      Is it clear who will be responsible                     YES
      implementation and review of the document?




                                                   Page 31 of 34
                                                                   Appendix L

                       Version Control Sheet

Version    Date         Author            Status             Comment / changes
1         Oct     Nicola Smith           Final     Reviewed to meet new requirements for IG
          2007                                     toolkit 208 and 209
2         Nov     Nicola Smith           draft
          2008




                                 Page 32 of 34
Page 33 of 34
Appendix K

Safe Havens Policy

Impact of Implementation

   Description of Impact                          Staff /Dept affected   Cost
                                                                         implication
1 Spot checks on Safe Havens                      IG TAG members
2 Review of Information flows incoming and        SDGs
  outgoing
3 Authorisation and risk assessment of            IG TAG
  Information flows submitted to IG TAG
4 Review safe havens fax list annually            IG TAG
5 Training and dissemination                      IG TAG / SDGs
6 Inform the Board of any unmitigated risks and   SIRO
  update the Trust risk register




                                Page 34 of 34

								
To top