Cheshire & Mersey Information Sharing Code of Practice Tier 1 Documents... · Updated Caldicott...

Information Sharing Code of Practice Legislation and Standrads for Information Sharing (Tier 1) Version 3, January 2015

Cheshire & Mersey

Information Sharing Code of Practice

Tier 1

Legislation and Standards for Information Sharing

Effective from 1st January 2015

Review date 1st January 2017


2

Version History

Date Version Author name and designation Summary of main changes January 2013 1 Jo Fitzpatrick, IG Manager for The

Clatterbridge Cancer Centre NHS Foundation Trust

Confirmation from the Manchester Group that we could use this template for the Cheshire & Mersey Region.

October 2013 2 Jo Fitzpatrick, IG Manager for The Clatterbridge Cancer Centre NHS Foundation Trust

Updated Caldicott Principles, Included Francis Report Government Response and link to CQC to replace link to NIGB

November 2014 3 H Partington,IG Advisor,Wirral Community NHS Trust

Insertion of indemnity clause agreed in 2011 as per advice from Hill Dickinson. Standardisation of name across the documents to ‘Code of Practice’

November 2014 3 Jo Fitzpatrick, IG Manager for The Clatterbridge Cancer Centre NHS Foundation Trust

Updated section on Child Protection and MASH on behalf ofSimon Garner, Corporate Safeguarding Manager at Wirral Council

November 2014 3 Jo Fitzpatrick, IG Manager for The Clatterbridge Cancer Centre NHS Foundation Trust

Upated legistlation links on page 19.

Name and designation of policy author(s) Jo Fitzpatrick, Information Governance Manager at The Clatterbridge

Cancer Centre NHS Foundation Trust

Approved by (committee, group, manager) Wirral Caldicott Guardians and IG Managers Network

Approving signatures See Tier 0 – Chief Executives and all Caldicott Guardians from all

participating organisations must sign up to this Agreement

Adopted By All organisations whose Chief Executives and Caldicott Guardians

signatures appear in the appendix

Date approved 20th November 2014

Review date November 2016

Review type (annual, three yearly) Two Years

Target audience All Trusts across Cheshire & Mersey Region

Links to other strategies, policies,

procedures

This Tiered Information Sharing Code of Practice is required for the

Information Governance Toolkit

Protective Marking Classification N/A


3

Administrator Contact Details: Wirral

Community NHS Trust

Information Governance

Advisor

Wirral Community NHS Trust 1st Floor,South Wing Old Market House Hamilton Street Birkenhead Wirral CH41 5AL

Tel: 0151 6435331 (internal ext 1948)

e mail:- [email protected]

mailto:[email protected]


4

Contents

Tiered Framework of the Information Sharing Code of Practice 5 Purpose of the Code of Practice 6

Commitments to Service Users given through the Code of Practice 7 Signatories to the Code of Practice and Indemnity 8 Role of the Lead Officers 9 Adoption and Approval

Service protocols supporting the Code of Practice 10 Circulation and dissemination

Monitoring and the role of the Review Group 10

Key Legislation and Guidance 11

Appendix A:- List of partner Organisations 19 Appendix B:-Signature Sheet 20


5

Tiered Framework of the Information Sharing Code of Practice This Overarching Standard for Information Sharing is designed to be used in conjunction with a set of documents within a Tiered Structure. The structure is designed to provide a framework for the secure and confidential sharing of information between the partner organisations that contribute to the wellbeing of residents and ensuring disclosure is in line with statutory requirements. Information may be stored in many different formats such as, physical, electronic, audio or video. There are 3 main tiers to the structure.-

Tier Zero- This is a document signed by a Chief Executive of an organisation agreeing in principle to share information responsibly. The names of all agencies in agreement are listed and can be added to as more agencies became involved. Organisations should, if possible, place copies of tier 0 and tier 1, and a list of partner organisations, on their internet sites to reassure the public of their commitment to sharing responsibly. If not this Tier 0 document, then a document similar to a Tier 0 document must be signed by the Chief Executive of all organisations wishing to take part. Only one Tier 0 document need be signed by the Chief Executive for any number of Tier 2 documents agreed beneath it.

Tier One- This is an overarching standard outlining the agreed procedures for sharing information. It is this document which sets the standards for obtaining, recording, holding, using and sharing of information. Outlines the supporting legislation, guidelines and documents which govern information sharing between partner organisations.

Tier Two - This give guidance to operational practitioners on the production of a protocol for the safe sharing of information. These protocols should show what information should be shared and how, under what circumstances and by whom, and should be tailored to individual partnerships. This document will require authorisation of the participating partnership organisations. A copy of these documents should be lodged with the Information Governance section. Guidance would suggest that the following are included -

o Fair processing notices, o Consent leaflets, o Social Care Record Guarantee, o Confidentiality statement, o Subject access o Privacy Impact Assessments


6

This Code of Practice is designed to simplify and strengthen the sharing of information between partner organisations across Cheshire and Merseyside, along with other partners which border the geographical area and with whom we may share information. Purpose of the Code of Practice

The purpose of the Code of Practice is to support public service organisations and their partners in delivering holistic and responsive services. It concerns the sharing of personal data and seeks to lay the foundation for the safe and secure sharing of information in order to comply with the duties placed on organisations to work together. As such, it is intended as a means of establishing a standard to which all Partner Organisations will work towards in respect of the treatment of personal information. The Code of Practice has a contribution to make towards fostering a culture in which all services work together to deliver better outcomes for the residents and visitors across Cheshire and Merseyside. The objectives of the Code of Practice are:

To assist staff in protecting the confidentiality of customers, clients and employees where it is necessary to share personal data.

To help local partnerships by providing a secure and efficient way to exchange personal data where a power exists to do so, in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and other relevant legislation.

To support joined up local services.

To promote good practice in data sharing, with regard to general management, data quality, etc.

Each Partner Organisation has its own local policies and procedures regarding information security and confidentiality. This Code of Practice is not designed to supersede existing local policies but to enhance them by facilitating cross-boundary dialogue and agreement and providing a context for Information Sharing between organisations across Cheshire and Merseyside. .


7

Commitments to Service Users given through the Code of Practice The Code of Practice is a sign of our commitment and a demonstration to the public about how information is used and our statement to the population of Cheshire and Merseyside.

We will:

Ask for permission to collect and share your information, and where you have a choice as to whether to provide us with information, we will make it as easy as possible for you to exercise that choice.

Explain why we are using your information, and will only use it for those purposes.

Explain who will see it, and limit access to your information only to staff who need it.

Only ask for information we need, and not ask for information which is not relevant to your needs/our service.

Keep information about you as accurate and up-to-date as possible – with your help.

Respect your rights under the Data Protection Act 1998 – including your right to see the information which has been recorded about you.

Protect your information with the highest possible standards of security and confidentiality.

Tell you how you can get more information, including: How we safeguard your personal information; How you can check and correct any information we hold; How to raise a query or a complaint.

Only keep the information for as long as needed, and explain our reasons when we need to keep personal records for some time after we have stopped providing a service to you. This is usually so that we can resume a service at a later date if needed.


8

Signatories to the Code of Practice A list of partner organisations can be found at Appendix A Partner organisations who are signatories to this Code of Practice will:

Promote staff awareness of the requirements around information sharing, through training, issuing of guidelines, etc.

Have in place appropriate internal information governance and/or operational policies and procedures that will facilitate the effective processing of personal information which is relevant to the needs of the organisation, their managers/practitioners and their service users.

Ensure that their organisational and security measures are moving towards compliance with BS ISO/IEC 2700 series (see page 10), to protect the lawful use of information shared under this Code of Practice.

Comply with the security levels on supplied information and handle the information accordingly.

Ensure that all appropriate staff have the necessary level of Disclosure and Barring Serice (DBS) clearance in accordance with relevant legislation and Government guidance, as required by each protocol under this Code of Practice.

Accept responsibility for independently or jointly auditing compliance with the individual protocols they are involved in.

Accept responsibility for ensuring that any information which is obtained under the auspices of this Code of Practice is not used for marketing purposes unless appropriate consent has been obtained.

Only use the information for the purpose for which it has been shared.

Take all reasonable actions to ensure that information provided under the auspices of this Code of Practice is, and remains accurate.

Where there is reason to believe that a record may be inaccurate, investigate to rectify the record, or advise the record owner from whom the record was obtained so that they may investigate/rectify.

Ensure contracts with contractors include the relevant clauses regarding confidentiality, information security and completion of the relevant Information Governance Toolkit.

Each Partner organisation will nominate a lead officer for the purposes of monitoring, reviewing and developing this Code of Practice.


9

Signatories to the Code of Practice & Indemnity

The parties to this Information Sharing Code of Practice are those that have signed the Declaration of Acceptance and Participation (DAP) at the end of this document. This list, along with the details of each organisation’s ‘Designated Person(s)’ as shown on the ‘DAP’, will be updated and reissued on a regular basis.

It is important to ensure accountability in the case of a complaint relating to the improper use of personal information supplied as a consequence of an Information Sharing Aggreement.

Each party to this Code of Practice (the ‘Indemnifying Party’), shall indemnify and keep indemnified every other party to this Code of Practice (the ‘Indemnified Party’), against all actions, costs, expenses, claims, proceedings and demands (whenever and wherever made) which is brought against an Indemnified Party but only to the extent caused by or is result of any breach of the Data Protection Act or other legislation by or any wrongful act, omission, neglect or default of the Indemnifying Party, its employees or agents or any unauthorised or unlawful access, processing, loss, theft, use, destruction or disclosure by the Indemnifying Party,it's employees or agents of any information or data shared with or obtained by the Indemnifying Party in connection with this Code of Practice."

The role of the Lead officer The Information Governance lead officer for each Partner Organisation will act as lead or main contact point for communication and dissemination purposes, internal information governance and/or operational procedures and processes. The lead officers collectively will facilitate the dissemination and implementation of, and monitoring and evaluating adherence to, the Code of Practice within their organisations. This will include future development of the Code of Practice. Adoption & Approval Formal adoption and approval of this and other aspects of the Information Sharing Code of Practice (including any associated documentation) is the responsibility of each organisation and/or department.

Each signatory organisation agrees to support the adoption, dissemination, implementation, monitoring and review of this Tier 1 and the other associated documents comprising the Information Sharing Code of Practice in accordance with their own internal, and any other jointly agreed and authorised, information governance standard and/or operational policies and procedures.


10

Service protocols supporting the Code of Practice For each service where data sharing is a key requirement, an operational guidance document/protocol will be agreed (Tier 2). Each protocol adopted under this Code of Practice will include explicit consideration of the policy and legislative issues which are deemed to apply to that service. It is consistent with good practice that similar protocols should be used in support of the sharing of any data. However, it is recognised that different arrangements are required to support the sharing of personal data, compared with non-personal data. This Code of Practice encourages, but does not require protocols for the purposes of sharing non-personal data. The absence of a protocol should not in itself be a barrier to sharing personal information. Circulation/Dissemination This document, and other associated documents that comprise the Information Sharing Code of Practice, shall be freely available to any representative of any signatory organisation via the most appropriate communications channels.

This Tier 1, and other completed documents that comprise the Information Sharing Code of Practice shall be readily available to all relevant staff via the most appropriate communication channels.

Monitoring & the role of the Review Group The Review Group will ‘own’ the Code of Practice on behalf of the Partner Organisations. Any party to the protocol can request reviews at any stage, eg. to address particular issues which may arise, and as a minimum, it will be reviewed every two years by the Review Group. The Group will have responsibility for updating documents to reflect changes in policy or legislation. In doing so, the Group will need to take into account what reporting arrangements would be appropriate for the amendments. There are two categories:

Minor changes of detail can be signed off by the Group;

Changes which require the issuing of a new Code of Practice to be signed by all Partners.

Non-Compliance (Internal) Instances of internal non-compliance with this Code of Practice and associated documents and procedures will be logged and reported to the appropriate ‘Designated Person’ (DAP) They should be dealt with promptly in accordance with the agreed information governance/operational policies and procedures. These should be described in the Tier Two.


11

Incidents that should be logged and reported include, but are not restricted to:

Inappropriate refusal to disclose information

Conditions being placed on disclosure

Inappropriate, unauthorised or unlawful disclosure

Disregard of the agreed policies and procedures

Disregard of the views and rights of service users

Non-Compliance (Partner Organisations) Instances of non–compliance with this Code of Practice and associated documents and procedures by a partner organisation should be reported to that organisation’s ‘Designated Person’. They should be dealt with promptly in accordance with the agreed information governance/operational policies and procedures described in the appropriate Tier Two In addition each organisation will also inform such regulatory bodies as need to know, or they are required to inform, of any breaches; this should be the responsibility of the ‘Designated Person’ .

Service User/Practitioner Concerns Any concerns or complaints received from service users relating to the processing/sharing of their personal information should be dealt with promptly in accordance with the internal complaints procedure of that organisation as described in the appropriate Tier Two

Key Legislation and Guidance The following is meant as guidance to some of the legislation which supports the sharing of personal data. It should not be regarded as comprehensive and when sharing personal data it is the responsibility of each organisation to ensure that sharing is lawful.

1. The Data Protection Act 1998 represents the key legislation governing the protection and use of personal data about living, identifiable people. This legislation requires organisations to ensure any ‘processing’ of personal data complies with the Principles of the Act. This includes the implications of any information sharing arrangements; with particular regard for the purpose(s) information is shared. Link to Information Commissioner’s Office website: http://www.ico.gov.uk/for_organisations/data_protection.aspx

http://www.ico.gov.uk/for_organisations/data_protection.aspx


12

THE DATA PROTECTION PRINCIPLES (SUMMARY)

The following principles must be applied to all processing of personal data:

1. Personal data shall be processed fairly and lawfully. 2. Personal shall be obtained for only one or more specified and lawful purposes. 3. Personal data shall be adequate, relevant and not excessive. 4. Personal data shall be accurate and where necessary, kept up to date. 5. Personal data shall not be kept longer than is necessary. 6. Personal data shall be processed in accordance with the rights of data subjects. 7. Appropriate technical and organisational measures shall be taken to make personal data secure. 8. Personal data shall not be transferred to countries outside of the European Economic Area unless those countries ensure an adequate level of protection for that data.

2. The Crime & Disorder Act 1998 introduced measures to reduce crime and disorder by introducing local crime partnerships. These were based around local authority boundaries to ‘formulate and implement’ strategies for reducing crime and disorder in the local area. The Act facilitates information sharing by providing agencies with the power to lawfully disclose information for the purposes of the Act. It does not, however, impose a requirement to exchange information. Link to legislation: http://www.legislation.gov.uk/ukpga/1998/37/contents

3. The Human Rights Act 1998 states (in Article 8.1) that ‘everyone has the right to respect for his private and family life, his home and his correspondence’. Agencies entering into information sharing must be aware of the implications of the rights granted to individuals by this legislation. Link to legislation: http://www.legislation.gov.uk/ukpga/1998/42/contents

4. The Common Law Duty of Confidence. When considering personal information that has been provided ’in confidence’, then all staff of any organisation with access to such information are subject to the Common Law Duty of Confidence. This duty is recognition, in law, of the need to ensure that the information remains confidential. All health information so provided, within any of the partner organisations, imposes such a duty on staff who have access to the information. Link to website archive for NHS information explaining the Common Law Duty of Confidence: http://www.legislation.gov.uk/ukpga/1998/42/contents

http://www.legislation.gov.uk/ukpga/1998/37/contents




13

5. The National Health Service Act 2006 allows the processing of patient identifiable information, without consent, for certain limited purposes when agreed by the Secretary of State for Health, where there are real barriers to seeking or obtaining consent. This legislation, however, is viewed as an interim solution to facilitate certain information sharing until robust methods of obtaining express, informed consent for all sharing have been developed. Link to legislation website: http://www.legislation.gov.uk/ukpga/2006/41/contents

6. The Freedom of Information Act 2000 gives a general right to access to all types of

recorded information held by Public Authorities, except personal data. It gives the public the right to be told if the information exists and; the right to receive that information. Agencies entering into information sharing arrangements must be aware of the rights granted to individuals under the Act and ensure that personal data, where covered by exemptions defined in the act are not disclosed. Link to Information Commissioner’s Office website: http://www.ico.gov.uk/for_organisations/freedom_of_information.aspx

7. The Children Act 1989 places specific duties on agencies to co-operate in the interests of

vulnerable children. These duties are also highlighted in the Children Act (2004). The Children Act 1989 places a statutory duty on Health and Social Care Professionals to help each other with their enquires so long as it is compatible with their own statutory duties or other duties and obligations. Link to Department for Education website: http://www.education.gov.uk/publications/standard/Childrenandfamilies/Page1

8. The “ Confidentiality: NHS Code of Practice” published by the Department of Health in November

2003 and endorsed by the Information Commissioner, General Medical Council (GMC), British Medical Association (BMA) and Medical Research Council provides guidance in relation to the sharing of confidential information. Confidential Patient information generally should not be passed to non-NHS bodies, although there are exceptions where it can be. Link to Department of Health: www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4069253

a)

9. Caldicott Principals NHS & Social Care organisations that are parties to this General Agreement must recognise the requirements and be committed to the principal recommendations of the Caldicott Committee Report. These recommendations, published in December 1997, included the requirement to develop local ‘inter-agency’ information sharing protocols. Link to Department of Health website: http://systems.hscic.gov.uk/infogov/caldicott/caldresources


http://www.ico.gov.uk/for_organisations/freedom_of_information.aspx

http://www.education.gov.uk/publications/standard/Childrenandfamilies/Page1

http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4069253

http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4069253

http://systems.hscic.gov.uk/infogov/caldicott/caldresources


14

The Seven Caldicott Principles summary:

Principle 1. Justify the purpose(s) for using confidential information

Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian.

Principle 2. Don’t use personal confidential data unless it is absolutely necessary

Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

Principle 3. Use the minimum necessary personal confidential data

Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out.

Principle 4. Access to personal confidential data should be on a strict need-to-know basis

Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.

Principle 5. Everyone with access to personal confidential data should be aware of their responsibilities

Action should be taken to ensure that those handling personal confidential data - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.

Principle 6. Comply with the law

Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.

Principle 7. The duty to share information can be as important as the duty to protect patient confidentiality


15

Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

10. British Standard ISO/IEC 27002 (ISO17799/BS7799) NHS organisations and other public

organisations that are parties to this General Agreement currently work on the principles of the Information Security Standard British Standard ISO/IEC 17799 (BS 7799). Recommendations include procedures when exchanging information. Social Care & Non – NHS organisations who are parties to this General Agreement must recognise the requirements of this Standard and ensure that information sharing takes place in a manner compatible with those requirements. Link to BSI website: www.bsi-emea.com/InformationSecurity/Overview/Whatare+ISO27001+27002.xalter

11. Information Governance Toolkit NHS and various other Organisations are required to adopt the Information Governance Toolkit which is a knowledge base and assessment framework. The toolkit brings together in one place information and activities to support the provision of high quality care. It promotes the effective and appropriate use of information with an increased importance of data sharing and partnerships. Link to Department of Health Information Governance Toolkit website: https://nww.igt.hscic.gov.uk/

12. The Laming Report (2003), Every Child Matters (2003) highlights the importance of safeguarding all children by effective communication highlighting the areas of:

o Multi-agency partnerships and information sharing. o A common assessment framework. o Accountability o

Detailed guidance regarding information sharing for the purposes of safeguarding and promoting the welfare of children is available in ‘What to do if you’re worried a child is being abused’ (DOH 2003). Link to Department of Health website: http://www.publications.parliament.uk/pa/cm200405/cmselect/cmeduski/40/40.pdf

13. Social Security Administration Act 1992. Under section 123 of the Social Security Administration Act 1992, it is a criminal offence for anyone who is or was engaged in any aspect of social security administration to disclose information obtained through such activity without lawful authority. Partnership members must be made aware that any unauthorised disclosure may lead to criminal proceedings against them. Link to

legislation: http://www.legislation.gov.uk/ukpga/1992/5/contents/enacted

http://www.bsi-emea.com/InformationSecurity/Overview/Whatare+ISO27001+27002.xalter

http://www.bsi-emea.com/InformationSecurity/Overview/Whatare+ISO27001+27002.xalter

https://nww.igt.hscic.gov.uk/

http://www.publications.parliament.uk/pa/cm200405/cmselect/cmeduski/40/40.pdf

http://www.legislation.gov.uk/ukpga/1992/5/contents/enacted


16

14. Legislation specific to Children's Services General provisions of the Children’s Act 2004 The primary legal relationship between agencies is governed by the Children’s Act 2004. (i) Section 10 (Duty to cooperate and improve the welfare of children) (ii) Section 11 (Arrangements to safeguard and promote welfare) (iii) Section 12 (Provision for regulations governing the operation of ContactPoint). The following list of statutory provisions provides further illustrations of the statutory basis for information sharing in the context of Children’s Services. Child Protection

Why do you want to share/request information?

Legal basis for requesting/sharing information

There is reasonable cause to suspect that a child is suffering or is likely to suffer significant harm

Section 47 Children Act 1989

To undertake enquiries in order to decide if action should be taken to safeguard or promote the child’s welfare


As a result of above enquiries it appears there are matters connected with the child’s education which should be investigated


Children’s Services request for information re above


Child ordinarily living in another LA Section 47 of Children Act 1989

Child Protection - People Unsuitable to Work with Children



An individual has been found guilty of misconduct (whether or not in the course of his employment) which harmed a child or placed a child at-risk of harm

Protection of Children Act 1999, Section 2A

The organisation wishes to offer a job to a person in a child care capacity

Protection of Children Act 1999, Section 3

A person is found to be unsuitable to work with vulnerable adults

Care Standards Act 2000

Because a teacher has ceased to be employed because of misconduct or health

Teaching and Higher Education Act 1998, Sections 15 and 15 A


17

Furthermore, the Health and Social Care Information Centre (HSCIC) are working on the Child Protection – Information Sharing (CP-IS) project. This an NHS England sponsored work programme dedicated to developing an information sharing solution that will deliver a higher level of protection to children who visit NHS unscheduled care settings. It proposes to do so by connecting local authorities’ child protection social care IT systems with those used by staff in NHS unscheduled care settings. The information sharing focuses on three specific categories of child:

Those with a child protection plan

Those with looked after child status (children with full and interim care orders and voluntary care agreements)

Pregnant women whose unborn child has a prebirth child protection plan More information on this project will be included in this Tier 1 document when available from HSCIC. 15 Multi Agency Safeguarding Hub (MASH) The MASH is a local team of professionals drawn from the relevant agencies, who will remain in their agency’s employment. Families and Wellbeing Directorate, Police and the NHS contribute staff members. The team act within a ‘sealed intelligence hub’, meaning they can share information within the team but that there are agreed rules in place covering the release of information to staff in the rest of the organisations involved. An information sharing protocol is in place to support this arrangement. The aim of the MASH is to:

Provide advice and information on new safeguarding concerns. Decide an initial rating on the presenting level of risk and required timescale for

response. Identify and share current information on vulnerable children and adults at risk. Coordinate a meeting to reach decisions on initial action.

The MASH receives safeguarding concerns from professionals such as teachers and doctors as well as members of the public and family members. For those concerns that meet the threshold for Specialist Services involvement, representatives from the different agencies in the MASH and outside will collate information from their respective sources to build up a holistic picture of the circumstances of the case and the associated risks to the child or adult. As a result, better decisions will be made about what action to take and support will be targeted on the most urgent cases. Feedback will also be given to professionals reporting concerns. Better co-ordination between agencies will lead to an improved service for children and families.

The MASH will improve the quality of information shared, enable discussion at an early stage about presenting risks and determine a timely and proportionate response.


18

Child with a Disability



Because it is believed that a child with a disability is likely to suffer harm but lives or is moving to another LA

Section 17(2) Children Act 1989

To compile and maintain a register of disabled children

Children Act 1989 Section 17

There is a need for health or housing provision and Health or Housing can assist with the assessment

Section 47 National Health Service and Community Care Act 1990

To compile and maintain a register of blind; partially sighted; deaf with speech; deaf without speech; hard of hearing; and general classes (those whose primary handicap is neither visual nor auditory)

National Assistance Act 1948, Section 29

Child with Special Educational Needs



To assess a child’s SEN Section 322 Education Act 1996

Considering making an assessment of SEN. LEA under obligation to send copies of the notice stating they are considering an assessment of SEN

SEN Regulations 2001

Requirement to serve list of all children with statements who will be in Year 10 of compulsory education

SEN Regulations 2001


19

Further links for legislation and guidance Mental Capacity Act 2005: http://www.opsi.gov.uk/ACTS/acts2005/ukpga_20050009_en_1 Criminal Justice and Immigration Act 2008: http://www.opsi.gov.uk/acts/acts2008/ukpga_20080004_en_1 NHS Act 2006 Section 251: http://www.opsi.gov.uk/Acts/acts2006/ukpga_20060041_en_1 Information Commissioner's website http://www.ico.gov.uk/ Care Quality Commission website: http://www.cqc.org.uk/ Education Act: http://www.opsi.gov.uk/ACTS/acts2005/ukpga_20050018_en_1

Putting Patients First: government publishes response to Francis Report:

https://www.gov.uk/government/news/putting-patients-first-government-publishes-response-to-francis-report Health and Social Care Act 2012: http://www.legislation.gov.uk/ukpga/2012/7/contents/enacted The Data Protection Act 1998: http://www.legislation.gov.uk/ukpga/1998/29/contents The common law duty of confidentiality: http://webarchive.nationalarchives.gov.uk/+/www.dh.gov.uk/en/publicationsandstatistics/publications/publicationspolicyandguidance/browsable/DH_5803173 The Confidentiality NHS Code of Practice: http://www.ecric.nhs.uk/docs/nhs_conf_code.pdf The NHS Care Record Guarantee for England: http://systems.hscic.gov.uk/rasmartcards/strategy/nhscrg The Social Care Record Guarantee for England: http://webarchive.nationalarchives.gov.uk/20130513181011/http://www.nigb.nhs.uk/bookletlr.pdf The Summary Care Record http://systems.hscic.gov.uk/scr The international information security standard: ISO/IEC 27002: 2005: http://www.iso.org/iso/catalogue_detail?csnumber=50297 The Information Security NHS Code of Practice: http://systems.hscic.gov.uk/infogov/codes/securitycode.pdf The Records Management NHS Code of Practice: https://www.gov.uk/government/publications/records-management-nhs-code-of-practice The Freedom of Information Act 2000: http://www.legislation.gov.uk/ukpga/2000/36/contents The Human Rights Act article 8: http://www.legislation.gov.uk/ukpga/1998/42/schedule/1/part/I/chapter/7 The Code of Practice for the Management of Confidential Information: http://systems.hscic.gov.uk/infogov/codes

http://www.opsi.gov.uk/ACTS/acts2005/ukpga_20050009_en_1

http://www.opsi.gov.uk/acts/acts2008/ukpga_20080004_en_1

http://www.opsi.gov.uk/Acts/acts2006/ukpga_20060041_en_1

http://www.ico.gov.uk/

http://www.cqc.org.uk/

http://www.opsi.gov.uk/ACTS/acts2005/ukpga_20050018_en_1

https://www.gov.uk/government/news/putting-patients-first-government-publishes-response-to-francis-report

http://www.legislation.gov.uk/ukpga/2012/7/contents/enacted


http://webarchive.nationalarchives.gov.uk/+/www.dh.gov.uk/en/publicationsandstatistics/publications/publicationspolicyandguidance/browsable/DH_5803173

http://webarchive.nationalarchives.gov.uk/+/www.dh.gov.uk/en/publicationsandstatistics/publications/publicationspolicyandguidance/browsable/DH_5803173

http://www.ecric.nhs.uk/docs/nhs_conf_code.pdf

http://systems.hscic.gov.uk/rasmartcards/strategy/nhscrg

http://webarchive.nationalarchives.gov.uk/20130513181011/http:/www.nigb.nhs.uk/bookletlr.pdf

http://systems.hscic.gov.uk/scr

http://www.iso.org/iso/catalogue_detail?csnumber=50297

http://systems.hscic.gov.uk/infogov/codes/securitycode.pdf

https://www.gov.uk/government/publications/records-management-nhs-code-of-practice


http://www.legislation.gov.uk/ukpga/1998/42/schedule/1/part/I/chapter/7

http://systems.hscic.gov.uk/infogov/codes

Cheshire & Mersey Information Sharing Code of Practice Tier 1 Documents... · Updated Caldicott...

Documents

Transcript of Cheshire & Mersey Information Sharing Code of Practice Tier 1 Documents... · Updated Caldicott...