Staff Guidance on Data Sharing

This guidance is relevant to staff who have responsibility for care or personnel records. The guidance should match the procedures you have in your organisation and should be supported with proper training. This is designed to sit alongside the Data Protection and Record Keeping policies and may be included in your staff handbook.

Care providers can download and adapt the Word version of this guidance.


It is important to know what information should be shared and what needs to be kept confidential. You will receive training on proper data sharing as part of your induction and there will be training updates every year. If you feel like you need more training on this topic, or have any questions, please speak to your line manager.

What kind of data must be kept confidential?

At your job, you might have access to lots of different types of confidential information such as: medical or care records, payroll details, staff sickness, if someone has a criminal record, personal information and many others!

You can access this information in lots of ways: email, fax, computer files, paper records, and even through a conversation – either on the phone or in person.

Even confidential information can be shared with the right people. For example, you should share information about the people you care for with other health and care professionals if it is necessary for their care.

When can you share information?

It is important to consider the type of information and why you need to share it. For example, if you have details of somebody’s medical condition and their GP requests this information so that they can provide care, that’s a good reason to share.

It might be helpful to consider the 7th Caldicott Principle when deciding whether to share information.

Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality

Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.

You can find the Caldicott Principles here:

In general, you should ask yourself why you are sharing information and if it is necessary to do so.

  • If you are a carer does the receptionist need to know the details of someone’s condition?
  • If you work in reception should you be telling people why a member of staff is off sick?

If you are ever unsure it is better to check with your line manager.

How do we share information safely?

As an organisation, we have policies in place to make sure that we always share information safely – no matter how this information is shared. You need to follow our policies as part of your job. If you do not, you might face disciplinary action.

Face- to-face conversations

  • Make sure the person you are talking to has a right to the information they are asking for;
  • Always ask if they would rather have private conversations in a private room;
  • Always be aware of the risk that other people might overhear private conversations and make steps to prevent that from happening.

Telephone Conversations

  • Always confirm that the person is who they say they are;
  • Only provide information that the person has a right to know;
  • Be aware of who else can hear your phone call and make sure other people do not eavesdrop on your confidential call.

Posting information

  • Please provide any confidential information which needs to be posted to insert name here if applicable;
  • All confidential information must be posted to a named individual and marked as “Private and Confidential”;
  • All confidential post will be sent as a signed-for delivery.

Receiving faxed information

  • As soon as a fax is received it must be removed from the machine; note that this is particularly important if your fax machine is in a public area
  • Where necessary, contact the person who sent the fax to confirm that you have received it;
  • Safely store the fax in the correct place as soon as possible.

Sending information by fax

  • Always double check the fax number before sending;
  • Use a fax cover sheet which is marked “Private and Confidential”;
  • Only send faxes to a named person, not to a team;
  • Tell the recipient that you are sending a fax and ask them to confirm receipt;
  • Do not send faxes outside of the receiving organisation’s working hours;

Emailing information

Your staff should only be sending confidential information via email if you have secure email. If you do not, you should say:

  • Never send personal confidential via e-mail.

If you do have access to secure email, you should add your policies here.

Other methods of sharing information

This might include USB memory sticks, CDs, DVDs etc. Make sure what you include here matches your Record Keeping Policy.

Download our guidance for practice case studies below.

Back to Resources