This guidance is relevant to staff who have responsibility for care or personnel records. The guidance should match the procedures you have in your organisation and should be supported with proper training. This is designed to sit alongside the Data Protection and Record Keeping policies and may be included in your staff handbook.
Care providers can download and adapt the Word version of this guidance.
It is important to know what information should be shared and what needs to be kept confidential. You will receive training on proper data sharing as part of your induction and there will be training updates every year. If you feel like you need more training on this topic, or have any questions, please speak to your line manager.
At your job, you might have access to lots of different types of confidential information such as: medical or care records, payroll details, staff sickness, if someone has a criminal record, personal information and many others!
You can access this information in lots of ways: email, fax, computer files, paper records, and even through a conversation – either on the phone or in person.
Even confidential information can be shared with the right people. For example, you should share information about the people you care for with other health and care professionals if it is necessary for their care.
It is important to consider the type of information and why you need to share it. For example, if you have details of somebody’s medical condition and their GP requests this information so that they can provide care, that’s a good reason to share.
It might be helpful to consider the 7th Caldicott Principle when deciding whether to share information.
Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality
Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.
You can find the Caldicott Principles here: https://www.ukcgc.uk/manual/principles
In general, you should ask yourself why you are sharing information and if it is necessary to do so.
If you are ever unsure it is better to check with your line manager.
As an organisation, we have policies in place to make sure that we always share information safely – no matter how this information is shared. You need to follow our policies as part of your job. If you do not, you might face disciplinary action.
Your staff should only be sending confidential information via email if you have secure email. If you do not, you should say:
If you do have access to secure email, you should add your policies here.
This might include USB memory sticks, CDs, DVDs etc. Make sure what you include here matches your Record Keeping Policy.
Download our guidance for practice case studies below.
Back to Resources