Confidentiality policy and procedure
The aim of this paper is to set out clearly for staff, clients and external agencies how personal information will managed by Eastern Region Training Group Ltd, known as “THE ORGANISATION”
- 1. Introduction
THE ORGANISATION’s confidential policy/procedure is set out below. All paid staff and Management are expected to abide by this policy. If requested, our clients using our services will have the relevant aspects of the confidentiality policy explained to them.
1.1 The principle of this procedure is to ensure that sensitive and personal data held by THE ORGANISATION is maintained and that our clients rights are protected. THE ORGANISATION is committed to maintaining high standards of confidentiality in all aspects of its work. This includes records and information pertaining to employees, clients and prospective clients. Breaches of confidentiality may jeopardise the well being of staff and clients and consequently will be subject to disciplinary proceedings. The ORGANISATION is registered to hold data with the Information Commissioners Office.
1.2 The purpose of this procedure is to give guidelines on maintaining confidentiality and the circumstances where disclosures may be necessary and the procedure for doing so.
- 2. Disclosure of information relating to member of staff
2.1 In all but defined cases (eg disciplinary procedures), the ultimate reference point for deciding who should be informed of a piece of confidential information is the individual to whom it applies. It is important, however, that where consent is given that it is informed consent. For this to be the case it is necessary to tell the person concerned why there is a need to disclose information and to whom. The person should also be told of the likely consequences of their agreeing or not agreeing to this. (In some instances, for example, non-disclosure could mean that the person’s need for a service could not be identified.) Once consent has been obtained, it is the responsibility of the person passing on any information to ensure that this is only done on the terms agreed.
2.2 Disclosure of confidential information may require written authorisation by the individual concerned. This should be dated and specify to whom disclosure is authorised.
- 3. Disclosure of information relating to clients
3.1 Client files
3.1.1 All clients and partners have the right to view any information that we hold on file. Under no circumstances will we pass on information about our clients to third parties or other. This is to protect the confidentiality of our clients. All computer records will be password protected and compliant with THE ORGANISATION’s IT security procedures.
4.1 Information about staff
4.1.1 A request for an employee’s home address and telephone number will always be referred to the individual concerned before any information is disclosed. This is done via the line manager. There are some agencies who have some automatic right of access to certain parts of personnel information eg Inland Revenue or tax queries. The line manager will notify any staff member of any legal requirements whereby THE ORGANISATION is obliged to provide such information. Staff should never divulge a colleague’s personal circumstances, including their address, future work place etc to anyone without permission of the worker.
4.2 Information within THE ORGANISATION
4.2.1 This section gives guidance where staff are discussing clients amongst themselves/discussing a client with another agency on the telephone/when clients visit THE ORGANISATION’s office:
4.2.2 Make sure any discussion happens in an appropriate place, eg not in an office where other staff are working or where people are coming in and out of the place.
4.2.3 Do not gossip about clients with other clients, staff or member of management.
4.2.4 Do not discuss personal facts about one client with another client or in the presence of another client.
4.2.5 Do not write derogatory comments about clients in their files (or anywhere else).
4.2.6 Do not leave information lying around or on screen but replace it in the appropriate place (locked filing cabinets).
- 5. Record Keeping
This procedure covers all records held by THE ORGANISATION concerning staff, partners, group members and other potential clients.
5.1 Personnel Records
5.1.1 All staff will be given a copy of the confidentiality procedure as part of their induction. The implications of the procedure for their work will be explained.
5.1.2 Access to personnel files can be arranged with the line manager who should make clear the following:
- who has access to files and procedure for gaining access
- how the information is stored, e.g. locked cabinet
5.1.3 Application forms, interview records, medical information and monitoring forms are confidential to THE ORGANISATION.
5.1.4 Equal opportunity monitoring forms will be detached from application forms on receipt and kept separate from application forms.
5.1.5 References – when seeking references for a new employee it is made clear to the referees that information is sought in confidence.
5.1.6 Probationary reviews and appraisals. The line manager should make clear who receives information on the review.
5.1.7 Medical records will be held on personnel files. Copies of medical certificates and self certification forms will be placed on personnel files after action for payroll purposes.
5.1.8 Breaches of confidentiality by staff will normally be treated within the remit of THE ORGANISATION’s disciplinary and grievance procedure. The nature of any breaches of this procedure will determine the level of disciplinary action, eg disclosure of unauthorised staff details would be gross misconduct.
5.2 Clients
5.2.1 A file concerning each client will be kept by THE ORGANISATION’s staff.
5.2.2 This information should be kept in a filing cabinet, which is kept locked. All files must be returned to the cabinet after use.
5.2.3 If a client asks to see their file, the relevant staff member should organise this and answer any questions about it and explain what has been written. THE ORGANISATION asks that clients give at least 24 hours notice when requesting access to their files.
5.2.4 All clients are protected under the Data Protection Act 1988.
5.2.5 Clients are expected to respect the rights of other clients to confidentiality and privacy particularly as regards personal information known about another client.
5.2.6 Information will be kept for two years once a client has left THE ORGANISATION. It will then be destroyed or archived.
5.3 Partnerships with other organisations
5.4 THE ORGANISATION may be working in partnership with other bodies such as colleges and other training providers. Where specific information-sharing protocols exist that affect a particular client all agencies should be aware of this.
5.5 THE ORGANISATION will give all partnership agencies a copy of the confidentiality procedure and will explain the requirements it places on the partnership organisations.
5.6 It will be agreed at the outset which staff in the partner organisation will have access to information and in what circumstances.
5.7 Management agreements will state that breaches of confidentiality by either party will be treated as a breach of the agreement.
5.8 Training
5.9 Training on the confidentiality policy and its implications should be a standard part of induction procedures for staff, and Management Committee members.