Will information be kept confidential?
Information provided by complainants to the ICAS advocate is provided in complete confidence and must be treated as such so long as it can identify the individual it relates to.
The Data Protection Act 1998 requires that people be informed, in general terms, how their information may be used, who will have access to it and the organisations it may be disclosed to. They must also be told who is responsible for their personal information – the ‘data controller' – and how to contact them. This should take place prior to the information being used, accessed or disclosed. The requirement falls upon both those who provide information and those who receive it.
The NHS has detailed guidance on confidentiality and data protection. (external link)
Caldicott Guardians and patient confidentiality
It is important that complainants can trust the ICAS advocate that personal information will be kept confidential and that their privacy is respected by all who will handle their complaint.
The NHS now has strict rules governing the use of patient information.
The Caldicott Report was published in 1997 and made recommendations relating to patient confidentiality. The Committee produced six key principles which govern the use of patient information
- you must justify the purpose(s)
- don’t use patient-identifiable information unless it is absolutely necessary
- use the minimum necessary patient-identifiable information
- access to patient-identifiable information should be on a strict need to know basis
- everyone should be aware of their responsibilities
- understand and comply with the law.
A key recommendation was the establishment of a network of organisational Guardians to oversee access to patients-identifiable information. All NHS organisations are now required to have such a Guardian, known as the Caldicott Guardian.
Next: What ICAS can and can’t do
|
