« Previous | Contents | Next »
Listen
Integrated Care for drug users: Principles and practice
Chapter 6: Information Sharing
Information Sharing
Information sharing
This chapter offers
practical guidance to DATs and agencies on the exchange of personal client information across treatment, care and support services. In doing so it draws upon current Scottish Executive policy initiatives in relation to the development of information sharing, as well as providing local examples from the substance misuse field of how information sharing issues have been addressed.
What is information sharing?
The purpose of sharing personal information on individuals between partner agencies is
to ensure access to the appropriate treatment, care and support services for those individuals. This requires:
a culture of openness and trust between agencies
agreement on the core elements of information to be transferred
agreement on the circumstances when additional, possibly sensitive, information should be shared
agreed inter-agency protocols governing information sharing
respect for patient's/client's rights to privacy, confidentiality and consent to the sharing of their personal information.
There are various stages at which information sharing should take place, beginning at referral stage when the sharing of information between staff will assist decision making on the level of assessment required and the speed of response needed to address the individual's circumstances, continuing through assessment, care planning and delivery.
The Rationale: why is information sharing important?
A commitment from partner agencies to
the sharing and the safeguarding of client information is essential to the development and delivery of integrated services for drug users. The exchange of information will assist service providers to provide individuals with the best possible service. A common criticism, when things go wrong, is that the right information was not provided to the right people at the right time. For the client, deficiencies in information sharing may result, for example, in delays in getting access to treatment, care and support, or referral on to an inappropriate service. This, in turn, may reduce the chances of a positive outcome, and lead to disillusion and non-attendance. A bad experience of attending a service in the past may also reduce the motivation to seek treatment in the future.
Where a service provider has access to an individual's personal information and is referring them on to another provider, they should be mindful of the information needs of the receiving service. At the same time, service providers have a responsibility to clients to share only that information which is necessary to ensure that they benefit fully from the service.
Improving Information Sharing
Information sharing should take place within an environment of
informed client consent. In order to achieve informed consent, the client must be advised of the implications of giving or of refusing consent, amongst whom their personal information is being shared and the purposes for which it is being shared. It is important that this process is not undertaken in a manner divorced from the rest of the dialogue between practitioner and client. For example, it makes good sense to embed the seeking of consent for the sharing of referral information within the dialogue over making the referral itself and the treatment, care and support that it is intended to set in motion.
The service users' focus groups found that service users did not see sharing information as a problem. Clients were aware of the lack of adequate information sharing between agencies and service providers: they found themselves being asked the same list of questions by different personnel. As long as information was kept within and between agencies, they were happy for information to be shared (SDF 2002, Type 4).
"I just don't understand why there can't be one file that's got all the information on you and that goes from place to place and they've all got the same facts. What's difficult about that?" SDF Focus Group Respondent 2002
At service level, however, there may be a number of impediments, both real and perceived to information sharing. Amongst these barriers are elements of personal, inter-professional or inter-organisational mistrust. From the EIU consultation workshops with service providers (EIU 2001, Type 5) information sharing and confidentiality was identified as the main factor that could inhibit the assessment process. As noted in Chapter 4 on Assessment there was concern too that the difficulties surrounding the sharing of information between agencies were often a result of agency "confidentiality policies" rather than in the best interests of clients.
This Chapter describes how the development of information sharing protocols, together with time for consultation and discussion amongst staff, can help to break down these institutional barriers.
The Wider Context
The Scottish Executive are currently taking a strategic lead on the development of community care information, information sharing, and systems integration. Outlined below are the main policy initiatives in relation to the development of information sharing: the
Joint Future Agenda; the work of the Confidentiality and Security Advisory Group for Scotland
(CSAGS); the
eCARE Programme; and the Scottish Social Care Data Standards
(SCDS) Project.
The Joint Future Group and the work of the Joint Future Unit
The Joint Future Group (JFG) was set up by Susan Deacon, under the chair of Iain Gray, then Deputy Minister for Community Care,
to improve partnership working between agencies and to secure better outcomes for service users and their carers. The group published its recommendations in November 2000 in the report 'Community Care: A Joint Future'. Ministerial approval was granted in January 2001 and a multi-disciplinary team,
the Joint Future Unit, based at the Scottish Executive, set up to implement the key recommendations.
These include:
Single Shared Assessments: Agencies locally should have in place single, shared assessment procedures for older people and for those with dementia by April 2002, and for all client groups by April 2003.
Information Sharing: The Scottish Executive should, by 2002, offer a strategic lead on the development of community care information, information sharing and systems integration. Locally, the arrangements for single shared assessments should include specific proposals for the necessary sharing of information between agencies, by obtaining explicit client approval.
There are two major national initiatives, both supported by the Scottish Executive, dealing with the development of information sharing between health and social care services:
Work on the
principles and protocols for information sharing has been co-ordinated by the
Confidentiality and Security Advisory Group for Scotland (CSAGS) and its sub-group on information sharing.
Work on
developing the technology to support information sharing is being progressed within the Modernising Government Fund (MGF) sponsored 'eCARE' Programme.
The work of the Confidentiality and Security Advisory Group for Scotland
The Confidentiality and Security Advisory Group for Scotland (CSAGS) was set up in September 2000 as an independent committee, supported by the Scottish Executive Health Department, 'to provide advice on the confidentiality and security of health related information to the Scottish Executive, the public and health care professionals'. The Group undertook a review of the use of patient information by health care services and in April 2002 published its final report to Scottish Ministers on 'Protecting Patient Confidentiality'.
We set out below some of the
key conclusions from the report, which although written for use by health care services, are also of relevance to DATs and to the range of health and social care agencies working with drug users:
'Protecting the rights of the individual - the regulatory framework'
The Data Protection Act 1998 places a legal duty on data controllers to process data fairly and lawfully, to use no more data than is necessary for the task and to retain it for only as long as it is needed.
The Human Rights Act 1998 guarantees respect for a person's private and family life. Under the terms of the Act, this right to privacy may be overridden, but only when there is a lawful reason to do so.
The common law reinforces the need to obtain patient/client consent before sharing information.
Professional guidelines require clinicians to ensure patients/clients are informed about how information about them is used and that consent requirements are met.
A substantial organisational framework for protecting the use of patient /client identifying information already exists in Scotland. An example is the Caldicott Framework, set up in March 1999 in response to the Caldicott Committee 'Report on the Review of Patient-Identifiable Information'. This requires all NHSScotland organisations to appoint a senior clinician as 'Caldicott Guardian
1'.
'Informing the public and patients'
Staff need to be fully aware of legal, professional and organisational requirements and procedures.
Most patients/clients do not have a full understanding of the ways in which their information is used. They have a right to know more.
When patients/clients come into contact with services, the uses to which the information gleaned from that episode might be put should be explained.
'Obtaining consent'
Uses of patient/client-identifiable information can be broadly categorised to provide guidelines on consent requirements, see Table 1.
These categories allow for implied consent in some circumstances, explicit consent in others and situations where data can be used without consent.
Even if data may be processed lawfully without consent, they should be anonymised wherever possible. Consent is not required where information has been acceptably anonymised, but the individual should still be informed of its use.
Consent, whether implied or explicit, must always be preceded by effective information for patients/clients.
Explicit consent is best practice and should become the norm as better informed patients/clients share in decisions about the uses of information about them.
There are circumstances where, even though explicit consent would be best practice, implied consent can be accepted in the interests of the health of the population and future health needs and improvements. It is only acceptable if patients/clients have been clearly informed about the uses to which data may be put. In addition, data controllers must only use the information needed for the task in hand and have a strict code of confidentiality in place.
Patients/clients have the right to 'opt-out' of sharing their data, but must be made aware of the implications of doing so.
Table 1. Consent categories: a framework to guide staff in assessing consent requirements
CONSENT NOT REQUIRED |
a.
Legal requirement to share information e.g. if individual contracts certain notifiable diseases; Home Office inspectors must be given access to the Controlled Drugs Register held at community pharmacies (the register contains the names and addresses of individuals dispensed controlled drugs, including methadone). |
b.
Legal defence e.g. where there are concerns that a child or vulnerable adult is at risk of abuse. |
c.
Anonymised information e.g. personal identifiers removed |
IMPLIED CONSENT ACCEPTABLE |
a.
Patient/client care e.g. referral letter to GP or another treatment/care agency. |
b.
Operational management & public health e.g. planning; managing; funding and auditing; where identifiable data cannot be anonymised. |
c.
Multiple uses (if information cannot be anonymised) e.g. disease registries; epidemiology; national data banks. |
PRIOR EXPLICIT CONSENT REQUIRED |
a.
Multi-agency care e.g. sharing data with other treatment and care services. |
b.
Research using identifiable data e.g. clinical trials. |
c.
Education and Training e.g. identifiable patient records used to lecture medical students. |
Multi-agency care
Whilst staff in both health and social care services are bound by strict arrangements for protecting patient/client confidentiality and information sharing, their ways of working are different and have to meet different statutory and regulatory requirements. In recognition of this, CSAGS set up an inter-agency sub-group to develop
local protocols between partner agencies to support front-line information sharing practice.
Draft protocols for inter-agency data sharing have now been published for consultation and can be found at
www.show.scot.nhs.uk/ecare/draftprotocols/.
These incorporate a series of linked documents:
a template for a brief patient/client information sharing leaflet
short and longer-form information sharing protocols
a set of briefing notes for staff
The protocols are based on the premise that explicit and informed consent is required before personal details are shared between social care and health care services.
Such protocols offer a shared governance and accountability framework for information sharing. They are not, however, an end in themselves but are developed to support trust between clients/patients and their practitioners and clinicians. Equally important for the re-affirmation or establishment of this trust are the 'purposeful discussions' needed between practitioners of different disciplines if potential differences in approach are to be resolved. A series of aids to such group or team discussions can be found in the 'Workbook' section of the protocols website above.
Drug Action Teams and drug agencies/partnerships of drug agencies may find it helpful to use the framework protocols in designing their own patient/client information sharing leaflets or agency information sharing protocols. This could save time. Also, by using the framework context-specific protocols may be dovetailed more easily with the over-arching inter-organisational framework. It is important that individual protocols are consistent with others used locally, since information flows involving personal information will only rarely be wholly internal to drug misuse settings.
There are also examples from the substance misuse field to draw on, for example from Forth Valley Substance Action Team; Highland Drug & Alcohol Strategy Group; and Aberdeen City DAT - Integrated Drug Service.
Forth Valley Substance Action Team have produced an
information note for patients/service users entitled 'The protection and use of patient or service user information'. The note describes the reasons why patient/service user information may be needed; and individual's rights of access to their records; as well as explaining that it is the legal duty of staff working for drug and alcohol services in Forth Valley to keep information about patients/service users confidential. |
Information Sharing in Forth Valley
SERVICE PROVIDERS NAME (to be inserted)
THE PROTECTION AND USE OF PATIENT OR SERVICE USER INFORMATION:
NOTICE FOR PATIENTS/SERVICE USERS (can delete as appropriate)
We ask you for information about yourself so that you can receive proper support and treatment. This is why we ask you to indicate whether you are willing for such information to be shared with other professionals involved in your care. If you do not wish to give such permission, you can indicate this wish on the form.
We keep this information, together with details of your care and treatment, because it may be needed if we see you again.
We may use some of this information for other reasons: for example, to help us plan and develop services and to see that current services in Forth Valley run efficiently, train their staff, and can account for their actions. Information may also be needed to help educate tomorrow's staff and to carry out health and social care needs assessment for the benefit of everyone.
If you do not wish your information to be used in this way do not sign the consent box on the form. Your wishes will be respected.
Sometimes the law requires us to pass on information: for example, to notify a birth.
You have a right of access to your records held by this service.
EVERYONE WORKING FOR FORTH VALLEY DRUG & ALCOHOL SERVICES HAS A LEGAL DUTY TO KEEP INFORMATION ABOUT YOU CONFIDENTIAL
You may be receiving care and treatment from other people as well as (insert name of service). So that we can all work together for your benefit we may need to share some information about you.
We only ever use or pass on information about you if people have a genuine need for it in your and everyone's interests. Whenever we can we shall remove details, which identify you. The sharing of some types of very sensitive, personal information is strictly controlled by law.
Anyone who receives information from us is also under a legal duty to keep it confidential.
THE MAIN REASONS FOR WHICH YOUR INFORMATION MAY BE NEEDED ARE:
Providing integrated Drug and Alcohol Services.
Looking after the health and well-being of the general public.
Managing and planning the work of Forth Valley Substance Action Team by analysing information collected and the use of mapping software. This is where the anonymised information is placed on a coloured map of Forth Valley to identify things like service uptake across Forth Valley. You cannot identify individual incidents or addresses from the maps.
Making sure that Forth Valley Drug & Alcohol services can meet patient/service user needs in the future.
Auditing accounts.
Preparing statistics on performance and activity (where steps will be taken to ensure you cannot be identified).
Investigating complaints or legal claims.
Helping staff to review the care and treatment they provide to make sure it is of the highest standard.
If at any time you would like to know more about how we use your information you can speak to the person in charge of your care or contact the receptionist and they will put you in touch with the service manager.
References - Perth & Kinross Care Together 2002
Highland Drug & Alcohol Strategy Group - Protocol on Information Sharing The Highland Drug & Alcohol Strategy Group's goal is "to enable individuals, families and communities in the Highlands to minimise the harmful use and effects of drugs and alcohol". To help achieve this the partners within the Strategy Group (who include: police, health, social work, Scottish Prison Service) have agreed a joint information sharing protocol to: share general information and where appropriate confidential information regarding the misuse of drugs , having due regard to the Law, Human Rights and Data Protection identify and use credible, accessible information about current drug and alcohol patterns and trends use information more effectively to ensure that resources reach the areas of greatest need
The protocol is designed to ensure that the relevant statutory agencies and others as appropriate have effective co-operative working arrangements in place to address issues that arise from substance misuse. |
Aberdeen City DAT - Integrated Drug Service The first phase of the integrated drug service initiative has been to develop the infrastructure for organisations to work together. Partners in the project include : Grampian NHS Board, Aberdeen City Council and non-statutory drug services. Key features of the service that have been developed so far include: common assessment, care planning and review tools a common policy on confidentiality a common policy on sharing information
|
Recording Consent to the Sharing of Personal Information
Chapter 4 on Assessment sets out
a personal information core data set incorporating signed permission from the client/patient to the sharing of this information with other agencies.
When recording client consent to the sharing of their personal information, it should be clear:
what information the client has agreed can be shared
with whom it can be shared
the purpose(s) for which information will be shared
over what time period this consent applies
Forth Valley Substance Action Team have developed a
common screening and referral form. The form has a section for recording client consent to information from their case file being shared with particular individuals/ services (specify which) and the option to withdraw this consent. Also, at the end of the form the client gives signed acceptance to support for their substance use and, as part of this, inter-agency information sharing. |
The Client's Capacity to Give 'Informed Consent'
The section on self-reporting in the Assessment Chapter suggests four factors that would influence validity of reporting. These four factors might also determine validity of consent.
These are:
level of sobriety
acute distress
cognitive impairment
motivational deception
See also
Chapter 5 on Planning and Delivery of Care, section on the role of advocacy.
The eCARE Programme: Developing the Technical Framework for Information Sharing
While the principles and protocols for information sharing have been addressed by the Confidentiality and Security Advisory Group for Scotland (CSAGS) and its sub-group on information sharing, work on
developing the technology to support information sharing is going forward within the Modernising Government Fund (MGF) sponsored eCARE Programme.
This programme is intended to provide a generic standard framework for information sharing between health and social care organisations, across Scotland, which could offer opportunities to support integrated drugs services.
There are
four local eCARE projects in the first (pilot) phase: NHS Argyll & Clyde and Renfrewshire & Inverclyde councils; NHS Borders, and Scottish Borders Council; NHS Forth Valley and Stirling Council; and NHS Lanarkshire, and North & South Lanarkshire councils.
The work of these projects complements the development of a
draft Strategy for Information and Communications Technology (ICT) support for Community Care.
The eCARE Projects are working on a common approach to technology support for information sharing. The main components of this are:
a way of cross-referencing the NHS & social work patient/client identifiers
standard electronic structures for frequently used documents such as referrals, assessments
a 'safe haven' between NHS & local authority networks, for safeguarding shared information
information 'repositories' or stores for holding shared information, closely modelled upon equivalent NHSScotland tools
My Information: my key to a Joint Future' - a National Joint Future ICT Strategy The draft Strategy aims: 'to enable Community Care Partner agencies - systematically (shared investment, support arrangements etc. under the umbrella of their developing Local Partnership Agreements) - to establish shared ICT support for key operational processes, using as far as possible a familiar set of non-proprietary 'Crown copyright' tools' to provide a supportive framework for the cultural change needed as agencies move from 'owning' their patients' and clients' information, to acting as 'custodians' of it
|
In a drug misuse context this common approach may be represented diagrammatically thus:
There is consensus across the eCARE projects that this approach is best because:
it makes a very clear distinction between shared and unshared information, allowing for access by the variety of systems used in any local partnership
it allows for future growth, to cater for managed access to shared information by both other authorised organisations (including voluntary sector agencies), and clients/patients themselves
In an example from the substance misuse field, the five
Turning Point Arrest Referral Schemes in Tyne and Wear have developed
a dual internet/intranet computer based application to enable staff to access information via a secure entry. Clients have one file shared over the intranet, so providing better communication for staff. Risk assessment and appropriate engagement with clients/treatment services can be managed through a daily 'bulletin board'. Also, local steering groups have a section in the intranet that allows them to retrieve KPIs, demographic breakdowns, or activity within the custody suite using a 'report builder'. |
The Scottish Social Care Data Standards (SCDS) and E-Government Project
The use of common data standards and definitions facilitates the development of integrated services and the sharing of information between them.
The SCDS Project has been set up by the Scottish Executive, the Association of Directors of Social Work, COSLA and Audit Scotland
to produce data definitions and standards to improve the consistency and quality of social care information, both locally and nationally. Other project sponsors include ISD Scotland, OLM plc, and Anite Public Sector (formerly Sheridan).
The Project runs from June 2001 until September 2002 and is financed largely by the Modernising Government Fund (MGF). The project is based at Trinity Park House in Edinburgh (hosted by ISD Scotland). A bid for a further SCDS Project of 18 months duration has been approved under the second round of MGF funding (MGF2). This project's working arrangements are yet to be confirmed, but it is likely to commence in January 2003.
A Data Standards Manual will be produced by the end of 2002 containing definitions for key terminology, standard classifications and codelists for priority social care areas. The project will also assist the 'eCARE' projects, also funded under MGF. The manual will be produced with the specific objective of ensuring consistency between these data standards and those developed or being developed for related health, criminal justice and education information systems.
In July 2002 the Social Care Data Standards Project issued a
consultation paper on 'Draft Drug Misuse Definitions'.
Further resources:
Joint Future Unit website:
http://www.scotland.gov.uk/health/jointfutureunit/
eCARE website:
http://www.show.scot.nhs.uk/ecare/
CSAGS (Confidentiality and Security Advisory Group for Scotland) website:
http://www.show.scot.nhs.uk/csags/
Scottish Social Care Data Standards and E-Government Project website:
http://www.scds.org.uk/
Report by the Performance and Innovation Unit (PIU) on 'Privacy and data-sharing: the way forward for public services':
http://www.cabinet-office.gov.uk/innovation/2002/privacy/report/
KEY PRINCIPLES OF EFFECTIVE PRACTICE: INFORMATION SHARING
ECARE Project colleagues have helpfully identified 10 key principles which should underpin the sharing of person identifiable information between those
'partner agencies' who agree to an
'information sharing protocol'. These are:
1. All staff will respect the service user's rights to privacy and confidentiality.
2. No information will be shared without the prior consent
2 of the service user (or their representative), except in the circumstances referred to in Principle 10 below.
3. Information will only be shared for the purposes agreed to by the service user.
4. The partner agencies will only use shared information for the purposes set out in the information sharing protocol.
5. Service users have a right of access
3.
6. If service users refuse consent to the sharing of information, the partner agencies will ensure that they are aware of the implications of their decision.
7. Access to person identifiable information will be on a need to know basis.
8. The partner agencies will ensure records are accurate, complete and up-to-date.
9. The partner agencies will make sure that person identifiable information is safe and secure.
10. You may share information without consent if you are obliged to by law, if required to do so to protect an individual's vital interests, or if you must do so in the public interest.
GLOSSARY OF TERMS
Term | Meaning |
Service providers | Service providers should include: GPs and primary care teams; community-based specialist drug services (statutory and voluntary); pharmacies; Scottish Prison Service (SPS); providers of SPS transitional care arrangements; housing services; employment and training providers; health specialties such as A & E departments, antenatal services and hepatology departments; social inclusion partnership initiatives; social work community care, child care and criminal justice teams; drug courts, arrest referral schemes and DTTOs; providers of residential detoxification or rehabilitation services; employment, education and training providers e.g. further education colleges and enterprise networks; business organisations; and after care services such as those provided through New Futures Projects (
see Chapter 2 Integrated Care: Definitions and Concepts). |
Acceptably anonymised data | Data from which in practice the patient/client cannot be identified by the recipient of the information, and where the theoretical probability of the patient's identity being discovered is extremely small. |
Anonymised data | Data from which there is no theoretical or practical risk that a patient/client could be identified by the recipient of the information. |
Explicit consent | Agreement which is expressed orally or in writing (except where patients cannot write or speak, when other forms of communication may be sufficient). |
Implied consent | Assumption that circumstances allow disclosure of information without seeking explicit consent. |
Informed patient/client consent | Explicit consent, plus situations where it is acceptable to rely on implied consent because the patient/client has been informed and has not used available mechanisms to refuse consent. |
Patient/client identifying information | A data set which may include some or all of the following: a picture of the patient/client, their name, address, full post- code or date of birth. |
1 Guardians are responsible for: auditing current practice and procedures; managing an improvement plan; and developing local protocols for inter-agency information sharing. Caldicott Guardians are also involved in decision-making about how their organisation uses patient identifying information. A review of the Caldicott process is planned.
2 In terms of the practicalities, consent should not have to be sought for each and every incident of data sharing. The information sharing protocol will need to create a framework that defines the scope of consent appropriately, balancing administrative practicality with service user rights.
3 i.e. access to information regarding their care.
« Previous | Contents | Next »