9

Promote good practice in handling

information in health and social
care settings

For Unit HSC 038

What are you nding out?
It seems impossible to open a newspaper or
turn on the television without reading
about some incident involving bad practice
in handling information. For example, since
2007:

Q HM Revenue & Customs has lost two

CDs containing the personal records and
bank details of 25 million people.
Q The MoD has lost a laptop containing
the passport details, National Insurance
numbers, drivers licence details, family
details, doctors addresses and National
Health Service numbers of 600,000 people.
Q Hundreds of documents containing
sensitive personal data such as details of
benet claims, passport photocopies and
mortgage payments were found dumped on
a roundabout in Devon.

health patients was found by a member of

the public in Teesdale.

Q A 12-year-old boy found a USB memory

stick containing sensitive information
about staff and patients at a hospital in
Scotland in a supermarket.
Q The personal details of 9,000 school
pupils, including their names, date of birth,
addresses, phone numbers and school
attainment, were stolen from the home of a
Barnet Council worker.
Breaches of security and condentiality are
extremely serious. Not only do they destroy
condence in organisations in which the
public has entrusted its personal details,
they also cause anxiety for the individuals
concerned.
The reading and activities in this chapter
will help you to:

Q Zurich Insurance has lost the personal

details of 46,000 of its customers.

Understand requirements for handling

information in health and social care settings

Q The health and social care sector is far

from immune to bad practice. For example:

Be able to implement good practice in

handling information

Q A USB memory stick containing

information on hundreds of NHS mental

Be able to support others to handle

information.

LO1 Understand
requirements for handling
information in health and social
care settings

1.1

Identify legislation and

codes of practice that relate to
handling information in health
and social care
This UK government is committed to protecting
civil liberties and personal privacy.

166

9: Promote good practice in handling information

The Human Rights

Act 2000

Data Protection
Act 1998

The Nursing and

Midwifery Council
(NMDC) code

The Health and

Social Care Act
2001

Legislation and
Codes of Practice
that relate to
information
handling in health
and social care
General Social
Care Council
(GSCC) Codes of
Practice

Records
management: NHS
code of practice

Code of Practice:
Mental Health Act
1983

The Information
Security
Management: NHS
Code of Practice

Figure 9.1 Legislation and Codes of Practice that relate to information handling in health and social care

Evidence activity
1.1

Legislation and codes of practice related to information handling

This activity gives you an opportunity to demonstrate your knowledge of legislation and codes
of practice that relate to information handling in health and social care.
Choose three different care settings, for example an early years setting, a GP practice and a
day care centre for people with learning difculties. Make a list of the laws and codes of
practice that govern how information must be handled within each area.

1.2

Summarise the main

points of legal requirements
and codes of practice for
handling information in health
and social care

Everyone has the right to respect from others for

their private and family life, home and
correspondence. The right to a private life
includes the right to have information about us,
such as ofcial records, photographs, letters,
diaries and medical information kept private and
condential. Unless there is a very good reason,
public authorities should not collect or use
information like this; if they do, they need to
make sure the information is accurate.
The Information Security Management:

The Human Rights Act 2000

Article 8: the right to respect
for private and family life

Article 8 of the Human Rights Act is a qualied

right. This means that in certain situations, for
example where public safety, security or health is
at risk, or the protection of other peoples rights
167

Level 3 Diploma Health and Social Care

and freedoms is at risk, personal information can

be disclosed to a relevant authority.
A Guide to the Human Rights Act 1998, Third
Edition, DCA 2006; www.justice.org.uk

Data Protection Act 1998

The Data Protection Act 1998 became effective in
2000 and superseded the Data Protection Act 1984
and the Access to Health Records Act 1990. The
purpose of the Act is to protect the rights of
individuals about whom personal or sensitive
data is processed (collected, used and stored),
disclosed and destroyed. It applies to information
that is held in paper and computerised records,
imaging records such as X-rays and photographs,
and recordings such as video and CCTV images,
telephone calls and tape recordings.

Key term
Personal or sensitive data is information
about ethnic origin, religious and political
beliefs, health, disability, criminal offences or
alleged offences, sexual life and trade union
membership.
Integrity of data is to do with its accuracy
and completeness.
Access means to see, obtain or retrieve.
Jargon is the technical language particular
to a trade or profession.
An individual is deemed competent
when they have a clear appreciation
and understanding of the facts, and the
implications and consequences of an action.
The Act requires that security measures are put
in place to retain the condentiality and
integrity of personal or sensitive data, and to
ensure that it remains intact for as long as it is
needed. In other words, people and
organisations that handle personal or sensitive
information must prevent:

Q

unauthorised access, disclosure, alteration

and destruction

Q

accidental loss or destruction.

The Data Protection Act gives individuals the right

to access information held about them except in
certain situations. For this reason, any
information that might be unintelligible, for
example, abbreviations and jargon, must be
explained. Representatives acting on behalf of
individuals deemed competent to manage their
affairs can see and discuss information held about
the individual, provided that the individual has
given consent. If an individual is deemed not
168

competent, the person appointed by a court to

manage their affairs has the authority to give or
withhold consent.
www.patient.co.uk

When might a request to see

information be refused?
Types of information held about an individual
that might not be given to them include:
records that contain information about
other people, unless they have given
their permission
information that has been received from
third parties, unless they have given
their permission
information that could affect their or
somebody elses emotional or mental
stability
records relating to work where legal
proceedings have taken place
records where disclosure could affect
crime prevention, detection,
apprehension or prosecution of offenders.
www.dwp.gov.uk
Anyone who handles personal or sensitive data
must comply with the Data Protection Act 1998
and the eight Data Protection Principles.

Data Protection Principles

The 8 Data Protection Principles require
that personal or sensitive information is:
1. processed fairly and lawfully for
example, dont collect and use someones
personal information unless they have
given you permission or you are condent
that you are entitled to handle it
2. only used for the purpose for which it
was obtained
3. adequate, relevant and not excessive
only collect and use as much
information as you need
4. accurate, up to date and necessary
correct errors promptly and never
handle personal or sensitive information
that you do not need for your work
contd

9: Promote good practice in handling information

5. only kept for as long as needed delete

or destroy information when it is no
longer needed.
6. processed in accordance with the
individuals rights for example, we have
a right to know how our information is
being used, to have any errors corrected,
and to prevent information about us
being used for advertising or marketing

In 1997, Dame Fiona Caldicott carried out an

investigation into the handling of patient
information by health and social care service
providers. As a result, six Caldicott Principles
were identied to help them comply with the
Data Protection Act. In summary, the Caldicott
Principles require that anyone who handles
personal or sensitive data that can be
identiable with a particular person must:
1.

8. not transferred outside of the European

Economic Area (EEA) unless the
individual concerned has given consent
and you are condent that you are
entitled to transfer it.

be able to justify its use for example, it

would be unjustiable to let someones
ethnic background dictate whether to
prescribe them medication for a failing
memory, but it would be important to ensure
that a female care worker is available to help
female patients with intimate care if their
religion and cultural traditions require
same-sex care

2.

not use it unless it is absolutely necessary

for example, it is absolutely unnecessary to
know about someones criminal record
when helping them use the toilet, unless
their record includes a history of sexual
offence

Key term

3.

use the minimum amount of information

necessary you dont need to know lots of
information about someones personal life
when helping them choose from a menu, but
it would be an advantage to know about
their health and religious beliefs as these
may dictate their dietary needs

4.

ensure that access to it is on a strict

need-to-know basis on no account should
you disclose information about people
without their consent or proper
authorisation, nor should you disclose
information to anyone who does not need
that information to carry out
their job

5.

ensure that everyone with access to it is

aware of their responsibilities, including
ensuring that any personal data they see or
hear goes no further, either by word of
mouth or by unauthorised viewing of
information, for example on a computer
printout or computer screen

6.

understand and comply with the law you

can be prosecuted for unlawful action under
the Act and be ned if you use or disclose
information improperly.

7. kept secure at all times and protected

from unauthorised access, disclosure,
alteration and destruction

The European Economic Area (EEA) is an

economic association of European countries.

Research & investigate

1.2

Collecting information

1. Who do you collect information about

at work?
2. What information do you collect?
3. How do you know that you can collect it?
4. Why do you need the information?



Time to reect
1.2




How would you feel if

your personal correspondence, for

example letters, emails, texts, were
opened and read by other people?
someone put photographs of you on a
website without asking your permission?
your GP told your employer about your
medical history?
169

Level 3 Diploma Health and Social Care

Case Study
1.2

Applying the Caldicott

Principles

An early years setting holds information on

children in order to support their
development, monitor their progress,
provide appropriate pastoral care and
assess how well the setting as a whole is
doing. This information includes contact
details, attendance information,
characteristics such as ethnic group, special
educational needs and any relevant medical
information. From time to time it is
necessary to pass on some of this data to
local authorities and ofcial agencies, such
as QCA and Ofsted. In particular, at age ve
an assessment is made of all children (the
Foundation Stage Prole), and this
information is passed to the local authority
and receiving maintained school.
How is this setting complying with the
Caldicott Principles as regards:
1. justifying its use of data?
2. not using data unless it is absolutely
necessary?
3. using the minimum amount of
information necessary?
4. ensuring that access to data is on a strict
need-to-know basis?
5. ensuring that everyone with access to the
data is aware of their responsibilities?
6. understanding and complying with the law?

The Children Act 2004

The Children Act states that organisations have
a duty to safeguard and promote the welfare of
children and young people. Information sharing
among care agencies enables them to work
efciently and effectively, but it must also
comply with laws relating to condentiality, data
protection and human rights. Safeguarding
Children Boards use The Children Act to
develop policies and procedures related to
information sharing, thereby complying with
legislation and ensuring the safety and
well-being of the child or young person.

170

The Health and Social Care Act

2008
The Health and Social Care Act gives the
Secretary of State for Health the power to
authorise health and social care service
providers to disclose information about people
in the interests of improving patient care or in
the wider public interest, to monitor
communicable diseases and for medical
research.
Codes of Practice relating to handling
information in health and social care are based
on legislation, professional body standards and
professional best practice.

Records Management:
NHS Code of Practice
Records are valuable because of the information
they contain. However, information is only
useful if it is correctly recorded in the rst place,
regularly updated and easily accessible when
needed. The Records Management: NHS Code of
Practice describes different actions and
responsibilities for effective collection, use and
storage of all types of NHS records, and for their
maintenance and disposal.

The Information Security

Management: NHS Code of
Practice
This applies to all organisations, including local
authorities, that handle NHS information. Its
purpose is to guide them in maintaining the
security of information that they handle.

Code of Practice: Mental Health

Act 1983
This requires that information to help them
understand why they are in hospital or subject
to guardianship is given to patients detained
under the Mental Health Act and, unless they
object, to their nearest relatives. It also states
that, ordinarily, information about a patient
should not be disclosed without their consent.
Occasionally it may be necessary to pass on
particular information to professionals or
others in the public interest, for instance where
personal health or safety is at risk.

9: Promote good practice in handling information

Research & investigate

1.2

Disclosing information

Who do you disclose information to?

What information do you disclose?
How do you know that you can disclose it?
Why do other people and organisations
need the information you give them?

Q disclose information if they believe someone

may be at risk of harm
Q keep clear and accurate records and not
tamper with original records in any way
Q ensure entries in records are clearly and
legibly signed, dated and timed
Q

Nursing & Midwifery Council, 2008

Evidence activity
1.2

General Social Care Council

(GSCC) Codes of Practice
These set out the standards of practice that
everyone who works in social care should meet.
With regard to handling information, the Codes
state that:

Q Social care employers must have written

policies in place to help social care workers meet
the GSCCs Code of Practice for Social Care
Workers, including policies on condentiality.
Q

Social care workers must:

Q

protect the rights of the people they

support, including their right to privacy

Q respect condential information and be

able to explain their workplaces policies
about condentiality to the people they
support, their family and friends
Q

not abuse the trust of the people they

support or the access they have to any
personal information about them

Q maintain clear and accurate records as

required by procedures established for
their work.
General Social Care Council, 2002

The Nursing and Midwifery

Council (NMC) code
This sets out the standards of conduct,
performance and ethics that nurses and
midwives must apply in their work. With regard
to handling information, the code requires them
to:

Q
Q

respect peoples right to condentiality

ensure that people are informed about why

and how information is shared by people
providing their care

ensure all records are kept securely.

Legal requirements and

codes of practice for handling
information

Identify two pieces of legislation and two

codes of practice that regulate the way
personal and sensitive information is
handled where you work. For each, sum up
how they affect your work.

LO2 Be able to implement

good practice in handling
information
2.1

Describe features of
manual and electronic
information storage systems
that help ensure security
Manual information storage
systems
Manual information storage includes:

Q paper or card health records, case notes, care

plans, pupils les, assessment records, special
educational needs data, staff records, registers,
reports, computer printouts and administrative
records such as letters, invoices and minutes
from meetings
Q imaging records such as X-rays, CCTV lm,
photographs and slides
Q audio recordings such as telephone calls
and tape recordings.

171

Level 3 Diploma Health and Social Care

Research & investigate

2.1

Manual storage of
information

Where is manual information stored at

your workplace?
Who can have access to this
information and why?

Figure 9.2 Manual information storage systems

Manual information should be held in named
folders to make ling and access easy. The
information within a folder should, if possible,
be copied, and copies stored in a separate,
secure location, for example on a USB ash drive
(memory stick), as a precaution against loss.
An authorised person or the designated data
owner should take responsibility for ensuring
that manual information is secure. All
information should be annotated with its level of
security, and condential information must
identify who is authorised to have access. There
are three levels of security:
1.

Low security means that the information

can be accessed by the public, for example
policies and procedures and an
organisations website.

2.

Medium security means that the

information is not readily accessible but
may be disclosed in certain circumstances,
for example basic personal information
such as class lists.

3.

High security means that the information

contains personal and sensitive identiable
information and access is on a need-toknow basis only.

Secure storage requires arrangements to be in

place to make sure that:

Q
Q

information remains condential

there is no risk of physical deterioration due,

for example, to re from electronic, electric and
kitchen equipment, or water from sinks, toilets,
pipes, radiators.

172

Storage facilities for medium- and high-risk

information, such as ling cabinets, cupboards
and stores should be kept under lock and key,
and keys and keypad number sequences held by
the designated data owner or a named key
holder. Access to information should be given on
a need-to-know basis and a tracking record
maintained of who has had access, when and
why. If information is removed from storage a
record should be made of when it was returned.
Tracking systems can be either paper-based or
electronic, such as when records are scanned in
and out of storage.
When information stored manually is no longer
needed, it should be dealt with as appropriate.
Closed or inactive les may have to be retained
for some time, in which case appropriate
storage facilities will be required. Some
information will need to be permanently
preserved by archiving, some retained for
review and some destroyed. Low-security
information should be recycled; medium- and
high-risk information should be shredded,
pulped or incinerated.

Key term
Archiving means storing records,
documents, or other materials of historical
interest.

Electronic information storage

systems
Information can also be stored (saved)
electronically on a computers hard disk drive,
an external hard drive, USB memory stick, CD
or DVD, using programmes such as Word,
Excel, PowerPoint and Outlook. Programmes
provide the template for creating documents
such as:

Q word documents, for example letters and

reports

9: Promote good practice in handling information

Q spreadsheets, for example to record and

monitor physiological measurements
Q
Q

presentations, for example for training

email, for sharing information.

Research & investigate

2.1a

Storage of electronic
information

Where is electronic information stored

at your workplace?
Who can have access to this
information and why?
The documents produced using these
programmes are put into folders, which are the
equivalent of the manual folders stored in ling
cabinets and cupboards. Folders containing
documents that are personal and sensitive need
to be stored securely.

Ten top tips for ensuring the security

of information stored in equipment
you take off site
1.

Follow your organisations home working and

portable computing policies.

2.

Know and understand how to use the

equipment.

3.

Keep it with you at all times.

4.

If you have to leave it unattended, lock it up

and store it in a secure place.

5.

Take great care when using it in a public

place to ensure that information is not
overseen.

6.

When travelling on public transport, carry

laptops as hand luggage.

7.

If you use a car, ensure that the equipment is

not left on display. Lock it in the boot but do
not leave it in the boot overnight.

8.

Do not modify any stored information

without authorisation.

9.

Sending information over the internet could

be classied as a breach of security, so never
send identiable information via email or
devices such as Blackberries. In fact, never
send information electronically that you
would not put on the back of a postcard.

10. Do not use the equipment for your personal

use, especially for internet access and
emailing.

Research & investigate

Figure 9.3 Electronic information storage systems
Encryption is the scrambling and transforming
of information from an easily readable and
understandable format (plaintext) into an
unintelligible format that seems to be useless
(ciphertext). The Data Protection Act requires
organisations that use portable electronic
information storage systems, such as laptops,
handheld computers and USB memory sticks, to
encrypt personal and sensitive information and
regularly review and update the encryption to
make sure it remains effective. The Act also
requires that organisations have policies
regarding the use and security of portable
systems and that they ensure that their staff are
properly trained in these.
Taking portable electronic information storage
systems off site carries a risk of theft and
unauthorised access to and modication of
information.

2.1b

Portable electronic
information storage systems

What portable electronic information

storage systems are used at your
workplace?
Describe the policies and procedures
that govern the way they are used off site.

If computer equipment has to go off site for

service, repair or recycling, all information
should be backed up, for example on a USB
memory stick, and then removed. Normal
deletion doesnt actually delete information, it
simply removes the address indicating where
the les are stored. This means that data
recovery software can be used to undelete
deleted les. It is better to use data destruction
software or software that overwrites

173

Level 3 Diploma Health and Social Care



everything. The same applies to when computer

equipment has to be discarded remove all
sensitive data rst; alternatively, physically
destroy the hard drive.
Computer viruses cause severe loss and
destruction of information; antiviral software
is highly recommended. Firewalls help
prevent attacks against computers while
connected to the internet, but viruses can
arrive within les attached to emails. Some of
these viruses (Trojans) contain programmes
that allow an outsider to access and take
control of computers over the internet. For
this reason, never open les attached to emails
from people you dont know. If you do know
the sender but have even the slightest doubt,
check to con rm that they have sent it.

Research & investigate

2.1c

Secure storage and deletion

of electronic information

How does your workplace ensure that

electronically stored information is:
not accidentally lost or destroyed?
securely dealt with when no longer
needed?

Anyone given authority to access electronic

information should have a secure username
and password. Used correctly, usernames and
passwords ensure the security of personal and
sensitive information. If you have authority to
access information on a computer:

Q Keep your username secret. Never allow

anyone else to use it, and dont allow the
computer to save it, particularly if you share the
computer with other people.
Q Keep your password secret. If you think
someone might have watched you keying it in,
change it immediately. Dont be obvious in your
choice of password, for example dont use your
name, birthday or anything else that someone
might guess. Change it frequently and if you
have to write it down, disguise it. Use a different
password for every computer username
allocated to you.

Key term
A username and password are the names
that someone uses for identication
purposes when logging on to a computer.
174

Time to reect
2.1




Have you ever

Have you ever shared any of your personal

ID, for example your PINs or computer
usernames and passwords, with anyone
else? What might be the outcome of
sharing such information?

Dos and Donts of using electronic

information storage systems to
access, store and share sensitive and
personal information
Do:

Q
Q

log in with your username and password.

position your monitor so that it cannot be

overseen.

Q log out if you have to leave your computer

unattended and when you have nished using it.
Q back up all the information you save, and
store backup devices securely.
Q encrypt all the information you save on
portable storage systems.

Key term
To back up means to copy saved information
so that it is preserved in the event of
equipment failure.
Dont:

Q Take computer equipment off site unless you

have permission. If you do, make sure you know
how to use the equipment and that you follow
your organisations homeworking and portable
computing policies.
Q Store information in programmes that are
connected to the internet, for example social
networking websites and organisational intraand internet web pages.
Q Send information via email unless it is
encrypted.
Q Send sensitive information contained in
portable storage systems, even if it is encrypted.
Q Rely on the delete button to erase
information no longer needed. Use appropriate
data destruction software.

9: Promote good practice in handling information

Evidence activity
2.1

Features of storage
systems that help ensure
security

Think about the manual and electronic

storage systems that you use at work.
Describe how each ensures security of the
information it stores.

2.2

Demonstrate practices that

ensure security when storing and
accessing information

2.3

Maintain records that are

up-to-date, complete, accurate
and legible
Good practice in health and social care relies
on multidisciplinary teamwork. To ensure
that the team is able to support people
efciently and effectively, it needs up-to-date,
complete, accurate and legible records.
Records that health and social care workers
contribute to include health records, case
notes, care plans; pupils les, assessment
records and special educational needs data;
staff records; registers; and correspondence
with the people they support, their relatives
and representatives, and other members of
their team.

Practice activity
2.2

Ensuring security when storing and accessing information

Complete the following tables to show how you ensure security when storing and accessing
information.
Manual information storage systems
Precautions I take to prevent unauthorised:
access to information
disclosure of information
alteration of information
destruction of information.
Precautions I take to prevent accidental loss
or destruction of information.
Electronic information storage systems
Precautions I take to prevent unauthorised:
access to information
disclosure of information
alteration of information
destruction of information
Precautions I take to prevent accidental loss
or destruction of information.

175

Level 3 Diploma Health and Social Care

Key term
Multidisciplinary teamwork is when members
of different professions work together.
A good record contains enough information to
allow another professional to maintain continuity
of care and help the individual develop and
progress. It should be professionally written but,
because The Data Protection Act gives individuals
the right to access information held about them, it
should contain explanations of information that
they, their relatives or representatives might nd
difcult to understand.
The content of a report should therefore be
complete. It should include, so far as is relevant
to the situation, up-to-date details about the
individuals:

Q age, sex, address, physical and intellectual

ability; social, cultural and religious beliefs,
values and preferences, life experiences and
achievements.
Q health and social care needs, planned
investigations or interventions, and information
that they and their relatives and representatives
have been given, for example details of the risks
and benets of different treatments and activities
Q

treatment, for example the type and

dosage of prescribed and complementary and
alternative medicine (CAM) that they are
taking, support groups they attend

Q response to different treatments and

interventions
Q

consent, for example, to medication or

disclosure of their personal information

Q wish to refuse all or some forms of medical

treatment in advance of loss of mental capacity, also
known as their Living Will or Advance Directive.
www.medicalprotection.org; www.direct.
gov.uk
It should also contain up-to-date contact details
for relatives, friends and representatives, their
Lasting Power of Attorney and contacts in the
event of an emergency.

Time to reect
2.3




What if

What might be the outcomes for an

individual if, for example, their and their
relatives contact details, medication,
consent to disclosure of personal
information, and so on, were not kept up
to date?

The completeness of a report can be diminished

if it is tampered with or if alterations are not
made properly. Mistakes or inaccuracies on
electronic records should be remedied using a
tracking device, and should be annotated with
the date and author of the alteration.
Mistakes or inaccuracies on manual records
should be remedied by adding a signed and
dated note in ink. If an individual asks you to
alter information about them because it is
incorrect, include a note to say that you have
altered it at their request. If the incorrect
information would be harmful to them, delete it
but insert a signed and dated note to explain
what has happened and why.
In addition to ensuring that content is complete,
you must ensure that records are accurate.

Q Write up notes as soon after an event as

possible, before you forget exactly what was said
or what happened.
Q Bear in mind that in some situations,
information about an individual given by a third
party, for example a relative, police ofcer or
translator, may not be the same as that given to
you by the individual themselves. We all see
things differently and have different stories to
tell as a result. Make a note of the persons name
and position in the event that information needs
clarifying.
Q Subjectivity takes away from accuracy.
Records must be objective, that is, based on fact,
so dont include your opinions, especially if they
are likely to insult or cause distress.

Key term
Complementary and alternative medicine (CAM) is the term for health care products and
practices that are not part of standard, scientic care.
Lasting Power of Attorney is the responsibility an individual gives to someone they trust to
make nancial and health decisions on their behalf at a time in the future when they lack the
mental capacity to make decisions or no longer wish to make those decisions themselves.
Tracking is a process that highlights any alterations made to a document.
176

9: Promote good practice in handling information

Case Study
2.3

The truth, the whole truth and

nothing but the truth

Mary lives in a sheltered housing complex.

She has progressive Alzheimers disease but
the authorities are condent that she is able
to live in her own at at the present time. A
neighbour frequently sees her wandering in
her nightie around the gardens late at night
and others, including the warden, are
growing increasingly frustrated with Marys
fast declining memory, the health and safety
risks she poses to them and herself as a
result, and her growing dependence on
everyone for everyday support.

Records must also be legible.

Key term
Legible means clear, readable,
understandable.

Q If you cant write legibly, use a computer or

have someone write on your behalf. In this
situation, dictate what you want to say and sign
to show that the record accurately reects what
you have said.
Q Be careful with abbreviations and jargon.
Only use them if you can explain, in words of
one syllable, what they mean.
Q Sign each entry with the date, time and your
status.

Practice activity
2.3

Maintain records that are

up-to-date, complete, accurate
and legible

This activity gives you an opportunity to

demonstrate that you can maintain good
and appropriate records.

Figure 9.4 Mary

Marys neighbours and the warden have

organised a meeting with social services, in
order to spell out their concerns. The
wardens written report is as follows:
Mary X is a nuisance. She is quite doolally
and it wont be long before she blows the
place up. The other residents are sick to
death of having to look out for her when she
does nothing for them in return. She cant
look after herself any more and should be
put in an old folks home.
Should the content of this report be relied
on for accuracy? If not, why not?

Photocopy half a dozen records, making

sure to anonymise them, to which you have
contributed and which demonstrate your
ability to ensure records are up-to-date,
complete, accurate and legible.

LO3 Be able to support

others to handle information
3.1

Support others to
understand the need for secure
handling of information
Maintaining security of information at work is
everyones responsibility.
How can you help others to understand the need
to handle information securely? First and
foremost, set an example. By following
procedures based on relevant legislation and by

177

Level 3 Diploma Health and Social Care

being seen to handle information in accordance

with professional codes of ethics and good
practice, you will encourage colleagues to carry
out their responsibilities to consistently high
standards. Secondly, monitor their handling of
information, offering advice and guidance
where necessary.
Make everyone aware that they have a duty
under the Data Protection Act to keep personal
and sensitive information condential. Posters
on notice boards and easy access to policies and
guidance documents should prompt colleagues
about their responsibilities. And show respect
for the right to privacy of the people you
support. The experience of having our rights
protected helps ensure that we ful l our duty to
respect other peoples rights.

3.1

Be aware of sources of information, referral,

advice and guidance that can help you handle
information securely, and share these resources
with your colleagues.
Ensure that personal and sensitive information
is labelled. This helps people handling it to
understand the need to keep it secure and deal
with it appropriately when it is no longer
needed.



Time to reect

Encourage colleagues to become more

security aware and to understand the possible
consequences of failing to follow best practice.
There are many ways in which workers can
update their knowledge and skills in relation
to secure information handling, for example
through meetings and discussions, in-service
training activities and attendance at
professional events, and experiential, on-thejob learning. In addition, specialist journals,
online information sources, e-learning and
open learning programmes can provide
opportunities for improving best practice.

Respecting peoples rights

Has your private information ever been

shared by someone without rst seeking
your permission? How did or would you
feel? Would you or have you ever done the
same to anyone else? How do you think
they would feel? Do you think it is right to
share information without rst getting
permission?

Encourage colleagues and the people you support

to be on the alert for risks to security of
information. Hazards include re and water,
impostors and thieves, computer hackers and
lack of training. Ensure that colleagues can
recognise hazards and are able to deal with
associated risks, such as:

Q
Q

re and water damage

requests for information from people who

do not have a need to know

Accusations of
gross misconduct,
dismissal and
possible legal
action against
the employee
concerned.

A damaged
reputation and
legal action against
the employing
organisation.

The
consequences of
failing to follow
procedures and
apply practices
relating to secure
information
handling.

Anxiety and
distress for the
person concerned.

Figure 9.5 The consequences of failing to follow procedures and apply practices relating to secure handling
178

9: Promote good practice in handling information

Q accidental or unauthorised loss of

information due to, for example, not backing up,
not encrypting information that is to leave the
premises, and insecure transport and storage of
equipment when off the premises
Q failure to deal with information
appropriately when it is no longer needed
Q failure to report security concerns and
breaches to the appropriate person without
delay.

Practice activity
3.1

Support others to understand

the need for secure handling
of information

This activity gives you an opportunity to

demonstrate that you are able to support
others to understand the need for secure
handling of information.
Why is it important to handle
information securely?
Make a list of the ways that you
currently help colleagues and those
you support to understand the need to
handle information securely.
How can you develop their
understanding?

3.2

Support others to
understand and contribute to
records
You read earlier that health and social care
records need to be up to date, complete,
accurate and legible. Anything else would make
it difcult for professionals to work together to
ensure continuity of care and appropriate
support.
How can you support others to understand and
contribute to records? Most importantly, by
ensuring that you set a good example in the
production and maintenance of records.
Secondly, by raising their awareness of the
consequences of records that are out of date,
incomplete, inaccurate or illegible. Decient,
badly written records can result in an individual
being given the wrong treatment or the wrong
advice and information, with disastrous, possibly
fatal, results for them and a formal complaint or
even court proceedings against the worker and
their employer.
Support your colleagues in their understanding
of how the 8 Data Protection Principles underpin
the production of good records. When
collecting information, make sure they can
explain to the individual concerned:

Q
Q

why they need the information

that they will only collect information if

given permission and only use it for the purpose
for which it is collected

Figure 9.6 The consequences of failing to maintain up-to-date, complete, accurate and legible records
179

Level 3 Diploma Health and Social Care

Q that the information will remain secure and

not be shared with anyone except people with a
need to know, for example, other professionals
involved in their care and support

Ten top tips to support individuals

you work with to understand and
contribute to their records

Q that the information will only be kept for as

long as is necessary

1.

Q that the individual has a right to see any

information collected about them, to make sure
it is correct.
Support your colleagues in their knowledge of
how to contribute to records. Make sure that
they know to:

Q only collect as much information as is

needed and is relevant
Q obtain the individuals agreement for their
information to be shared with people with a
need to know
Q follow security procedures when accessing
and storing/saving information

Key term
Interpersonal skills are the positive people
skills that nurture effective communication
and relationships.
2.

Have regard to their age, sex, cultural and

religious background as this can affect who
they will speak with, especially when the
subject is of a personal, intimate nature.

3.

Use the method of communication with

which they are most comfortable.

4.

Explain that the information you collect will

be stored securely.

5.

Explain that others in the care team may

need to see the information you collect but
that you will seek their permission before
you share it.

6.

Explain that they have a right to see any

information held about them.

7.

Be patient, give them time to think about

their answers and use active listening skills
to show you are interested and want to
understand everything they tell you.

8.

Dont interrupt and dont put answers into

their heads. Let them tell you what they want
to say, not what they think you want them to
say.

9.

Check your understanding by asking

questions, summarising what they tell you,
restating it in your own words.

Q

write their contributions up promptly,

before any detail is forgotten

Q write professionally but with regard for

people for whom jargon and abbreviations
would be difcult to understand
Q ensure that verbal contributions are in line
with security procedures, for example made in
privacy and to the appropriate person.
Q contribute information that is accurate,
objective and factual prejudices, personal
values and opinions have no place in record
keeping
Q consult with the appropriate people to make
sure records stay up to date and free from error

Use interpersonal skills to put them at ease

while you explain your need for information
and while you collect it.

Q record and report any difculties they have

in accessing and updating records and reports.

10. Check that they agree to you sharing the

information they have given you with
relevant people.

Figure 9.7 Whos asking?

180

9: Promote good practice in handling information

Practice activity
3.2

Support others to understand and contribute to records

Why is it important to contribute to records?

Make a list of the ways that you currently help colleagues and those you support to
understand and contribute to records.
How can you develop their skills and understanding?

Assessment summary
Your reading of this chapter and completion of the activities will have prepared you to be able to
engage in promoting good practice in handling information.
To achieve the unit, your assessor will require you to:

Learning outcomes

Learning outcome : Understand

requirements for handling information in
health and social care settings by:

Assessment Criteria
1.1 identifying legislation and codes of

practice that relate to handling information

in health and social care
See Evidence activity 1.1, p. 167
1.2 summarising the main points of legal

requirements and codes of practice for

handling information in health and social
care
See Evidence activity 1.2, p. 171

Learning outcome : Be able to implement

good practice in handling information by:

2.1 describing features of manual and

electronic information storage systems

that help ensure security
See Evidence activity 2.1, p. 175
2.2 demonstrating practices that ensure

security when storing and accessing

information
See Practice activity 2.2, p. 175
2.3 maintaining records that are up-to-date,

complete, accurate and legible

See Practice activity 2.3, p. 177

181

Level 3 Diploma Health and Social Care

Learning outcomes

Learning outcome : Be able to support

others to handle information by:

Assessment Criteria
3.1 supporting others to understand the need

for secure handling of information

See Practice activity 3.1, p. 179
3.2 supporting others to understand and

contribute to records
See Practice activity 3.2, p. 181

Good luck!

Web links
Justice legal and human rights organisation
Health information for patients
Department for Work and Pensions
Medical Protection Society
Public Services website

182

www.justice.org.uk
www.patient.co.uk
www.dwp.gov.uk
www.medicalprotection.org
www.direct.gov.uk