Confidentiality policy Introduction Those contacting The Dystonia Society have the right to expect that any information imparted by them to the organisation will be used solely for the purpose for which it is given and remain within the organisation. The Dystonia Society will always strive to ensure that members and any others affected by dystonia have trust and confidence in the organisation and that they are treated with dignity and respect. The principle of confidentiality extends to any information about the internal affairs of the Society. The Dystonia Society recognises the right of service users, staff and volunteers to have open access to their personal records held by the organisation. All staff, Trustees and members and volunteers of the Society are bound by the Dystonia Society’s confidentiality policy. Legal framework The Human Rights Act 2000 guarantees respect for a person’s private and family life, home and correspondence. The Data Protection Act 1998 (DPA) concerns personal information, which includes facts and opinions about an individual which might identify them. The DPA ensure that information held about any person cannot be used for purposes other than those for which it was originally supplied, without the person’s consent. Exceptions to these Acts are allowed where this is necessary to protect a vulnerable person from harm. Confidentiality in practice At The Dystonia Society confidentiality means: Information is given to the organisation and not to the individual. Information is not confidential to the person who receives it but to the organisation and, as required, can be disclosed within the organisation. Information is released internally on a ‘need to know’ basis. Only the information the staff member needs to know in order to do their job properly and safely is released. Information will not be released to a third party without consent unless one of the exceptions applies (See Exceptions section). Confidentiality – How will we protect it? Processes put in place to ensure confidentiality include: Permission will be sought to collect information and people will be informed of their right to access this information. This includes notifying members, other service users, staff and volunteers that data is held, why it is held and that they are entitled to access it. Permission will be sought explicitly each time a photograph of someone with dystonia is identified for use in any publication, newsletter or leaflet. No photograph will be used unless every person in a photograph has given their permission for the photograph to be used in that particular instance. Information will only be collected when it is necessary for a specific purpose, unnecessary information will not be retained. This means that we will be clear as an organisation why we are collecting data and therefore we will not collect it without a specific purpose in mind and then only use it for the purpose indicated. Information and data held will be maintained appropriately. This means data will not be retained longer than necessary; it will only be obtained appropriately and it will be kept up to date as appropriate. If information is to be released to a third party permission must be sought unless one of the exceptions listed below apply. This is in respect of clients, staff and volunteers. Permission may be sought verbally or it may be necessary to obtain permission in writing. Information records will be stored securely observing the provisions of the Data Protection Act and to prevent unauthorised access. See Security Policy. To ensure confidentiality consideration will be given to the physical environment in which information is exchanged. Calls of a confidential nature will be taken in a secure environment and care will be taken when using printers, faxes, photocopiers and so on. See Security Policy. Breaches Breaches in confidence will be taken seriously and may result in dismissal of the offending person, whether service user, paid staff or volunteer. No non-members should have access to any confidential data. Open Access to personal records Users, staff and volunteers may request access to their personal records. The request should be in writing and access should be provided as soon as possible but within a maximum of 40 days (the statutory maximum) and normally within 20 days. Information obtained in confidence from a third party (including references provided during recruitment) should not be disclosed without the consent of the third party. In exceptional circumstances sensitive information may need to be withheld. Any decision to withhold information must be taken by the Chief Executive and Chairman or designated deputies. The need to withhold access to sensitive items within the records should never be used to justify withholding access to the remainder. Exceptions Information may only be disclosed without the permission of the person concerned if: Disclosure is required by law (acts of terrorism are suspected). Where these is a reasonable belief that there is concern that the health and safety or welfare of an individual is at risk. In such cases you must disclose the information to the Helpline Manager, who will review and determine the appropriate action. The minimum amount of disclosure possible will be expected in any such situation by anyone involved. All incidents must be recorded and reported. In the event of a disclosure, the Helpline manager will immediately advise the Chief Executive, Chairman and Vice Chairman. Implementation All staff, trustees and volunteers will receive training and support to help them understand the policy and to implement it. They will be made aware of the serious nature of a breach of confidentiality and asked to sign a statement of confidentiality. In the event of any concerns about how to apply the policy please make contact as follows: Staff should talk to their line manager. Volunteers should contact a Volunteer and Group Development team member unless they are Helpline volunteers in which case they should contact the Helpline team of UK-office based volunteers who should contact their staff coordinator. Trustees and Chief Executive will jointly discuss any significant matters arising from the implementation of this Confidentiality policy. Appendix Confidentiality Issues affecting the Helpline Users of the Dystonia Society’s Helpline service will be further protected by this Appendix, which establishes and maintains confidentiality standards for information disclosed to the Helpline team, in compliance with the quality standards set by the Telephone Helplines Association (THA). Implementation The Dystonia Society will ensure that all Helpline employees and volunteers are issued with this policy at induction, and know to whom they should report any concerns regarding confidentiality. Employees and volunteers will be asked to sign a confidentiality agreement. Accountability and unauthorised breaches of confidentiality Confidentiality applies to written (including email), telephone and personal enquiries. All Helpline staff, including volunteers working in the team, have undertaken to comply with this confidentiality policy. If it is established that an unauthorised breach of confidentiality has taken place, the member of staff or volunteer concerned will be accountable in the first instance to their line manager. Consideration will be given to disciplinary proceedings in accordance with the Society’s appropriate policies if the breach is considered serious enough. Deliberate or reckless communication, dissemination or solicitation of non-essential and/or identifying information about current or former users would be regarded as a serious breach of the principles of confidential service provision, and would be subject to Society disciplinary procedures. Informing service users of the confidentiality policy The vast majority of enquiries received by the Society can be treated in strict confidence. It is not necessary to inform all enquirers of the confidentiality policy as a matter of course, as to do so may be off putting to those simply seeking information. However should the enquirer ask about confidentiality, or indicate that they are about to disclose information of a highly sensitive nature, they should be made aware of the Society’s policy statement on confidentiality. Any user of the service will be sent a copy of the confidentiality statement on request. Publicity material about the service will include a statement about confidentiality. Helpline confidentiality in practice Information obtained will only be relevant and not excessive in relation to the purpose for which they are held. Callers are advised if there is a need to confer with other helpline colleagues during a call, and will be asked if they object to this. Discussion of cases amongst the Helpline team is encouraged, to enable them to offer the best possible service to enquirers. Cases may also be discussed outside the team where necessary, for example to inform other staff about the work of the Helpline service; it should be made clear that this information is strictly confidential and not for disclosure outside that group. However, in general, personal details (such as name and address) about the enquirer should be kept within the Helpline team. All such discussion should be purposeful and respectful. Staff may also discuss cases with an external supervisor, but personal details will not be used in this situation. Cases should not be discussed in any out-of-work context, even when the enquirer cannot be identified. Enquirers may wish to use the Helpline service without others knowing that they have done so. When Helpline workers respond to a message asking to be called back, the worker should not leave a message identifying the Dystonia Society as the caller. The message should simply note: “this is Susan Farnsworth returning your message of 11.00, 21st April” Callers’ numbers cannot be traced through the Society’s current telephone system. No attempt will be made to trace numbers. Occasionally more than one person will contact the Society regarding the same case. As a general rule, these enquiries should be treated as entirely separate, and confidentiality should be strictly upheld. The Helpline Service will not send information to a third party who has not directly requested it. No personal details of any member of staff or volunteer (or external advisor to the Society) will be disclosed without their agreement. All letters and log sheets will be kept in a locked filing cabinet when not being answered and disposed of confidentially afterwards. Replies to letters will not be deleted from computers once the letter has been printed. However, access to files is restricted by password. If a helpline worker knows a correspondent, he/she will not respond to that letter, but will pass it to a colleague to reply. It should be assumed that a telephone number on a letter gives helpline staff permission to call the correspondent. If there are concerns then please consult the Chief Executive. Log sheets are only used as an aide memoir for the helpline workers taking the call. Names and addresses are only taken if there is a requirement to send reading material to the caller. Permission must be gained before publishing case studies (e.g. for publicity, or in training or information materials). Alternatively, fabricated case studies may be used for these purposes, but details must be sufficiently disguised that the original enquirer cannot be identified. Documents which contain identifying information (eg, letters, addressed envelopes) and any information collected during research or evaluation activities will be handled, stored and disposed of securely and strictly in accordance with agreed procedures and with relevant legislation. Identifiable information may be stored on a helpline workers computer while composing a reply to an enquiry. All computers are password protected. A ‘lock function’ is in use when away from their desk for long periods of time.The enquiries’ letter file must not be removed from the Helpline area without permission from the Helpline team or the Service Development Manager. It is recognised that the Helpline Service needs to be promoted and be accountable to its funder. Any analysis of the service for this purpose must relate to the general nature of enquiries. Any specific identifiable example of an individual concern or need should not be quoted without express permission.