How to use the Caldicott Principles in Casework
When a client does not have capacity to give consent to sharing their information with SSAFA, the Armed Forces charity, and also does not have the paperwork in place instructing a legal Power of Attorney, the Caldicott Principles may be put into action to allow someone to share that client’s information with the organisation as long as it is the client’s best interest and aligns with the principles stated on page 2.
When employing the Caldicott Principles to obtain information in this manner, it is crucial to consult the Caldicott Guardian. Furthermore, the case presented on Mosaic CMS2 should include a note explicitly stating that, in the absence of explicit consent, the information was shared in compliance with the Caldicott guidelines.
- Lack of client capacity: The client must be deemed incapable of providing consent to share their information due to a lack of capacity.
- Absence of legal Power of Attorney: The client does not have any valid legal documentation, such as a Power of Attorney, authorising another person to make decisions on their behalf.
- Client's best interest: Sharing the client's information with the organisation, SSAFA in this case, must be determined to be in the client's best interest.
- Alignment with Caldicott Principles: The proposed information sharing must adhere to the Caldicott Principles, ensuring the appropriate handling and safeguarding of personal data.
- Caseworker encounters difficulty in obtaining written, verbal or explicit consent from the beneficiary regarding information sharing.
- The caseworker escalates the case to their Regional Case Manager (RCM) in the Regional Office, highlighting the consent issue.
- The RCM should contact the Casework Support Manager in Central Office to discuss the case and what further information maybe required to apply the Caldicott Principles.
- The RCM prepares a summary report of the case, emphasising the relevance of the Caldicott Principles.
- The summary report is forwarded to the Caldicott Guardian for review and approval, ensuring adherence to the Caldicott Principles.
- The Caldicott Guardian carefully examines the report and provides their sign-off if the information sharing is deemed necessary and compliant with the Caldicott Principles.
- The case is recorded by the Caldicott Guardian, and the RCM adds notes reflecting this approval process into the ‘Case Notes’ section of the Mosaic Case.
Principle 1: Justify the purpose(s) for using confidential information
Every proposed use or transfer of confidential information should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed by an appropriate guardian.
Principle 2: Use confidential information only when it is necessary
Confidential information should not be included unless it is necessary for the specified purpose(s) for which the information is used or accessed. The need to identify individuals should be considered at each stage of satisfying the purpose(s) and alternatives used where possible.
Principle 3: Use the minimum necessary confidential information
Where use of confidential information is considered to be necessary, each item of information must be justified so that only the minimum amount of confidential information is included as necessary for a given function.
Principle 4: Access to confidential information should be on a strict need-to-know basis
Only those who need access to confidential information should have access to it, and then only to the items that they need to see. This may mean introducing access controls or splitting information flows where one flow is used for several purposes.
Principle 5: Everyone with access to confidential information should be aware of their responsibilities
Action should be taken to ensure that all those handling confidential information understand their responsibilities and obligations to respect the confidentiality of patient and service users.
Principle 6: Comply with the law
Every use of confidential information must be lawful. All those handling confidential information are responsible for ensuring that their use of and access
to that information complies with legal requirements set out in statute and under the common law.
Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality
Health and social care professionals should have the confidence to share confidential information in the best interests of patients and service users within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.
Principle 8: Inform patients and service users about how their confidential information is used
A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required.