This page provides information relating to how our team handle any information provided to us when we work with patients and clients (service users). For information relating to how we handle the information provided to us by people visiting our website please see our privacy page.
When we refer to ‘service users’ we mean patients (children and young people), clients and other people who are directly affected by the care, treatment or other services that our team provide. The key principles set out on this page also apply when our team provide services to organisations rather than individuals.
This page cannot cover every situation where problems or challenges about confidentiality might come up. However, we keep the following principles in mind when handling service user information:
Our psychologists are all registrants of the Health and Care Professions Council (HCPC). The HCPC is a regulator whose main aim is to protect the public. To do this, they keep a register of psychologists that meet their standards for training, professional skills, behaviour and health.
Confidentiality to us means protecting the personal information relating to our service users. This information might include details of a service user’s lifestyle, family, health or care needs which they want to be kept private.
Service users should expect any contact with the HSR Psychology team to be treated as confidentially. Any of the team involved in the care or treatment of service users will protect their confidentiality at all times.
As a service we work inline with the HCPC Standards of conduct, performance and ethics. You can expect us to:
We have a professional and legal responsibility to respect and protect the confidentiality of service users at all times.
It is our professional responsibility to protect the confidentiality of service users at all times.
It is also our legal responsibility to protect the confidentiality of service users at all times. The law says that as psychologists we have a duty to protect the confidentiality of the people we have a professional relationship with.
Our standards of conduct, performance and ethics say that:
This means that we take all reasonable steps to protect information about our service users.
Identifiable information is disclosed for a number of reasons. It can happen when we refer a service user to another health and care professional or when a service user asks for information to be given to a third party.
It is important that we get the service user’s permission, or ‘consent’, before we share or disclose their information or use it for reasons which are not related to the care or services we are providing for them.
Consent, for the purposes of confidentiality, means that the service user understands and does not object to:
For consent to be valid, it must be voluntary and informed, and the person giving consent must have the capacity to make the decision.
By ‘voluntary’, we mean that the person makes the decision freely and without being persuaded or pressurised by professionals, family, friends or others.
By ‘informed’, we mean that the service user has enough information to make a decision about whether they give their permission for their information to be shared with other people. (This is sometimes called ‘informed consent’.) Service users should be fully aware of why we need to share any information about them, how we will do so, who we will be sharing the information with and how that information will be used. We should also tell them how not giving their permission is likely to affect the care, treatment or services they receive.
By ‘capacity’ we mean a service user’s ability to use and understand information to make a decision and to communicate their decision to us.
There are two types of consent for the purposes of confidentiality:
This is where we are given specific permission to do something. We need to get express consent if we are using identifiable information for reasons which are not related to the care, treatment or other services we provide for the service user, or in a way which service users would not reasonably expect. It is also important for us to get express consent if a service user has previously objected to us sharing their information with other people. Express consent can be spoken or written.
This is where consent from the service user is not expressly spoken or written but can be taken as understood, for example because service users have agreed to receive treatment, care or other services. If we are using identifiable information to care for a service user or provide services to them, in most circumstances we will have their implied consent. Most service users will understand the importance of sharing information within our team.
For consent to be valid we must have we must ensure the child or young person, or their legal guardian, has the capacity to consent to our involvement.
For us capacity refers to a service user’s ability to use and understand information to make a decision, and to communicate their decision to us.
We assume that adult service users have sufficient capacity unless there is significant evidence to suggest otherwise. Examples of reasons an adult user might lack capacity include:
We treat young people (aged 16 and 17) in the same way as adults and presume they have capacity unless there is significant evidence to suggest otherwise.
For children under 16, we will nearly always need to get consent from someone with parental responsibility. This could be:
Some children under 16 can give consent if they can fully understand the information given to them. This is known as ‘Gillick competence’.
As an outpatient service we do not make decisions for children or young people that lack capacity. We would instead offer our professional opinion to the child or young person’s legal guardians as to what we considered to be in their ‘best interests’. This would involve:
We need to balance the best interests of the child or young person against other duties. If we have a legal duty to share the information, or need to share it to protect the public interest, we can share it without the consent of the child or young person or their legal guardian. The reasons for this are covered below in the sections public interest and safeguarding.
In most cases, we will need to make sure that we have consent from the service user before we disclose or share any identifiable information.
One of the most common reasons for disclosing confidential information will be when we contact other health and care practitioners. This might include discussing a case with a colleague or referring a service user to another health and care professional.
Sharing information is part of good practice. Care is rarely provided by just one health and care professional, and sharing information within our team, the wider multidisciplinary team, or with other organisations or agencies is often an important way of making sure care can be provided effectively.
Most service users will understand the importance of sharing information with others who are involved in their care or treatment and will expect us to do so, so we will normally have implied consent to do this.
However, when we share information with other colleagues, we should make sure that:
If we decide not to contact other practitioners when we might reasonably be expected to, or if a service user asks us not to, it is important that we keep clear records of this and are able to justify our decision.
If we are concerned about a request someone makes for information – for example, we think the information they have asked for is not relevant – we may contact the person who has asked for the information so they can explain their request. We may also want to get legal advice, or advice from our professional body.
It is important that we get express consent, in writing where possible, if we plan to use identifiable information for reasons which are not directly related to the service user’s care or if they would not reasonably expect their information to be used or shared in that way.
Sometimes, a third party who is not a health and care professional may ask us for information. This might be a request to send information to an insurance company, education setting, local authority, or a solicitor. We would always make sure that we have express consent of the service user prior to providing any confidential information.
There are a small number of circumstances where we might need to pass on information without consent, or when we have asked for consent but the service user has refused it. The reasons for this are covered below in the sections public interest and safeguarding.
We can disclose confidential information without consent from the service user if it is in the ‘public interest’ to do so.
This might be in circumstances where disclosing the information is necessary to prevent a serious crime or serious harm to other people. We find out whether it is in the public interest to disclose information by considering the possible risk of harm to other people if we do not pass it on, compared with the possible consequences if we do. This includes taking account of how disclosing the information could affect the care, treatment or other services we provide to the service user.
We should carefully consider whether it is in the public interest to disclose the information. If we are unsure we may want to get legal advice.
We need to be able to justify a decision to disclose information in the public interest (or a decision not to disclose information) so it is important that we keep clear records.
Even where it is considered to be in the public interest to disclose confidential information, we should still take appropriate steps to get the service user’s consent (if possible) before we do so. We should keep them informed about the situation as much as we can. However, this might not be possible or appropriate in some circumstances, such as when we disclose information to prevent or report a serious crime.
Sometimes, we may be asked for information directly under the law – for example, if a court has ordered us to disclose the information. We have a legal duty to keep to orders made by the court.
We should tell the service user if we have had to disclose information about them by law, unless there are good reasons not to – for example, if telling them would affect how serious crime is prevented or detected. We should also only provide the information we have been asked for and keep a record of this
Keep in mind that not all requests from solicitors, the police or a court are made under a legal power that means we must disclose information. If disclosure is not required by law, and cannot be justified in the public interest, we must get express consent from the service user.
Our standards of conduct, performance and ethics say that:
We must take appropriate action if we have concerns about the safety or well-being of children or vulnerable adults.
In these situations, the following apply.
Service users have the right to see information we hold about them and it is important that we respect this. We charge a flat admin fee of £50 for any data requests. Any such requests should be made to this email address firstname.lastname@example.org
This page does not cover every situation about confidentiality. If you have a question about confidentiality please contact us.