Template of data sharing agreement for LeDeR Programme
Freedom of Information Act Publication SchemeProtective Marking / Not Protectively marked
Publication Scheme
Y/N / Yes
Title / A purpose specific information sharing agreement
documenting sharing within XXXX
Version / March 2016 Version 3
Summary / An agreement to formalise information sharing arrangements between XXXXX
for the purpose of reviewing deaths of people with learning disabilities and making practice improvements based on the outcomes of such reviews.
Author / XXXXX
Date Issued / March 2016 1st Document
Review Date / XXXX
Generic guidance document:
Protective marking / Not ClassifiedSuitable for Publication Scheme Y/N / Yes
Purpose / Generic guidance document for use by
agencies and organisations involved in reviewing the deaths of people with learning disabilities
Author / XXXXX
Date created / March 2016
Review date / XXXXX
Purpose Specific Information Sharing Agreement Version 3
Sharing of Information to assist reviewing deaths of people with learning disabilities
Index
Section 1. / Purpose of the agreement / Page 5Section 2. / Specific purpose for sharing / Page 5
Section 3. / Legal basis for sharing and what specifically will be shared / Page 6
Section 4. / Description of arrangements including security matters / Page 8
Section 5. / Agreement to abide by this agreement / Page 9
Section 1. Purpose of the Agreement
This agreement has been developed to:
Define the specific purposes for which the signatory agencies have agreed to share information.
Describe the roles and structures that will support the exchange of information between agencies.
Set out the legal gateway through which the information is shared.
Describe the security procedures necessary to ensure that compliance with responsibilities.
Describe how this arrangement will be monitored and reviewed. This should be after six months initially and annually thereafter.
The signatories to this agreement will represent the following agencies/bodies:
XXXXXX
Section 2. Specific Purpose for Sharing Information
The sharing of appropriate information between agencies about people with learning disabilities who have died is vital to identify if any learning could come from a review of their death that will lead to service improvements. The need for effective multi-agency working and information sharing in order to secure improved outcomes is clearly stated in a number of reviews, policy documentation and statutory guidance.
Sections 3, 6 and 7 of the Care Act (2014) require that:
• local authorities must carry out their care and support responsibilities with the aim of promoting greater integration with NHS and other health-related services;
• local authorities and their relevant partners must cooperate generally in performing their functions related to care and support; and, supplementary to this,
• in specific individual cases, local authorities and their partners must cooperate in performing their respective functions relating to care and support and carers wherever they can.
NHS England’s ‘Commitment to Carers’ (published May 2014 and End of Year Progress Summary 2014/15, August 2015) states the commitment to ‘gather bereaved carers views on the quality of care in the last three months of life in order to address gaps in evidence’ (Commitment 30).
Under the NHS Act, NHS England must encourage partnership arrangements between CCGs and local authorities where it considers this would ensure the integrated provision of health services and that this would improve the quality of services or reduce inequalities. Similarly, every CCG has a duty to exercise its functions with a view to securing that health services are provided in an integrated way, where this would improve the quality of health and/or reduce inequalities in access or outcomes. The Care Act adds further coherence by placing an equivalent duty on local authorities to integrate care and support provision with health services and health related services.
In order to learn from the deaths of people with learning disabilities so that service improvements can be made, we need to ensure that timely, necessary and proportionate mortality reviews are undertaken, involving the full range of agencies that support people with learning disabilities. Each of these agencies will hold a piece of the jigsaw that together create a full picture of the circumstances leading to the death of the individual. Information viewed alone or in silos is unlikely to give the full picture, identify where further learning could take place, or contribute to cross-agency service improvement initiatives.
The relevant information about an individual who has died needs to be shared with the national Learning Disabilities Mortality Review Programme in order that the right death can be reviewed. Then, all the relevant information from various agencies needs to be available to the local reviewer of the death. By ensuring all partners have the ability to share information it will help to identify people with learning disabilities who have died, and facilitate the conduct of a review of their death. Ultimately, this will contribute to local intelligence about potentially avoidable, contributory factors related to the deaths of people with learning disabilities, and will assist signatories to this agreement in reducing premature deaths in this population.
The aim of this information sharing agreement is to document how the signatories to this agreement will share information to learn from the deaths of people with learning disabilities so that service improvements can be made.
This agreement does not cover other information sharing between the signatory agencies that take place outside of the Learning Disabilities Mortality Review Programme. These transactions will be covered (where appropriate) by separate information sharing agreements.
Section 3. Legal Basis for sharing and what specifically will be shared
The Data Protection Act only applies to living people. However, the principles of the seven Caldicott Principles are important and should always be borne in mind. These are
1. Justify the purpose(s)
2. Don't use patient identifiable information unless it is necessary
3. Use the minimum necessary patient-identifiable information
4. Access to patient identifiable information should be on a strict need-to-know basis
5. Everyone with access to patient identifiable information should be aware of their responsibilities
6. Understand and comply with the law
7. The duty to share information can be as important as the duty to protect patient confidentiality
These principles have been subsumed into the NHS confidentiality code of practice.
Common law duty of confidentiality. Health records relating to deceased people do not carry a common law duty of confidentiality. However, it is Department of Health and General Medical Council (GMC) policy that records relating to deceased people should be treated with the same level of confidentiality as those relating to living people. Further information can be found at: http://www.gmc-uk.org/static/documents/content/Confidentiality_-_English_1015.pdf
The GMC makes it clear that confidentiality is an important duty, but it is not absolute. Doctors can disclose personal information if:
· it is required by law
· the patient consents – either implicitly for the sake of their own care or expressly for other purposes
· it is justified in the public interest
The public interest The GMC clarifies that confidential medical care is recognised in law as being in the public interest. However, there can also be a public interest in disclosing information. Research, epidemiology, public health surveillance, and health service planning and improvement are important secondary uses made of patient information; each of these uses can serve important public interests. The LeDeR programme falls into this category.
The NHS Act 2006 Section 251 of the NHS Act 2006 (originally enacted under Section 60 of the Health and Social Care Act 2001), allowed the common law duty of confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable. Under this legislation, the national Confidential Advisory Group (CAG) advises the decision-makers, the Health Research Authority and the Secretary of State for Health, whether applications to process confidential patient information without consent should or should not be approved.
See more at: http://www.hra.nhs.uk/about-the-hra/our-committees/section-251/#sthash.6vcnwtYU.dpuf
You may disclose identifiable information without consent if it is approved under section 251 of the NHS Act 2006. This confirms that the work can be justified in the public interest and it is either:
· necessary to use identifiable information, or
· not practicable to anonymise or code the information
· and, in either case, not practicable to seek consent
The Learning Disabilities Mortality Review Programme has Section 251 (of the NHS Act 2006) approval for the use of patient identifiable information in order that reviews can be undertaken of the deaths of people with learning disabilities.
Specifically, this provides assurance for health and social care staff that the work of the Learning Disabilities Mortality Review Programme has been scrutinized by the national Confidential Advisory Group (CAG).
The CAG is appointed by the Health Research Authority to provide expert advice on uses of data as set out in the legislation, and advises the Secretary of State for Health whether applications to process confidential patient information without consent should or should not be approved. The key purpose of the CAG is to protect and promote the interests of patients and the public whilst at the same time facilitating appropriate use of confidential patient information for purposes beyond direct patient care. More information about Section 251 approval is available at: http://www.hra.nhs.uk/about-the-hra/our-committees/section-251/what-is-section-251/
In practice, what this means is that you may disclose identifiable information without consent for the notification of deaths of people with learning disabilities, and for contributing to reviews of their deaths.
Local data sharing agreements
Information sharing protocols set out a common set of rules to be adopted by the various organisations involved in data sharing. These are likely to be in place as part of an existing contract between organisations; they could however, be supplemented by Individual Data Sharing Agreements for specific data sharing arrangements (e.g. reviews of deaths of people with learning disabilities) between stakeholders.
As the LeDeR Programme has Section 251 approval, individual data sharing agreements are not additionally required. However, local agencies may wish to formalize their own individual data sharing agreements to supplement Section 251 approval.
Further disclosure and use of information shared between agencies
All staff are reminded that patient-identifiable information shared within the LeDeR programme is done so for specific purposes relating to reviewing deaths of people with learning disabilities. Any further use of that information is not permitted.
Information entering the LeDeR Programme
All deaths of people with learning disabilities will be notified to the LeDeR programme. Only those deaths occurring between ages 4 and 74 (inclusive) will be subject to review.
For any case being reviewed by the LeDeR process, agencies that have been involved with the decedent may be asked to research and provide relevant information to the local reviewer so that the reviewer will have as full a picture as possible when assessing the circumstances leading to the death, identifying best practice, and agreeing an action plan for any service improvements if necessary. All agencies will be expected to provide information to the local reviewer on request. The local reviewer for that individual death will be the single point and will gather and collate information on behalf of the LeDeR Programme.
All partner to this agreement, who are sending or receiving sensitive personal data electronically, must do so securely, via secure email, the LeDeR Programme secure web-based portal or by hand. Fax will only be used to transfer information in circumstances of operational emergency, and only with due caution and appropriate safeguards in place. A test fax should be sent ahead of the information in question, to a named recipient who is stationed next to the destination fax machine. Confirmation of safe receipt should be sought before sending the sensitive information.
The outcome of the review of the death and any associated action plan will be recorded centrally on the secure LeDeR web-based platform.
Section 4: Description of arrangements including security matters
Compliance
The Information Governance Lead for the LeDeR Programme will ensure that the necessary arrangements are in place and are being implemented for secure transfer of information.
Each partner agrees that they will put into effect the requirements below in order that the following points are complied with:
· Risk assessment of the vulnerability of the premises to burglary and theft.
· Appropriate information security protocols are followed to protect personal data.
· Laptop computers or other portable electronic storage devices or removable media used by staff working or contributing to the LeDeR Programme are encrypted to protect any personal data processed on such devices.
· All staff accessing information follow the principles and standards that have been agreed and incorporated within this Purpose Specific Information Sharing Agreement.
· Staff accessing the IT systems of another agency are appropriately trained for that use.
· Confidentiality agreements are included in the contracts of all staff working in or contributing to the LeDeR Programme.
All signatories to this agreement accept responsibility for ensuring that all appropriate security arrangements are complied with. Any issues concerning compliance with security measures will form part of the annual review of this agreement.
Sanctions
Any unauthorised release of information or breach of conditions contained within this agreement will be dealt with through the internal discipline procedures of the individual partner agency. In health this will be through the Caldicott Guardians.
All parties are aware that in extreme circumstances, non-compliance with the terms of this agreement may result in the agreement being suspended or terminated.
Training / Awareness
All partners will hold a copy of this agreement. It is the responsibility of each partner to ensure that all individuals likely to come in contact with the data shared under this agreement have an appropriate level of Data Protection training, and fully understand the terms of this agreement and their own responsibilities.
Partner’s Building and Perimeter Security
Information will be stored in secured premises, e.g. not in areas where the public have access.
Movement of Information
Information will be sent and received electronically whenever possible, to ensure there is an audit trail of its movement.