DATE OF LAST REVIEW November 2017
DATE OF NEXT REVIEW November 2018

Revised in March 2018 for GDPR

RESPONSIBLE FOR POLICY REVIEW Rachel Cole/ Business Development Manager
APPROVED BY Rachel Cole
AUTHOR Rachel Cole

The Data Protection Act 1998 is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system. It follows the EU Data Protection Directive 1995 protection, processing and movement of data. Individuals have legal rights to control information about themselves.. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles to ensure that information is processed lawfully.

InSafeHands Ltd is obliged as an organisation to protect the integrity and confidentiality of personal data held by us with regard to our clients and employees. Individual employees also have that obligation. Unauthorised disclosure of data whether it is oral, printed, hand-written, computer based must be avoided.

From May 2018 we will need to further demonstrate compliance with General Data Protection Regulations (GDPR) – steps that we should take are covered under the following headings;

  1. Awareness that the decision makers are aware that the law is changing.
  2. Information that we hold is documented and clients understand what we have and who we may share it with.
  3. Communicating private information – the information that we provide that tells someone how we use their information
  4. Individuals rights have been strengthened under GDPR
  5. Subject access requests whereby we have to respond in a timely manner to freedom of information request for free.
  6. Lawful basis for processing personal data and why it is needed
  7. Consent needs to be clear where consent to use data and information is sought and required.
  8. Data breaches if detected are reported and investigated
  9. Data Protection impact assessments may be required and undertaken if mandated.

InSafeHands Ltd take a very serious view of our responsibilities and require each appropriate individual to comply with the data protection principles. If you knowingly disclose personal information contrary to this policy you may be held personally liable to criminal sanctions. In addition, any breach of this policy may render you liable to disciplinary action.

“Data” means information recorded in a form in which it can be processed by equipment operating automatically in response to instructions given for that purpose and includes computer-generated material.

“Personal Data” means data consisting of information relating to an individual who can be identified from that information (or from that and other information in the possession of a data user), including any expression of opinion about the individual.

In practice, this means any data recorded on our computers relating to a living person.

Personal data must:

  • Be obtained and processed fairly and lawfully;
  • Be held only for the purposes for which it is specifically registered;
  • Be used only for those purposes registered and only be disclosed to those people described in the register entry;
  • Be adequate, relevant and not excessive in relation to those purposes;
  • Be accurate and, where necessary, kept up to date;
  • Not be kept for longer than is necessary.

An individual is entitled:

  • To be informed whether personal data is held of which they are the subject;
  • To access any such data;
  • When appropriate, to have such data corrected or erased.

InSafeHands Ltd will take appropriate security measures against unauthorised access to or alteration, disclosure, or destruction of personal data or accidental loss or destruction of personal data.

Currently paper copies are kept along with scanned IT copies of all client and staff files.

Once we have moved to a new IT system, which is planned, then we will encourage improved use of IT systems with cloud back up.

CLIENT DATA

This section specifically refers to data held about InSafeHands Ltd clients and includes the recording, processing and security of personal and sensitive information relating to them and people who work with them.

Data relating to a client must not be disclosed to third parties unless the client has given express written consent or if the data is related in any way to a best interests or safeguarding concern where disclosure is required to a third party i.e. the local authority. In this instance information must only be shared on a need to know basis for the purpose of any ongoing investigations. Whilst it is our ultimate responsibility to ensure that personal data held concerning a client is up to date, accurate and taken for lawful purposes, it is our duty to ensure that the information is correctly taken from the client and accurately entered on to our database.

The InSafeHands Ltd will deal with the request accordingly. InSafeHands Ltd must never leave clients records, other than in a person’s own home where it is their personal belonging for that time that the client is in our care. It is InSafeHands Ltd’s responsibility to ensure that the any records and systems are backed up on a regular basis and to ensure that there is no loss or destruction of personal data. If you are aware of any errors or have any concerns regarding personal data you must report these immediately.

Appropriate security measures must be taken against:

  • Unauthorised access to or alteration, disclosure, or destruction of personal data;
  • Accidental loss or destruction of personal data.

When answering telephone calls:

  • Identify the caller;
  • Never disclose personal data or details to the general public;
  • Ask questions so that you can be reasonably assured that the caller is genuine;
  • Establish what information is required – ask yourself:
  • Is the caller entitled to the information?

Whether this a normal business enquiry;

  • Whether the call could have access to the data anyway;
  • If the caller is not the data subject can they have the information? E.g. with a Power of Attorney.

It is also important to remember to never discuss / disclose sensitive information, for example:

  • Medical / disability details;

Employment history;

  • Convictions;
  • High value personal belongings;
  • Sensitive information;

Unless you are absolutely certain of the identify of the caller and that he / she is entitled to be told the information;

If no proof is given or if you are in doubt as to whether the caller is entitled to the information, insist on them making their request in writing.

Failure to comply with the above could be treated as misconduct.

It is also a criminal offence to hold, use or disclose personal data which needs to be but is not which is not registered or to use it for a purpose other than that registered – this offence applies both to us and the employee concerned.

Where it is considered necessary for personal data to be used or disclosed for a purpose for which it is not registered, you should inform us.

Staff who receive requests for disclosure of personal data should refer such requests to the office team.

Summary of the Data that we collect

Personal details; of name address and telephone number along with photo ID InSafeHands Ltd need to have these details so that we can contact the clients and attend their address to give care. Telephone contact is essential for ourselves and other service providers linked to the clients care. We may need to share these details with social services or other care providers, e.g district nurses or the fire and rescue service. We gain consent to do this.

We will also take a photograph of the client for ID purposes, this ensures that office and car staff can identify the individual and in terms of an emergency, e.g the client going missing we can share this ID with the police for assisting them –this is in keeping with the Herbert Protocol.

Religious and cultural beliefs

Next of kin and their contact details We need to liaise with those designated to assist in care needs or people who have power of attorney to help with decision making
Herbert Protocol completed form for clients with dementia This form and the information is intended to assist care workers, partner

agencies and the police if the person it refers to goes missing.

Directions, Access to the property & key codes This information allows access to client’s property and is available in the client information lists that are shared with corers so that they can access client’s homes.
Expressed consent We gain consent from clients so that if it is in their best interest we will need to share information. Permission is given to also take/share photographs, At times carers may need to use the clients land line, e.g to call the GP, this consent is also sought. Along with agreement to store the information on paper files and electronically on our systems.
Personal information Relevant information, essential to enabling us to care for our clients, such as a past medical history, or whether the client has capacity to make decisions
Care plans A care plan is populated to identify the exact support a client needs, including how may calls, the duration and the necessary tasks that need completing.
Additional information is noted regarding medication, mobility, continence, nutrition,
Information reviews These occur annually so as to ensure information is up to date and relevant.

How we process data;

Data is collected manually by one of our senior team members, this occurs during a personal assessment or review meeting in the client’s home.

The written information is then transcribed to our electronic system and filed in both the clients’ paper files, which are currently used for ease of “hands on” access and the on call team but also on line. We are in the process of introducing a new system, Mobizio, mid 2018 whereby all the information will be recorded and kept electronically and backed up in the cloud.

What is the procedure for when a client is removed from our services?

All paper files are scanned into Dropbox and then the hard copies are shredded.

All electronic files are archived and remain on the IT systems, again the cloud back up is planned for this.

This information is retained and not destroyed.

What information do we keep re our staff?

Personal details; of name address and telephone number Information is needed so as to be able to contact employees or next of kin, both in and out of office hours.
Application process forms Information is needed so as to be able to ensure safe recruitment practices are followed and that staff are appropriate to work with vulnerable adults.

Contract of employment copy to ensure that staff work their contracted hours.

Bank details To allow the company to make salary payments to staff.
All training certificates and qualifications To ensure that all staff are trained to undertake the job role
Supervision records To ensure that staff are supported and have a 1:1 opportunity to discuss their role and reflect on their clinical practices.

How we process data;

Data is collected manually by one of our senior team members who undertakes the recruitment process, this occurs during the application process and as part of personal interview

The written information is then transcribed to our electronic system and filed in both the employees’ paper files, which are currently used for ease of “hands on” access. We are in the process of introducing a new system in mid 2018 whereby all the information will be scanned and or recorded directly and kept electronically and backed up in the cloud.

What is the procedure for when a carer leaves our services?

All paper files are scanned into Dropbox and then the hard copies are shredded.

All electronic files are archived and remain on the IT systems, again the cloud back up is planned for this.

This information is retained and not destroyed.

Contact Us

Have a question? Send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search

X
X