Focus Care Link’s policy on access to records can be included as part of its general policy on records and record keeping or as a separate policy, which is described as follows. It should be used with reference to the Data Protection Policy.
This policy sets out the values, principles and procedures underpinning this care provider’s approach to enabling service users to have access to their records and other information held by the service about them, and when third parties can have authorised access to a service user’s records.
It is written in line with Regulation 17: Good Governance of the Health and Social Care Act 2008 (Regulated Activities 2014) which requires care providers to have secure record keeping systems with policies on authorised access and sharing.
Policies are needed that enable service users to exercise their legal and moral rights to have access to the information about them held by Focus Care Link. Focus Care Link has no authority over records kept by other agencies involved with the service user, but it assumes that these agencies, e.g. health services, will have their own policies and procedures, which the service user would follow if they wished to have access to these records.
Service users should have access to their own records in line with data protection requirements.
Any access to records must always be considered in terms of Focus Care Link’s confidentiality policy. This means that such information must not be made available to other people and anyone else mentioned in the records should have their identity protected. Data protection law does not give the user the right of access to information about other people.
The implication of the legislation is that records are shared with the individuals concerned as they are made. This allows for openness, agreement between worker and service user and the potential for greater accuracy. Only in rare circumstances should access be refused. The person seeking access to information should have Focus Care Link’s policy carefully explained to them.
Any request from service users for access to their personal file must be discussed with the registered manager, who takes the decision as to what may or may not be shared.
In forming a policy the guidelines listed below should be followed.
1. Focus Care Link is accountable to the user for all information it holds about them; staff are responsible for recording on personal files and any information sharing in line with Focus Care Link’s policies.
2. Authorised people external to Focus Care Link do not normally have access to users’ files, but may request it for specific purposes such as part of an inspection, undertaking a quality review, conducting an investigation or following up a complaint. Service user consent should be normally obtained for any such purposes.
3. Any information in the file that is in a restricted information section cannot be accessed. The marking of information in the file should be supported by a reason for it being regarded as confidential. Where the request for information is concerned with legal action the matter should be referred to Focus Care Link’s legal advisors, who can decide whether access to the information can be given.
4. Information should not be accessed where it might result in the risk of serious harm, of any form, to the person or someone else, including a staff member.
5. Information should not be accessed if it is concerned with the prevention or detection of crime or apprehension or prosecution of offenders, if it would prejudice one of these purposes.
6. Personal health information can only be accessed following consultation with the health professional concerned. However, health information which arises from information within Focus Care Link’s experience of working with the service user, but not from health professionals, may be accessed.
7. Where the information concerns health matters, the health professional must be contacted and their opinion given as to whether the giving of the health information would pose any risk to the individual seeking the information or to any third party. Where such risk is indicated the information should be edited.
8. Legal advice is privileged information and should not be disclosed, as are court reports. The person seeking access may nominate, giving their permission in writing, an agent to acquire the information for them.
9. Where the person concerned is a young person under 14 years of age it would be expected that their parent or guardian would be nominated to have access on their behalf.
10. People who are unable to manage their own affairs because of mental illness or mental disability may be represented by a person nominated under the Court of Protection, or who has power of attorney, or is an authorised agent.
11. The person should give notice in writing that they wish to have access to their records when these records are not held within Focus Care Link. Staff should discuss any request for access with Focus Care Link manager.
12. Relatives, friends and third parties have no automatic right of access to a service user’s confidential records and will need to obtain the consent of the service user or follow the corresponding procedures if the person lacks mental capacity to give their consent before they can have access to them. (See section on Third Party Access.)
13. There is a separate policy in the case of relatives or representatives who seek to have access to the records of a service user who has died. (See the policy on Applications for Access to a Deceased Service User’s Care Records.)
It is permissible in some instances to allow requests from a third party to have access to an individual service user’s records. Where the person has mental capacity, their consent will always be needed. Where the person might lack the capacity to give their consent, the request might be allowed under certain circumstances.
Focus Care Link accepts that it is reasonable for someone with Lasting Power of Attorney (LPA) for Health and Welfare, which has been registered with the Court of Protection, to access a service user’s records and information to which a service user has right of access; that is where the information contained will help or enable the LPA to carry out their lawful duties. The information requested should be relevant to the best interest decisions that the LPA must make on behalf of the person they are representing.
The LPA should make any request in writing (see Forms for a letter template). Where it is reasonable and lawful for the LPA to access the information, a formal agreement will then be reached on the means of access, which will also follow confidentiality and data protection principles and procedures.
It is important to have procedures to check:
a. that only authorised people have access to and use files
b. the security of files
c. their whereabouts at all times.
The following information should be recorded and monitored:
a. name of person borrowing and in possession of the file
b. signature of borrower
c. purpose in removing the file
d. name or signature of person authorising removal of file
e. date and time of removal
f. date and time of replacement in the cabinet
g. signature of person returning the file.
All staff receive training in the access to records policy at induction and whenever changes need to be made to it.
Management November 2020