19/12/05 - How CSCI share information about service providers
Guidance:
Sharing Information gained during regulatory activity
OUTCOME:
1. Information gained during regulatory activity is shared appropriately.
MAIN POINTS:
2. CSCI is committed to principles of openness and accountability and will, wherever appropriate, share information in the spirit of the Freedom of Information Act:
" To promote improvements in social care
" To work in partnership with other regulators
" As part of our role in the systems that aim to protect people who are at risk.
3. Information sharing by CSCI should always be fair and proportionate, within legal parameters designed to provide proper safeguards for individuals and organisations to which the shared information relates (e.g. the Data Protection Act and our code of practice on confidentiality). To achieve lawful information sharing, proper consideration must be given, on a case-by-case basis as to:
" Why we need to share information
" Who we need to share information with
" What information we need to share
" How we need to share information
" When we need to share information
4. Decisions about when to share information will need to be reviewed frequently as circumstances progress. The balance of risk if information is, and is not, shared, may change over time.
GUIDANCE
Reasons why we may need to share information
5. A decision about whether information should be shared may arise when:
a. We receive a request for information (e.g. from the police when investigating a possible crime)
b. We are being pro-active in promoting improvements in social care (e.g. as part of our regional improvement strategies or during enforcement action)
c. We are working in partnership with other organisations (e.g. when a local authority is leading action to protect people who are at risk)
6. Some statutory bodies have legal rights to obtain information from us. When doing so, they should quote the legislative basis for their request. CSCI must always comply with properly made statutory demands and therefore an information sharing decision will not arise. If the body making the request is unable to quote the legislative basis for their demand, it may be refused.
7. In some cases CSCI may not be satisfied that the requesting body has adequately quoted the legislative basis for its request or, alternatively, that it has no such legislative basis for requesting the information sought. Before refusing such requests, CSCI will - in the interests of openness and co-operation - consider whether some or all of the information requested can be provided under the provisions of any other legislation - such as the Freedom of Information Act.
8. CSCI may decide it is sufficient to draw attention to information we have already published or we may need to consider sharing unpublished information. When considering the disclosure of unpublished information, reference should be made to guidance on the Data Protection Act that is available on the legal channel.
9. Decisions about sharing information may be complex. There may be a difficult balance to be struck between competing risks associated with both sharing and not sharing information. When these difficult dilemmas arise, it is particularly important that the decision making process is rigorous and well documented. Staff making these decisions may need to seek support from line management and legal services. In the context of enforcement, information sharing decisions should not rest with a single inspector alone, but should always be considered as part of the management review process. Some illustrative examples of the types of information sharing decisions that CSCI staff may encounter are given at Appendix 1.
10. The reasons why we may need to share information are considered above. Further illustrative examples are given in the Annex to this document.
11. It is important to record the reasons why we believe it is appropriate to share information. We need to be clear what our aim is, why we think it is reasonable, and consider the implications both of sharing and not sharing. A form for this purpose is attached at Appendix 2.
Who we might need to share information with
12. CSCI works with many different stakeholders including organisations and individuals like:
" The police,
" Local Authorities
" Primary Care Trusts
" Registered organisations
" Government bodies including other regulatory bodies
" People who use social care services and their carers
13. Individual decisions need to be taken on which of these stakeholders we need to share information with. Our decisions will be based on whether they need the information to improve social care, carry out an investigation or, without it, may expose a person to unacceptable risk.
14. Where information is to be shared with a local authority, primary care trust or other body that commissions, or purchases, services on behalf of people who use them, thought will need to be given to which is the appropriate department within that body. Where the information to be shared relates to a range of bodies (i.e. involving a range of out of area placements), they may work jointly and a 'host' authority may take the lead in co-ordinating action.
What information we may need to share
15. Information to be shared should comprise that which is needed to improve social care services, enable an investigation or to protect people from risk. In many instances, it will be appropriate to signpost people to CSCI's published information. Personal, private information should not be shared if service related detail is sufficient for the purpose.
16. Where consideration is given to sharing personal, private information, action must be taken in accordance with:
" CSCI's code of practice in relation to confidential information.
" Guidance on the legal channel about disclosure of personal data under the Data Protection Act
17. It is important to be clear about the nature of information to be shared. We should distinguish between factual information we know to be true and unproven information. We must be careful not to include unfounded inferences. For example if CSCI needs to quickly share details of a complaint with a local authority to protect someone from potential abuse, it should be made clear that the complaint has yet to be investigated and that its accuracy remains to be confirmed.
18. Where information is shared, it will be made available for a specific purpose and the receiver will be asked not to pass that information on, or use it for another purpose, without first consulting and gaining agreement from CSCI.
19. Only information that is obtained properly by CSCI for its own legal functions can be considered for sharing. CSCI must not obtain information on behalf of other authorities because the other authority does not have powers to get the information they want for themselves. For example, a concern may trigger an unannounced inspection, during which we may obtain information that may be shared as part of multi-agency safeguarding arrangements. However, it is not acceptable for CSCI to visit a care service and remove documentary evidence on behalf of other organisations. There is a high risk of legal proceedings if CSCI were to attempt to gain information that exceeds its powers in this way.
How we may need to share information
20. Information may be shared, for example, through:
* Partnership working e.g. multi-agency Child Protection and Safeguarding Adults arrangements
* Pro-actively e.g. discussion in the context of Regional Improvement Strategies
* Directly in response to requests e.g. from specific organisations or individuals
21. Multi-agency Child Protection and Safeguarding Adults arrangements include important mechanisms to ensure that the investigation and prevention of abuse and associated information sharing are handled properly in a co-ordinated way across agencies. Wherever abuse is suspected, information should be shared through these arrangements.
22. Where local multi-agency protection arrangements are not sufficiently well developed to operate as envisaged by DH and DfES child and vulnerable adult protection systems, discussion may need to be held locally with the lead agency to seek improvements.
23. Multi-agency Child Protection and Safeguarding Adults arrangements will need to include a mechanism for a partner organisation to share concerns about services provided by the lead or other partner organisations e.g. where a concern arises about a local authority care service.
24. Proper consideration should be given to the security of information shared. For example, secure methods of transmission (e.g. land line phone, by hand, recorded delivery) should be used rather than facsimile transmission, e-mail and mobile phone. Information should not be given in response to telephone requests, before the identity of the caller is checked (i.e. by calling back to check that a person works for the organisation they say they do).
When we may need to share information
25. Information should be shared as soon as a need to do so arises, as part of action, to improve services, so that they are safe for the people who use them.
26. In some instances, sharing information with some stakeholders may need to be delayed where disclosure might prejudice the gathering of evidence e.g. information shared with a service provider may prompt a member of their staff to destroy important evidence. Where this is the case, a multi-agency approach will need to be agreed to ensure people are safeguarded whilst evidence gathering takes place as quickly as possible.
Decision taken not to share information
27. If CSCI decides not to share information in response to a request, we will explain the reasons for the refusal including reference to Freedom of Information Act provisions. Further guidance on the Freedom of Information Act and refusal to disclose information in response to a request is available on the legal channel.
Appendix 1
Information Sharing Scenarios
The following scenarios are designed to help CSCI staff make decisions about information sharing dilemmas that they may face. There will always be a unique set of factors in every information sharing decision and these scenarios should not be used as a substitute for a case-by-case approach.
Scenario 1 - sharing information with the police
Q: A police officer asks for access to all documents in our files on a particular care provider against whom we are taking enforcement action. He says he is investigating a crime in which the proprietor is implicated. He says he has legal power to demand this information from us. Should the policeman be given the open access he demands?
A: The police may ask for information in connection with legitimate police investigations. However, there is no element of compulsion and it is for CSCI to decide whether it is appropriate to share the information requested (further guidance on this issue is being developed and will be available on the legal channel shortly). If it is not apparent precisely what information the police are seeking, they may be asked to provide clarification. As part of our role in multi-agency safeguarding arrangements, we may wish to co-operate with the police and share information that we hold, which is also pertinent to police action. It is reasonable to ask the police to alert CSCI if any shared documents are to be produced in legal proceedings.
Scenario 2 - sharing information with commissioning authorities
Q: As part of the regional improvement strategy, we want to discuss, with a commissioning authority, the risk assessment we have made on a local care service provider. Can we share the risk assessment?
A: Until we can be sure that the process for making risk assessments has been implemented successfully, they will not be made public. Information from risk assessments, that is not contained in published reports, but is necessary to promote improvements in social care, may be shared with a commissioning authority, subject to the caveat that it is first shared with the provider and that it comes with a warning that the risk assessment process is in its early stages.
Scenario 3 - sharing information with the NMC
Q: Whilst investigating poor quality care in a care home, the professional failure of a nurse comes to light. Should we tell the NMC?
A: In the first instance, it is the employer's responsibility to be familiar with the process and internal remedial actions which need to be taken by them if a professional in their employ is found to be lacking in competence. The employer is required to establish a development programme for the professional employee. If this is not successfully completed, the employer should refer the professional to the NMC. For other fitness to practice issues the employer should refer the professional to the NMC. However, if the employer fails to do this, then we may alert the NMC.
Scenario 4 - sharing information with the GMC
Q: The GMC are investigating a case of professional misconduct and have asked for access to our files in collating evidence for a hearing. Should we give the GMC the access they want?
A: The GMC does not have a general right to access our files. They do however have a right to require us to provide any information we hold that is specific to a doctor's fitness to practice. If we have specific concerns about a medical practitioner regulated by the GMC, we can alert them and provide them with relevant details.
Scenario 5 - sharing information with other regulators
Q: We have refused an application for domiciliary care agency registration because the proprietor was not a fit person. The proprietor has now made a similar application to The Welsh Care Commission and the Welsh Care Commission has asked us why we refused to register. Can we tell them our reasons?
A: We have a duty to work in partnership with other regulators and will wish to tell them the reason why we refused registration. However, the Welsh Care Commission will need to make their own decision on the application before them and cannot use our refusal as a basis for one of their own
Scenario 6 - sharing information with the media
Q: The local press are doing an article on complaints about a local care home. They have asked for a comment from CSCI. What can we say?
A: CSCI press office should be alerted through the media alert system. The press office will need briefing on the local issues.
Scenario 7 - sharing information about provisional POVA listings with employers
Q: At inspection, someone, who CSCI is aware was dismissed for gross misconduct and referred to the POVA list by a previous employer, is found to have secured new employment working with vulnerable adults. The CRB check performed by the new employer does not show the employee as being on the POVA list although the person has since been provisionally listed. Should the current employer be alerted and if so what information should they be given?
A: In the first instance, CSCI should approach the previous employer and ask them to alert the new employer to the dismissal and the POVA listing. If the first employer is unwilling to alert the new employer, CSCI will supply the POVA team with details of the new employer and details of the employee (name, date of birth, NI number). The POVA team will write to the new employer to advise them to undertake a new CRB check. CSCI will subsequently follow this up with the new employer to check they have ceased to employ the listed person in a care position.
Scenario 8 - referral to the POVA list when care worker employed
Q: Can CSCI refer a person to the POVA list when we have evidence that we consider that the care worker has been guilty of misconduct (whether or not in the course of his employment) that harmed or placed at risk of harm a vulnerable adult?
A: In the first instance, it is the employer's duty to refer staff to the POVA list. CSCI may refer, and will be most likely to do so in respect of registered providers and registered managers who have not been referred by an employer. CSCI may refer other employees where the employer has been encouraged to make a referral but has failed to do so.
Scenario 9 - referral to the POVA list when care worker resigns from employment
Q: A registered manager resigned before action to cancel her registration was finalised. Her employer was intending to make a POVA referral but didn't because she resigned. Should we issue an alert in case she applies to be a registered manager with another employer?
A: Action to cancel registration should not stop because the registered manager has resigned from her employment. Action should be taken to finalise the cancellation and a POVA referral made where appropriate.
Scenario 10 - sharing information to safeguard a child
Q: During the course of an inspection, I identified a child who I am worried may be subject to abuse. After disclosing her worries about the actions of a member of care staff, the child said that she did not want me to tell anyone about what she had said. What should I do, as I don't have the child's consent to share this information?
A: CSCI has a legal duty to safeguard children. If a child indicates that they want to share a concern about their safety, it should be explained to them that it might not be possible to keep the information they provide a secret. Try as a general rule of good practice always to tell children before you start discussions during inspections that you will not pass on their name, or identify who said what, without their consent, EXCEPT if they tell you something that makes you believe that they, or another child or young person, is being harmed. Explain that if that happens, you will need to tell the right person to get the problem sorted out. If however you hadn't said that for the child concerned, you still have a duty to pass on information needed to safeguard a child from significant harm. Wherever possible a child's consent to sharing concerns about their safety, with agencies that can help, should be obtained. However, if you believe a child is at risk of abuse, you should make a referral to multi-agency child protection arrangements, even if the child withholds their consent. You should however still explain to the child what you are doing and why, and what is likely to happen next. Further guidance is available in the document entitled "What to do if you are worried a child is being abused" which is available on the Department of Health website. If you believe that a child is, or is likely to be, suffering from significant harm (e.g. abuse) then this should always be referred directly and promptly to the child protection staff of the local children's social care services authority.
Scenario 11 - sharing information about planned cancellations of registration with placing authorities
Q: We have decided to apply for cancellation of the registration of a care home because of serious failures. We want to alert the placing authorities so they have time to plan alternative provision for the residents. The placing authority might start moving people out before cancellation is granted and stop referring new residents. This could force the home out of business before cancellation is confirmed. When should we tell the placing authority?
A: Your serious concerns about failures at the home should already have been shared with commissioning authorities as part of the regional improvement strategy. Action to improve the quality of services at the home to acceptable levels and safeguard the wellbeing of current and prospective residents should have been addressed as part of that process. The decision to seek cancellation should not have been taken lightly and will stem from very serious concerns about outcomes for residents. You will need to be clear with the placing authority that cancellation is not a foregone conclusion and that an application may not be successful or may be subject to appeals. It will be important to explain to the placing authority that information about our decision to seek cancellation of registration is being shared to allow appropriate contingency plans to be put in place. Placing authorities should not be encouraged to take premature action.
Scenario 12 - sharing information about planned cancellation of registration with residents and their relatives.
Q: We have applied to cancel the registration of a care home because of a serious adult protection issue. Some residents at the care home were not directly affected by the abusive incidents that occurred in the home and are confused as to why CSCI is seeking to close the home when they feel happy living there. What can we say to those residents and their relatives?
A: It is important that we explain to those residents and relatives why we are pursuing cancellation of registration. We can explain that failures found at their home have made us concerned about the wellbeing of residents and that, whilst some residents have not been directly affected, there is a real risk that they may be in the future if improvements sought by CSCI are not secured. We should explain that we have tried, but have been unable, to secure the necessary improvements and feel that seeking cancellation of the home's registration is the appropriate response. We will need to empathise with the residents' view of the home but explain that the risk to their future welfare is serious and real. We should reassure them that action is being taken to ensure they are protected whilst alternative care arrangements are put in place. We should not identify individuals (residents or staff) who were directly involved in the incidents or specific details of the abuse which has occurred.
Scenario 13 - sharing information about adult protection issues that do not involve a named resident
Q: We have identified failures in a care home that have put the adult residents at risk of abuse, although we have not identified a specific named resident who is at risk. Our council will not accept an adult protection referral unless it relates to a named resident. How can we share information about our concerns?
A: DH adult protection systems envisage that local multi-agency protection arrangements should be are capable of considering adult protection referrals that relate generally to a group of individuals within a care home as well as named individuals. If local arrangements are not sufficiently well developed to operate as envisaged by DH, discussion may need to be held locally with the lead agency to seek improvements. It may also be appropriate to discuss a pro-active approach to improving the quality of service within the care home within the context of the regional improvement strategy.
Scenario 14 - sharing concerns with relatives of people who use care services
Q: We have identified failures at a care home that has put a resident at risk of abuse. The resident's relatives are unaware of the home's failures and effect it is having on the resident. Should we alert the resident's relatives to our concerns?
A: A referral should be made to local multi-agency adult safeguarding arrangements. A decision about whether, and if so how, to involve the resident's relatives should be taken as part of the multi-agency approach. It may be more appropriate for social services to liaise with resident's relatives
Scenario 15 - Sharing information about care staff with their employers
Q: We have identified that the practice of a particular member of care staff is having an adverse effect on outcomes for people using a service. Should we raise this with their employer?
A: The registered person is responsible for supervision of their care staff. Identified concerns should therefore be raised with the registered person.
Scenario 16 - Sharing information about discrimination
Q: We have identified discriminatory practice in the course of an inspection. As we have a duty to promote race equality, should we be alerting anyone to this?
A: The issue should feature in the inspection report and be raised with the management of the service to determine what action they are going to take to stop the discriminatory practice. Consideration should be given to whether any clients are at risk of abuse as a result of the unacceptable practice and an adult protection referral made where appropriate. It may also be appropriate to raise the issue with the commissioning authority in the context of the regional improvement strategy.
Appendix 2
RECORD OF DECISION TO SHARE INFORMATION
1. DETAILS OF REGULATED SERVICE INVOLVED:
Name of Service
Type of Service
Subject of Enforcement Action? YES/NO (Delete as appropriate)
In Regional Improvement Strategy? YES/NO (Delete as appropriate)
2. TYPE OF INFORMATION SHARING DECISION (tick)
a) Response to external request for information
b) Consider pro-active approach to sharing information
3. WHY DOES INFORMATION NEED TO BE SHARED (tick)
(a) In response to a statutory demand
(b) To promote improvements in social care
(c) To work in partnership with other regulators
(d) As part of our role in the systems that aim to protect people who are at risk.
4. IF STATUTORY DEMAND, WHAT IS THE LEGISLATIVE BASIS?
5. WHO DOES INFORMATION NEED TO BE SHARED WITH TO ACHIEVE THE AIM (S) IDENTIFIED IN QUESTION 3 ABOVE?
Name Organisation/Status
6. WHAT INFORMATION NEEDS TO BE SHARED TO ACHIEVE THE AIM IDENTIFIED IN QUESTION 3 ABOVE?
Published Information
Unpublished Information
Private, Personal information
7. HAS CONSENT BEEN OBTAINED TO SHARE PRIVATE PERSONAL INFORMATION? IF NO, STATE REASON.
YES/NO (delete as appropriate)
Reason:
8. WHAT ARE THE RISKS ASSOCIATED WITH SHARING AND NOT SHARING THIS INFORMATION?
Risks of Sharing:
Risks of Not Sharing:
9. HOW AND WHEN IS THE INFORMATION TO BE SHARED?
HOW
E.g. provision of photocopied documents (specify which), letter written to convey information (attach copy), conveyed orally to recipient (attach record of conversation). Specify whether shared in context of regional improvement strategy or through multi-agency safeguarding arrangements.WHEN
10. DECISION MAKER (S)
NAME (S) ROLE (S) (e.g. Regulation Manager)
SIGNATURE (S)
DATE
