Specific responsibilities of people who work in health and social care settings

The Data Protection Act 1998

Sets out rules governing the processing and use of personal information in health and social settings. 

Act covers:

       Information stored electronically on computers, mobile phones and on social media.

       Paper-based personal information

       Against the law to have photographs of service users without their permission.


1 of 13

Eight key principles of the Data Protection act

Data must:

  • Be accurate and up to date
  • Be collected and used honestly and fairly
  • Be used only for the reasons it has been given
  • Be sufficient to meet the needs of the organisation
  • Not be passed on to other organisations without permission
  • Not be kept longer than is necessary
  • Be kept safe and secure
  • Not be passed to other countries without data protection laws
2 of 13

Information management and communication

  • Applying requirements of the data protection act 1998

  • Adhering to legal and workplace requirements specified by codes of practice in specific health and social care settings

  • The recording, storage and retrieval of medical and personal information, to include electronic methods, mobile phones, social media, written records, use of photographs 

  • Maintaining confidentiality to safeguard service users

  • Respecting the rights of service users where they request confidentiality

  • Following appropriate procedures where disclosure is legally required.

3 of 13

Information management and communication

Data that an employer in health and social can keep about their employees:

  • Name, Address, Date of birth, Gender, Emergency contact details, Education and qualifications, Employment history and work experience, National insurance number and tax code

  • Details of any known disability

  • Family details

  • Information about criminal convictions

  • Health issues

It is very important that service users are able to trust that their personal information is treated as confidential and only shared with people who have legitimate reason to know about their circumstance and preferences.

4 of 13

Recording and storage of data

The Act covers the policies, procedures and systems for:

·         Storing information confidential information should be stored in locked filing cabinets, in a locked room. Information held electronically should be protected by a secure password.

·         Accessing information- members of staff in the organisation who are allowed access to this information should be clearly identified. Staff should never have access to personal information that they do not need to know. Where information is stored electronically, only the relevant staff should have personal access passwords.

·         Sharing information - information should only be shared with other professionals who have a need and a right to know it.

5 of 13

Legal and workplace requirements

       Data protection Act (1998) and requirement confidentiality – are within all policies and procedures in Health and Social care settings

       Embedded in the codes of practice of the professional body that regulate HSC staff.

        ALL employees and volunteers have responsibility to ensure that confidentiality of services user’s information is protected.

       If they spot weakness in procedures they must suggest improvements – helps to ensure safety and security of service users and respects their rights to confidentiality.

6 of 13

Confidentiality, safeguarding and legal disclosure

       All personal records must be kept safely and securely and used only for the purpose that they are intended for.

       Must not be available to anyone who do not have a valid professional need to know the details.

       Safeguarding policies must be follow if someone has disclosed they are being abused or at risk (child or vulnerable adult).

       Must explain to service users that their disclosure will be shared with senior member who will then support them.

7 of 13

Accountability to professional organisations/ bodi

·         Nurses/Midwifes - The Nursing and Midwife Council (NMC)

·         Nurses - The Royal College of Nursing (RCN)

·         Physiotherapist/Speech and Language Therapist/Social Workers - The Health and Care Professions Council (HCPC)

·         Hospital Doctors/GP’s - The General Medial Council (GMC)

The standards of professional practice expected of professionals working in health and care settings are regulated and monitored by the professional bodies.

8 of 13

Accountability to professional organisations/ bodi

The specific regulations vary according to profession. However, each professional organisation monitors the:

·         level and content of the initial education and training of members of their profession.

·         ongoing professional development and the requirement to keep up to date, and to complete further training often called continuing professional development (CPD).

·         standards of professional practice in their everyday work.

·         standards of personal conduct, both at work and in leisure time.

9 of 13

Code of professional conduct

       Organisations have codes of practice for members which must be followed.

       When a member is accused of failing to meet the standards set, they will be investigated.

       In extreme circumstances the member can be removed from the professional register and barred from professional practice.

       The organisation will also have regulations which outline the formal procedures – dealing with complaints or concerns (about qualifications & professional practice).

       Include specific procedures to investigate unprofessional practice reported by professionals about their colleagues – whistleblowing.

10 of 13

Revalidation procedures

To remain on the register professional bodies requires all members complete regular CPD.

       Training on the use of new procedures or new treatments

       Training on the use of new equipment

       Providing evidence that a registered person reviews and learns from their own practice.

       Members must always provide evidence they are up to date with current safeguarding regulations.

11 of 13

The Care Certificate

       Non-statutory requirements – it is voluntary and can be used alongside the specific induction programme for that setting.

       It provides an identified set of standards that health and social care workers should follow in their daily working life.

       Employers are expected to implement the care certificate for all new starters from April 2015

       Employees are required to meet its standards before they can work with patients.

*This replaces the Common Induction Standards (CIS) and the National Minimum Training Standards (NMTS).

12 of 13

How personal information might be managed by profe

       treat information about patients with confidentiality

       communicate with relevant individuals

       pass on medical information, e.g. from GPs to hospital consultants where further treatment is needed

       obtain permission when information about is shared

       share information in a way people understand according to their needs (alternative forms)

       respect the legal responsibilities of disclosing information/data protection

       follow policies and procedures

       implement protection measures, e.g. for those who are the focus of the information and the professionals who manage the cases. 

13 of 13


No comments have yet been made

Similar Health & Social Care resources:

See all Health & Social Care resources »See all Applying care values and principles resources »