Dorset SENDIASS confidentiality policy
SENDIASS is a confidential service. Service users include children and young people with special educational needs and/or disability and their parents and carers.
Service users have a right to expect that information they share with us will be respected and not passed on to others without their permission, including to family members, schools and Dorset Council (DC).
We use information to:
- help us to carry out our work offering information, advice and support
- get statistics which help us make decisions such as how to use staff where they're needed
- to work out how well the service is working and whether different groups of people are using the service
Any information shared with the us is protected in compliance with the Data Protection Act and under the General Data Protection Regulation (GDPR).
As SENDIASS we will not share information without consent except where:
- we have reason to believe that a child, young person or vulnerable adult is at risk of harm. This may be if a member of staff or a volunteer is told about actual abuse, or they themselves suspect it or if they're told by a third party of suspected abuse
- illegal activity threatens the safety of staff or service users
In agreement with DCC, we will release data we hold directly to the young person where they're over the age of 16, or their parent or carer for any request we receive under the Data Protection Act. Our information will not be part of the information DC sends.
Any young person who is of the right age, maturity and capacity (the guide is someone 12 years old and over of typical development and capacity) can request copies of their records and can refuse consent for anyone else to access their records. This includes refusing access by parents or carers.
This policy makes sure that you as a service user can have confidence in the confidentiality of the information they provide.
We encourage you to share relevant information with school staff and other services or individuals where it's in the best interest of the child or young person to do so. As SENDIASS we won't share any information without permission.
As SENDIASS we will:
- respect your right to privacy as a service user
- respect your right to contact us anonymously and in confidence as a service user
- adhere to our commitment to principles of confidentiality in our relationship with you as a service user
- give priority to child protection issues and deal with them in accordance with safeguarding policy
- make sure we let you know your rights in relation to the data we hold about you and the release of this data
- make sure all our staff and volunteers receive training in confidentiality issues and a copy of this policy
- make you aware of this policy when you first approach our service and let you have a copy if you ask for one
- ask your permission to record personal details and to store data in the electronic case management system when they first approach us
- take referrals from anyone other than children or young people or their parents or carers only if we have permission for this to happen
- make any documentation we hold on the parent or carer or their child or young person available to you on request, unless it's been provided by the child or young person and they don't agree to it being shared in this way
- ask for permission from parents or carers before contacting other professionals or services involved with the family or who may be involved with the family in the near future, except in circumstances relating to child protection
Recording and sharing information
As Dorset SENDIASS we use an electronic, cloud-based case management system that's not shared with DC. Our database meets legal requirements and DC standards for data protection.
SENDIASS officers will keep case notes for each referral they've received on the central database. Case notes normally include:
- basic personal details of the referral that's been made to us
- a brief summary of case progress
- agreed action
- final outcome when one is reached
The SENDIASS officer involved will decide the level of detail they need, but it should be enough so that a colleague can take the case over if anything happens. We will only keep personal contact details with your permission. We will normally keep hold of documents until the young person's 25th birthday when they will be destroyed.
If we're processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind or if you're unhappy with how we're using your personal data, let us know by contacting the SENDIASS line manager.
The information, personal details and records of service users are not provided to DC in service audits or feedback. Anonymised data is used where necessary for audits or analysing themes that DC should be aware of to improve the experiences of service users.
Storage of information
SENDIASS officers are home-based. Most information is stored electronically on the secure database. We provide a lockable filing cabinet for them to use at home to store any paper-based notes and correspondence. All SENDIASS documentation should be stored securely in this cabinet which must be kept locked.
Documents relating to ongoing cases should be kept by the SENDIASS officer. Documents relating to closed cases, when it's not possible to scan them to the electronic case management system should be passed to the SENDIASS manager to archive for 12 months after the date of the last correspondence. We can bring documents back from archive if we receive a referral.
We use DC hardware and software for electronic-based documentation such as emails. The hardware and software have all the necessary security safeguards and archiving facilities that the data protection law requires, and they also keep your information confidential.
We require all staff to adhere to the DC ICT security policy and standards. You can ask us to get a copy of these from the DC staff intranet. Our SENDIASS manager organises appropriate training for all staff. Staff are responsible for making sure they follow all the correct procedures and protocols to keep electronic data safe and secure.
Review of this policy
We review this policy annually. We also review it if there are changes in the laws about data protection. Our SENDIASS manager and/or the SENDIASS steering group review this policy, depending which is more appropriate.
We let people know when we issue an updated version of this policy. These include:
- SENDIASS officers
- other agencies
Our SENDIASS officers will make sure that parents or carers of any active cases at the point of policy update are aware that an updated version of the policy is available. We can supply a copy or direct them to the DC website.
Updated November 2018.