Purpose Specific Agreement Template for Information Sharing

Template of data sharing agreement for LeDeR Programme

Genericguidancedocument:

PurposeSpecificInformationSharingAgreementVersion3

SharingofInformationtoassistreviewing deaths of people with learning disabilities

Index

Section 1. PurposeoftheAgreement

Thisagreementhasbeen developedto:

Definethespecificpurposesforwhichthesignatoryagencieshaveagreedto share information.

Describetherolesandstructuresthatwillsupporttheexchangeofinformation betweenagencies.

Set out the legal gateway through which the information is shared.

Describe the security procedures necessary to ensure that compliance with responsibilities.

Describe how this arrangement will be monitored and reviewed. This should be after six months initially and annually thereafter.

Thesignatoriestothisagreementwillrepresentthefollowingagencies/bodies:

XXXXXX

Section 2. SpecificPurposeforSharingInformation

The sharing of appropriate information between agencies about people with learning disabilities who have died is vital to identify if any learning could come from a review of their death that will lead to service improvements.The need for effective multi-agency working and information sharing in order to secure improved outcomes is clearly stated in a number of reviews, policy documentation andstatutory guidance.

Sections 3, 6 and 7 of the Care Act (2014) require that:

•local authorities must carry out their care and support responsibilities with the aim ofpromoting greater integration with NHS and other health-related services;

•local authorities and their relevant partners must cooperate generally in performingtheir functions related to care and support; and, supplementary to this,

•in specific individual cases, local authorities and their partners must cooperate inperforming their respective functions relating to care and support and carers whereverthey can.

NHS England’s ‘Commitment to Carers’ (published May 2014 and End of Year Progress Summary 2014/15, August 2015) states the commitment to ‘gather bereaved carers views on the quality of care in the last three months of life in order to address gaps in evidence’ (Commitment 30).

Under the NHS Act, NHSEngland must encourage partnership arrangements between CCGs and local authoritieswhere it considers this would ensure the integrated provision of health services and thatthis would improve the quality of services or reduce inequalities. Similarly, every CCG has aduty to exercise its functions with a view to securing that health services are provided in anintegrated way, where this would improve the quality of health and/or reduce inequalities inaccess or outcomes. The Care Act adds further coherence by placing an equivalent duty onlocal authorities to integrate care and support provision with health services and health related services.

In order to learn from the deaths of people with learning disabilities so that service improvements can be made, we need to ensure that timely, necessary and proportionate mortality reviews are undertaken, involving the full range of agencies that support people with learning disabilities. Each of these agencies will hold a piece of the jigsaw that together create a full picture of the circumstances leading to the death of the individual. Information viewed alone or in silos is unlikely to give the full picture, identify where further learning could take place, or contribute to cross-agency service improvement initiatives.

The relevant information about an individual who has died needs to be shared with the national Learning Disabilities Mortality Review Programme in order that the right death can be reviewed. Then, all the relevant information from various agencies needs to be available to the local reviewer of the death. By ensuringallpartnershave the abilityto share informationit will help toidentifypeople with learning disabilities who have died, and facilitate the conduct of a review of their death. Ultimately, this will contribute to local intelligence about potentially avoidable, contributory factors related to the deaths of people with learning disabilities, and will assistsignatoriestothisagreementinreducing premature deaths in this population.

Theaimofthisinformationsharingagreementistodocumenthowthesignatoriestothisagreementwillshareinformationtolearn from the deaths of people with learning disabilities so that service improvements can be made.

This agreement does not cover other information sharing between the signatory agencies that take place outside of the Learning Disabilities Mortality Review Programme. These transactions will be covered (where appropriate) by separate information sharing agreements.

Section 3. LegalBasisforsharingandwhatspecificallywillbeshared

The Data Protection Act only applies to living people. However, the principles of the seven Caldicott Principles are important and should always be borne in mind. These are

1. Justify the purpose(s)
2. Don't use patient identifiable information unless it is necessary
3. Use the minimum necessary patient-identifiable information
4. Access to patient identifiable information should be on a strict need-to-know basis
5. Everyone with access to patient identifiable information should be aware of their responsibilities
6. Understand and comply with the law
7. The duty to share information can be as important as the duty to protect patient confidentiality

These principles have been subsumed into the NHS confidentiality code of practice.

Common law duty of confidentiality. Health records relating to deceased people do not carry a common law duty of confidentiality. However, it is Department of Health and General Medical Council (GMC) policy that records relating to deceased people should be treated with the same level of confidentiality as those relating to living people. Further information can be found at:

The GMC makes it clear that confidentiality is an important duty, but it is not absolute. Doctors can disclose personal information if:

• it is required by law
• the patient consents – either implicitly for the sake of their own care or expressly for other purposes
• it is justified in the public interest

The public interestThe GMC clarifies that confidential medical care is recognised in law as being in the public interest. However, there can also be a public interest in disclosing information. Research, epidemiology, public health surveillance, and health service planning and improvement are important secondary uses made of patient information; each of these uses can serve important public interests. The LeDeR programme falls into this category.

The NHS Act 2006Section 251 of the NHS Act 2006 (originally enacted under Section 60 of the Health and Social Care Act 2001), allowed the common law duty of confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable. Under this legislation, the national Confidential Advisory Group (CAG) advises the decision-makers, the Health Research Authority and the Secretary of State for Health, whether applications to process confidential patient information without consent should or should not be approved.

See more at:

You may disclose identifiable information without consent if it is approved under section 251 of the NHS Act 2006. This confirms that the work can be justified in the public interest and it is either:

• necessary to use identifiable information, or
• not practicable to anonymise or code the information
• and, in either case, not practicable to seek consent

The Learning Disabilities Mortality Review Programmehas Section 251 (of the NHS Act 2006) approval for the use of patient identifiable information in order that reviews can be undertaken of the deaths of people with learning disabilities.

Specifically, this provides assurance for health and social care staff that the work of the Learning Disabilities Mortality Review Programme has been scrutinized by the national Confidential Advisory Group (CAG).

The CAG is appointed by the Health Research Authority to provide expert advice on uses of data as set out in the legislation, and advises the Secretary of State for Health whether applications to process confidential patient information without consent should or should not be approved. The key purpose of the CAG is to protect and promote the interests of patients and the public whilst at the same time facilitating appropriate use of confidential patient information for purposes beyond direct patient care. More information about Section 251 approval is available at:

In practice, what this means is that youmay disclose identifiable information without consent for the notification of deaths of people with learning disabilities, and for contributing to reviews of their deaths.

Local data sharing agreements

Information sharing protocols set out a common set of rules to be adopted by the various organisations involved in data sharing. These are likely to be in place as part of an existing contract between organisations; they could however, be supplemented by Individual Data Sharing Agreements for specific data sharing arrangements (e.g. reviews of deaths of people with learning disabilities) between stakeholders.

As the LeDeR Programmehas Section 251 approval, individual data sharing agreements are not additionally required. However, local agencies may wish to formalize their own individual data sharing agreements to supplement Section 251 approval.

Further disclosure and use of information shared between agencies

All staff are reminded that patient-identifiable information shared within the LeDeR programme is done so for specific purposes relating to reviewing deaths of people with learning disabilities. Any further use of that information is not permitted.

Information entering the LeDeR Programme

All deaths of people with learning disabilities will be notified to the LeDeR programme. Only those deaths occurring between ages 4 and 74 (inclusive) will be subject to review.

For any case being reviewed by the LeDeR process, agencies that have been involved with the decedent may be asked to research and provide relevant information to the local reviewer so that the reviewer will have as full a picture as possible when assessing the circumstances leading to the death, identifying best practice, and agreeing an action plan for any service improvements if necessary. All agencies will be expected to provide information to the local reviewer on request. The local reviewer for that individual death will be the single point and will gather and collate information on behalf of the LeDeR Programme.

All partner to this agreement, who are sending or receiving sensitive personal data electronically, must do so securely, via secure email, the LeDeR Programme secure web-based portal or by hand. Fax will only be used to transfer information in circumstances of operational emergency, and only with due caution and appropriate safeguards in place. A test fax should be sent ahead of the information in question, to a named recipient who is stationed next to the destination fax machine. Confirmation of safe receipt should be sought before sending the sensitive information.

The outcome of the review of the death and any associated action plan will be recorded centrally on the secure LeDeR web-based platform.

Section 4: Description of arrangements including security matters

Compliance

The Information Governance Lead for the LeDeR Programmewill ensure that thenecessaryarrangements arein placeandare being implementedfor secure transfer of information.

Eachpartner agrees thattheywillput into effect the requirementsbelow in orderthat thefollowingpoints are complied with:

• Risk assessment of the vulnerabilityof thepremises toburglaryand theft.
• Appropriate information securityprotocolsarefollowed to protectpersonal data.

• Laptop computers or other portableelectronic storagedevices or removable media usedbystaffworking or contributing to the LeDeR Programmeareencrypted to protectanypersonal dataprocessedon such devices.
• Allstaffaccessinginformationfollowthe principles and standards thathave been agreed and incorporated within this PurposeSpecific InformationSharing Agreement.
• Staff accessingtheITsystems of anotheragencyare appropriatelytrainedfor thatuse.
• Confidentialityagreements are included in the contracts of all staff working in or contributing to the LeDeR Programme.

Allsignatoriestothisagreementacceptresponsibilityforensuringthatallappropriate securityarrangementsarecompliedwith.Anyissuesconcerningcompliancewith securitymeasures willformpart of the annualreviewofthis agreement.

Sanctions

Anyunauthorisedreleaseofinformationorbreachofconditionscontainedwithinthis agreementwillbedealtwiththroughtheinternaldisciplineproceduresoftheindividual partneragency. In health this will be through the Caldicott Guardians.

Allpartiesareawarethatinextremecircumstances,non-compliancewiththetermsof this agreementmayresult in theagreement beingsuspended orterminated.

Training/Awareness

Allpartnerswillholdacopyofthisagreement.Itistheresponsibilityofeachpartnerto ensurethatallindividualslikelytocomeincontactwiththedatasharedunderthis agreement have an appropriate level of Data Protection training, and fully understand the terms of this agreement and their own responsibilities.

Partner’s Building and Perimeter Security

Information will be stored in secured premises, e.g. not in areas where the public have access.

Movement of Information

Information will be sent and received electronically whenever possible, to ensure there is an audit trail of its movement.

Any email communication pertaining to patient identifiable information will be by way of secure, appropriate and approved methods. The sharing of information is done via suitably secured and accredited email service.

Storage of Information on Partner’s System

All signatories to this agreement must have adequate security measures on their electronic systems that will allow LeDeR Programmeinformation from partners to be transferred to them securely. LeDeR Programmeinformation stored on partner’s electronic systems must only be accessed via username and password. Partners confirm that permission to access toLeDeRinformation held electronically by partners will be granted on a strict ‘need-to-know’ basis once it is contained within partners’ electronic systems.

Storage of Papers

It is not the intention of this agreement that information will be produced in a hard format. If the information is printed off an electronic system, it will be the partner’s responsibility to keep the information secure by measures such as storing documents in a locked container when not in use. Access to printed documents must be limited only to those with a valid ‘need to know’ that information. There should also be a clear desk policy and particular information from any agency is only accessed when needed and stored correctly and securely when not in use.

Disposal of Electronic Information

Once information contained within emails is transferred to partner’s electronic systems, the emails will be deleted.

Information will be held in electronic systems until the information is no longer required. Information provided as part of this agreement will be the subject of review by the partner agencies. Information will be destroyed in accordance with each agencies code of practice in handling secure information.

If information is stored by partners electronically on their systems, information must be overwritten using an appropriate software utility.

Disposal of Papers

As mentioned previously, it is not the intention of this agreement that information will be produced in a hard format. If information is printed off an electronic system, it will be the partner’s responsibility to dispose of the information in an appropriate secure manner i.e. shredding or through an ‘OFFICIAL’ waste system, once it is no longer needed.

Review

The arrangements held within this document will be reviewed initially after six months.

Freedom of Information Requests

This document and the arrangements it details will be disclosable for the purposes of the Freedom of information Act 2000 and so will be published within the signatories’ Publication Schemes.

Any requests for information made under the Act that relates to the operation of this agreement should, where applicable, be dealt with in accordance with the Code of Practice under S.45 Freedom of Information Act 2000.

This Code of Practice contains provisions relating to consultation with others who are likely to be affected by the disclosure (or non-disclosure) of the information requested. The Code also relates to the process by which one authority may also transfer all or part of a request to another authority if it relates to information they do not hold.

Section 5. Agreementto abidebythisarrangement

Theagenciessigningthisagreementacceptthattheprocedures laiddowninthis documentprovideasecureframeworkforthesharingofinformationbetweentheir agencies inamannercompliant with theirstatutoryandprofessionalresponsibilities.

As suchtheyundertake to:

Implementandadhereto theprocedures andstructures setout in this agreement.

Ensurethatwheretheseproceduresarecompliedwith,thennorestrictionwillbe placedonthesharingofinformationotherthanthosespecifiedwithinthis agreement.

Engageinareviewofthisagreementwithpartnersinitiallyafter6monthsfrom signature thenat leastannually.

26th September 2017 V2.0

Wetheundersignedagreethateachagency/organisationthatwerepresentwilladoptandadheretothisinformationsharingagreement:

26th September 2017 V2.0