This page contains exemplary answers for all the questions in the workbook for standard 14 of The Care Certificate – Handling Information.
The blank workbook for standard 13 can be downloaded from the Skills for Care website (PDF format)
Further information on this standard (including all learning outcomes and assessment criteria) can found here.
Complete the table below to show your understanding of agreed ways of working for handling information and two pieces of related legislation. You will need to describe how they affect the recording, storing and sharing of information.
Agreed ways of working
This includes my employer’s overarching GDPR policy and procedure, the Data Security and Data Protection policy and procedure and the Archiving, Disposal and Storing of Records policy and procedure.
Combined, these policies and procedures set out the processes I must follow to record, store and dispose of data records as well as the protocols related to securing data and sharing information with others. They also ensure that data management within the company complies with legislation.
Legislation 1: The Data Protection Act 2018 (including GDPR)
The aim of this legislation is to add greater controls to the Data Protection Act 1998 and comply with UK law. It sets out how personal information must be managed by organisations and also contains stronger legal protection for certain types of personal data. The main principles are that data must be:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
Legislation 2: The Freedom of Information Act 2000
The aim of this legislation is to give the public the right to request information held by governmental agencies and local authorities.
This means that all records including communication such as letters and emails must be professional and accurate as it may be viewed by others at a later date.
Part i) Use the diagram below to identify the secure systems used in your workplace for recording, storing and sharing information.
Secure systems that are used for recording, securing and sharing information in my workplace include:
- Agreed ways of working (e.g. only sharing information on a need-to-know basis, not discussing personal information where I may be overheard etc.)
- Secure password-protected cloud-based file storage
- Password-protected care planning app
- Locked filing cabinets
- Archived records are kept in a secure storage facility
Part ii) Now that you have thought about some of the secure systems used in your workplace, provide an explanation of why it is important to have secure systems for recording, storing and sharing information. Make sure you use the following words in your answer:
It is important to have secure systems for recording, storing and sharing information because it is our legal and ethical responsibility to ensure that private and personal data is not accessed by anyone that does not need to know about it as part of their job role. This is especially true in the care sector as a lot of information is stored about vulnerable individuals and we have a responsibility to protect and safeguard them from harm and abuse. In addition, by keeping personal information confidentiality, we can build trust with the individuals that we support.
Part i) For each of the statements below, decide whether agreed ways of working in relation to handling information have been followed. Tick either yes or no.
- Sensitive personal information about individuals is left on display. NO.
- The last person on the staff computer has not logged out properly NO
- An individual is taken to a private and safe area to discuss their concerns YES
- An individual’s circumstance is discussed by colleagues over a lunch NO
- The manager does not address a complaint made by an individual you support about a breach of confidentiality of their personal information NO
- An individual’s private details are taken and stored in a secure or locked cupboard YES
- Two workers communicate about an individual, when they are off duty through a Facebook message NO
Part ii) Thinking about the statements above that would need to be reported, explain how and to whom you would raise your concerns, or whistleblow, if you felt that agreed ways of working had not been followed.
If agreed ways of working had not been followed, I would raise my concerns with my manager. If my manager was responsible for the breach in confidentiality, I would raise it with senior management or the registered manager instead. If my concerns were not taken seriously or not dealt with within a reasonable amount of time, I would whistleblow to the Care Quality Commission (CQC).