Presentation by Aidan Collins, Head of Policy and Campaigning at HIV Scotland, on confidentiality and ageing. This was presented at the Scottish HIV and AIDS Group annual meeting on 26 June 2015. Copyright HIV Scotland.
2. An emerging conflict?:
Maintaining confidentiality
and protecting privacy
While also…
Sharing information to ensure
integrated, person centred care
3. New challenges of ageing with HIV:
> Co-morbidities and ageing prematurely
> Mental health
> Finance and housing
> Social care
4. “Some of the symptoms and issues about
ageing, Parkinson’s and HIV are interlocking and
you can’t always distinguish…”
“Taking 17 drugs a day sometimes you are
going to have problems… the drugs get so
mixed up”
What’s the reality?
5. “I have a plethora of consultants and the
interlocking exchange of information is very poor.
There is a lack of clarity”
“Housing, social work and hospitals don’t talk very
well to each other”
“Parkinson’s covers it up, because I have to take
Parkinson’s pills as well, I can say my HIV
medication is for my Parkinson’s”
What’s the reality?
6. What’s the reality?
“Things got off to a bad start as all the staff at the
home were informed of my client’s HIV status,
although this was completely unnecessary. When
his neighbours came to visit, the care assistant
advised them not to let their child see him because
he had HIV.”
- Social Worker
7. What’s the reality?
“They broke my confidentiality, telling the
other residents that they shouldn’t come and
see me in my room because I had HIV. I was lucky
because my social worker helped me move to a
new home where things are much better.“
- Care home resident
8. Confidentiality breaches occur:
> Where confidentiality policies and procedures are
not understood
> Through staff error e.g. poor data storage or
making assumptions
> When people think they are ‘doing the right thing’
> As a result of stigma and discrimination
9. What protects confidentiality?
> The Data Protection Act (1998)
> The Human Rights Act (1998)
> The Caldicott principles (1997 & 2012)
> Identity Management and Privacy Principles (2011)
> The Public Records (Scotland) Act (2011)
> Codes of practice e.g. Social Services Council
Code of Practice, NHSS Code etc.
> The list goes on… and on…
10. And… other new developments:
> The integration of health and social care
> Health & Social Care Information Sharing – A
Strategic Framework 2014-2020
> The Scottish Accord on the Sharing of Personal
Information (SASPI)
11. Common themes:
> There may be circumstances where confidential
information needs to be shared, BUT…
> Staff should not talk about a person to anyone
else without that person’s consent (other than in
exceptional circumstances), AND…
> Personal information should always be stored
securely.
12. Future considerations:
> Information to empower service user/patients
> More staff training and awareness raising about
HIV
> More staff training about confidentiality
> Clarity on the legal, regulatory and guidance
frameworks
I’m going to present on confidentiality and ageing. This is a tricky topic to present on as it’s one where many of the issues are just beginning to emerge. Also, this is a time of significant change and new thinking on the ways in which information is used and shared by service providers. HIV Scotland will however be undertaking work in this area over the coming year, and so I can share with you what we have found so far and some of my thoughts on what we need to be considering.
I’ll start by outlining a potential conflict that seems to be emerging in this area and it’ll be interesting to hear whether this is reflected in your experiences.
The conflict is how we can – on one hand - maintain confidentiality and privacy, while at the same time better share information to meet the complex needs of a population ageing with HIV?
Previously those living with HIV will have been familiar with working with specialist healthcare professionals who have maintained confidentiality. As the group widens to include care providers and others working with people ageing with HIV there is the fear of other people becoming aware of their condition and the risk of confidentiality being compromised. This fear has been expressed consistently at forum such as the PPF.
However, information sharing, to meet the needs of people, practitioners and organisations, will also be essential if we are to provide people with integrated and person-centred care relevant their needs. From a policy perspective there is now an increasing emphasis that the duty to share information can be as important as the duty to protect patient confidentiality. Public services are being reformed to centre around individual needs – including through the integration of health and social care to ensure that that older people receive care and support which is planned and delivered in an effectively integrated way.
We have already spoken throughout today about the complexities of aging with HIV. It might be useful at this point to quickly reflect on some of the challenges that people ageing with HIV may face, as this relates directly to the range of people and types of services which may be involved in supporting someone with HIV in later life, and the associated implications for sharing information and ensuring confidentiality.
Co-morbidities - Firstly we know that there can be complications and co morbidities arising from increased life expectancy. The diseases and conditions of ageing present earlier or more severely in people who also have HIV e.g. heart disease, diabetes, arthritis. It is unclear as yet how much of this relates to HIV itself damaging the body and effectively ageing someone prematurely, and how much of it relates to the side effects of earlier, more toxic treatments.
Mental health – uncertain long term prognosis, uncertain life expectancy, uncertain level of health, public stigma all affect mental health. Reported levels of depression and anxiety amongst people living with HIV are significantly high in relation to the general population.
Finance and housing - Many who had not expected to live were long-term unemployed with few savings, while others had lost employment due to ill health or discrimination. Many who were diagnosed with HIV early on in their lives were not able to secure mortgages and pensions. Others cashed in pensions early expecting reduced life expectancy. Support from family may be less as often there is no partner and/or no children. Now facing later life with the prospect of having little or no finances can be a real concern and source of anxiety. Older people with HIV need support on money and benefits entitlement issues, including the understanding that such help is available to them.
Social care - As people living with HIV live longer they will increasingly require the same range of social care support that many require in later life and it is likely that generic services will be used to meet the needs of the older person living with HIV.
These complexities of ageing with HIV bring new challenges for the way we co-ordinate care and support, and consequently how we share information between services and staff. The best way to demonstrate this is to give you some real life examples of how these issues can manifest…
These are quotes from Jim. He is a 75 year old man living with HIV in Scotland. He told us that he wasn’t meant to live for 6 months and that was 21 years ago. For Jim, it’s been a hard struggle health wise and he was unfortunate to also be diagnosed with Parkinson’s. He has been in hospital every day for 21 years and now lives in sheltered housing. Jim’s health is complex and it can be difficult to manage.
Jim’s treatment is also complex. He feels that there is very poor co-ordination and communication between the range of people involved in his care and support.
But despite believing that information sharing is important, confidentiality is still of key importance for Jim and he uses Parkinsons to hide his HIV status.
The conflict between the need to better share information but also to protect confidentially is well represented in Jim’s story. There are also examples of where things have gone very wrong, particularly within social care settings…
Here a quote from a social worker who spoke with the NAT as they undertook research to inform a guide on HIV for residential and domiciliary care staff (out today).
This example clearly shows how badly things can go when there is no respect for confidentiality. It can go way beyond sharing information between staff and services and impact on all aspects of people’s lives and relationships.
Here’s another similar example from a care home resident…
I should point out also that these kind of experiences are not unique to care settings. Our own research and the PPF has identified that confidentiality breaches and concerns over confidentiality remain all to common, and this applies across all types of services and when people are accessing all types of support.
The question is why these confidentially breaches are occurring and what can we do about them?
Here are some of my suggestions, but you may have some of your own:
Confidentiality policies and procedures not being understood by both staff and patients/services users. This is perhaps not surprising the complex legal frameworks. People should be reassured that the information they provide, including their HIV status, will not be shared with anyone who is not involved in their immediate medical care without their consent and there should be a shared understanding of how it will be used. People living with HIV will then be able to make an informed decision about whether and to whom they may wish to disclose their HIV status.
There is staff error e.g. making assumptions, speaking about medications or treatments in the open, or not storing information securely. For example, disclosing to a persons GP because they think the GP already knows. Or, leaving out records or having them accessible on a computer for others to see. This includes records kept in an individual’s home – care should be taken so they are not left somewhere visible to visitors.
When people are acting with the best of intentions. For example when someone thinks they are doing the right thing by telling others about a person's HIV status because they misunderstand the way the virus is transmitted and think others need to know.
HIV remains a highly stigmatised condition. A breach of confidentiality can lead to unpleasant gossip, negative and discriminatory comments and information being shared without the consent of the person living with HIV.
Given these factors, what might help? Is there a robust enough legal and regulatory framework to protect people? BUSY SLIDE ALERT – because there is a lot…
This slide is deliberately busy to highlight the very complex legal, regulatory and guidance framework that protects the confidentiality of people accessing services across Scotland. Different organisations have different views and rules to follow on confidentiality and information sharing, and there are differing expectations from the public about how their information will be managed.
Firstly, there is overarching data protection and human rights legislation which governs personal information management by providing privacy protection – particularly the DPA and HRA, which most of you will be very well familiar with. The Data Protection Act 1998 places a legal duty on data controllers to process data fairly and lawfully, to use no more data than is necessary for the task and to retain it for only as long as it is needed. The human Rights Act 1998 guarantees respect for a person's private and family life. Under the terms of the Act, this right to privacy may be overridden, but only when there is a lawful reason do so.
The Caldicott principles have influenced the confidentiality agenda for NHS organisations in Scotland for a number of years. These were developed following a review in England owing to increasing concern about the ways patient information was being used and the need to ensure that confidentiality is not undermined. The resulting Caldicott Report highlighted six key principles, and made 16 specific recommendations. In 2012 Dame Caldicott produced a follow up report which made 26 further recommendations including the addition of a seveneth principle. While some relate solely to the context in England, a number have wider applicability. These have been broadly welcomed by Scotland’s Chief Medical Officer. The new seventh Caldicott states: “The duty to share information can be as important as the duty to protect patient confidentiality.
The Identity Management and Privacy Principles have been developed by the Scottish Government to help public service organisations comply with the relevant legislation and support good practice. When launched it was said that the Principles will present a major step forward in helping organisations achieve privacy-friendly Scottish public services, and it was expected that public sector organisations would embrace them fully.
The Public Records (Scotland) Act 2011 has specific provisions around data sharing by public authorities in Scotland including local authorities, NHS, police and courts.
In addition, there are a vast amount of guidelines and codes of conduct which apply across public services. For example, the Scottish Social Services Council (SSSC) Codes of Practice for Social Services Workers and Employers sets out the standards social workers, social care, early years and young people’s workers and their employers should meet – this includes considerations of confidentiality. There is also the NHSScotland Code of Practice on Protecting Patient Confidentiality.
…
Confidentiality is likely to become more of an issue, not only as people age but also as services begin to reform. The need for effective sharing of information has never been greater if we are to reform Scottish public services as required through health and social care integration. With advances in technology and a drive towards greater partnership working, can we develop efficient solutions that meet the information sharing needs of practitioners to support safe efficient and effective care across children’s and adult services?
The strategic framework sets out the foundations to support cross-sector information sharing. It proposes a set of activities to ensure that consistent approaches to technology development are followed, with agreed cross-sector information standards being developed and agreed. It also provides a set of key principles that underpin these activities and approaches that will be required to support information sharing.
The Scottish Accord on the Sharing of Personal Information (SASPI) is based upon the Wales Accord on the Sharing of Personal Information (WASPI), which was endorsed by the Welsh Assembly Government as the ‘single’ information sharing framework for Wales, and has been widely utilised. Based on this positive experience, the Scottish Government has adapted and adopted the WASPI documentation for use across Scotland. The purpose of the framework is to enable service-providing organisations to share personal information between them in a lawful and intelligent way. The SASPI framework supports the drive to share personal information on individuals; legally, safely and with confidence. It aims to support the public in receiving services that are coherently and collaboratively delivered and effectively based on need, and safeguard the information rights of the individual. Adoption of the framework across Scotland will help ensure compliance with statutory and legislative requirements for disclosing person identifiable information like those described earlier. This framework applies to all public sector organisations and voluntary sector organisations.
It is clear that the legal and regulatory framework is extremely complex and can be hard to navigate. However, you can pull out some key themes which make it all a bit more straightforward
There may be circumstances when a care provider will need to share someone’s confidential information – this would apply where information was being shared with a colleague who is, or is about to, provide them with direct clinical care or support to make sure they get the best possible treatment. However only information which is relevant in that instance should be shared and only if the person living with HIV consents.
Staff should not talk about a patient to anyone else either inside or outside the NHS without the patient’s consent; this includes to family members and friends of the patient.
Personal information should be stored securely – this means that all paper records should be kept in a secure place and all computerised records should have electronic protections such as secure logins and passwords. Access should be on a strict need-to-know basis.
Exceptional note: Personal information may be disclosed in the public interest, without patients’ consent, and in exceptional cases where patients have withheld consent, if the benefits to an individual or to society of the disclosure outweigh both the public and the patient’s interest in keeping the information confidential.
It is clear though that legislation and regulations can only go so far and I’d argue that the what exists is complex and potentially conflicting. That’s not to say that there aren’t also opportunities and law alone will not be enough.
Information about patients rights and what to do if things go wrong
More training – to prevent people from breaking confidentially as they wrongly believe they are ‘doing the right thing’