Protecting adults at risk in London: Good practice resource

Information sharing: Practical steps to ensure consent and appropriate information sharing

The No secrets guidance (4) on which local safeguarding adults policies were developed prior to the adoption of the pan-London multi-agency policies and procedures, emphasised the need for joint working to safeguard adults. The guidance recognised a need to balance confidentiality with the need to protect adults at risk, and through the establishment of multi-agency safeguarding committees or boards, laid down a strong expectation of collaborative working. In May 2011, the government gave a clear indication that safeguarding adults boards would be placed on a statutory footing in 2012, requiring the cooperation of partners.

Obtaining consent to share information

If collaborative, multi-agency working is the normal response to safeguarding concerns, then the adult at risk or other person who is the focus of the safeguarding referral needs to be made aware at the earliest opportunity of the need to share information, and to give their consent, if able to do so. This should where possible take the form of something explicit such as signing part of an assessment form with an appropriate information-sharing paragraph inserted; signing a separate consent form; or the referring professional or investigating officer making a clear record. Whatever the practice locally, consent to sharing information should be part of the explanation process to a person early in their contact with any professional who becomes aware of a safeguarding concern.

Where it is not possible for the person to consent to sharing information, after full consideration of the Mental Capacity Act code of practice, a best-interests decision will need to be made. Involved family or friends must be consulted on this decision but they cannot ‘sign for’ the person without capacity unless they have been authorised to act as a deputy for that person by the Court of Protection, or they have LPA for the person’s health and welfare from the OPG. Routine sharing of information would not require a full decision-making process to demonstrate ‘best interests’ and guidance is available in the relevant code of practice on levels of decision-making for a person without capacity. However, any professional involved should be able to point to evidence of the need for protection in order to demonstrate that information is being shared appropriately.

Refusal to consent to share information

It is not possible to cover here all the circumstances where a person may withhold consent to share information. A common example is where the alleged victim of financial abuse withholds consent to share information with the police out of loyalty to a family member, who is the perpetrator. In these circumstances the professional receiving the information or investigating the abuse can inform the police if they believe a crime has been committed under the Crime and Disorder Act 1998. However, securing the cooperation of the alleged victim to pursue a prosecution in these circumstances is unlikely to be successful.

If consent is not obtained to share information in a safeguarding matter, there are several considerations to be made about sharing information without consent. Sharing information without consent can be legitimate where there is an overriding public interest, such as where sharing it could help in detecting crime, apprehending offenders, maintaining public safety, and the administration of justice. An example might be an abuser targeting older people in a particular locality where the victims do not want to take action, but others might also be at risk.

There is also the notion of ‘legitimate purpose’ in sharing information without consent, which can include issues such as:

Information can also be shared without consent where the ‘vital interests’ of the individual are affected (and he or she cannot give consent or consent cannot reasonably be obtained); or where there is a legal duty.

Holding and sharing information: meetings

All agencies involved in safeguarding adults at risk operate within the Data Protection Act and should comply with that Act’s requirements on the handling, recording and storing of sensitive information. In relation to safeguarding adults at risk, there are key documents involved in the process (e.g. investigation report and safeguarding conference notes) that need special consideration given their often very confidential contents. Where safeguarding meetings are held it is good practice to have a statement on confidentiality included in the agenda for the meeting and/or read out by the chair of the meeting. Particular consideration should be given to people attending who may not be accustomed to the requirements of confidentiality. An example of a simple statement is set out below:

This meeting is held under the London multi-agency policy and procedures to safeguard adults at risk. All matters presented are confidential to the individuals attending and the agencies they represent. The record of the meeting is distributed on the strict understanding that it will be kept confidential and stored securely. In some circumstances it may be necessary to make the record of this meeting available to other agencies not directly involved (e.g. the civil and criminal courts). Attendees and the agencies they represent should seek the advice of the chair of the meeting if they wish to share the record with others.

Inter-borough and general sharing of information

The Association of Directors of Adult Social Services (ADASS) has set out safeguarding standards which include the following guidance (please note that Protection of Vulnerable Adults (POVA) and Proceeds of Crime Act (POCA) lists have been superseded by ISA referrals):

The wishes of an adult with mental capacity should normally be respected. However, statutory agencies must act to uphold the human rights of all citizens and where others are at risk this duty will take precedence. Any action taken by an organisation to safeguard an adult should meet human rights standards. It should be proportionate to the perceived level of risk and seriousness. Intervention should not be arbitrary or unfair. It must have a basis in law: e.g. acting with the consent of the adult or, under duty of care, acting in the best interest of the adult; undertaken to secure a legitimate aim (e.g. to prevent a crime or protect the public); and be necessary to fulfil a pressing social need.

Raising concerns about abuse or neglect nearly always involves sharing information about an individual that is both personal and sensitive (Data Protection Act 1998). Such information about an adult with mental capacity should be shared only with their informed consent, unless there is an overriding duty such as a danger to life or limb, or risk to others. These exceptions are described in the Data Protection Act (1998) and ‘Caldicott guidance’ (DH 1997),[3] and case law in relation to human rights legislation. Information about an adult who may be at risk of abuse or neglect must be shared only within the framework of an appropriate information-sharing protocol. Information about a potential perpetrator of abuse must also be shared under an appropriate information-sharing protocol. Local provisions such as MAPPA meetings and national provisions such as the POVA and POCA lists should be used. (5)