Security & Data Protection

This is a draft page currently under review

Security

All Childsmile staff using laptops should have security measures in place.  Laptops will normally be encrypted by local IT staff in NHS boards and users will require to log on to the laptop.

Access to Childsmile software and administration website is controlled by a user name and password.  This user name and password allows you to access the system, controls what you have access to and tracks and audits user access.  You must never share your user name and password with anyone else.  Make sure that no one is watching you when you log on.  If you suspect that your password security has been compromised you should immediately go to the Childsmile Administration website and use the change password function, then contact the Childsmile IT Administrator TAY.HICServices@nhs.scot and your local superuser.

Data protection and patient confidentiality

Staff are reminded they have a duty to treat confidentially, all information to which they have access.  Childsmile software provides you with access to children’s personal details.  Only those staff actively involved in the child’s care can look at the child’s record.

As described earlier, HIC users will have access to a lot of personal information.  Looking up a child’s details for a reason other than Childsmile work is not permitted e.g. to check a friend’s / relative’s birthday / address because you’ve lost / forgotten it.  Browsing the system for information of interest is also strictly forbidden.  These types of activities will be regarded as a breach of confidentiality.
 
It is possible that during the course of your normal duties you will be asked to share information about a child. Most practitioners are confident about appropriate and necessary sharing where there is a child protection risk. Problems may arise where the circumstances do not yet reach the child protection trigger yet professional concerns exist, albeit at a lower level. Getting It Right For Every Child (GIRFEC) introduced eight indicators of wellbeing safe, healthy, achieving, nurtured, active, respected, responsible and included (SHANARRI).


GIRFEC wellbeing wheel




In many cases, a risk to wellbeing can be a strong indication that the child or young person could be at risk of harm if the immediate matter is not addressed. As GIRFEC is about early intervention and prevention it is very likely that information may need to be shared before a situation reaches crisis. In the GIRFEC approach, a child’s named person may have concerns about the child’s wellbeing, or other individuals or agencies may have concerns that they wish to share with the named person. While it is important to protect the rights of individuals, it is equally important to ensure that children are protected from risk of harm. Where a practitioner believes, in their professional opinion, that there is risk to a child or young person that may lead to harm, proportionate sharing of information is unlikely to constitute a breach.  
 
Care should be taken when sharing information regarding a concern for a child’s wellbeing. If you are unsure how to deal with a request for information you should discuss this with your manager immediately. Staff should ensure that they are fully aware of their obligations and responsibilities regarding the Data Protection Act 1998 (and the General Data Protection Regulation (GDPR) after May 2018). However, if there is any doubt about the wellbeing of the child and the decision is to share, the Data Protection Act or GDPR should not be viewed as a barrier to proportionate sharing.