Following the excellent response to our article in The MJ, Graham has written an extended blog on how to overcome the barriers to information sharing in Children’s Services.
My first blog focused on ‘Should we improve information sharing or is it good enough?’ Hopefully, that blog convinced many of you that although manual information sharing exists between partner agencies there is a compelling argument to move towards an automated digital approach to sharing information that is more effective and efficient. This second blog, in my series of three, seeks to explain how to overcome the legal and ethical barriers that stop agencies from taking the steps to improve information sharing. My third and final blog will explore the business case that some partners will need before they are prepared to invest in this kind of change.
The Local Authority, health and police are the three statutory safeguarding partners for Children. In 2018 these partners were given new legal duties to improve the service provided to children via the implementation of Multi-Agency Safeguarding Partnerships (MASP). On the 30th September 2019, 131 MASP went live covering 151 local authority areas across England. The question I would like to explore is, what are the perceived barriers to effectively sharing information that the MASP will need to overcome?
How can safeguarding partners share information without breaking the law?
What are some of the perceived legal barriers to sharing information?
Sharing information enables practitioners and agencies to identify and provide appropriate services that safeguard and promote the welfare of children. Below are common myths that may hinder effective information sharing:
- Data protection legislation is a barrier to sharing information
- Consent is always needed to share personal information
- Personal information collected by one organisation/agency cannot be disclosed to another
- IT Systems are often a barrier to effective information sharing
Have the reforms to the Children’s Act in 2017 and the ‘Working Together to Safeguard Children – Statutory Guidance issued in 2018’ addressed this?
What is the statutory guidance to resolving the perceived legal barriers to sharing information?
- Data protection legislation is a barrier to sharing information
The Data Protection Act 2018 and General Data Protection Regulation (GDPR) do not prohibit the collection and sharing of personal information, but rather provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them.
- Consent is always needed to share personal information
You do not necessarily need consent to share personal information. Wherever possible, you should seek consent and be open and honest with the individual from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely given. There may be some circumstances where it is not appropriate to seek consent, because the individual cannot give consent, or it is not reasonable to obtain consent, or because to gain consent would put a child’s or young person’s safety at risk.
- Personal information collected by one organisation/agency cannot be disclosed to another
This is not the case, unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.
- IT Systems are often a barrier to effective information sharing
IT systems, such as the Child Protection Information Sharing project (CP-IS), can be useful for information sharing. IT systems are most valuable when practitioners use the shared data to make more informed decisions about how to support and safeguard a child.
The source of the answers to these questions is the ‘Working Together to Safeguard Children – Statutory Guidance 2018’.
Information can be shared without breaking the law, however, are there any ethical reasons why we shouldn’t share information between partners?
How do we overcome the ethical barriers to information sharing?
Feedback from some practitioners is that it is unethical to share information between safeguarding partners because it could lead to a negative outcome for the child and their family. The scenario provided, where it could lead to a negative outcome, is where information held by the police is shared with a social worker and influences them to make a predetermined decision either ‘consciously’ or ‘sub consciously’ that the family is not a suitable place for a child before meeting with them to gather first hand evidence.
Whilst there is a logic to this ethical argument, there should be appropriate checks and balances in local social work practice to ensure predetermined positions are challenged by supervising practitioners.
In addition, there could be operational and system processes agreed locally to ensure social workers do not arrive at a predetermined position, for example, the social worker is aware that the family is known to the police before their assessment but not aware of all the detail until after they have made their own assessment.
In my opinion, protecting the child from harm and supporting their health and wellbeing through information sharing across partners, alongside appropriate supervision and system processes to ensure cases are not prejudged will overcome these ethical barriers.
So, practically how do you implement information sharing across partners whilst ensuring you operate within the law?
Are there technical and operational solutions to dealing with the IG and Consent challenges?
Safeguards are built into automated solutions for digitally sharing information between agencies. Systems such as Xantura’s ‘OneView’ solution ensure information governance and consent laws are not broken. Explaining the process behind the Xantura ‘OneView’ solution will illustrate how the safeguards work to ensure nobody breaches information governance and consent laws.
- Extract and Pseudonymise – an Information Governance Bridge (IG Bridge) is installed on the infrastructure belonging to the agency, this IG Bridge separates the data in to two parts (i) the personal information (name, address etc.) and the (ii) sensitive information (case notes, assessments etc.). The personal information is sent to the OneView platform for it to be matched across the other data sources. The separate sensitive information is then brought across to the OneView data centre and matched with the sensitive data from other data sources using an ‘encrypted key’ which only the agency can decrypt i.e. Only the agency can link the personal information to the sensitive information.
- Enrich – if approved by the agency then OneView applies a number of data analysis techniques to the sensitive data, OneView identifies key risks from the ‘unstructured data’ e.g. key words from free text fields to complement the ‘structured data’ e.g. data selected from a drop down menu. This provides a more complete picture of the risk factors present. During this enrich stage OneView assesses the risk profile of each individual and household and through predictive analytics determines a future trajectory of need at both an individual and aggregated level. The assessment of risk can only be linked back to personal information by the agency itself.
- Control – users will be assigned one or more data sharing protocols which control the information they are allowed to see. Additional controls are developed with the agency and put in to place to ensure information is not accessed without consent or without it being determined that to seek consent could be to the detriment of the child’s wellbeing. When permission is given to view the data the sensitive data is combined with personal data through a user session particular to the data sharing protocols of that user.
The process above explains how information is handled to ensure there is no breach of data protection laws. However, in order to drive benefits from the OneView platform, social care professionals need to be using the information to inform decision making. There are three overarching areas where the platform provides outputs to inform decision making:
- Case Summaries – a summary report, defined with the agency, to pull out the key areas for consideration from all the matched data that the user is allowed to view. This could represent a summary from either the case management system or from all systems held by that one agency or from across multiple agencies. This case summary would save the professional significant time by providing the report by a touch of a button.
- Alerts – Through the risk profiling and projections carried out within the ‘Enrich’ phase, OneView has the ability to generate alerts for action where it looks like there could be a risk of a case escalating or where there is an opportunity for the case to be stepped down. The thresholds that need to be satisfied for alerts to be shared with professionals to action will be defined locally during implementation.
- Insights – OneView automatically generates dashboards for the agency that, at an aggregated level, provide them with a current view of the caseload breakdown across the agencies. This aggregated level of information can support the agency in their forward planning. If appropriate the OneView platform will enable the professional to drill down in to the individual cases to investigate the risks of individual cases. If the case presents significant risk then the professional can request consent to view the entire record, this will either be granted or consent will need to be sought.
The OneView platform is implemented to ensure the information governance and consent laws and ethical boundaries for information sharing are kept well within.
So where does this leave us?
In conclusion…
The ‘Working Together to Safeguard Children – Statutory Guidance 2018’, clearly articulates that the perceived legal barriers to information sharing can be overcome with robust information governance and data sharing protocols. In my opinion, the ethical barriers to information sharing can be overcome through effective supervision of decision making and by sharing information with the right people at the right time and at the right point in a controlled process.
There are technical and operational solutions, such as Xantura’s OneView platform, that can extract, pseudonymise, enrich and control the data in such a way that ensures organisations stay well within the information governance laws and ethical boundaries. It is important to remind ourselves that the driver for implementing such a solution is to enable children’s services to improve outcomes for young people and to deliver a more efficient service.
The new Multi-Agency Safeguarding Partnership model provides a delivery framework that enables the partners to deliver on their new legal duties, including improving information sharing. Some partners will want to invest resources in to automating the process for sharing information because they are innovators and will instinctively see the value in terms of improved outcomes for young people and the potential to realise savings. Other partners will want to be convinced through the development of a business case. My next blog will explore the business case for implementing a solution for automating information sharing.
By Graham Bright