Confidentiality Policy and Procedures

Reviewed August 2019

RUSU is committed to providing a confidential Advice Service and believes our clients deserve the right to confidentiality; to protect their interests and to safeguard our services.

The Advice Service operates independently from the University of Reading and any other external organisation.

Client details will not be released to any member of staff outside of the RUSU Advice and Representation Department, or to any other organisation or individual without the client’s expressed permission.

RUSU Advice & Representation Department understands confidentiality to mean that no information regarding a client shall be given directly or indirectly to any third parties outside the Department, without the client’s consent. No details will be given to the University that would enable any client to be identified without their consent.

All clients should be able to access our service confident that no other person will know that they have used our services. RUSU will not confirm the client’s presence in the Advice, Representation and Campaigns (ARC) Centre (or any other outreach facility) or use of the RUSU Advice Service to any third parties without obtaining the client’s consent.

RUSU recognises that clients need to feel secure when accessing our services. We will ensure that all clients are seen in an appropriate and private interview space. Our policy will be stated to any third party enquirer and requests for information will be declined.

Legislative Framework

RUSU Advice Service will monitor this policy to ensure that it meets statutory and legal requirements including the General Data Protection Regulations, the Social Security Administration (Fraud) Act, and Prevention of Terrorism Act.

Confidentiality in Case recording

  • A member of our Reception team or the Advice & Representation Department will ask clients to complete a Client Form to record personal data, brief details of their case and consent to allow the Adviser to record information. Client forms can also be completed online.
  • This will be held on file. The Adviser will record information that is relevant to the client’s case and information collected for diversity and statistical purposes in the relevant fields on AdvicePro.
  • Clients can choose to remain anonymous and they should discuss this with the adviser during their first meeting. The adviser should advise the client whether maintaining anonymity will affect the level of advice RUSU is be able to provide. If a client wishes to remain anonymous, the adviser will record their case under forename and replace the surname with “Anonymous”. The client will be given the case reference number so their case file can be accessed in the future.
  • The Adviser will ensure all case records and other supporting documentation are kept in lockable filing cabinets unless being used. The keys to the filing cabinets will be kept away from public view.
  • Advisers will log off the computerised Case Management System when not in use. The login details of the case management system will not be shared with anyone.

Confidentiality and sharing information

  • Advisers will ensure that where action involving any third party is agreed the client will sign the Consent to Share/Authorisation form and this will be stored on the client’s file. If the client is unable to complete the relevant form an email giving consent may be acceptable.
  • If a member of RUSU staff (outside of the Advice team) has been involved in the case, for example, has attended advice service appointments with the client for the duration or majority of the time, the assumption will be that the client has given consent to share information with that member of RUSU staff. If the client does not want the Adviser to share any further information relating to their case with the other member of RUSU staff, they are to inform the Adviser.
  • Clients will be asked (on the Client Form) to inform the adviser if is unacceptable to telephone, email or send correspondence to their address. However, when a message is left or the call is taken by someone other than the client, no direct mention should be made to the Advice Service.
  • All details of expressed consent should be recorded on the case record.
  • The client has the right to withdraw consent to share at any time, and will need to do so in writing.

Access to information

Client information (held on the Case Management System and in paper form) should only be accessed by the RUSU Advice team and RUSU Data Protection Officer (when necessary). However, client information and case records may be accessed and audited for quality assurance purposes by a person/organisation appointed by RUSU.

Clients have the right of access to their own case records. Any such requests must be put in writing to the RUSU Data Protection Officer. In line with GDPR regulations, no charge will be made in the case of such requests, and requests will be actioned in a timely manner, and within one month of the request being made. RUSU reserves the right to satisfy ourselves as to the enquirer’s identity. The Advice Service follows the guidelines laid out on the Information Commissioners Website.

All case records (paper and computerised) will be kept for 6 years after which they will be destroyed (see separate ‘File Destruction Policy’).

Recording statistics and monitoring information

Statistics may be compiled for research, service development and reporting purposes.

RUSU Advice Service is committed to effective statistical recording of services provided to enable us to monitor take up of service by specific groups and to identify any recurring welfare and academic-related issues.

It is the Advice Service Manager’s responsibility to ensure all statistical records given to third parties, including the University, are produced in an anonymous form and all identifying client details will be withheld.

To help improve the work we do and to meet the requirements for membership with our membership organisations, we may share statistical data and monitoring information with selected external agencies, such as, but not limited to, The University, NUS, AdviceUK, NASMA and NHAS. All statistical records are produced in an anonymous form and clients cannot be identified.

Breaches of Confidentiality

RUSU Advice Service recognises that occasions may arise where Adviser’s assess that they need to breach confidentiality, any breach of confidentiality will considered with great care and the following procedure must be followed:

Circumstances where an Adviser may assess that they need to breach confidentiality, in exception to this policy include:

  • Where the Adviser assesses that there is an issue of serious current/potential self-harm or harm to others.
  • There is a conflict of interest which necessitates an Adviser informing one or more client(s) that they cannot provide advice services or that they can no longer act on their behalf. By its very nature, this will draw attention to the fact that they are acting for the other party and/or the other party has already sought advice.
  • Where not to do so would break the law; for example, under the Prevention of Terrorism Act 1989, it is an offence to fail to give information which may help to prevent acts of terrorism or apprehend a terrorist.

When an Adviser feels confidentiality should be breached the following steps must be taken:

  • The Adviser should raise the matter immediately with the Advice Service Manager or the Advice and Representation Manager, if neither are available contact the Chief Executive, Deputy Chief Executive or another appointed person previously agreed. In the case that the Advice Service Manager is required to break confidentiality, they should discuss with their line manager (Advice & Representation Manager).
  • The Adviser should discuss the issues involved in the case and explain why they feel confidentiality should be breached and what would be achieved by breaching confidentiality. The line manager is responsible for discussing the options available. This discussion should be recorded in the case notes.
  • The line manager is responsible for making a decision on whether confidentiality should be breached. If the line manager decides that confidentiality is to be breached then they should take the following steps:
    • The Advice Service Manager should contact the Advice & Representation Manager and vice versa or if not available, the Chief Executive. The line manager who is responsible for making the decision, should brief the other staff member on the full facts of the case, ensuring they do not breach confidentiality in doing so.
    • If the line manager, Chief Executive, Deputy Chief Executive or another appointed individual agrees to breaching confidentiality, there should be a written record of this and the case file, detailing any action agreed undertaken. The line manager responsible for making the decision to breach confidentiality is responsible for ensuring all activities are undertaken.
    • If the line manager, Chief Executive, Deputy Chief Executive or another appointed individual does not agree to breach confidentiality, this is the final decision of the organisation.

No Adviser should be solely responsible for making the decision to breach confidentiality and before any breach occurs, agreement must be sought.

Ensuring effectiveness of the Policy

The following staff will be provided with copies of the policy:

  • Existing and new members of staff working in the Advice team
  • RUSU Data Protection Officer
  • Staff supporting the work of the Advice team
  • Chief Executive
  • Deputy Chief Executive
  • Any other appointed individual (who may take on role of Manager in cases considering breaching confidentiality)

Training will be given on the policy and procedures to new staff as part of an induction to the organisation or on-going training reviews when necessary.

The RUSU Advice team, RUSU Data Protection Officer and staff working in the ARC Centre who support the work of the RUSU Student Advice team, such as the Reception team and other members of the Advice and Representation Department are party to our Confidentiality Policy and will be asked to sign a Confidentiality Agreement.

The policy and procedures will be reviewed annually and agreed by the Advice Service Manager and Advice & Representation Manager.