You are in the Data Zone
Note: These use cases are a first draft, and in some cases are still under initial development. Whilst based on countless conversations with professionals and members of the public, they haven't yet been validated. Comments on the use cases are particularly welcome.
Use case:
4. SERVICES SHARING INFORMATION WITH A CARER OR PROXY
A high-level use case covering situations when people want someone else to talk to services on their behalf, specifically in situations where there is no Power of Attorney in place.
Key parameters are:
The person has given their consent for their partner, relative or friend to deal with certain things on their behalf on an ongoing basis.
The services involved need to respect the person's wishes and speak to the partner, relative or friend without them having to jump through hoops every time they get in contact.
There need to be appropriate safeguards in place to ensure that (a) consent has been freely given in the first place, (b) the person can withdraw their consent (or change what it covers) if they wish to, and (c) the partner, relative or friend doesn't abuse the arrangement or overstep its limits.
These safeguards will vary between one scenario and another. They may need to be more rigorous in the case of (say) someone's bank account or medical records than their electricity bill.
This use case operates under the lawful processing basis of consent (GDPR Art. 6 (a) and Art. 9 (2)(a).
The priority data below is the information organisations should be keeping on record, and doesn't cover the information they share with the partner/relative/friend, which will be specific to each scenario.
As
a person with a daughter who deals with day-to-day stuff for me
I need
the organisations which provide me with services to talk to her on my behalf, without asking me for my permission every time
so that
my daughter can do the things I need her to on my behalf, and neither she nor I have to keep having the same conversations with contact centres.
As
someone who needs to communicate with services on behalf of my mum (with her consent)
I need
organisations/services to keep a record of my mum's consent for me to act on her behalf
so that
I can deal with the stuff my mum needs me to deal with, without the constant frustration of "We can only speak to your mother herself" or "We need your mother to agree that we can talk to you", when they've been told that over and over again already
Priority information
Choices and preferences
Any record of a Lasting Power of Attorney which has been registered with the Court of Protection, including whether it is an LPA for property and affairs or personal welfare; in the latter case, whether it includes the power to make end-of-life decisions. This needs to be recorded whether or not the LPA has been put into effect.
Useful information
Background
There is a straightforward scenario where someone has granted their partner or a relative or friend a Lasting Power of Attorney or similar instrument, allowing them to act on their behalf, and requiring services to comply.
There is a far more common scenario where somebody will want their partner, relative or friend to deal with certain matters on their behalf, but where a formal Power of Attorney isn't in place. This use case covers these situations.
This issue is raised in Think Local Act Personal's "Data for People" report, and may also be relevant in The Money Advice Trust's work on data sharing across the essential services sector.
Some mechanisms do exist for this. For example:
A bank or utility company may accept a Mandate of Authority, which can be either verbal or written
There is general acceptance in the NHS and social care that this might happen. Individual services (a GP practice, social care department or care provider) will usually be able to record someone's consent to share/discuss their data with a partner, relative or friend. However, there is no consistent mechanism for doing so.
Further narrative
There is a need for a consistent mechanism to record someone's consent to share/discuss their personal information with a partner, relative or friend.
To work effectively, this would need to follow the approach taken in the Accessible Information Standard, i.e. the record of consent needs to be:
captured in a structured format
flagged so it is immediately visible to any professional who needs to see it
shared (with the person's consent) with any other professionals or services it applies to
acted on by the professionals or services it applies to, without putting the partner/relative/friend through the wringer every time they get in contact.
There may also be cases where someone doesn't want information shared with, or discussed in the presence of, a partner/relative/friend. One example might be a Gillick competent teenager who doesn't want aspects of their health records discussed when their parents are present. Another might be a carer who has support needs of their own, but doesn't want them brought up in the presence of the person they care for.
More detailed use cases will be needed to explore different scenarios in more depth and to identify workable solutions.
Risks
Risk
Partner/relative/friend oversteps the limits that have been set for them to act on someone's behalf
Mitigation
Needs careful consideration from the outset in designing any mechanism.
Risk
Organisations are unwilling to accept an external record of someone's consent for a partner/friend/relative to discuss matters or act on their behalf
Mitigation
If a "Tell us Once" mechanism can be developed for this, essential to have early engagement with all service types/sectors who might be affected by it, and to gain endorsement from the key national organisations (e.g. regulators) who oversee these services.
