Appliance of scientific principles and empirical validation






A product of the West Suffolk CBT Service Ltd


The Data Protection Act


The West Suffolk CBT Service is fully compliant with the Data Protection Act 1998. ICO registration number Z2684324.


Information sharing


Directors of the West Suffolk CBT Service are committed to sharing information  in order to ensure the most productive outcomes for service users. In doing this we will operate within our legal and professional framework as outlined by the BPS.


Confidentiality is important because service users expect that information about them will not be unnecessarily disclosed. Our service users will also assume and expect that their information will be dealt with in a professional manner. We are also bound by ethical and legal requirements as set out by the BPS.


Sharing information without Consent


Information will be shared in the absence of consent where the subject does not have mental capacity and it is in their best interest to share information between organisations.


A decision to share information without consent is not a routine  decision and is made on a case by case basis by West Suffolk CBT Service therapists. Information may be shared without consent when it is required for the prevention or detection of crime, to prevent serious harm or to preserve life. Information may also be shared without consent to comply with a court order.


Information may also be shared without consent if another person is involved, whether this is an adult, another vulnerable adult, or a child.


Caldicott Principles


In the NHS and Social Care services Caldicott principles have been adopted to guide the use of personal information. These have been adopted by the West Suffolk CBT Service since its inception 2007. Rules therefore incorporated into this Information Sharing Agreement and are


• Justify the purpose(s) of information disclosure

• Don’t use personally identifiable information unless it is absolutely necessary

• Use the minimum necessary personally identifiable information

• Access to personally identifiable information should be on a strict need to know basis

• Everyone should be aware of their responsibilities

• We should all understand and comply with the law


Within the West Suffolk CBT Service, our Clinical Director, Dr Nicola Ridgeway is our nominated Caldicott guardian, and all employees consult Dr Ridgeway for advice on information sharing.


Legal frameworks


The West Suffolk CBT Service works within the following legislation in terms of confidentiality.


• National Health Services Act 1977;

• Crime and Disorder Act 1998: provides any person the power to lawfully disclose information to the Police, local authorities, probation service, or health authorities, where it is in the public interest;

• Data Protection Act 1998: defines personal data, and governs the use of it (see below);

• Human Rights Act 1998: provides everyone with the right to respect for their private & family life, their home, and their correspondence;

• Health Act 1999;

• Freedom Of Information Act 2000: allows members of the public to have access to all types of information held by organisations in the public sector, with a number of exclusions;

• Local Government Act 2000;

• Criminal Justice Act 2003; and,

• Common Law Duty of Confidentiality; applies a duty of confidentiality to all public sector workers.


Data Protection Act


The West Suffolk CBT Service complies with the Data Protection Act (1988) (see below).


The Data Protection Act (1998), is legislation that governs the  collection, storage, and processing of information, in both manual and electronic forms.


• An individual must be clearly informed of what their information will be used for, they must understand this, and the data must only be used for the purposes that were originally stated;

• The individual’s consent must be explicitly gained to hold & process information.

• The individual’s consent must be explicitly gained if information is to be shared with, or processed by, another organisation, and then must only be shared in accordance with a clearly defined procedure and information sharing agreement;

• All information must be accurate, necessary & not excessive, kept up to date, and must not be kept for longer than necessary for the purposes stated;

• The individual can ask for a copy of their records at any time, subject to certain specific restrictions not outlined here; and,

• If the individual believes any data is incorrect they have the right to have the data corrected, or erased.


Practical measures on information sharing


The West Suffolk CBT Service follows the following framework with respect to confidential information.


• Written confidential information is locked away;

• Confidential information is not be disclosed unless the recipient has an explicit need to know;

• Extra care is taken when confidential information is being taken on public transport or other vehicles (this will be only if absolutely necessary);

• The of the identity and relationship of any telephone caller is established and recorded before any confidential information is disclosed;

• Discussions involving confidential information will be done in a private place where it is not possible to be overheard;

• Confidential information will only be emailed over safe email connections with files password protected as is standard practice and;

• When disclosing information about an individual, professionals will clearly state whether the information being supplied is fact or opinion, or a combination of the two.




The West Suffolk CBT Service views the concept of confidential information as follows


West Suffolk CBT Service employees have access to a great deal of confidential information, including personal information. Confidential  information is generally in one of two categories: Personally Identifiable Information or 'Information for therapist only, for example process notes. ‘Personally Identifiable Information’ (INFORMATION) is anything that can identify an individual, this includes, but is not limited to:


• Name

• Contact details

• Date of Birth

• Racial or Ethnic Origin

• Religious or other Beliefs

• Physical or mental health

• Sexual Orientation & sexual history

• NHS number, SWIFT number or other unique identifier


Information Governance at the West Suffolk CBT Service


The West Suffolk CBT Service works within a principle that information held by it represents its most valuable asset. In this respect, the West Suffolk CBT Service seeks to ensure that all information and information systems are protected against the many threats which affect confidentiality and overall service provision. Such threats may range from accidental damage to deliberate disclosure of sensitive information. Information security is the responsibility of every member of staff employed by the West Suffolk CBT Service.


The West Suffolk CBT Service information governance policy highlights the many steps that are involved in protecting information, whether this is information that is stored on computers, transmitted across public networks, stored within databases, printed, spoken during telephone calls etc. (Please see appendix).


What outcomes would we expect to achieve and how would we measure them.


With the level of experience and extensive training of therapists the West Suffolk CBT service expects a significant degree of change or progress consistent with the level of training of its therapists. In this respect, outcomes expected or degree of change reported are anticipated to be significantly greater than for an average therapist. Equally, it is expected that our therapists will have an enhanced ability to treat service users who have found previous treatment approaches unsuccessful, either in the NHS or elsewhere. Service user progress is measured using the West Suffolk CBT Service’s own self-report measures or by those provided by purchasers.


The West Suffolk CBT Service Ltd

Angel Corner, 8 Angel Hill, Bury St Edmunds