Social worker sanctioned for ‘clearly inappropriate’ sharing of sensitive data

The social worker sent private service user information to a personal email address

confidential
Photo: vchalup/Fotolia

A social worker has been sanctioned by the Health and Care Professions Council (HCPC) after she forwarded confidential service user information to a personal email address.

The children’s social worker was given a one-year conditions of practice order by a fitness to practise committee following the “clearly inappropriate” sharing of information between the two email accounts without redacting or encrypting the information.

The emails contained sensitive information relating to and identifying service users.

The panel also found the social worker failed to update notes on her council’s electronic case management system, or keep adequate written records of her meetings with children.

‘Clear breach’

In her evidence, the social worker claimed that forwarding the emails was not inappropriate, but the panel found otherwise.

“It is also a clear breach of any Data Protection Policy to send confidential information in this way. The panel considered that the explanations given by the registrant for this behaviour could not in any way justify these serious breaches of data protection and the subsequent risks thereby posed in relation to breaches of confidentiality,” the panel said.

“The registrant made no attempt to redact or encrypt the confidential emails or attached documents, thereby putting service users and their families at risk of their confidential information being exposed,” it added.

The social worker argued that poor case recording was caused by “limited access to stationery”, and there was confusion about her having two supervisors.

Harm

However, she “failed to satisfy” the panel in her explanations for failing for eight months to complete e-learning required to access the local authority’s case recording system.

The panel concluded that the social worker’s failings had the potential to cause harm to service users and their families and gave her a 12-month conditions of practice order.

“[Failings] have not been remedied and although in giving evidence, the registrant made a number of apologies, they do not appear to fully relate to failures of record keeping and the importance of confidentiality and seem to be made to minimise her responsibility.”

As part of the order, the social worker must work with a supervisor to make a personal development plan designed to address “deficiencies” in case recording, data protection and confidentiality.

More from Community Care

6 Responses to Social worker sanctioned for ‘clearly inappropriate’ sharing of sensitive data

  1. Stephen October 12, 2017 at 6:44 pm #

    I agree with HCPC decision; there is no explanation to justify the action of the Social Workers lesson(s) learned I hope

  2. Anthony October 12, 2017 at 8:13 pm #

    I think employers should be supporting social workers via supervision and disciplinary procedures should be used but not always automatic HCPC input as they do not appear to have a clear understanding of the pressures and stress under resourced social workers are experiencing and tend to be living in cloud cuckoo land the way they are dishing out punishments and ruining the social workers lives and careers. HCPC should only be used for very serious cases of misconduct.

  3. Anonymous October 12, 2017 at 8:21 pm #

    How disgraceful that this body’s punitive sanctions target the sw profession disproportionally. Was management not aware of this? Did they sanctioned it and then conveniently targeted the sw for her failings? Did she have the tools to do the job? of course not! I bet she did not chose to work on her own unpaid time at home without management suggesting she email sensitive material to herself. Fed up that not only the media and politicians targeting sws- we have a body we pay for that does the same!

  4. Tom J October 13, 2017 at 11:37 am #

    Why could the Local Authority not deal with this internally? There is clearly no malicious intent, instead she was clearly not thinking through the potential data protection risks.

    I gain the impression that Local Authorities are now using the HCPC to save them from having to do their own investigations/capability procedures. Or worst case scenario- they are putting the social workers through both.

  5. John Smith October 15, 2017 at 6:59 am #

    I’d suggest people read the full details of the hearing before rushing to comment. It’s available online, as are many other HCPC hearings:

    https://www.hcpts-uk.org/hearings/listing/201710021000-final_hearing-sw66426

    What the report doesn’t mention is that the registrant admitted a number of allegations at the start of the hearing.

    In this case, the social worker is still on the HCPC register but a conditions of practice order applies for 12 months from the date of the order.

    Do the other commentators believe that it’s acceptable for social workers to send work records to a private email address? Is that what you tell service users about how you are going to handle their data?

    I fully expect this comment will never be published, as social workers can’t stand the slightest criticism and believe they should never be regulated.

  6. Hidden Figures October 18, 2017 at 6:06 pm #

    Well, what a fiasco. two supervisors and a failure of training. It seems to me that whilst the SW cannot justify her actions fully and does need to take responsibility, why is there or is there a lack of resources. As a Supervisor to not ensure that basic data protection training hadnt been accessed I believe that is a failure which warrants exploring.

    I have read some HCPC decisions and some clearly mention resourcing issues, lack of good or effective supervision but often this is minimised or ignored, it seems to me that HCPC need to get of their high horses and start recognising that these are challanges that some professionals navigate all day and everyday.