Freedom of Information Request: 0601 2019/20
Your trust whistleblowing policy indicates that whistleblowing cases must be handled confidentially:
- Please can you advise on how confidentiality, including about whistleblowers’ identity, is ensured through the management of the trust’s Freedom To Speak Up case files?
Contacts are able to access the Freedom To Speak Up Guardian (FTSUG) at University Hospitals Birmingham (UHB) through multiple routes: direct personal UHB email, direct generic UHB email accessible only by the FTSUG, direct personal University email, Trust phone line, Trust Blackberry, personal mobile phone, and personal assistant to the FTSUG (for his university work, not Trust).
Contacts are informed at each meeting that complete confidentiality is assured unless there is evidence of illegal activity or patient safety is compromised, and even then the identity of the contact can be protected. Contacts receive a typed report by the FTSUG. Provided the contact agrees, this report is shared under pre-defined conditions of confidentiality with the most senior line manager empowered to address the concerns raised.
- How is case file data stored?
Individual reports are stored electronically on an encrypted Mac computer in the FTSUG’s office, and on an encrypted Mac laptop held by the FTSUG.
Summary data are held in an excel file. Anonymised non-identifiable summary case data are reported to the National Guardian’s Office quarterly, by web access.
- If the Freedom To Speak Up case file data is stored electronically, who has authorised access?
The FTSUG only.
- Who authorises the access?
- How secure is the electronic database?
The FTSUG’s office has a security code lock and is in a protected access part of the hospital. See above for other details.
- Is it possible for anyone to have unauthorised access if they choose to deviate from the trust’s policy of confidentiality & from trust procedures?
- Is a record generated of who accesses the database?
The database can only be accessed by the FTSUG.
- How would the trust know if there had been unauthorised access?
The Trust would be informed immediately by the FTSUG and a report made under the GDPR.
- How does the trust manage potential conflict of interest, to ensure that individuals who are the subject of whistleblowing disclosures cannot see the files about the whistleblowers in question?
The only way this could occur is if the FTSUG’s report were to be shared by the Divisional Director with the persons concerned, without the approval of the FTSUG or the contact. The level of confidentiality is made clear when the FTSUG discusses the case with the relevant manager. All reports are watermarked ‘confidential’.
- Are specific IT access and or passwords required in order to access the case files?
- Does anyone other than the Freedom To Speak Up Guardian(s) access the Speak Up case files?
- If so, whom?
- Have there been any instances of un-authorised access?
- If so, how many?