Adult Support and Protection (Scotland) Act 2007: guidance for General Practice

Revised guidance to reflect developments in policy, practice and legislation both in the overall context of adult support and protection and in day-to-day activity. It provides information and detail to support practical application of the 2007 Act for GPs and staff in General Practice.

Information - To Share or Not To Share – Checklist

With specific reference to the circumstances of the case, before making a referral, consider:

  • Is the sharing justified at this time?
  • Does the duty to protect the individual outweigh the duty of confidentiality?
  • What are the benefits to the individual of sharing, or the risks of not sharing, information?
  • Are there wider risks from sharing or not sharing (to other family members etc.)?
  • Are you sharing special category data? (see section below under Data Sharing)
  • Are you able to identify a condition for processing from Article 9 UK GDPR that you can you rely on?
  • Do you need to identify an additional condition from the DPA 2018? – see section below on special category data.
  • Are there relevant exemptions?
  • Are there other relevant statutory requirements, legislation or restrictions to consider? e.g. Adults with Incapacity (Scotland) Act 2000 ; Mental Health (Care and Treatment) (Scotland) Act 2003 ; Child Protection; reporting a crime etc.
  • Is there a legal obligation to share? (for example a statutory requirement or a court order)?
  • Is there an organisational / in house protocol, e.g. a Data Sharing Agreement?
  • Are there other similar, relevant, cases which ought to be considered?
  • Is authorisation required within your organisation to make the decision?
  • Should legal advice or other guidance be sought? E.g. ICO Helpline.

If you decide a referral is needed, and information is to be shared, consider:

  • Has the individual's attorney or guardian, if relevant, been consulted?
  • Should any other person be informed ahead of, or after, sharing?
  • In terms of consent under UK GDPR see Why is consent important?
  • Has the individual been consulted with openness and transparency? If not, reasons should be documented. Note that the controller's fairness and transparency obligations under data protection law must also be referred to
  • Are there suspicions that alerting the patient to concerns could place them at greater risk?
  • What information should be shared?
  • What is fact and what is opinion?
  • How should the information be shared / stored?
  • Record the decision, actions and reasoning.
  • What information was shared and for what purpose.
  • Whom it was shared with.
  • When it was shared.
  • The justification for sharing.
  • Whether the information was shared with or without the subject's consent.



Back to top