National Guidance for Child Protection in Scotland: Guidance for Health Professionals in Scotland

This guidance is intended to act as a practical reference point for all healthcare staff working within an adult and child service context.

It highlights the specific roles and responsibilities of specialist staff working in particular settings wherever children and young people will usually be seen.

It sets out the framework to aid practitioners in their role in dealing with child protection concerns.

Chapter 7 Caldicott Guardian, Information Sharing and Record Keeping

This section:

  • Provides general principles for information sharing.
  • Gives details of the role of the Caldicott Guardian.
  • Provides links to professional codes of conduct and guidance.

Information Sharing

Healthcare staff have a duty to share information when a child or young person may be at risk of significant harm. This will always override a professional or agency requirement to keep information confidential. Information should be disclosed only for the purpose of protecting children and young people and therefore should be relevant and proportionate and shared promptly and effectively when necessary. Healthcare staff should seek their professional bodies guidance if unsure.

Information sharing for child protection - general principles:

  • The safety, welfare and wellbeing of a child or young person are of central importance when making decisions to lawfully share information with or about them.
  • Children and young people have a right to express their views and have them taken into account when decisions are made about what should happen to them.
  • The reasons why information needs to be shared and particular actions taken should be communicated openly and honestly with children or young people, and where appropriate with families.
  • In general, information will normally only be shared with the consent of the child or young person (depending on age and maturity). However, where there are concerns that seeking consent would increase the risk to a child or young person or others or prejudice any subsequent investigation; information may need to be shared without consent.
  • At all times, information shared should be relevant, necessary and proportionate to the circumstances of the child or young person, and limited to those who need to know.
  • When gathering information about possible risks to a child or young person, information should be sought from all relevant sources, including services that may be involved with other family members. Relevant historical information should also be taken into account.
  • When information is shared, a record should be made of when it was shared, with whom, for what purpose, in what form and whether it was disclosed with or without informed consent. Similarly, any decision not to share information should be recorded.
  • Agencies should provide clear guidance for practitioners on sharing information. This should include advice on sharing information about adults who may pose a risk to children or young people, dealing with disputes over information-sharing and clear policies on whistle-blowing.

Healthcare staff should seek advice if they are not confident about sharing information. This advice can be obtained from line managers, NHS child protection team or Caldicott Guardian.

Health Professionals will be aware of their duty of confidentiality in relation to one-to-one consultations and in relation to written health records or consultations. However, there will be circumstances where information relating to a patient or patients should and can be released without breaching these principles. Responsibility for ensuring that patient-identifiable information remains confidential is both an organisational and individual one. It is the responsibility of the Caldicott Guardian to facilitate understanding and awareness of that responsibility and to ensure that all such activities within an organisation are lawful -

The Caldicott Guardian:

  • Can advise on individual cases where there are any concerns about the potential for the disclosure of patient-identifiable information.
  • Has a particular responsibility for reflecting patients interests regarding the use of patient identifiable information.
  • Is responsible for ensuring patient identifiable information is shared in an appropriate and secure manner.

Each Health Board will have a Caldicott Guardian who may be:

  • An existing member of the management board of the organisation.
  • A senior health professional.
  • An individual with responsibility for promoting clinical governance within the organisation.

It is particularly important that the Caldicott Guardian has the seniority and authority to exercise the necessary influence on policy and strategic planning and carry the confidence of his or her colleagues.

All GP or Dental Practices, Opticians and Pharmacists must meet their information governance obligations. The Medical Director of the aforementioned may take up the role of Caldicott Guardian. All patients have a right to expect that:

  • Information relating to them will be properly created and managed.
  • It will be handled in confidence.
  • Patient-identifiable information will only be shared with those whose justification for receiving such information has been rigorously tested.


In practice, all patient information, whether held on paper, computer, video or audio tape, or even when it is simply held in the memory of a health professional, must not normally be disclosed to a third party without the consent of the patient. This duty applies regardless of age, mental health or capacity.

There are however four sets of circumstances in which the disclosure of confidential information to a third party is lawful:

  • Where the patient has given consent
  • Where disclosure is in the overriding public interest
  • Where there is a legal duty to disclose for example by court order
  • Where there is a statutory basis which permits disclosure

Records Management

Record Keeping

All health professionals have a responsibility to have accurate contemporaneous records in line with their professional bodies, for example, the Nursing and Midwifery Council and General Medical Council.

NHSScotland Code of Practice on records management overnment Records Management: NHS Code Of Practice (Scotland) Version 2.1 January 2012

All Staff

All NHS staff, whether clinical or administrative, who create, receive and use documents and records have records management responsibilities. All staff must ensure that they keep appropriate records of their work and manage those records in keeping with the records management codes of practice and the relevant policies and guidance within their Board.

NHS organisations need robust records management procedures to meet the requirements set out under the Data Protection Act 1998, the Freedom of Information (Scotland) Act 2002 and the Environmental Information (Scotland) Regulations 2004. In addition they will be required to produce and implement a records management plan under the terms of the Public Records (Scotland) Act 2011.

Records are a valuable resource because of the information they contain. High quality information underpins the delivery of high quality evidence-based healthcare, accountability, clinical and corporate governance and many other key service deliverables. Information has most value when it is accurate, up-to-date and accessible when it is needed. An effective records management service ensures that information is properly managed and is available whenever and wherever there is a justified need for information, and in whatever media it is held or required to:

  • Support patient care and continuity of care.
  • Support day-to day-business which underpins the delivery of care.
  • Support evidence-based clinical practice.
  • Support sound administrative and managerial decision making, as part of the knowledge base for NHS services.
  • Meet legal requirements, including requests from patients or other individuals made through provisions of the Data Protection Act 1998 or Freedom of Information (Scotland) Act 2002 legislations.
  • Assist clinical and other audits.
  • Support improvements in clinical effectiveness through research and also support archival functions by taking account of the historical importance of material and the needs of future research.
  • Support patient choice and control over treatment and services designed around patients.

The NHS Board is responsible for ensuring that it corporately meets its legal responsibilities, and for the adoption of internal and external governance requirements.

The Chief Executive: has overall responsibility for records management in the NHS Board. As accountable officer he/she IS responsible for the management of the organisation and for ensuring appropriate mechanisms are in place to support service delivery and continuity. Records management is key to this as it will ensure appropriate, accurate information is available whenever required.

Professional Regulations

All health professionals should refer to their own professional bodies for advice.


All doctors should be aware of their professional responsibilities in dealing with child protection. The GMC has produced child protection guidance for all doctors - Protecting Children and Young People: the responsibility of all doctors13 . In addition, doctors must be familiar with their Health Board child protection policies, and know how to access Child Protection Advice from colleagues at any time of the day or night.

Nurses and Midwives

All nurses and midwives will be familiar with the Nursing and Midwifery Council Code: standards of conduct, performance and ethics for nurses and midwives 2008.14


Email: Fiona McKinlay

Back to top