Freedom of Information Policy Version 6.0

Transcription

1 Freedom of Information Policy Lead executive Name / title of author: Date reviewed: September 2015 Chief Nurse, Executive Director for Risk and Governance Colin Owen, Information Governance and Data Security Lead Information 6 November Ratifying Date ratified: Governance 2015 Committee: Committee Target audience: All Staff Policy Summary: Equality Impact Statement: Training impact and plan summary: This policy ensures that the Trust is compliant on all levels with the requirements of the Freedom of Information Act University Hospital of South Manchester NHS Foundation Trust ( UHSM ) strives to ensure equality of opportunity for all service users, local people and the workforce. As an employer and a provider of health care, UHSM aims to ensure that none are placed at a disadvantage as a result of its policies and procedures. This document has therefore had an initial assessment, in accordance with the equality impact proforma incorporated in the Checklist for Review and Ratification of UHSM-wide Documents, to ensure fairness and consistency for all those covered by it regardless of their individuality. This initial impact assessment indicated that the potential discriminatory impact is low and therefore a full impact assessment is not required. New staff will require familiarisation training at induction and Information Governance training is mandatory every year. More detailed training will be given where necessary or for ad hoc requests. Training will be undertaken by the Information Governance department. Outline plan for dissemination: Via the Intranet and notification. Dissemination lead: name / title / ext n o Colin Owen, Information Governance and Data Security Lead, ext 3756 This version n o 6.0 Date published: 25/11/2015 This version (v6.0) November 2015 Page 1 of 24 Next review November 2018

2 Version Control Schedule Version Issue number date 4.0 May Oct Sept 2015 Revisions from previous issue Minor changes and revised internet links added and internal review arrangements strengthened. Minor changes following review of FOI process and revised internet links added and internal review arrangements strengthened. Minor changes Date of ratification by committee May st Oct 2013 Document Control Summary of consultation process Control arrangements Associated documentation and references Information Governance Committee 3 week staff consultation Monitoring of Policy Review Process outlined in the Policy Freedom of Information Act 2000 Environmental Information Regulations 2004 Data Protection Act 1998 DOCUMENT COMPLIANCE MONITORING ARRANGEMENTS Minimum requirement to be monitored % Compliance of FOI requests dealt with within 20 working days. Process for monitoring e.g. audit Responsible individual / group/ committee Frequency of monitoring Role responsible for preparation / approval of report and action plan Committee responsible for review of results / approval of action plan Individual / group / committee that is responsible for monitoring of action plan Audit Information Governance Committee Annual Information Governance Lead Information Governance Committee Information Governance Committee This version (v6.0) November 2015 Page 2 of 24 Next review November 2018

3 Contents Page 1. Introduction Policy Statement Scope of the Policy Principles The Freedom of Information Act Procedure for FOI Requests Refusal of Requests & Exemptions The Public Interest Test Provision of Advice & Assistance to Applicants Vexatious Requests Transferring Requests for Information Consultation with Third Parties Commercial Interests Test Application of Section 40 to named individuals Exemption from the right to know by the Data Protection Act Charges and Fees Complaints Procedure Monitoring the compliance of the FOI Policy Training Performance, Review & Management Non-Compliance Duties and Responsibilities Appendix A Request for information under the Freedom of Information Act Appendix B - Exemptions from Disclosure under the FOI Act Appendix C: Flowchart to determine how Requests are dealt with...24 This version (v6.0) November 2015 Page 3 of 24 Next review November 2018

4 1. Introduction 1.1. The Freedom of Information Act 2000, came in to force in January 2005, and is part of the government s commitment to greater openness in the public sector. The Act replaces the non-statutory Code of Practice on Openness in the NHS Under the Act any individual is able to make a request for information and is entitled to receive a written reply telling them whether the information is held, and to have the information communicated to them by a method of their request. The individual does not have to disclose the reason for their request. Exemptions from the duty to disclose can apply in exceptional circumstances Compliance with the Act is a legal duty and is overseen by the Information Commissioner Office (ICO). Complaints by the public are investigated where a public body is deemed to have failed to comply with the Act, and a decision notice is issued. In cases of repeated or deliberate non-compliance an Enforcement Notice can be issued, in extreme cases a public authority can be found in contempt of court and fined up to 500, Policy Statement 2.1. This policy ensures that the Trust is compliant on all levels with the requirements of the Freedom of Information Act It stipulates all requirements of the Act by a Public Authority to ensure that corporate information covered by the Act is available to members of the public in a timely manner, and in accordance with its statutory obligations. The policy ensures that all staff are aware of their responsibilities under the Act and that they are aware of the procedures for releasing information under the Act 3. Scope of the Policy 3.1. This document provides a framework to ensure that the Trust complies with the requirements of the Act. It applies to all Trust staff, students and contractors and is of particular relevance to the Information Governance Lead, FOI Administrator and nominated members of staff dealing with FOI responses within the organisation This policy applies to all written requests for specific information which is not routinely available via the UHSM publication scheme. 4. Principles 4.1. The University Hospital of South Manchester NHS Foundation Trust is committed to being open and transparent in the way it works, however the Trust recognises a need for an appropriate balance between openness and safeguarding both personal information about patients and staff and commercially confidential/sensitive information The Trust fully supports the principles of corporate governance and recognises its public accountability and will use all appropriate and necessary means to ensure that it complies with the Freedom of Information Act 2000 and the associated Codes of Practice issued by the Department for Constitutional Affairs. This version (v6.0) November 2015 Page 4 of 24 Next review November 2018

5 5. The Freedom of Information Act The Freedom of Information Act 2000 and the Trust Freedom of Information (FOI) Policy and FOI procedure cover the people s right of access to information, such as policies, reports, documents and statistics. The Freedom of Information Act 2000 does not give people the right to access commercially sensitive or personally identifiable information. The rules governing access to personal information are covered by the Data Protection Act 1998, and by the Trust s Confidentiality Code of Practice, Health Record and Clinical Keeping Policy and Data Protection Policy The main features of the FOI Act 2000 are: That from January 2005 the public have a general right of access to recorded information held by public authorities, subject to certain conditions and exemptions The Public Interest Test: a duty on public authorities to determine whether the public interest in maintaining an exemption outweighs the public interest in disclosure of the information in question, except where an absolute exemption applies A duty on every public authority to adopt and maintain a Publication Scheme specifically applicable to the NHS The creation of a new information Tribunal and Office of the Information Commissioner with wide powers to enforce the rights created by the Act and to promote good practice It gives the public: The right to be told whether the information exists and/or; The right to receive that information From 2013 a new provision has been added to the Freedom of Information Act: Section 102 of the Protection of Freedoms Act 2012 adds new provisions to FOIA (in particular sections 11 and 19) regarding datasets. The new provisions are about how information is released, rather than what information is released. They only relate to information that the public authority holds as a dataset, which is a defined term in the new provisions. They are about the re-use of those datasets that the public authority provides in response to a request or under a publication scheme. There is no new duty to provide any information in response to a FOIA request that was not previously accessible, and there are no new exemptions from that duty. If a public authority is providing information that constitutes a dataset and the requester has expressed a preference to receive the information in electronic form, the public authority must provide it in a re-usable form so far as reasonably practicable. A dataset is a collection of factual information in electronic form to do with the services and functions of the authority that is neither the product of analysis or interpretation, nor an official statistic and has not been materially altered. This version (v6.0) November 2015 Page 5 of 24 Next review November 2018

6 5.3. Publication Scheme A Publication Scheme is a commitment to routinely and proactively provide information to the public and is available on the Trust Website The Publication Scheme was developed by the ICO and adopted by the Trust. The scheme contains 7 classes of information: Who we are and what we do What we spend and how we spend it What are our priorities and how are we doing How we make our decisions Our policies and procedures Lists and registers The services we offer The Definition Document it will be specific to a sector (i.e. NHS) and will give examples of specific information that the ICO expect us to include in each class This guide will be compiled and provided to the public by the Trust. It will detail the information it makes available in the form of a directory, the format in which it can be accessed and any charges to be made. The publication scheme will be kept up to date by nominated staff within each department that publishes data as part of the scheme In addition the Trust will routinely publish responses to individual requests in the form of a disclosure log, these will just be the specific FOI question and the response Information Governance Committee will receive annual updates on compliance of the Publication Scheme Working Days In accordance with the FOIA and for the purpose of this document, working days are defined as days that are not a Saturday, Sunday, Christmas Day, Good Friday, or any day that is a bank holiday under the Banking and Financial Dealings Act 1971 in any part of the United Kingdom Routine Information (None FOI) Staff regularly provide information material that has been approved for this use by the Trust e.g. information leaflets or requests from another NHS Organisation. Staff will respond to such requests for routine information in a timely manner. These routine requests may be dealt with by any individual member of staff and do not have to be recorded General Rights of Access Applications All information requests received into the Trust in written format (including ) must be treated as a potential FOI request, and if so, must be responded to within 20 working days. All requests should be made in writing and include the person s name and a correspondence address. This version (v6.0) November 2015 Page 6 of 24 Next review November 2018

7 5.7. Verbal requests Staff should give a standard form to complete (appendix a) to the applicant making a face-to-face request for information that is not contained in our publication scheme. Staff should ask applicants making a telephone request to put their request in writing or fill in the form available via Information Governance pages of the website. 6. Procedure for FOI Requests 6.1. Stage One Upon receipt of requests All FOI requests for the Trust are dealt with by the FOI Administrator and such requests received should be forwarded to the FOI Office within one working day of receipt to foi@uhsm.nhs.uk On receipt of a request the FOI Administrator will: Identify members of staff nominated to respond to FOI request and forward request within two working days Respond to the applicant in writing within 3 working days confirming receipt of the request The request will be formally logged and an electronic version of the request will be saved on Trust systems If the applicant has not provided sufficient information the FOI Administrator will contact them for further clarification. The time limit for responding to requests will commence when clarification has been received If information is readily available through other means e.g. the Trust website, the applicant will be directed to the website and a printout provided for those who do not have internet access If the Members of staff nominated to respond to the FOI request, working with the relevant department, estimates that the cost of compliance with the request exceeds the appropriate limit set by the ICO fees regulations the applicant will be notified in writing of the estimated cost and where possible ways of providing the information more cost effectively will be suggested. The Trust can refuse to continue with the request, providing a refusal notice has been issued If the FOI Administrator believes that any of the information requested is exempt from disclosure under the FOI Act, that part of the request will be refused. See Section for further information on exemptions Where the FOI Administrator does not have sufficient information to respond to a request, he or she will request advice and assistance to the applicant Stage Two Accessing the information If you receive an FOI information request from the FOI office you must respond and provide the information via the FOI address foi@uhsm.nhs.uk within 10 working days. In exceptional circumstances where staff are unable to meet the 10 working day deadline the FOI office should be contacted promptly to agree an extension. This version (v6.0) November 2015 Page 7 of 24 Next review November 2018

8 If you are unable to meet the request due to the information not being held by the department or the request is unclear in its content, the FOI office must be informed within 3 working days to allow for re-direction or to request further clarification with the individual making the FOI request If it is estimated that the request will take over the appropriate limit (18 hours work / 450 in staff time), then advice must be sought via FOI office within 3 working days. You can refuse a request if deciding whether you hold the information would mean you exceed the cost limit, for example, because it would require an extensive search in a number of locations. Otherwise, you should say whether you hold the information, even if you cannot provide the information itself under the cost ceiling If it is found that more than one individual or department needs to contribute to an FOI request, then the FOI office will coordinate this, (you may want to suggest who may be the best individual to respond) The FOI Administrator will collate all responses and check if any FOI exemptions are applicable and send the draft response to be validated and approved by the relevant Associate Director of Operations. Once approval has been received the FOI Administrator will organise for the Chief Nurse to check and sign the draft response prior to sending to the requester. (Further verification may be required at this stage) Under no circumstances should staff respond directly to a Freedom of Information request from a member of the public, all such requests should be forwarded to the FOI office foi@uhsm.nhs.uk Stage Three Providing the Information If no exemptions apply, the information will be sent to the applicant within 20 working days of the request being received Information will be provided in the following formats: As a copy of the information By allowing the applicant to review a document on record which contains the information As a digest or summary of the information The format will be at the discretion of the Information Governance Lead, and will take in to account the request of the applicant and any statutory obligations, such as those set out in the Disability Discrimination Act All of this information and actions taken will be recorded in the individual file, as set up at the original application. 7. Refusal of Requests & Exemptions 7.1. When a request may be refused: The Trust s duty to confirm or deny whether information is held does not arise where: This version (v6.0) November 2015 Page 8 of 24 Next review November 2018

9 Further information is required from the applicant to identify and locate the information requested; and The Trust has informed the applicant of this requirement In the situation outlined above the FOI Administrator will seek advice and assistance The Trust does not have to comply with information requests where the information requested is exempt under the provisions made in Part II of the FOI Act, sections Exemptions may be either absolute or qualified (see Appendix C). The Information Governance Lead will advise Absolute Exemptions are exemptions to which the public interest test does not apply. For the Trust, the main absolute exemptions that are likely to apply are either that the information being requested is available via other means, for example, published via the publication scheme, or that the information requested is personal information and the applicant is the data subject (in which case the applicant could access the information under the Data Protection Act 1998) Qualified Exemptions only apply if the public interest test has been applied and it is decided that the public interest in maintaining the confidentiality of the information is greater than the public interest in disclosing it. Some exemptions only prevent the disclosure of information, whilst others remove the Trust s obligation to confirm or deny whether the information is held. However there are no absolute exemptions to the duty to confirm or deny. This is always subject to the public interest test The duty to comply with a request for information does not arise if the Trust estimates that the cost would exceed the appropriate limit established in the National Fees Regulations. However the Trust will fulfil its duty to confirm or deny where this can be done within the appropriate limit The Trust does not have to comply with a request for information if a fees notice (see section) has been issued to the applicant and the fee has not been paid within three months from the day that the fees notice is given to the applicant. In this situation the FOI Administrator will write to the applicant stating that their request has lapsed and the reason The Information Governance Lead will keep compliance costs to a minimum but reserves the right to: Refuse to disclose the information, or: Charge whatever costs of disclosure are above the appropriate limit 7.3. The Trust is not obliged to comply with a request for information if: The request is vexatious The request is identical or similar to a previous request by the same person with which the Trust has complied, and a reasonable interval has not elapsed between compliance with the previous request and the making of the current request The FOI Administrator will log all requests for information for monitoring purposes and will be able to identify repeated or vexatious requests. This version (v6.0) November 2015 Page 9 of 24 Next review November 2018

10 7.4. Procedure for Refusing Requests Before implementing this part of the procedure, the FOI Administrator will seek advice from the members of staff nominated to respond to FOI request and where appropriate seek legal advice. Any refusal will be subject to agreement by the the Caldicott Guardian or Head of Corporate Governance The FOI Administrator will keep a record of all applications where some or all of the requested information is withheld. This will help to maintain consistency in decision making Following a refusal of a request for information for any reason, the FOI Administrator will send a standard letter of refusal to the applicant. This standard letter is available via the Information Governance Lead Any notice issued by the FOI Administrator stating that the Trust is refusing to comply with a request for information will inform the applicant of: The Trust s complaints procedure and The applicants right under section 50 of the FOI Act to apply to the information Commissioner if they remain dissatisfied with the conduct of the Trust following attempts at local resolution of their complaint Where a request is refused on the basis that the information is exempt under the provisions made in Part II of the Act, the applicant will be informed within 20 working days of receiving the request, either that one of the exemptions relating to the duty to confirm or deny is relevant, or that the information itself is exempt from disclosure The notice will specify the exemption in question and state why the exemption applies If a decision as to whether the public interest test applies cannot be reached within 20 working days, a letter will be sent to the applicant estimating when a decision will be reached. 8. The Public Interest Test 8.1. The public interest test is applied where the Trust believes that the information requested may be covered by an exemption under the FOI Act. This differs from an absolute exemption where there is no right of access, for example information relating to security matters, or personal information, this is as defined by the Data Protection Act 1998 and will not exceed the statute of the FOI Act In deciding whether to disclose information which may be exempt, the Trust has to consider whether the public interest is better served by disclosing the information or by using the exemption as a reason to withhold. This might apply, for example, where disclosure of information could compromise the Trust s ability to provide a safe environment for staff or patients. The Trust cannot withhold information solely on the This version (v6.0) November 2015 Page 10 of 24 Next review November 2018

11 grounds that it does not serve the organisation s interest, for example, if disclosure would show the Trust in a bad light Information Commissioner website provides in more detail advice on applying the public interest test 9. Provision of Advice & Assistance to Applicants 9.1. The Trust s duty to advise and assist potential and actual applicants for information under the Act will be performed by Information Governance Lead Applicants will be advised of any issues inhibiting the processing of their application for information i.e. insufficient information provided, or excessive costs and any help or advice that can reasonably offered to make the application viable will be given This may come in a variety of forms and is at the discretion of the Information Governance Lead Repeated Assistance If following the provision of such assistance as described in section 9, the applicant still fails to describe the information requested in a way that would enable the Trust to identify and locate it, the Information Governance Lead will not seek further clarification. However, the Information Governance Lead will send any information that has been successfully identified, and will explain to the applicant why the request cannot be taken any further. The Information Governance Lead will also provide the applicant with the Trust complaints procedure and the applicant s rights under Section 50 of the FOI Act. 10. Vexatious Requests The Trust does not have to assist applicants whose requests are vexatious within the meaning of Section 14 for the FOI Act i.e., where the Trust has previously complied with a request for information, it is not obliged to comply with a subsequent identical or substantially similar request from the same person unless a reasonable time limit has elapsed, or the information has significantly changed In this situation a decision will be taken by the Information Governance Lead and legal advice sought where necessary, and ultimately approved by the the Caldicott Guardian or Head of Corporate Governance. 11. Transferring Requests for Information Information Held by another Public Authority Where the information being requested is held wholly or partly by another public authority the FOI Administrator will provide advice and assistance to the applicant. This is likely to include: (i) informing the applicant that the information may be held by another authority This version (v6.0) November 2015 Page 11 of 24 Next review November 2018

12 (ii) suggesting that the applicant re-applies to the correct public authority (iii) providing contact details for that public authority This list is not exhaustive and the FOI Administrator should be flexible in providing that assistance Situations where it appropriate to transfer a request If the Trust receives a request for information which it does not hold, but which is held by another authority, the request may be transferred. It should be noted holding includes holding a copy of a record produced or supplied by another person or body, but not records which are held on behalf of another person or body. If the information requested is held partly by the Trust and partly by another authority, the transfer will only be made in respect of the information held by the other authority Transferring a Request Where the FOI Administrator believes that some or all of the information is held by another public authority he/she should transfer the request direct to the correct authority. However before doing so, the FOI Administrator must (i) Liaise with the authority to confirm that it does hold the information in question (ii) Consider whether the applicant is likely to have any objections to the transfer If a transfer is deemed appropriate, but the FOI Administrator is unable to find out which public authority does hold the information, they must consider what assistance can be offered to help the applicant pursue their request If the FOI Administrator believes the applicant is likely to object to the transfer of the request, the consent of applicant must be sought. If the applicant does not give their consent, the FOI Administrator must contact the applicant and suggest that they make their request direct to the public authority All transfers must take place as soon as is practicable, and the FOI Administrator must inform the applicant as soon as this is achieved. 12. Consultation with Third Parties Where the Request affects Legal rights of a Third Party In some cases, the disclosure of information may affect the legal rights of a third party, for example where the information is subject to common law duty of confidentiality, or where it constitutes personal data within the meaning of the Data Protection Act 1998 (DPA) Where the information requested is personal data as defined in the DPA 1998, the FOI Administrator will refer to Section 40 of the Act, which makes detailed provision for the cases in which a request relates to such information, and the relationship between the Act and the DPA. This type of request may require specialist legal advice In some cases information can not be disclosed without the consent of a third party. For example where information has been obtained from a third party and disclosure This version (v6.0) November 2015 Page 12 of 24 Next review November 2018

13 without their consent would constitute an actionable breach of confidence as set in Section 41 of the Act. In such a cases, the FOI Administrator must consult with the third party with a view to seeking their consent to disclosure, unless such a consultation is not practicable, for example because the third party cannot be located or because costs of consulting them would be disproportionate Where a Request Affects a Third Party but not their Legal Rights Consultation may still be appropriate where the interests of a third party are affected by a disclosure, but not their legal rights. The FOI Administrator will consult where: (i) the views of a third party may assist in the Trust to determine whether an exemption under the Act applies to the information request (ii) the views of a third party may assist the Trust to determine where the public interest lies under section 2 of the Act The FOI Administrator may consider that consultation is not appropriate where the cost of consulting with third parties would be disproportionate. In this case they must consider the appropriate way forward given the individual circumstances of the request and the requirements of the Act Consultation is unnecessary where: (i) the Trust does not intend to disclose the information due to another exemption in the Act (ii) the views of the third party can have no affect on the decision of the Trust (iii) no exemption applies and therefore the information must be provided It is good practice for the FOI Administrator to consult with all third parties prior to the release of any information which concerns them, whether a statutory obligation applies or not. In some cases legal advice may be sought to settle any disagreements about release from third parties. 13. Commercial Interests Test Section 43 of the Act sets out an exemption from the right to know if: the information requested is trade secret, or release of the information is likely to prejudice the commercial interests of any person. (A person may be an individual, a company, the public authority itself or a legal entity.) Where information constitutes a trade secret it is not necessary to consider the harm it s release may cause, this is reason enough to withhold the information (subject to the public interest test) Information which does not constitute a trade secret can only be withheld if the public authority is satisfied that to release the information would harm somebody s commercial interests. This is referred to as the prejudice test, and further information can be found at This version (v6.0) November 2015 Page 13 of 24 Next review November 2018

14 Section 43 does not apply after 30 years, when the information is then considered historical In relation to trade secrets Section 43 does not remove the obligation to inform the applicant whether it holds the information that constitutes the trade secret. By contrast, where information requested is likely to prejudice the commercial interest of a party, section 43 not only provides an exemption from the obligation to communicate the information to the applicant, but can also provide an exemption from the requirement to confirm whether the information is held Section 43 is a qualified exemption, and is subject to the public interest test, see further information on the Information Commissioner s Website Application of Section 40 to named individuals Exemption from the right to know by the Data Protection Act Section 40 of the FOIA sets out an exemption from the right to know if the information requested is personal information protected by the DPA. The section has a fairly complex structure and refers in detail to DPA provisions and concepts This exemption will be applied on a case by case basis, however the Trust views all staff names as personal information under the Data Protection Act, and therefore has laid out provisions for dealing with requests which ask for the names and contact details of Trust Staff Names and contacts of all Executive Directors will be made available through the Publication Scheme and upon request for those who can not access the Publication Scheme. Any queries or information can then be cascaded down to the relevant staff. There is also an address where comments and queries can be sent, and forwarded to the relevant manager or staff member to answer. The Trust maintains that this provides reasonable access to all staff, without compromising the operations. Applicants can also contact relevant staff members via the central switch board Although the above has been laid out in policy, the Trust will assess each information request on a case by case basis, and where it is found that this information is already in the public domain, a request may be returned with more than the above information. 15. Charges and Fees Publication Scheme Charges Generally information will be provided free of charge. However, the Trust may charge to cover the cost of photocopying, printing and postage where multiple hard copies are requested, or information is to be copied in to another format Where charges are going to apply the FOI Administrator will issue a fees notice, and inform the applicant the information will be provided upon receipt of payment. A This version (v6.0) November 2015 Page 14 of 24 Next review November 2018

15 standard letter for this sits with the Information Governance ordinator. The information will not be provided until payment has been received Fees under General Rights of Access The Trust will follow the guidelines for fees regulations under the Freedom of Information Act 2000, issued by the Department of Constitutional Affairs on The Trust is not obliged to comply with requests where the cost would exceed the appropriate limit. In this case, the FOI Administrator should consider indicating what can be provided to the applicant before reaching the cost ceiling Where the cost to the Trust amounts to less than the appropriate limit, information will generally be provided free of charge. However the Trust may raise a charge to cover the cost of photocopying, printing, and postage where multiple page hard copies have been requested, or the information is to be copied to other media formats The calculation of fees will be done by the Information Governance lead and charges will only be made in agreement with the Caldicott Guardian Where charges are going to apply a fees notice will be issued to the applicant and the information will be provided on receipt of payment. A standard letter for this is held by the FOI Administrator. The information will not be provided until payment has been received Issuing a Fees Notice In all cases where the Trust chooses to charge a fee, either for the provision of information through the publication scheme or through a general right of access request, a fees notice will be issued to the applicant from the FOI Administrator. Applicants will be required to pay any fee within three months of the beginning with the day on which the fee notice is sent to them Once the applicant agrees to pay the fee, the FOI Administrator must arrange with the Finance department for an invoice to be issued to the applicant Once a fees notice has been issued the clock stops on the twenty day time limit until such time that payment is received Should the fee not be paid within the three month time limit the FOI Administrator will write to the applicant informing them that their request has lapsed, and the reason why we have been unable to complete their request. The FOI Administrator will also inform them of the complaints procedure and their rights under Section 50 of the Act to complain to the information Commissioner if they feel their application for information has been unfairly treated. In this situation the finance department should be informed that the invoice should be cancelled. This version (v6.0) November 2015 Page 15 of 24 Next review November 2018

16 16. Complaints Procedure Introduction Under the Freedom of Information Act 2000, the Trust is not legally required to have an Internal Review Procedure, however in order to conform with Section 45 code of practice an authority should have a review procedure in place This review procedure will be used to consider complaints from the applicants when they think the Trust has failed to: Provide the information they requested Respond to their requests within the statutory 20 day time limit (or failure of the Hospital to explain why longer than 20 days is needed) Give proper advice and assistance to help a complainant obtain the information required Give information in the form in which it was requested Properly explain the reason for refusing a request Correctly apply the exemptions Comply with the publications scheme Comply with the Data Protection Act In all FOI responses the applicant should be informed about its Internal review Process as well as the right of appeal to the Information Commissioner. It is good practice for all complainants to exhaust the Hospitals internal review process prior to contacting the Information Commissioner Purpose The internal review process is to enable the Trust to resolve complaints received from complainants fairly and impartially, and may result in previously taken decisions being reversed There is no statutory time limit for dealing with internal reviews, however the ICO lays out recommendations for all FOI complaints to be dealt with promptly and in any case within 20 working days. In exceptional cases and where good reason can be given the process may take longer, but should never exceed 40 days The internal review is carried out to establish whether: (i) The Freedom of Information Act has been properly applied (ii) The information requested genuinely falls between within the exemption(s) cited in the earlier response sent to the complainant. (iii) There have been any developments since the original response that should alter the Trust approach (iv) any weight should be given to additional points made by the complainant when registering the complaint (v) it is possible to provide any further information to the complainant. For example, redact documents, or provide alternative information. (vi) there is a public interest in overriding relevant exemptions (vii) there are any lessons for handling future complaints How to Conduct an Internal review under the FOIA This version (v6.0) November 2015 Page 16 of 24 Next review November 2018

17 Part IV of the section 45 code sets out the procedure for an authority to follow when an applicant complains about the response to his or her request, in particular: the review procedure should provide a fair and thorough review of handling issues and of decisions taken pursuant to the Act ; the review should be impartial and undertaken by someone senior to the person who took the original decision maker, but who is trained and understands the FOIA; it should enable a fresh decision to be taken on a reconsideration of all relevant factors to the issue; the review should be as prompt, thorough, clear and simple as possible. In the view of ICO, this should be a one stage procedure; authorities should keep all records of complaints and their outcome and monitor their own performance in handling complaints; any action required as a result should be carried out promptly FOIA Complaints Procedure Any written communication received by the Trust which expresses dissatisfaction with the way the Freedom of Information request was handled will be treated as a complaint, and subject to internal review. In direct correspondence to the applicant, the public will be directed to make contact with: Elizabeth Radahd FOI Administrator Ground Floor, Baguley Residencies Wythenshawe Hospital Southmoor Road M23 9LT Any written communication received by the Trust which shows it is not complying with the Publication Scheme will be treated as a complaint The Trust will endeavour to deal with complaints within 20 working days, or in any case with good reason, acceptable to the ICO, within 40 days The complaint will be handled by someone more senior than the original responder, and uninvolved with the original decision. This will always be someone with experience of the FOIA The complainant will be contacted in the first instance by the investigating officer and an informal resolution sought if possible. The complainant will be offered a meeting in accordance with the local resolution stage of the Complaints Procedure, prior to an internal review meeting being held Should an Internal Review meeting be necessary, all those involved in the original decision making process will be invited The meeting will be simple and informal, but it is important that the outcome is recorded together with the reasons for it. This version (v6.0) November 2015 Page 17 of 24 Next review November 2018

18 The actual decision will be made when those who provided information for the original request are not present The outcome Three possible outcomes of the review will be: (i) (ii) (iii) the original decision is upheld or the original decision is reversed or the original decision is modified and some further information sent In all events the complainant will be notified in writing, unless specified some other preferred means of communication. (i) (ii) (iii) If the original decision is upheld the complainant will be notified of the reasons behind the decisions, and of their right to appeal further to the Information Commissioner along with full contact details of the Commissioner s office. Where the review panel reverses original decision, the complainant will be informed and promptly sent the information requested. If the outcome of the review is to release some of the originally requested information, the complainant must be notified of their right to contact the ICO, and given the full contact details as laid out below: Information Commissioner s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF The Role of Information Commissioner The information Commissioner has overall responsibility for enforcement of the Freedom of Information Act If a case is appealed to the ICO, the office will write to the Trust and request further information to consider the appeal Usually this will be information that was originally requested from the Trust under the FOIA by the appellant as well as the Trust s reasons for non-disclosure If the ICO upholds a complaint and decides the Trust must disclose the information, a Decision Notice will be issued and served on both the complainant and the Trust. This will specify the information that must be disclosed and the time period for doing so When the Trust receives a Decision Notice, it has to comply, and refusal to do so may be treated as contempt of court if referred by the ICO to High Court If the Trust receives a decision notice that over-rules the previous action it took, it can either comply with the Notice or can appeal to the Information Tribunal; this will require considerable internal consultations. This version (v6.0) November 2015 Page 18 of 24 Next review November 2018

19 17. Monitoring the compliance of the FOI Policy Compliance with this policy will be monitored through an annual audit by the Information Governance Lead The audit shall evaluate the compliance of a sample of FOI requests Receipt time to Response Compliance of 20 working days Speed of Internal Compliance Internal Review process In addition a review of the publication scheme compliance will take place every six month The audit findings and recommendations will be presented to the IGC for review. 18. Training New staff will receive familiarisation training at induction Information Governance awareness training will be delivered to staff as part of mandatory training agenda every year Additionally, more detailed training to support FOI will be provided on an ad-hoc basis on request. 19. Performance, Review & Management All processes within Information Governance are monitored/audited to determine their effectiveness and to ensure they comply with Trust policies and procedures The Information Governance agenda is implemented and monitored by the Information Governance Committee that reports to the Clinical Standards Sub Committee which reports to the Quality Improvement Committee to Trust Board Responsibility for monitoring/auditing such processes rests with the Information Governance Lead Methodology used for monitoring/audit purposes is performed in various formats The frequency of monitoring/audit varies for each particular audit i.e. internal/external audit Monitoring will take place through the reporting of adverse events in relation to the management of freedom of information requests through the complaints procedure. These reports will be monitored by the Information Governance Lead and the Information Governance Committee The policy will be reviewed every three years in line with Trust policy. This version (v6.0) November 2015 Page 19 of 24 Next review November 2018

20 20. Non-Compliance Non-compliance with this policy by any person working for the Trust may result in disciplinary action being taken in accordance with the Trust s disciplinary procedure. 21. Duties and Responsibilities The Chief Executive has ultimate responsibility for ensuring the Trust complies with it s legislative requirements The Chief Nurse as Caldicott Guardian is responsible for the Information Governance Agenda which includes awareness of FOI and final sign-off of FOI responses When the Chief Nurse is unavailable a signature will be obtained from the Head of Corporate Governance Head of Corporate Governance. The Head of Corporate Governance will deputise for the Chief Nurse in terms sign off of the FOI responses When the Chief Nurse or Head of Corporate Governance is unavailable a signature will be obtained from an Executive Director The Associate Directors of Operations (or relevant Corporate Departmental Heads, if the request is not applicable relevant to directorates), are responsible for validating and approving FOI responses relevant to their service before final signature by the Chief Nurse or Head of Corporate Governance The Information Governance Lead, under the Informatics Directorate has delegated responsibility for the co-ordination and management of information governance, including all FOI responsibilities and works closely with the FOI Administrator The FOI Administrator responsible to the Information Governance Lead and is responsible for the recording of requests received, co-ordinating the responses, preparing the draft response ready for signature and sending the response when approved Members of staff nominated to respond to FOI request are responsible for the timely collection of information requested under the FOI Act and sending that information to the FOI Administrator well in advance of FOI due dates and where applicable keeping the publication scheme up to date for their departments Senior managers are accountable for the communication about compliance with Trust policy All staff are responsible for any records they create and what they do with the information they use. Every member of staff is responsible for responding to a request for information under the FOI Act 2000, these are co-ordinated by the Information Governance Lead/ FOI Administrator who will identify staff who need to respond to the request; under no circumstances should a Trust member delay sending information that could result in the Trust breaching the 20 working day time limit on a response. This version (v6.0) November 2015 Page 20 of 24 Next review November 2018

21 22. Appendix A Request for information under the Freedom of Information Act Request for Information under the Freedom of Information Act Please complete the form below, providing as much detail as possible, this will enable us to identify and locate the information requested. The data supplied in this form will be held on computer and paper files in accordance with the Data Protection Act 1998, and in addition to processing your complaint, will be used for statistical analysis, management, service improvement and audit. Please note we need contact details to which we can send our reply. Contact Details Title: Mr Mrs Miss Ms Forename(s): Surname: Contact Address: Postcode: Preferred contact telephone number: When is the best time to contact you: Office Hours Evenings Other Please state: address: Fax (if appropriate) Please state your preferred method of receiving the information you require: Fax Post Other Please state: If this application is being made on behalf of an organisation, please give details below. Details of the Request Please provide as much detail as, stating clearly and precisely what information you require; this will help us process your application efficiently. We may contact you for further information if we require further information, please note that we can not continue to process your application until the information we require has been received. This version (v6.0) November 2015 Page 21 of 24 Next review November 2018