Looking after personal information is part of everyday care. Each note we write, every plan we read or conversation we overhear could affect somebody’s sense of dignity.
Care Certificate Standard 14: Handling Information reminds us that sensitive details must be recorded, stored and shared correctly so the people we support feel safe and respected.
Care Certificate Standard 14 teaches care workers to record, store, share and protect personal information in a way that keeps it safe and legal, maintaining confidentiality and trust.
In this blog you’ll explore:
- What safe information handling means
- The types of records used in care
- Confidentiality and data protection
- Your responsibilities under Standard 14
- Practical tips for secure storage and sharing
- Key laws and regulatory guidance
Standard 14 is about protecting private information so that care is built on trust. Confidentiality is a fundamental right for people receiving care. It means only sharing information on a need‑to‑know basis – for example with colleagues directly involved in the person’s support – and never disclosing details to friends or family without permission.
Good record‑keeping protects wellbeing: accurate, factual notes ensure that everyone involved understands the person’s needs and choices. Leaving notes on a desk or discussing someone’s health in a corridor can quickly erode trust. Imagine popping in to check on someone and seeing their care plan open on the dining table. It wouldn’t feel respectful. Safe practices, like putting paperwork away and logging out of computers, create a culture of privacy.
Understanding What ‘Information’ Means in Care
Information covers much more than paper files. It includes written notes, digital records, care plans, medication charts and even what people tell us in conversation. Care plans are central records containing a person’s needs and choices, assessments of risk and agreed actions. They must be kept up to date, accurate, legible and free of jargon.
Sensitive data covers anything that can identify someone – names, addresses, health details, photos, financial information – and must be used fairly, lawfully and only when necessary. UK data protection law requires that personal data be kept accurate and up‑to‑date, retained only for as long as needed and stored securely. Some information, such as health status or ethnicity, is classed as particularly sensitive and has additional protections.
Protecting Confidentiality in Real Situations
Confidentiality isn’t just a policy – it’s how we behave day to day. We should protect information from accidental viewing or hearing. That means not chatting about an individual in the hallway, not leaving letters where others can read them and being mindful about sharing online. Breaching confidentiality through social media or by leaving a computer logged in can be a disciplinary offence.
Professional regulators stress that we must treat information about service users as confidential and keep records secure. This includes storing paper notes in a lockable cabinet, avoiding discussions in public areas and following employer policies. If information is lost, damaged or accessed inappropriately, we must inform our employer and take steps to prevent it happening again.
Your Responsibilities Under Care Certificate Standard 14
Safe practice depends on following agreed ways of working and legislation. Employers should have policies covering electronic and paper systems, including firewalls, password protection and secure storage. You must never share personal passwords or leave sensitive paperwork where others could see it. When using digital systems, log out when you leave a computer and use strong, private passwords.
Standard 14 also expects you to speak up if you see information being mishandled. Health and social care workers have a duty to report unsafe or incompetent practice; if concerns about confidentiality aren’t taken seriously, you may need to follow the whistle‑blowing procedure. If you notice an unlocked cabinet full of records, secure it and report the issue. Always document concerns in writing, sign and date the record and note who you reported it to.
5. Practical Ways to Keep Information Secure
Practical habits make all the difference. Here are some simple ways to handle information safely:
- Lock storage areas: keep files in locked cabinets or rooms; don’t leave them unattended.
- Use strong passwords: protect digital records with personal logins and effective passwords; never share your password.
- Check identity before sharing: make sure the person requesting information is authorised and that the individual has consented.
- Keep discussions private: talk about people’s care in private rooms, not corridors or communal spaces.
- Double‑check entries: make sure notes are clear, factual and dated; avoid opinion or gossip.
- Log out and tidy up: close electronic records before leaving a computer and put away papers when finished.
These small actions help prevent breaches and show respect for the people we support.
When Information Handling Becomes Challenging
Sometimes confidentiality can feel complicated. You might be working under pressure, juggling multiple tasks or asked to share information by a family member. Data protection legislation requires a lawful basis for collecting and processing personal data; consent must be freely given, specific, informed, unambiguous and withdrawable.
In practice this means you can’t share a person’s records simply because someone asks for them. Check whether the individual has given consent or if there is a legal reason to share, such as safeguarding concerns.
There are times when the duty to share information for an individual’s care is as important as the duty to protect confidentiality. If someone is at risk of harm, you may need to speak to your manager or safeguarding lead. Balancing privacy with safety requires judgement – when in doubt, follow your organisation’s policies and seek advice.
Laws and Guidance That Shape Good Practice
Two key pieces of legislation underpin Standard 14. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 control how personal data is used. They set out principles requiring information to be used fairly, lawfully, for specified purposes, kept to a minimum, accurate, up‑to‑date, retained only as long as necessary and stored securely. They also provide stronger protection for sensitive data, such as health information.
The Caldicott Principles, issued by the National Data Guardian, guide how confidential information should be used in health and social care. They include justifying the purpose for using information, only using confidential information when necessary, using the minimum necessary information, restricting access to those who need to know, ensuring everyone understands their responsibilities, complying with the law and recognising that sharing for individual care can be as important as protecting confidentiality. People should also be informed about how their information is used and what choices they have.
Professional regulators, such as the HCPC, reinforce these duties. They state that you must treat information about service users as confidential and keep records secure from loss, damage or inappropriate access. Organisations must provide policies and training to support safe practice.
How Care Certificate Standard 14 Links to the Wider Care Certificate
Handling information safely underpins many other Care Certificate standards. Clear, accurate records support person‑centred care by ensuring everyone understands the individual’s preferences. Safeguarding adults and children often involves sensitive information; knowing when and how to share protects people from harm while respecting their rights.
Duty of care requires you to act in the best interests of those you support, which includes protecting their privacy. Effective communication relies on accurate information and respect for confidentiality. By following Standard 14, you contribute to a culture of trust and quality across all aspects of care.
Conclusion
Every note, form and conversation carries weight. By taking care with information, we show people that their stories and details are valued. Following the principles of Standard 14 helps build trust and ensures that care is both effective and respectful.
Learning how to handle information safely isn’t just about compliance—it’s about protecting people’s dignity and keeping their private lives private. For structured, flexible learning that supports your growth and helps you master these skills, explore our Care Certificate Online Training Course.
Care Certificate Course - Standards (1 to 16)
Table of Contents
Frequently Asked Questions
Standard 14 teaches care workers how to record, store, share and protect personal information safely. It emphasises confidentiality, accurate record-keeping, secure storage and compliance with data protection law.
Handling information correctly protects the privacy, dignity and trust of the people you support. It ensures that all those involved have accurate, up-to-date information and prevents harm that could arise from breaches or inaccuracies.
Personal information includes anything that can identify someone – such as their name, address, health details, care plans, medication records or notes from conversations. Sensitive data, like health status or ethnicity, has extra protections under UK GDPR and the Data Protection Act.
Information handling is governed by the UK General Data Protection Regulation, the Data Protection Act 2018 and common law duties of confidentiality. The Caldicott Principles provide specific guidance for health and social care. Regulators like the HCPC and CQC expect organisations to comply with these laws and provide policies to support staff.
Keep paper records in locked cabinets or rooms and digital records behind secure logins and strong passwords. Make sure notes are factual, dated and legible, and avoid discussing sensitive information in public areas. Always follow your employer’s policies and report any concerns.
