CQC published ‘information’ for providers on the use of covert and overt surveillance on 16 December 2014. This article discusses that information, and explores some of the problems raised by it.
The Information Published by CQC
The document specifically states that it is not attempting to give ‘guidance’ or ‘legal advice’ to providers on whether to use surveillance systems. Even more importantly, it stresses that CQC does not require providers to use surveillance.
The following is a summary of the key points made:
- Providers should comply with the Human Rights Act 1998. In particular, the benefits of using surveillance should be weighed against the impact on service users’ privacy. CQC recommends conducting a privacy impact assessment and taking steps to limit any intrusion on a person’s privacy such as repositioning cameras at particular times or limiting the times when they are in use. Providers should document how they have addressed privacy concerns;
- Providers must also ensure they (and anyone using surveillance) complies with the Data Protection Act 1998. This requires that surveillance must only be carried out in the pursuit of one or more legitimate purposes and that it is necessary, proportionate and fair. Consideration should be given as to whether other steps could be taken which are less intrusive of a person’s privacy. Information gathered for one purpose must not be used for another incompatible purpose. For example, recordings made to protect a service user from abuse must not be used as a record of staff time-keeping for disciplinary purposes;
- Providers should document the reasons for using surveillance (e.g. for the prevention and detection of crime), conduct and keep a record of a ‘needs assessment’ which identifies whether such surveillance supports the needs of the service user, and record any alternatives to surveillance which are considered, together with the steps taken when deciding to use surveillance. CQC inspectors will be expecting such records to be readily available;
- Where possible, providers should consult with service users, families, regular visitors and staff on whether and how to use surveillance. This should be an ongoing rather than a ‘one-off’ exercise. Providers should provide information on the type of surveillance being considered, its location, purpose, what information will be collected, where and how it will be stored, who will have access to it and how it will be stored. CQC will usually be expecting to see written evidence of such consultations when they inspect;
- All staff and contractors involved in the use of surveillance systems should receive appropriate training. (We would advise providers to keep this information on a training matrix so there is documentary evidence of such training). Providers should also keep records of who is responsible for the operation of any surveillance system and for the management of information obtained through this system;
- Any equipment used must be safe, suitable and properly maintained;
- Information obtained or recorded must be kept secure with those able to obtain access to it fully aware of their legal responsibilities. Any information kept electronically should be kept safe through the use of strong passwords. There should be clear policies and procedures for handling requests for information under the Freedom of Information Act 2000, as well as on the secure retention and destruction of information;
- Wherever possible, staff, service users and visitors should be informed about the use of surveillance. Any surveillance which is in a non-public place (e.g. a service user’s private room or home) or set up in a location which is likely to capture very sensitive personal information (e.g. a prayer room for service users) is more likely to require the explicitconsent of the service user. It is unlikely to be lawful to use surveillance to directly observe a person’s intimate care or medical treatment. Inspectors will expect to see the relevant records;
- Where service users lack capacity to understand or consent to the use of such surveillance, providers must follow the principles of the Mental Capacity Act 2005. If surveillance is being used to prevent service users from leaving a residential care home, a DOLS application ought to be made to the relevant local authority. Where explicit consent is required in relation to those lacking capacity, providers must seek the consent of the person with the relevant power of attorney. If this is not available, an application to the Court of Protection may be necessary, since a ‘best interests’ decision under the Mental Capacity Act 2005 will not suffice in such circumstances. Clear records ought to be kept;
- Any covert surveillance is more likely to capture very personal information. The use of covert surveillance must therefore satisfy a more pressing and legitimate aim than the use of overt surveillance to remain lawful and proportionate. Any covert surveillance should be limited in time and purpose and deal with a specific problem rather than be ongoing;
- Where surveillance is installed by third parties, providers should consider whether the surveillance is unreasonably intruding on their privacy. This must be properly assessed, with appropriate records kept, and the service user should not suffer any detriment of care if such surveillance has been used by their relatives without the provider’s knowledge. If providers are concerned about intrusions on privacy it would never be appropriate to deliberately damage a surveillance device or deliberately delete information recorded by it. Indeed, doing so would probably amount to a criminal offence. However, switching a camera off, providing the appropriate assessment has been done, or removing it for safe-keeping and returning it to its owner would not be. (We would however advise providers to think carefully before switching a device off as it could subsequently create an impression that there was something illicit going on at the service which they wished to cover up).
CQC emphasises that they would be concerned by an ‘over-reliance’ on surveillance to deliver key elements of care and states that this can never be a substitution for trained and well supported staff. Providers are also to bear in mind that surveillance can have a negative impact on the bond of trust between employers and their staff or between service users and staff.
Problems with CQC’s information
CQC refrains from going into very much detail on the relevant legislation. For example, whilst they stress that providers should comply with the Regulation of Investigatory Powers Act 2000, no further information about this is provided. Moreover, very few examples are provided about how to put their key points into effect.
Ridouts’ position is that if surveillance is to be used it should be overt rather than covert. We would also advise you to seek legal advice if considering the use of any form of surveillance given the number of legal issues which will need to be considered in any situation where surveillance is being used.
CQC will be publishing new guidance on surveillance when the Fundamental Standards come into force in April 2015. We would advise providers to review this guidance when it is published by CQC.