Children have the same rights as adults over their personal data and who they wish their information to be shared with. However, there is no legal age defined in English law for children to consent to sharing of their information (see national guidance on the Information Commissioner's Office's (ICO) website).
The key issue here is the ‘competence’ of the child and, therefore, the child and their wishes must always be considered first. If the child is competent then their consent is required to disclose and use their information.
Children aged 16 or 17 are presumed to be competent for the purposes of consent to treatment and sharing information and are therefore entitled to the same duty of confidentiality as adults.
Children under 16 who have the capacity, maturity and understanding to take decisions about their own treatment (known as Fraser/Gillick Competent) are also entitled to make decisions about the use and disclosure of information they have provided in confidence (e.g. they may be receiving treatment or counselling about which they do not want their parents to know anything about). They can, therefore, prevent a person with parental responsibility from having access to their records if they wish.
From an Information Governance perspective, the main focus should always be on the child and their competence, maturity and understanding of the situation. If children under 16 years of age are involved then their Fraser/Gillick competence will need assessing in relation to them providing their own consent. If the child is competent and consents then staff must respect their wishes unless this is a risk to the child or someone else. Therefore, the Trust’s approach is that:
- For all children under 12 years of age, consent must be obtained from an authorised individual with parental responsibility for the child, or
- For children aged 12 years or above, the child must provide their consent unless they are not mature enough or incapable of understanding the request. If this is the case, then consent must be obtained from an authorised individual with parental responsibility for the child if such person is available. It is important to check and confirm that they have proper authority such as being a parent or legal guardian.
Staff requiring advice on the sharing of information relating to a safeguarding issue must seek advice from the Safeguarding Team.
When considering borderline cases, the following must be taken into account:
- where possible, the child’s level of maturity and their ability to make decisions of this nature,
- the nature of the information being requested,
- any court orders relating to parental access or responsibility that may apply,
- any duty of confidence owed to the child,
- any consequences of allowing those with parental responsibility access to the child’s information (this is particularly important if there have been allegations of abuse or ill treatment),
- any detriment to the child if individuals with parental responsibility cannot access this information, and;
- any views the child has on whether their parents can have access to information about them.
If the healthcare professional, in their professional opinion and capacity, does not believe the child is capable of understanding the full nature of the application and that releasing the information will not be in the child’s best interest, they are entitled to deny access to the requestor.