Freedom of information procedure
Date: May 2024
Review date: April 2029
Version 1.0
Introduction
The Freedom of Information Act 2000 (FOIA) provides public access to information held by public authorities, including the Trust. Under the FOI Act, the Trust is obliged to publish certain information about its activities and external parties are entitled to request information from the Trust (FOI requests). The fundamental principle underpinning FOIA is that people have a right to know about the activities of public authorities, unless there is a good reason for them not to.
This document provides guidance for the Trust’s stakeholders on the procedures that the Trust will follow for dealing with FOI requests made to the Trust. Application of these procedures will ensure the Trust fulfils its obligations under the FOI Act efficiently and effectively.
The Information Commissioner’s Office (ICO) has published extensive guidanceon the FOI Act and responding to FOI requests. The Trust will have regard to that guidance as appropriate when dealing with particular cases.
These procedures apply in respect of any written (e.g., email or letter) requests for information received by the Trust, but exclude requests made by individuals under the Data Protection Act 2018 for a copy of information the Trust holds about them (Subject Access Requests)
An FOI request does not need to specify that is being made under the FOI Act for the provisions of the Act to apply
The Tavistock and Portman NHS Foundation Trust, (“the Trust”) is committed to the principles of openness, transparency and accountability embodied in the Freedom of Information Act 2000 (“FOIA”) This procedure establishes a framework which underlines the Trust’s commitment, and provides a benchmark against which implementation can be audited.
This procedure has been developed and implemented in the context of other Trust policies and guidelines, national legislation and codes of practice, and sectoral/professional standards.
Requests for environmental information will be handled in accordance with the Environmental Information Regulations 2004.
Purpose
This procedure has been established to ensure that the Trust meets its legal obligations under the legislation, and related statutory codes of practice. It also enables the Trust to meet the requirements of the Data Security and Protection Toolkit.
To ensure that this procedure and the SOP which implements it comply with the FOIA, EIRs and associated codes of practice, of which the key requirements are that:
- Information and data sets routinely published by the Trust are made available in accordance with the Trust’s Freedom of Information Publication Scheme (see point 6.3, Publication Scheme)
- Information which is not covered by the Publication Scheme is made available to applicants upon request, promptly and within 20 working days, unless a valid exemption or limit applies (see point 7.1, Requests for Information)
- A efficient and efficient appeals’ procedure is administered (see Appendix 5 – Internal Review Procedure)
Scope
The legislation, and therefore this procedure, applies to all recorded information held by the Trust and its staff, directorates, service lines, departments, agents and contractors, regardless of format, storage, medium or age. It also applies to recorded information held by other organisations or individuals on behalf of the Trust.
Under the FOIA, this procedure covers all information held by the Trust, including information provided to the Trust by outside organisations such as contractors, tenderers, suppliers, other Trusts, NHS bodies and regulatory bodies.
- The Trust will consult with outside organisations whenever information which they have supplied to the Trust is the subject of a request. These organisations have a duty under the terms of their contracts to assist and cooperate promptly with the Trust in responding to requests under the regulations.
- Where a contract pre-dates the legislation this obligation is implied into the existing contract.
- The Trust wishes to maintain a good working relationship with its contractors and suppliers, and whilst it may consult suppliers about a release of information about their business with the Trust, the ultimate decision to disclose said information rests with the Trust, in line with FOIA regulations
Not all information held by the Trust is disclosable, and this procedure includes the engagement of FOIA exemptions, to withhold requested information, and/or refuse to confirm or deny what it holds. Some of these exemptions are absolute and straight forward to apply, whilst others require the undertaking of a public interest test, to consider whether “in all the circumstances of the case”, the public interest in maintaining the exemption outweighs the public interest in its disclosure. (points 7.8 to 7.11)
Definitions
- FOIA: Freedom of Information Act 2000
- EIR: Environmental Information Regulations 2004
- GDPR 2018: General Data Protection Regulations
- DPA 2018: Data Protection Act
- Applicant: The individual/s, group, organisation requesting access to information under the legislation.
- Recorded Information: All information held by the Trust,
Not just limited to official documents, it covers, drafts, emails, and notes (both electronic and handwritten), recordings of telephone conversations and CCTV recordings. Nor is this limited to information created within the Trust, as it also relates, for example, to documents received from external sources, such as other organisations or members of the public, though there may be a valid exemption for not releasing them.
- Data Sets: For these purposes, a data set is a collection of factual, raw and/or processed data, held in electronic form and gathered as part of providing services and delivering the Trust’s functions.
- Information Commissioner The Information Commissioner’s Office (ICO), a UK independent authority which oversees compliance with GDPR, DPA, FOIA and EIR.
- Publication Scheme: A guide with electronic links to data which is routinely published on the Trust’s website, in line with the ICO guidance for a model publication Scheme
Procedural Statements
Regular monitoring of the compliance level and effectiveness of this procedure will be via review at the Quarterly IG Group Meeting by:
- Identifying and assessing any flaws and/or improvements in the ways information is gathered and processed. Reviewing the number of requests that breach the statutory deadline
- Reviewing the general response times to requests
- Reviewing the number of internal reviews conducted
- Reviewing the dissatisfaction level via the number of complaints received and investigated by the ICO.
- Analysing requests, to identify any trends or themes, in subject matter, with a view to improvement of the Trust’s publication scheme content. This includes whether Trust is correctly dealing with Environmental Information Regulations requests.
The Trust regularly reviews its procedures and systems to ensure their compliance under section 46 of the Freedom of Information Act.
Duties and responsibilities
The IG Officer is the operational Trust Lead on all FOI matters and is responsible for logging, checking internal response data for compliance and responding appropriately to all incoming FOI enquiries in a timely manner to meet statutory submission deadlines.
The Trust’s Directors and/or their appointed delegates are responsible for supplying to the IG Officer, in a timely manner and upon request, relevant and accurate data in response to FOI enquiries received, to meet corporate and statutory submission deadlines, and advising if they feel that there are reasons why said data should be withheld,. Any refusals should be discussed with the IG Officer, for action as appropriate.
The Trust has a corporate responsibility to ensure that it complies with and implements the FOIA and EIR. The Trust is accountable to the ICO for its compliance to the regulations.
The Trust is required by the FOIA to produce, maintain, and make available, on its website, data conforming, in content, to the ICO’s Model Publication Scheme. The Publication Scheme is available on the Trust’s website at Publication scheme – Tavistock and Portman It describes the classes of information which the Trust publishes, and provides links to that information.
The Trust has adopted the model publication scheme and definition document approved by the Information Commissioner for Health Bodies in England. The Trust will keep the Scheme up to date, which will be done by periodic review and updating of the Scheme by the Trust’s IG staff in consultation with the Communications Team.
The Trust’s Director of Corporate Governance has overall responsibility for the correct and timely implementation of this procedure.
Directors and their appointed delegates for FOI are responsible for the provision and sign off of accurate response information, for submission to the IG Officer/s to format into agreed templates for dispatch, in a timely manner to meet the corporate and statutory submission deadlines.
All staff are responsible for complying with the provisions of FOIA 2000 and the EIRs and for making themselves aware of their obligations. The Trust provides regular awareness training to assist staff with this as part of their mandatory annual IG Security Compliance Training. The IG Officer also provides more detailed training on application of the FOIA to those staff who are responsible for providing the data to populate the responses.
Staff must ensure that, when asked to do so, they provide the IG Officer/s with their best advice and assistance for the purpose of responding to requests. Assistance could include suggesting an alternative member of staff who may hold the information, advising that certain information should not be disclosed along with the reason for this, and/or advising whether extraction/manipulation of the information was likely to take over 18hours (“the appropriate limit”) and if so then explaining the reasons for this.
Staff should note that deliberate concealment, amendment or destruction of information which has been the subject of a request, in order to prevent its disclosure, is a criminal offence under the FOIA 2000 and EIRs for which individual staff, as well as the Trust, can be held liable.
The Trust Lead on responses to Freedom of Information requests is the IG Officer. They are responsible for timely administration of the FOI process flow, from receipt of a request through to dispatch of the response, with active involvement in all interim stages.
Procedures
Requests for information under the FOIA and EIR regulations not covered by the Trust’s Publication Scheme can be made by any individuals from anywhere in the world,. Individuals can request any information that is held by the Trust, except for personal data such as medical or staff records. The FOIA regulations provide the public with the right to be informed whether the information is held by the Trust, and if so, to have the information communicated to them unless an exemption or limit applies.
The Trust is committed to processing requests for information in accordance with the requirements of the FOIA regulations, to ensure that
- requests under FOIA are processed in accordance with the code of practice (known as the Access Code) issued by the Secretary of State for Constitutional Affairs under section 45 of the Freedom of Information Act.
- requests under the EIR are processed in accordance with the code of practice issued by the Department for Environment, Food and Rural Affairs.
Procedures and systems for dealing with information requests have been developed to promote compliance with these codes and the regulations, and are accompanied by appropriate training.
The Trust has a formal procedure for dealing with requests for internal reviews from correspondents who may be dissatisfied with the response given to their FOI or EIR request. (see Appendix 5). The FOIA and its secondary legislation impose a statutory limit (the “appropriate limit”) on the amount that can be spent on locating, extracting, and collating the information required to answer a request. This does not include time spent on redaction, ie censoring or obscuring part/s of text or data for legal or security or confidentiality purposes.
The “appropriate limit” for the Trust is currently £450.00, which is statutorily deemed to be a notional rate of £25/hour for 18 hours Officer time. Where the Trust receives a request which is estimated to require resources over the “appropriate limit”, the Trust will, in all cases, refuse to process the request. In such cases it will provide to the applicant, reasonable advice and assistance to help narrow the scope of the request to within the Applicants whose requests are refused on these grounds will be provided with an explanation as to how the limit would be exceeded.
FOIA Although the Trust upholds the principle that information should be accessible wherever possible, there are times when we will withhold information to protect our legitimate interests and those of other organizations and individuals. There are 23 exemptions in the FOIA, some of which are absolute exemptions and can be applied to an entire class of information, whilst others require a public interest test, conducted via the relevant appointed Director or their delegate, to determine whether disclosure of the subject matter would cause actual harm, and whether the public interest in engaging the exemption thereby withholding the data outweighs the public interest in releasing the information.
The Trust will refuse to disclose information in response to a request:
- If a valid exemption applies under FOIA , or
- If a valid exception applies under the EIRs, or
- if the “appropriate limit” would be exceeded, as explained in 7.8 above.
- If, in doing so, it would breach another Act or statutory instrument.
When refusing a request for information under FOI or EIRs, the Trust will take into account the guidance issued by the Information Commissioner and inform applicants of the relevant exemption that has been engaged, why the Trust believes it applies, and provide them with details of how to make an appeal via the Trust’s internal review procedure, as set out in Appendix 5.
Should the applicant be dissatisfied with the content of the Trust’s response to their request, they may submit, in writing, a request for internal review. The Trust would then follow the Internal Review process as set out in Appendix 5
Training requirements
Directors to ensure that they or their nominated FOI delegates who supply and/or signoff the data for response receive adequate training on FOIA 2000 by the IG Officer and are made aware of their FOIA obligations.
All staff will receive basic training on FOI and EIR at Induction and INSET as well as annually, as part of their mandatory basic IG and Security Compliance Training.
The lead IG Officer will receive advanced training and actively participate in the London FOI Network, and other forums for ongoing expert peer support.
Process for monitoring compliance with this procedure
The quarterly Information Governance Group Meeting will oversee the management of this procedure and will receive performance reports on a quarterly basis from the IG Officer
The quarterly Information Governance Workstream Meeting will consider all reports of breaches to the FOI procedure in respect of meeting timescales. Any major issues of non-compliance will be escalated to the Director of Corporate Governance by the Data Security and Protection Manager
References
- Freedom of Information Act 2000 (FOIA 2000) https://www.legislation.gov.uk/ukpga/2000/36/contents
- Information Commissioner’s Office Guidance Documentation on FOIA 2000 and EIR 2004 Regulations https://ico.org.uk/for-organisations/guidance-index/freedom-of-information-and-environmental-information-regulations/
- http://www.legislation.gov.uk/uksi/2004/3391/contents/made
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 http://www.legislation.gov.uk/uksi/2003/2426/contents/made
Associated documents
- Information Governance Policy
- Publication Scheme
- Corporate Records Procedure
- Health Records Procedure
- Retention and Disposal Schedule
- Confidentiality Code of Conduct