Care Certificate Standard 14 is about handling information safely, lawfully, and respectfully in daily care work. This guide explains each part of the standard in plain English so you can understand what it means and apply it properly in your own setting.
This topic matters even more now because the Care Certificate standards were updated in March 2025. Skills for Care says there are now 16 standards, older resources were not refreshed for the update, and Standard 14 now includes accessing information and reporting data breaches or risks to data security.
Care Certificate Standard 14 is about handling information lawfully, safely, and respectfully in daily care work. It matters because poor information handling can damage privacy, weaken trust, disrupt care, and create legal and professional problems for workers and services.
In health and social care, information includes names, addresses, care plans, medication records, risk assessments, incident reports, and notes about a person’s needs, wishes, health, or family circumstances. The workbook also treats confidentiality as part of the relationship of trust between workers and the people they support.
Standard 14 is not only about keeping information secret. It is also about using and sharing it properly so the right people can support safe care. That is why this standard links privacy, record keeping, secure systems, and reporting concerns into one practical area of work.
It covers both paper and digital information. That includes care plans, handover notes, safeguarding details, health records, emails, messages, and files stored on workplace systems. The workbook also notes that personal data can include names, photos, email addresses, bank details, medical information, and online identifiers.
Information guides decisions, supports joined-up care, and protects dignity. If records are poor or shared carelessly, staff may miss risks, repeat mistakes, or break confidentiality. Strong information handling helps teams work safely and helps individuals feel respected and protected.
The March 2025 update changed Standard 14 by adding accessing information into the criteria and by expanding 14.1d to include reporting a data breach or risk to data security. That makes the standard clearer and more current.
Skills for Care says the Care Certificate standards were updated in March 2025 to align with sector developments and the Level 2 Adult Social Care Certificate qualification. Skills for Care also says there are now 16 standards, and older Care Certificate resources were not refreshed for the update.
That matters because many older answer pages still use the old wording about recording, storing, and sharing information only. A current answer should now cover accessing information too. It should also mention that 14.1d includes reporting data breaches or risks to data security, not only reporting poor practice.
Older pages often help with the structure of the task, but they do not always reflect the updated wording. If a learner copies old wording without checking the 2025 standard, their answer may miss key points that now sit inside 14.1a, 14.1b, and 14.1d.
Older content often says the Care Certificate still has 15 standards. It may also miss the new focus on accessing information and the added reporting point on data breach or data security risk. These gaps make an answer sound dated even if the rest of it looks tidy.
The workbook presents confidentiality as a basic right and part of the trust between workers and individuals. It also says information should be shared on a need-to-know basis and protected from accidental viewing, hearing, or careless disclosure.
In practice, this means you should not talk about private matters where others can overhear. You should not leave letters, notes, or screens where unauthorised people can see them. The workbook also warns that social media, photos, videos, and mobile devices can create the same confidentiality risks as paper files and unlocked computers.
Trust grows when people know their private information is respected. When workers speak carefully, store records safely, and only share relevant information with the right people, individuals are more likely to feel safe and supported in care settings.
Common mistakes include discussing a person in corridors, leaving records open on a screen, staying logged in on a shared computer, or using personal apps to send care information. The workbook also flags Facebook-style messaging and public conversations as examples of poor practice.
Agreed ways of working are the organisation’s policies and procedures for handling information. They tell staff how to access, record, store, share, correct, protect, and report information safely in line with their role and workplace systems.
The workbook explains that agreed ways of working include formal policies and also local practices used by employers or self-employed workers. In real settings, that may include confidentiality rules, password processes, record storage rules, disposal procedures, and reporting routes when something goes wrong.
A strong Standard 14 answer should not stay too general. It should show how your own service handles information in daily work. That could include where records are kept, which system you use, who may access information, and who you report to if there is a concern.
Useful examples include a confidentiality policy, a data protection policy, a record keeping policy, an archiving and disposal procedure, and an incident reporting process. The exact names vary by employer, so your answer should use the language your setting uses.
Workplace detail shows that you understand how the standard works in practice. It also helps your answer sound real and role-based. That matters because Skills for Care says workers must be assessed on what they know and what they do in their role.
A strong 14.1a answer should name the main laws and then show how workplace guidance applies them. For most learners, that means the Data Protection Act 2018, UK GDPR, and, where relevant, the Freedom of Information Act 2000 and safeguarding-related duties.
The key point is to separate law from guidance. Law sets the legal rules. Guidance and workplace policy explain how staff should follow those rules in daily practice. The workbook itself defines legislation as laws and government guidance on legal rules that affect people in society.
For Standard 14, the most useful legal framework is the Data Protection Act 2018 and UK GDPR. These shape how personal data is used, kept accurate, kept secure, and not kept longer than needed. Employer policy then tells staff how to do that in real systems and routines.
Keep it practical. Say that personal data must be handled lawfully, fairly, and transparently. It should only be used for clear purposes, kept relevant and accurate, protected properly, and supported by accountability. The ICO’s current guide sets out seven key UK GDPR principles, including accountability.
The Freedom of Information Act applies to recorded information held by public authorities. If someone asks for their own personal data, ICO guidance says that request should usually be handled as a subject access request instead. This is an important distinction because learners often mix the two up.
14.1a asks you to do more than name laws and policies. It asks you to describe how agreed ways of working and legislation affect accessing, recording, storing, and sharing information in your own workplace practice.
The workbook says “describe” means creating a picture with words, not just writing a short list of points. That means a strong answer should explain what the rule is, why it matters, and how it affects your actions on shift or in your service.
For example, instead of writing “we follow GDPR,” you could explain that staff use secure logins, only access records needed for their role, keep paper files locked away, and only share information with the right people for care or safety reasons. That kind of answer shows applied understanding.
It means your answer should explain the point clearly enough that another person can picture what happens in practice. A list of laws or policies may look neat, but it does not fully answer the criterion on its own.
A useful paragraph includes one law or policy, what it requires, how your workplace follows it, and one short example from practice. That keeps the answer specific, current, and linked to real care work rather than copied text.
For 14.1b, readers should mention both digital and paper-based secure systems. Strong answers name passwords, access controls, locked storage, secure communication methods, private spaces for discussion, and routines that prevent accidental disclosure or data loss.
The workbook says agreed ways of working for electronic information include computer firewalls and password protection. It also says passwords should only be shared with people who have permission to access the information, and personal passwords should not be shared or left where others can find them.
Paper systems matter too. Records may be kept in locked cupboards, secure offices, or controlled storage areas. Staff may need to use closed folders, clear desk routines, and private handovers so information does not become visible or audible to people who should not access it.
Examples include password-protected care systems, role-based access, secure email, approved care planning apps, device security, and logging out after use. The updated assessor guide also points to digital skills support, which shows that digital confidence is now part of safe practice.
Examples include locked filing cabinets, secure storage rooms, sign-out rules for files, private spaces for conversations, and checking identity before sharing details. Behaviour matters because a safe system can still fail if staff leave notes out or speak carelessly in public places.
Secure systems matter because they protect privacy, reduce mistakes, support accurate care, and help the right staff access the right information at the right time. They also protect trust and help services meet their legal and professional duties.
The workbook prompts learners to use words such as vulnerable, responsibility, trust, protect, private, and safeguard when explaining why secure systems matter. That is helpful because secure systems are not only about technology. They are about protecting people who may be at risk if information is misused or exposed.
Secure systems also support good decisions. When records stay complete, accurate, and available to the right staff, teams can respond to needs, risks, and changes in a timely way. When systems fail, care may become delayed, confused, or unsafe.
They protect dignity, privacy, and safety. They also reduce the chance that a person’s private life becomes public, misunderstood, or used in a way that harms them. This is especially important where records include health needs, risk information, or safeguarding concerns.
They create clearer accountability, reduce breaches, and make it easier to show that care decisions were based on accurate information. They also help organisations meet legal duties under data protection law and follow their own policies with consistency.
To meet 14.1c, records must be written promptly, kept clear, and based on fact. Good records support safe care because other staff rely on them to understand needs, actions taken, risks, changes, and decisions.
The workbook gives strong guidance here. It says care plans are key records about a person’s needs and choices. They must stay up to date, complete, accurate, and legible. It also says they should avoid jargon, remain factual, and may become legal evidence if concerns or enquiries arise.
In practice, that means recording dates, times, observations, what was said, and what action was taken. It also means writing clearly enough for other staff to understand. You should not guess motives, hide mistakes, or use judgemental language that turns an observation into an opinion.
A strong record is timely, complete, accurate, legible, and factual. It explains what happened in a clear way and helps the next worker understand the person’s current needs and the action already taken. That supports continuity and reduces confusion.
The workbook treats care plans as a central example of record keeping in Standard 14. They are important for communication, risk management, and quality of care. Because they may later be used as evidence, they must be maintained carefully and checked regularly.
Digital working makes communication faster, but it also increases risk if staff use unsafe habits. Standard 14 now needs learners to think about access, approved systems, mobile technology, digital confidence, and the security of everyday electronic information handling.
The workbook says digital working, digital learning, and digital information sharing are becoming everyday practice in health and social care. It also says workers should have the confidence to work digitally and the chance to develop their digital skills with computers, smart phones, or assistive technology.
This means information handling is no longer only about filing cabinets and paper notes. It also includes secure apps, shared systems, email, devices, and online communication. The same standards still apply. Information must stay lawful, safe, accurate, and limited to the right people and the right purpose.
Mobile devices make it easy to share information fast, but speed can lead to mistakes. The workbook warns that social media, photos, videos, and instant sharing can breach confidentiality. A message sent in the wrong place or to the wrong person can expose private information quickly.
Focus on approved systems, not personal convenience. Explain that workers should log out, protect devices, avoid personal messaging apps for care information, and ask for advice if they are unsure whether a digital action is safe or allowed in their setting.
Information should stay private unless there is a clear and lawful reason to access or share it. Strong answers explain need-to-know practice, respect for consent, and the need to follow policy when care, safety, or safeguarding concerns affect information sharing.
The workbook says information should be shared on a need-to-know basis and not shared with family or friends without permission. That remains a useful rule for daily practice because it stops casual disclosure and reminds workers that private information belongs to the individual, not to relatives or curious colleagues.
At the same time, health and social care staff must not treat confidentiality as a rule of silence. The Caldicott Principles say the duty to share information for individual care is as important as the duty to protect confidentiality. NHS safeguarding guidance also says information may be shared without consent where there is a lawful basis, such as where safety may be at risk.
Do not assume family members can receive private details. Check consent, local policy, and the person’s care plan or communication arrangements. If you are unsure, pause and ask a senior member of staff rather than sharing information in the moment.
The workbook uses short scenarios to test judgement about safe and unsafe information handling. These examples help learners move beyond theory and show whether they can spot breaches, good practice, and the right action to take next.
Its examples include sensitive information left on display, a staff computer left logged in, colleagues discussing a person over lunch, a manager ignoring a complaint about confidentiality, secure storage in a locked cupboard, and off-duty Facebook messages about an individual. These are still useful because they mirror everyday risks.
The value of these scenarios is not only in choosing yes or no. They also train you to explain why the practice is safe or unsafe. That matters in written answers because assessors want to see your reasoning, not only the final choice.
Poor practice includes leaving sensitive information on display, failing to log out of a staff computer, discussing private circumstances in public or social settings, ignoring a complaint about confidentiality, and messaging about an individual off duty through Facebook or similar platforms.
Safer practice includes taking an individual to a private space to discuss concerns and storing private details in a secure or locked cupboard. These examples show that information protection depends on both environment and behaviour, not only on written policy.
Add one sentence on the risk and one sentence on the response. For example, if a screen is left open, explain that private data may be seen by unauthorised people, then state that the concern should be reported through the correct route and the risk contained quickly.
Under the updated standard, 14.1d asks learners to explain how and to whom they should report concerns if agreed ways of working or legislation are not followed, and if there has been a data breach or risk to data security.
The workbook says the manager is usually the first port of call when there are concerns about recording, storing, or sharing information. It also says managers must be told immediately about breaches of confidentiality so they can act to limit the damage and remind staff of agreed ways of working.
The updated assessor guide strengthens this section by naming data breach and risk to data security directly. So a current answer should not stop at “report it to your manager.” It should also explain that serious concerns may need recording, internal escalation, and further action through information governance or whistleblowing routes.
The workbook says that when concerns are serious, staff should make a written record of the concern, who they reported it to, and when. It also says that record should be signed and dated because it may later be used as evidence that the concern was raised properly.
Keep it calm and accurate. Internal reporting usually comes first, but if serious concerns are ignored, staff may need to use whistleblowing procedures. The workbook gives CQC as an example of a regulatory body in that context, but workers should always follow policy and seek senior advice on the correct route.
It must include reporting if there has been a data breach or a risk to data security. That wording appears in the 2025 assessor and employer guide, so leaving it out makes the answer incomplete against the current version of the standard.
Assessors want more than copied wording. They need evidence that the learner understands the standard and can apply it in the workplace, because Skills for Care says workers must be assessed on what they know and what they do.
The workbook gives a useful clue here. It says “describe” means more than bullet points, and “explain” needs a clear account that includes why and how. The 2025 assessor guide adds that 14.1c must be observed in the workplace as part of normal duties.
That means good answers sound grounded. They mention the learner’s own systems, who they report to, how records are stored, and what steps they take to protect privacy. Generic answers may still cover some facts, but they often fail to show real understanding.
Describe means give a clear picture with words. Explain means say how and why something works. Demonstrate means show it in practice. For Standard 14, that is why learners need both knowledge-based answers and workplace evidence for record keeping.
They should mention the systems and routines they genuinely use. That may include the name of the record system, where paper files are kept, who checks records, how they protect privacy during handovers, and who they report concerns to in their setting.
Weak Standard 14 answers often rely on old wording, broad claims, or copied examples. They miss workplace detail, ignore the 2025 update, and fail to explain how laws, policy, secure systems, and reporting routes connect in real care practice.
One common problem is listing laws without explaining what they change in daily work. Another is treating confidentiality as “never share anything,” which is too simple for health and social care. Others mix up FOIA and subject access requests, or forget that 14.1d now includes data breaches and risks to data security.
There is also a writing problem. Some answers use short bullet points where the workbook expects a fuller description or explanation. That can make the answer look thin even when the learner knows the topic. A better answer uses clear sentences, real examples, and the language of the current standard.
Avoid calling any paragraph an official answer or a guaranteed pass answer. The Care Certificate is assessed in practice, and Skills for Care says workers must show what they know and what they do. A guide can support learning, but it does not replace workplace assessment.
The strongest answer structure is clear and repeatable. State the rule, explain why it matters, and link it to practice in your setting. That makes the answer sound applied, current, and safer than copying a generic script.
For 14.1a, start with the law or policy, then explain what it requires in your workplace. For 14.1b, name the secure system and explain how it protects privacy and safety. For 14.1c, explain what good records look like and how you keep them that way. For 14.1d, explain who you report to, how you report concerns, and what record you keep.
This method works because it answers both the knowledge part and the practice part of the standard. It also helps you avoid vague statements that sound correct but do not show what you would actually do in your role.
Name one law or policy, explain its purpose, and then show how it affects accessing, recording, storing, or sharing information in your setting. Add one short example, such as secure access to care records or sharing information only with relevant staff.
Name the system, explain the risk it reduces, and link it to privacy, trust, or safe care. For example, you might explain that password-protected records stop unauthorised access and help ensure only the right staff can view private information.
Explain that records must be timely, complete, accurate, legible, and factual. Then add what you include in a record, such as dates, times, observations, and actions taken. End with one point about following the correction process if a mistake is found.
State what concern has happened, say who you would report it to first, explain how you would record the concern, and note that serious issues may need escalation. Under the current standard, include data breach or risk to data security too.
Before writing, readers should remember that Standard 14 answers need to be current, practical, and linked to their own workplace. The best answers explain safe information handling clearly and show what the learner would actually do.
Check the 2025 wording before you write. Make sure you include accessing information where relevant, and include data breach or risk to data security in 14.1d. Then keep your answer rooted in your service, your systems, and your reporting route.
Finally, remember that this standard is about protecting people as much as protecting records. Good information handling supports privacy, dignity, trust, joined-up care, and safe decisions. That is why Standard 14 stays important in every health and social care setting.
Care Certificate Standard 14 is about handling information safely, lawfully, and respectfully. It covers confidentiality, secure systems, good record keeping, and reporting concerns when information is handled badly. In the updated 2025 standard, it also covers accessing information and reporting data breaches or risks to data security, which older pages may miss.
The main change is that the updated standard now includes accessing information as well as recording, storing, and sharing it. Updated 14.1d also says learners should explain how and to whom to report if agreed ways of working or legislation have not been followed, and if there has been a data breach or risk to data security.
No, it does not. Skills for Care says the standards were updated in March 2025 and there are now 16 standards. A new standard was added for awareness of learning disability and autism. Skills for Care also says older resources were not refreshed for the March 2025 update, so older pages can still show the old number.
Agreed ways of working means your organisation’s policies, procedures, and local rules for handling information. The workbook says this includes formal policies and also less formal practices used by employers. In a Standard 14 answer, you should explain how those rules affect access, recording, storage, sharing, corrections, and reporting in your own setting.
Most learners should mention the Data Protection Act 2018 and UK GDPR first. You may also mention the Freedom of Information Act 2000 where relevant, but explain it carefully. If you refer to safeguarding-related sharing, keep it linked to policy and lawful practice. Strong answers explain what the law changes in real work, not only the title of the law.
Not exactly. The older workbook refers to six privacy principles. Current ICO guidance sets out seven key UK GDPR principles because accountability is included. That means a current answer should reflect the present ICO position while still using the workbook as a helpful guide for the topic and the activity structure.
Confidentiality is about keeping private information private and only sharing it when there is a proper reason. Data protection is the legal framework for how personal data is used, stored, secured, and kept accurate. In care work, the two overlap, but they are not identical. Standard 14 expects you to understand both sides.
Need to know means information should only be shared with people who need it for a clear work purpose, such as direct care, safeguarding, or lawful decision-making. The workbook uses this principle to protect confidentiality and trust. It does not allow casual sharing with family, friends, or staff who are not involved in the person’s support.
Not automatically. The workbook says private information should not be shared with family or friends without the individual’s permission. In practice, you should check consent, local policy, and any care plan instructions. If you are unsure, ask a senior member of staff before sharing information. That is safer than making a quick assumption.
Yes, sometimes it can. Official guidance says there may be a lawful basis to share information without consent where safety is at risk or where sharing supports individual care. The decision must still be careful, relevant, and limited to the right people and the right purpose. Follow policy and seek senior advice when unsure.
Secure systems matter because they protect privacy, reduce data loss, support accurate care, and stop unauthorised access. They also help staff use information properly and lawfully. Standard 14 expects learners to explain why systems such as passwords, locked storage, and approved communication routes protect vulnerable people and support trust.
You can mention password protection, firewalls, role-based access, secure care planning systems, locked filing cabinets, private handover spaces, secure email, and logging out after use. The workbook covers both digital and paper systems, which is important because safe information handling depends on behaviour as well as technology.
A good record is written promptly, includes the key facts, stays easy to read, and reflects what actually happened. The workbook also says records should be factual, avoid jargon where possible, and avoid opinion. Care plans are a key example because other staff rely on them and they may later be used as evidence.
No, not unless your organisation specifically requires a professional judgement in a defined format. The workbook says records should be factual and not based on opinion. A strong note records what you observed, what the person said, and what action was taken. That keeps the record clearer, fairer, and more useful to other staff.
Follow your organisation’s correction process. Do not hide the mistake, cross it out in an unclear way, or guess details later. A safer approach is to make the correction transparently, or add a clear late entry if policy allows. Good record keeping is about honesty, clarity, and a visible audit trail.
Updated 14.1d asks you to explain how and to whom you would report concerns if agreed ways of working or legislation have not been followed. It also includes reporting if there has been a data breach or risk to data security. That means your answer should now go beyond poor practice alone.
In most settings, you would report concerns to your line manager, supervisor, or registered manager first. The workbook says the manager is usually the first port of call for concerns about recording, storing, or sharing information. Local policy may also direct you to an information governance or data protection route for data security issues.
Often, yes. The workbook says that when major concerns arise, workers should make a written record of the concern, who it was reported to, and when. It also says that record should be signed and dated because it may later be used as evidence that the concern was reported properly.
A Freedom of Information request is about recorded information held by public authorities. A subject access request is about a person asking for their own personal data. ICO guidance says that where the request is for the requester’s own personal data, it should usually be handled as a subject access request instead.
No, not on its own. Skills for Care’s FAQ says e-learning can help someone gain and show knowledge, but it cannot by itself provide full achievement of the Care Certificate standards. That is important because 14.1c must be observed in the workplace, and the wider certificate assesses what workers know and what they do.
All Categories
Top Cources
Health Care
Health and Social Care
UK care employers do not hire based on good intentions. Under CQC Regulation 18, they must evidence staff competence at every inspection. This guide covers the 5 skills every UK adult social care employer screens for, why each one has a regulatory basis, and how to prove yours through your CV, interview, the Care Certificate, and workplace evidence.
CQC does not publish a mandatory training list. Under Regulation 18, every registered provider must ensure staff are demonstrably competent, properly inducted, and continuously supported. This guide explains the legal basis for training in 2026, the 16 Care Certificate standards, Oliver McGowan Mandatory Training, training matrices, and the competence evidence CQC inspectors look for.
Most guides treat mental health awareness as a general topic. For Level 3 care learners, it is a regulated workforce skill. This guide explains what Care Certificate Standard 9 now requires, where Level 3 learners sit in the competency framework, which laws apply, and how to recognise and escalate concerns in a care setting.
Royal Open College provides high-quality online courses covering a variety of topics along with certificates issued by top organisations.
Quickly and easily check the validity of your
Royal Open College course certificates with Royal Open College’s Course Certificate Validator tool.
Payment methods possible
Copyright © 2026 Royal Open College. All Right Reserved.
Not a member yet? Register now
Are you a member? Login now
