Principles of patient confidentiality
C75
You must respect and protect patient information.246 See section on Patient records.
C76
Patients must consent before you share any information about them. See section on Consent. When asking for consent you should tell the patient:
- what information you want to share
- who you want to share it with
- how the information will be used.247, 248
C77
Anyone you employ must also protect patient information.
C78
You must keep confidential all patient identifiable information, including information which is handwritten, digital, visual, audio or retained in your memory and this includes:
- clinical information about a patient’s diagnosis or treatment
- when the patient attended the practice
- anything else that can be used to identify patients directly or indirectly, especially if combined with the patient’s name or address full postcode or date of birth.
C79
If an adult patient with capacity tells you not to share information with other people, you should firstly discuss this with them, and explain why you need to share the information. If they still refuse, you should not share their information, even if failure to share would leave the patient (but no one else) at risk of serious harm or death. If you believe that the patient’s decision to refuse a service puts them at risk of serious harm, you must discuss this issue with appropriate colleagues,249 whilst respecting the patient’s confidence.250 This can be done by discussing the case in general without revealing details which may identify the patient. You can share patient identifiable information if you are required to do so by law, or disclosure is justified in the public interest.
C80
There are exceptions to the rule of protecting patients’ confidentiality which are:
- you may be required to provide information by law, for example if ordered by a court
- you may need to disclose information if it is in the public interest, for example where failing to disclose information would expose other members of the public to risk of death or serious harm.251, 252, 253
C81
You may disclose information without patient consent if you have reason to believe that asking for consent would put you or other people at risk of serious harm.254
References
246 Department of Health (2013) Information, to share or not to share. The information governance review, (Chairman: Dame Fiona Caldicott) [Accessed 20 Nov 2020]247 General Medical Council (2018) Confidentiality: good practice in handling patient information, paras 9 and 10 [Accessed 20 Nov 2020]
248 General Medical Council (2018) Protecting children and young people: the responsibilities of all doctors, paragraph 35 [Accessed 20 Nov 2020]
249 General Optical Council (2017) Supplementary guidance on consent, para 41 [Accessed 20 Nov 2020]
250 General Optical Council (2016) Standards of Practice for Optometrists and Dispensing Opticians para 11.7 [Accessed 20 Nov 2020]
251 Department of Health (2010) Confidentiality: NHS code of practice. Supplementary guidance: public interest disclosures [Accessed 20 Nov 2020]
252 It is the view of the British Medical Association that the Counter-Terrorism and Security Act 2015, which places a duty on some organisations – including health bodies in England, Scotland and Wales – to have ‘due regard to the need to prevent people from being drawn into terrorism’, creates ‘no new obligations or immunities with regards to the sharing of confidential information’. ‘In almost all circumstances, therefore, doctors should seek consent for the sharing of this information’. [Accessed 20 Nov 2020].
253 General Optical Council (2020) Disclosing confidential information [Accessed 20 Nov 2020]
254 General Medical Council (2018) Confidentiality: good practice in handling patient information [Accessed 20 Nov 2020]