What is Confidentiality?

• Confidentiality is the duty of a person to not disclose anything learned from a patient who has attended, consulted or been treated, without that person’s consent.
• Confidentiality is the cornerstone of health care and central to the work of everyone working in general practice.
• All information about patients is confidential: from the most sensitive diagnosis, to the act of having visited the surgery or being registered at the practice.
• The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person.
• All patients can expect that their personal information will not be disclosed without their permission (expect in the mist exceptional circumstances when disclosure is required when somebody is at grave risk of serious harm).

Responsibilities of Practice Staff

All health professionals must follow their professional codes of practice and the law.

This means that they must make every effort to protect confidentiality. It also means that no identifiable information about a patient is passed to anyone or nay agency without the express permission of that patient, expect when this is essential for providing care or necessary to protect somebody’s health, safety or wellbeing.

All health professionals are individually accountable for their own actions. They should also work together as a team to ensure that standards of confidentiality are upheld, and that improper disclosures are avoided.

Additionally Peartree Medical Centre, as an Employer:

• Is responsible for ensuring that everybody employed by the practice understands the need for, and maintain, confidentiality
• Has overall responsibility for ensuring that systems and mechanisms are in place to protect confidentiality
• Has vicarious liability for the actions of those working in the practice – including health professionals and non – clinical staff (i.e. those not employed directly by the practice but who work in the surgery)

Standards of confidentiality apply to all health care professionals, administrative and ancillary staff, including:

• Receptionists
• Secretaries
• Practice manager
• Cleaner
• Maintenance staff

who are bound by contracts of employment to maintain confidentiality.

They must not reveal, to anybody outside the practice, personal information they learn in the course of their work, or due to their presence in the surgery, without the patient’s consent.

Nor will they discuss with colleagues any aspect of a patient’s attendance at the surgery in a way that might allow identification of the patient unless to do is necessary for the patient’s care.

If Disclosure is Necessary

If a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the relevant health professional can take advice from colleagues within the practice, in order to decide whether disclosure without consent is justified to protect the patient or another person.

If a decision is taken to disclose, the patient should always be informed before disclosure is made, unless to do so could be dangerous.

If at all possible, any such decisions should be shared with another member of the practice team.

Sharing Patient Information

Whilst it is vital for the proper care of individuals that those concerned with that care have ready access to the information that they need, it is also important that service users and their carers can trust that personal information will kept confidential and that their privacy is respected.

All staff have an obligation to safeguard the confidentiality of personal information.

This is governed by law, their contracts of employment and in many cases, professional codes of conduct. All staff should be aware that breach of confidentiality could be a matter for disciplinary action and provides grounds for a compliant against them.

Although it is neither practicable nor necessary to seek an individual’s consent each time that information needs to be shared or passed on for a particular purpose, that has been defined within this policy, this contingent on individuals having been fully informed of the uses to which information about them may be put.

All agencies concerned with the care of the individual should satisfy themselves that this requirement is met.

Clarity about the purpose to which personal information is to be put is essential and only the minimum identifiable information necessary to satisfy that purpose should be made available. Access to personal information should be on a need to know basis.

If individuals want information about themselves to be held from someone or some agency, which might otherwise have received it, the individual’s wishes should be respected unless there are exceptional circumstances.

Every effort should be made to explain to the individual the consequences for care and planning but the final decision should rest with the individual. The exceptional circumstances which may override

the above clause arises when the information is required by statute or court order or where there is a serious public health risk or harm to other individuals or for the prevention, detection or prosecution of serious crime. The decision to release information in these circumstances, where judgement is required should be made by the senior partner and it may be necessary to seek legal advice.

There are also some statutory restrictions on the disclosure of information relating to AIDS, HIV or other sexually transmitted disease, assisted conception and abortion.

Where information on individuals has been aggregated or anonymised, it should still only be used for justified purposes but it is not governed by this policy.

Care should be taken to ensure that individuals cannot be identified from this type of information as it frequently possible to identify individuals from limited data e.g. age and postcode may be sufficient.

Sharing Patient Carer Information

• Verbal Permission must be obtained from patient /client and carer before divulging information. In certain cases, written consent should be obtained.
• Clarify to patient /client /carer, with whom information will be shared.
• Get positive permission too share information
• Verbal permission must be documented in patient/client’s medical record.
• Written permission must be filed in the patient/clients notes.
• Medical information is accessed on “need to know” basis in order to perform duties and no other – see Defining Purpose.
• Staff confidentiality form signed as part of induction programme and is contained in employee’s contract employment.

Mechanisms of Sharing Information

• Clinical Meetings
• Face to face discussion
• Message slips
• Memos
• Computer data
• Team meetings

Defining Purpose

There will be a range of justifiable purposes to be locally agreed. The following list is not exhaustive and covers internal practice purposes only.

• Delivering personal care and treatment
• Assuring and improving the quality of care and treatment
• Monitoring and protecting public health
• Managing and planning services
• Risk management
• Investigating complaints
• Teaching
• Statistical analysis
• Research (medical or health services)

Holding Information Access and Security

• The practice will ensure they address the issues of security of
• The practice will take all reasonable care to protect both the physical security of information technology and the data contained with
• All information systems will be password
• All personal files must be kept

Ownership of Information and the Rights of Individuals

Whilst written and computerised records will be regarded as shared between the agencies, an individual’s right of access to the information contained in the records differs when it has been provided by a health professional from when it has been provided by social service staff.

Any health professional contribution to records maintained by social service staff, whether a letter, a case record or report, must be clearly marked as such and, where practicable, kept in a closes part of the file. Social service staff should not grant access to this information without written authorisation.

The reverse also applies. NHS staff cannot grant access to social services information without written authorisation.