Professional Documents
Culture Documents
Contents
Card 1
Guidance on confidentiality
Card 2
General information
Card 3
14
Sources of confidentiality rights and protections
Card 4
Security of information
19
Card 5
Recordings, publication and the media
23
Card 6
Assessment of capacity and determining
best interests
27
Card 7
Adults who lack capacity
30
Card 8
Children and young people
34
Card 9
Legal and statutory disclosures
39
Card 10
Public interest
44
Card 11
Deceased patients
49
Card 12
Serious communicable diseases
51
Card 13
Secondary uses of patient information
53
Card 14
55
Uses of information for non-medical purposes
Card 15
Dual responsibilities
57
Card 16
Useful names and addresses
60
CARD 1
Guidance on confidentiality
Publication
Abbreviation on
other cards used
0-18 Years: Guidance for all Doctors
General Medical Council (2007)
0-18 Years
Access to Health Records by Patients
British Medical Association (2007)
Access
DH Code
GMC
Children
SU
Contracting
ECC
Security
Recordings
MET
Caldicott
HRA
MCA
IC
CARD 2
General information
1. The duty of confidentiality
Confidentiality is an essential requirement for the
preservation of trust between patients and health
professionals and is subject to legal and ethical
safeguards. Patients should be able to expect that
information about their health which they give in
confidence will be kept confidential unless there is a
compelling reason why it should not. There is also a
strong public interest in maintaining confidentiality
so that individuals will be encouraged to seek
appropriate treatment and share information
relevant to it.
2. What is confidential?
All identifiable patient information, whether written,
computerised, visually or audio recorded or simply
held in the memory of health professionals, is
subject to the duty of confidentiality. It covers:
any clinical information about an individuals
diagnosis or treatment
a picture, photograph, video, audiotape or other
images of the patient
who the patients doctor is and what clinics
patients attend and when
anything else that may be used to identify
patients directly or indirectly so that any of the
information above, combined with the patients
name or address or full postcode or the patients
date of birth, can identify them.
4. Consent
Consent to disclosure may be explicit or implied.
It may also be consent to disclosure of specific
information to a particular person or body for a
particular purpose or it may be consent to general
future disclosure for particular purposes. In either
case consent should be informed and freely given.
Explicit or express consent is achieved when a
patient actively agrees, either orally or in writing,
to a particular use or disclosure of information
which has been discussed with the patient.
Explicit consent is the ideal as there is no doubt
as to what has been agreed.
Patient agreement can also be implied, signalled
by the behaviour of an informed patient. Implied
consent is not a lesser form of consent but in order
for it to be valid it is important that patients are
made aware that information about them will be
shared, with whom it will be shared, and of their
right to refuse. Health professionals bear
responsibility for the disclosures they make, so
when consent is taken to be implied, they must be
able to demonstrate that the assumption of
consent was made in good faith and based on
good information. If not, it is no consent at all and
some other justification will be needed for its
10
5. Anonymisation
Information may be used more freely if the subject
of the information is not identifiable in any way.
Usually, data can be considered to be anonymous
where clinical or administrative information is
separated from details that may permit the
individual to be identified such as name, date of
birth and postcode. Even where such obvious
identifiers are missing, rare diseases, drug
treatments or statistical analyses which have very
small numbers within a small population may allow
individuals to be identified. A combination of items
increases the chances of patient identification.
When anonymised data will serve the purpose,
health professionals must anonymise data to this
extent and, if necessary, take technical advice
about anonymisation before releasing data. Whilst
it is not ethically necessary to seek consent for the
use of anonymised data, general information about
when their data will be anonymised should be
available to patients.
11
6. Pseudonymisation
Pseudonymisation is sometimes referred to as
reversible anonymisation. Patient identifiers, such
as name, address or NHS number, are substituted
with a pseudonym, code or other unique reference
so that the data will only be identifiable to those
who have the code or reference. Where those
who are using data have no means to reverse the
process, and so no way to identify an individual
from the data they have, the data may be treated
as anonymised and there is no common law
requirement to seek consent for their use. For
those who have access to both pseudonymised
data and the means to reconstitute them, they
should be treated as identifiable. The use of
pseudonymised data is common in research.
As with anonymised data, patients should generally
be informed when it is intended that their
information will be pseudonymised.
12
8. Multiagency working
Health professionals during the course of their
treatment of patients will have contact with partner
organisations from time to time. These include
social services and housing and benefits agencies.
In community settings many integrated teams have
been established, which include workers from
health, social services and non-statutory bodies.
Health professionals should from the outset discuss
with patients the desirability of sharing information
with other agencies where appropriate. Other
agencies may wish to be involved in discussions
about patients at various points in their treatment
or to attend case conferences or multi-disciplinary
meetings. Health professionals may also be invited
to attend external case conferences organised by
partner organisations to discuss the health and
welfare of patients. In all these circumstances
confidential information should be shared with
explicit consent or, in the absence of consent,
where disclosure is required by law or there is an
overriding public interest in disclosure.
(See also Card 1: DH Code, GMC, IC, MET,
NI Confidentiality, Scotland Confidentiality
and ECC.)
13
CARD 3
Sources of confidentiality rights and
protections
It is important to note that the ethical, professional,
contractual and legal positions on confidentiality are
complex. For example, the legal responsibilities in
respect of confidential information cannot be
gleaned from common law and statute alone, and
health professionals must look at the overall effect
of the law, not each aspect in isolation. In terms
of statute, the Data Protection Act sets out
circumstances in which the use of data may be
lawful. The common law generally requires consent
for disclosure. Health professionals must be sure that
any use of data falls into the relevant Data Protection
Act categories and meets the common law
requirement for consent except where disclosures are
required by law or in the public interest. Health
professionals who are uncertain about the application
of the law should seek legal advice. They must also
ensure that their actions comply with the guidance
issued by their regulatory body and their employers.
The use of information about individual patients is
governed by the following:
1. Contract of employment
Confidentiality of patient information is a
requirement of employment under NHS and many
independent sector contracts. All staff employed
by or contracted to the NHS may be disciplined
following a breach of patient confidentiality.
14
2. Professional standards
All health care professionals must maintain the
standards of confidentiality laid down by their
professional body, such as the GMC, or risk
complaint for professional misconduct. This may
result in a warning, restriction of practice or removal
from the register. (See also Card 1: GMC.)
15
16
17
18
CARD 4
Security of information
1. Keeping information secure
Protection is needed against both external threats
such as theft and internal threats such as
inappropriate access by staff. Health professionals
should not leave computers, medical records or files
unattended in the workplace. Ideally, all records and
laptops should be kept in a locked environment.
Health professionals should not normally take
records or laptops containing electronic information
out of the workplace. Where this cannot be
avoided, for example if it is necessary to take
records on visits to patients homes, procedures for
safeguarding the information should be in place.
Discussion about clinical management of patients
should be kept confidential and out of earshot of
those not involved in their care and especially the
public. All people who come into contact with
personal health information in their work should
have training in confidentiality and security issues.
Health professionals who are also employers should
ensure that employees are aware of their ethical,
legal and contractual duty of confidentiality and
how to keep information secure within their health
setting. (See also Card 1: Security.)
19
2. All records
For all types of records health professionals should:
never inappropriately access records
shut/lock doors, offices and filing cabinets
wear ID if issued
query the status of visitors/strangers
not tell unauthorised personnel how the security
systems operate
advise senior personnel if anything suspicious or
worrying is noted
confirm the identity of telephone callers.
3. Manual records
Manual records should be:
held in secure storage
booked out from their normal filing system
tracked if transferred, with a note of their current
location within the filing system
returned to the filing system as soon as possible
after use
stored closed when not in use so that the
contents are not seen by others
inaccessible to members of the public
kept on site unless removal is essential.
4. Electronic records
In the case of electronic records health professionals
should:
always log out of any computer system or
application when work is finished
not leave a terminal unattended and logged in
not share Smartcards or passwords with others
change passwords at regular intervals to prevent
others using them
always clear the screen of a previous patients
information before seeing another.
20
21
22
CARD 5
Recordings, publication and the media
1. Video and audio recordings and
photographs
Recordings and photographs made for clinical
purposes are part of the medical records, and are
subject to the same duty of confidentiality. The
GMC advises that it is necessary to obtain the
consent of the patient or, in the case of a child
who is unable to give consent, to obtain consent
from someone with parental responsibility prior to
a recording or photograph being made. In relation
to adults lacking capacity, video and audio
recording should only take place if it is in the
patients best interests. They should only be used
for the purpose for which consent was granted,
and must be stored securely. Clinical recordings
should not be used for teaching purposes without
consent if the patient is identifiable.
23
24
5. The press
Under normal circumstances there will be no basis
for disclosure of confidential and identifiable
information to the press. There will be occasions,
however, when health professionals are asked for
information about individual patients:
comment on the condition of a celebrity patient.
When the patient has the capacity to make
decisions about disclosure, consent is essential
before any information is released to the media.
When the patient lacks capacity, legal advice
should be sought
after incidents involving harm to many people.
During or after major disasters, for example a
fire, road traffic accident, terrorist attack or
outbreak of infectious disease, it is important
that requests for information are dealt with
sensitively, while not breaching the
confidentiality of patients. It will not usually be
necessary to give identifying or detailed clinical
information about the people involved
where a patient or a patients relatives use the
press as a vehicle to complain about the
treatment and care provided. Many health
professionals feel strongly that patients forfeit
their rights to confidentiality by going to the
press, and that they should be entitled to set the
25
26
CARD 6
Assessment of capacity and determining
best interests
1. Are adults presumed to have
capacity?
All people aged 16 and over are presumed, in law,
to have the capacity to give or withhold their
consent to disclosure of confidential information
unless there is evidence to the contrary. A patient
who is suffering from a mental disorder or
impairment does not necessarily lack the capacity
to give or withhold their consent. Equally, patients
who would otherwise be competent may be
temporarily incapable of giving valid consent due
to factors such as extreme fatigue, drunkenness,
shock, fear, severe pain or sedation. The fact that
an individual has made a decision that appears to
others to be irrational or unjustified should not be
taken on its own as conclusive evidence that the
individual lacks the mental capacity to make that
decision. If, however, the decision is clearly
contrary to previously expressed wishes, or is
based on a misperception of reality, this may be
indicative of a lack of capacity and further
investigation will be required.
27
28
29
CARD 7
Adults who lack capacity
1. Temporary or permanent mental
incapacity
Patients with mental disorders or learning disabilities
should not automatically be regarded as lacking the
capacity to give or withhold their consent to
disclosure of confidential information. Unless
unconscious, most people suffering from a mental
impairment can make valid decisions about some
matters that affect them. An individuals mental
capacity must be judged in relation to the particular
decision being made. If therefore a patient has the
requisite capacity, disclosure of information to
relatives or third parties requires patient consent.
One of the most difficult dilemmas for health
professionals occurs where the extent of the
patients mental capacity is in doubt. In such cases
health professionals must assess the information
which is available from the patients health record
and from third parties. They should attempt to
discuss with patients their needs and preferences as
well as assess their ability to understand their
condition and prognosis. If there is still doubt about
a patients competence to give or withhold consent,
health professionals should seek a second opinion.
30
3. Next of kin
Although widely used, the phrase next of kin has
no legal definition or status. If a person is nominated
by a patient as next of kin and given authority to
discuss the patients condition, such a person may
provide valuable information about the patients
wishes to staff caring for the patient. However, the
nominated person cannot give or withhold consent
to the sharing of information about the patient and
has no rights of access to the patients medical
records. The patient may nominate anyone as next
of kin spouse, partner, family member or friend. In
the absence of such a nomination, no-one can claim
to be next of kin.
4. Proxy decision-makers
In England and Wales, the Mental Capacity Act
2005 allows people over 18 years of age who
have capacity to appoint a welfare attorney to
make health and personal welfare decisions once
capacity is lost. The Court of Protection may also
appoint a deputy to make these decisions. Where
a patient lacks capacity and has no relatives or
31
32
33
CARD 8
Children and young people
1. Competent children
There is no presumption of capacity for people
under 16 in England, Wales and Northern Ireland
and those under that age must demonstrate they
have sufficient understanding of what is proposed.
However, children who are aged 12 or over are
generally expected to have to have capacity to
give or withhold their consent to the release of
information. In Scotland, anyone aged 12 or over is
legally presumed to have such capacity. Younger
children may also have sufficient capacity. When
assessing a childs capacity it is important to explain
the issues in a way that is suitable for their age.
If the child is competent to understand what is
involved in the proposed treatment, the health
professional should, unless there are convincing
reasons to the contrary, for instance abuse is
suspected, respect the childs wishes if they do not
want parents or guardians to know. However, every
reasonable effort must be made to persuade the
child to involve parents or guardians particularly for
important or life-changing decisions.
34
3. Parental responsibility
Anyone with parental responsibility can give or
withhold consent to the release of information
where the child lacks capacity. Not all parents have
parental responsibility. In relation to children born
after 1 December 2003 (England and Wales), 15
April 2002 (Northern Ireland) and 4 May 2006
(Scotland), both of a childs biological parents have
parental responsibility if they are registered on a
childs birth certificate. In relation to children born
before these dates, a childs biological father will
only automatically acquire parental responsibility if
the parents were married at the time of the childs
birth or at some time thereafter. If the parents have
never been married, only the mother automatically
has parental responsibility, but the father may
acquire that status by order or agreement. Neither
35
36
4. Safeguarding children
Where health professionals have concerns about a
child who may be at risk of abuse or neglect, it is
essential that these concerns are acted upon and
information is given promptly to an appropriate
person or statutory body, in order to prevent further
harm. The best interests of the child or children
involved must guide decision-making at all times.
Knowing what to do when patients do not want
confidential information disclosed, despite this
being the best way to ensure that they do not
suffer harm or abuse, is very difficult for health
professionals. Health professionals should not make
promises to the child about confidentiality that they
may not be able to keep but, as in the case of any
patient, trust is best maintained if disclosure is not
made without prior discussion between the health
professional and the child, unless to do so would
expose the child or others to an increased risk of
serious harm.
Where there is any doubt as to whether disclosure
is in the childs best interests, it is recommended
that the health professional discusses the matter
anonymously with an experienced colleague, the
Caldicott guardian, their professional body or
defence body. Health professionals must ensure that
their concerns, and the actions they have taken, or
intend to take, including any discussion with the
child, colleagues or professionals in other agencies,
are clearly recorded in the childs medical record.
Health professionals may be involved in case reviews
for which the childs records may need to be
disclosed, but care should be taken not to disclose
the notes of other family members without consent
unless it can be justified in the public interest.
37
38
CARD 9
Legal and statutory disclosures
1. Disclosure required by statute
Health professionals are required by law to disclose
certain information, regardless of patient consent.
Health professionals must be aware of their
obligations to disclose in these circumstances as
well as to ensure that they do not disclose more
information than is necessary. Where such a
statutory requirement exists, patients consent to
disclosure is not necessary. Patients have no right to
refuse but they should be generally aware of the
disclosure and that it is to a secure authority.
Examples of statutory disclosures include:
Public Health (Control of Disease) Act 1984 and
Public Health (Infectious Diseases) Regulations
1988 a health professional must notify local
authorities of the identity, sex and address of any
person suspected of having a notifiable disease,
including food poisoning
Abortion Regulations 1991 a doctor carrying
out a termination of pregnancy must notify the
Chief Medical Officer, giving a reference number
and the date of birth and postcode of the
woman concerned
Reporting of Injuries, Diseases and Dangerous
Occurrences Regulations 1985 deaths, major
injuries and accidents resulting in more than three
days off work, certain diseases and dangerous
occurrences must be reported
39
40
3. Disclosure to solicitors
Health records that are required for legal
proceedings are usually obtained via the Data
Protection Act 1998 or Access to Health Records
Act 1990. Health professionals releasing information
to lawyers acting for their patients should ensure
that they have the patients written consent to
disclosure and, where there is any doubt, confirm
that the patient understands the nature and extent
of the information disclosed. In practice, most
solicitors will provide the patients signed consent
when requesting confidential information. If a
solicitor acting for someone else seeks information
about a patient, their consent to the release of the
information must be obtained. Should the patient
refuse, the solicitor may apply for a court order
requiring disclosure of the information. (See also
Card 1: Access and IC.)
41
42
43
CARD 10
Public interest
1. General principles
In the absence of patient consent, a legal obligation
or anonymisation, any decision as to whether
identifiable information is to be shared with third
parties must be made on a case by case basis and
must be justifiable in the public interest. Public
interest is the general welfare and rights of the
public that are to be recognised, protected and
advanced. Disclosures in the public interest based
on the common law are made where disclosure is
essential to prevent a serious and imminent threat
to public health, national security, the life of the
individual or a third party or to prevent or detect
serious crime. The GMC also advises that a
disclosure without consent can be justified in the
public interest to enable medical research.
Ultimately, the public interest can only be
determined by the courts. However, when
considering disclosing information to protect the
public interest, health professionals must:
consider how the benefits of making the
disclosure balance against the harms associated
with breaching the patients confidentiality both
to the individual clinical relationship and to
maintaining public trust in a confidential service
assess the urgency of the need for disclosure
persuade the patient to disclose voluntarily
inform the patient before making the disclosure
and seek his or her consent, unless to do so
would increase the risk of harm or inhibit
effective investigation
44
2. Research
In the past, professional guidance has not viewed
medical research as a justifiable reason for a public
interest disclosure without consent. Rather, research
has been categorised exclusively as a secondary use
of data which, aside from disclosures which are
covered by law, requires either consent or
anonymisation prior to disclosure. (See Card 13:
Secondary Uses of Patient information). New GMC
45
46
4. Public safety
A common example of what can be categorised as
public safety occurs in connection with the
assessment of patients with, for example, diabetes,
epilepsy, defective eyesight, hypoglycaemia or
serious cardiac conditions who have been advised
47
5. Health
When a person has a medical condition that puts
others at risk, for example, infection from a serious
communicable disease such as HIV, doctors must
discuss with the patient how to minimise the risk to
others. If patients refuse to modify their behaviour
or inform others, doctors are advised by the GMC
that they may breach confidentiality and inform a
known sexual contact. The same considerations
apply to circumstances where the potential
disclosure relates to a health professional who poses
a threat to the health of patients or colleagues
because of illness or addiction.
(See also Card 1: GMC, DH Code, MET, NI
Confidentiality and Scotland Confidentiality.)
48
CARD 11
Deceased patients
1. Are deceased patients owed a duty
of confidentiality?
The ethical obligation to respect a patients
confidentiality extends beyond death. The
Information Tribunal I England and Wales has also
held that a duty of confidence attaches to the
medical records of the deceased under section 41
of the Freedom of Information Act. The Freedom of
Information Act in Scotland contains an exemption
to the disclosure of deceased patients records.
However, this duty of confidentiality needs to be
balanced with other considerations, such as the
interests of justice and of people close to the
deceased person. Health professionals should
therefore counsel their patients about the possibility
of disclosure after death and solicit views about
disclosure where it is obvious that there may be
some sensitivity. Such discussions should be noted
in the records.
49
50
CARD 12
Serious communicable diseases
1. Legal restrictions on disclosure
Serious communicable diseases such as HIV remain
stigmatised health conditions and many patients
regard information about them as particularly
sensitive and private. In addition to the common
law duty of confidence and the Data Protection Act,
there is specific legislation covering the disclosure of
information about serious communicable diseases.
The legislation, which is currently being reviewed by
the Department of Health, is the NHS (Venereal
Diseases) Regulations 1974 and the NHS Trusts and
PCTs (Sexually Transmitted Diseases) Directions
2000. These provide that any information capable
of identifying an individual who is examined or
treated for any sexually transmitted disease,
including HIV, shall not be disclosed other than to a
medical practitioner in connection with the
treatment of the individual or for the prevention of
the spread of the disease.
51
52
CARD 13
Secondary uses of patient information
1. What are secondary uses?
Health professionals may receive requests for
disclosure of patient information from those not
directly involved in the patients care. Such
secondary use of patient information falls into three
broad categories:
use within the NHS for administration, planning,
audit, commissioning and payment by results
use by agencies commissioned by the NHS to
carry out such roles on its behalf
use where identifiable information goes beyond
health care provision in the NHS to include
research and education.
53
54
CARD 14
Uses of information for non-medical
purposes
1. Spiritual care
Spiritual care is provided by a range of spiritual
advisers. Hospital chaplains can provide vital support
and care to people in hospital. Some patients are
happy for information about their religious affiliation
to be passed to the chaplain, who may then arrange
spiritual care in accordance with their wishes. In the
case of a competent patient, information about
affiliation and clinical information about the patients
health and care should not be passed on without the
patients consent. When patients lack the capacity to
give consent, for example because they are
unconscious, those close to the patient should be
consulted prior to disclosure of information to explore
the patients wishes, feelings and beliefs. (See also
Card 1: Chaplaincy and MET.)
2. Complaints
When a patient initiates a complaint, it is unlikely to
be practicable for an investigation to take place
without access to the relevant parts of the health
record. The use of identifiable information is
therefore necessary and appropriate. However,
patients should be made aware of who will see
information about them, and the safeguards that
are in place to minimise any risks to confidentiality.
Guidance on maintaining confidentiality in the NHS
complaints procedures is available from the health
departments. Sometimes patients involve their MP
55
3. Employers, government
departments and insurance companies
When third parties such as insurers or employers ask
for information, doctors must have written consent
from the patient or a person properly authorised to
act on the patients behalf. The original consent
form, or a copy, should be provided by the third
party. An electronic copy of the signed form is
sufficient, provided that the third party can satisfy
the doctor that there are robust mechanisms in place
to ensure that the form has not been tampered with
in any way. In the case of government departments
such as the Benefits Agency, the GMC advises
doctors that they may accept written assurances
from an officer of a government department that
the patient has given written consent to disclosure.
In other cases information should not be provided
unless evidence is produced. (See also Card 1:
GMC and MET.)
56
CARD 15
Dual responsibilities
1. What are dual responsibilities?
All doctors have multiple professional loyalties, such
as those to colleagues, health service employers,
and society at large. This card concerns situations
in which there is a third party to whom the doctor
has potentially conflicting contractual
responsibilities, or a court for which a doctor is
acting as a witness. Circumstances in which dual
obligations arise include:
doctors providing medical reports for third
parties, such as the immigration service,
employers, insurers and the courts
doctors who are employed by third parties, such
as occupational physicians, doctors in the armed
forces, doctors employed by the benefits agency
to assess claims and sports doctors employed by,
for example, professional football clubs
doctors whose jobs do not focus on individual
patients, such as doctors in the media or those
with business interests.
2. General principles
The following principles should inform doctors
actions with respect to confidentiality where they
have dual obligations:
doctors acting for a third party must ensure that
the patient understands that fact, and its
implications
57
58
59
CARD 16
Useful names and addresses
British Medical Association
Medical Ethics Department, BMA House,
Tavistock Square, London WC1H 9JP.
Tel: 020 7383 6286
Fax: 020 7383 6233
Web: www.bma.org.uk/ethics
Connecting for Health
Princes Exchange, Princes Square,
Leeds, West Yorkshire LS1 4HY.
Tel: 0113 397 3333 or 0113 397 3335
Web: www.connectingforhealth.nhs.uk
Department of Health
Wellington House,
133-55 Waterloo Road, London SE1 8UG.
Tel: 020 7972 2000
Web: www.doh.gov.uk
Ethics and Confidentiality Committee
National Information Governance Board Office
Floor 7, New Kings Beam House,
22 Upper Ground, London SE1 9BW
Tel: 020 7633 7052
Web: www.nigb.nhs.uk/ecc
60
61
62
63
64
65
66