Principles of patient confidentiality
- You must respect and protect patient information.215 See section on Patient records.
- Patients must consent before you share any information about them. See section on Consent. When asking for consent you should tell the patient:
- what information you want to share
- who you want to share it with, and
- how the information will be used.216
- You must keep confidential all patient identifiable information, including information which is handwritten, digital, visual, audio or retained in your memory and this includes:
- clinical information about a patient’s diagnosis or treatment
- when the patient attended the practice, and
- anything else that can be used to identify patients directly or indirectly, especially if combined with the patient’s name or address or full postcode or date of birth.
- If an adult patient with capacity tells you not to share information with other people, you should firstly discuss this with them, and explain why you need to share the information. If they still refuse, you should not share their information, even if failure to share would leave the patient (but no one else) at risk of serious harm or death. If you believe that the patient’s decision to refuse a service puts them at risk of serious harm, you must discuss this issue with appropriate colleagues,217 whilst respecting the patient’s confidence.218 This can be done by discussing the case in general without revealing details which may identify the patient. You can share patient identifiable information if you are required to do so by law, or disclosure is justified in the public interest.
- There are exceptions to the rule of protecting patients’ confidentiality which are:
- you may be required to provide information by law, for example if ordered by a court, or
- you may need to disclose information if it is in the public interest, for example where failing to disclose information would expose other members of the public to risk of death or serious harm.219
- You may disclose information without patient consent if you have reason to believe that asking for consent would put you or other people at risk of serious harm.220
215 Department of Health (2013) Information, to share or not to share. The information governance review, (Chairman: Dame Fiona Caldicott) [Accessed 6 Nov2017]
216 General Medical Council (2012) Protecting children and young people: the responsibilities of all doctors, paragraph 35 [Accessed 6 Nov 2017]
217 General Optical Council (2017) Supplementary guidance on consent, para 41 [Accessed 27 Jul 2018]
218 General Optical Council (2016) Standards of practice for optometrists and dispensing opticians para 11.7 [Accessed 6 Nov 2017]
219 Department of Health (2010) Confidentiality: NHS code of practice. Supplementary guidance: public interest disclosures [Accessed 6 Oct 2017]
220 General Medical Council (2017) Confidentiality: good practice in handling patient information [Accessed 6 Nov 2017]