Principles of patient confidentiality
- You must respect and protect patient information.246 See section on Patient records.
- Patients must consent before you share any information about them. See section on Consent. When asking for consent you should tell the patient:
- what information you want to share
- who you want to share it with
- how the information will be used.247, 248
- You must keep confidential all patient identifiable information, including information which is handwritten, digital, visual, audio or retained in your memory and this includes:
- clinical information about a patient’s diagnosis or treatment
- when the patient attended the practice
- anything else that can be used to identify patients directly or indirectly, especially if combined with the patient’s name or address full postcode or date of birth.
- If an adult patient with capacity tells you not to share information with other people, you should firstly discuss this with them, and explain why you need to share the information. If they still refuse, you should not share their information, even if failure to share would leave the patient (but no one else) at risk of serious harm or death. If you believe that the patient’s decision to refuse a service puts them at risk of serious harm, you must discuss this issue with appropriate colleagues,249 whilst respecting the patient’s confidence.250 This can be done by discussing the case in general without revealing details which may identify the patient. You can share patient identifiable information if you are required to do so by law, or disclosure is justified in the public interest.
- There are exceptions to the rule of protecting patients’ confidentiality which are:
- you may be required to provide information by law, for example if ordered by a court
- you may need to disclose information if it is in the public interest, for example where failing to disclose information would expose other members of the public to risk of death or serious harm.251, 252, 253
- You may disclose information without patient consent if you have reason to believe that asking for consent would put you or other people at risk of serious harm.254
246 Department of Health (2013) Information, to share or not to share. The information governance review, (Chairman: Dame Fiona Caldicott) [Accessed 20 Nov 2020]
247 General Medical Council (2018) Confidentiality: good practice in handling patient information, paras 9 and 10 [Accessed 20 Nov 2020]
248 General Medical Council (2018) Protecting children and young people: the responsibilities of all doctors, paragraph 35 [Accessed 20 Nov 2020]
249 General Optical Council (2017) Supplementary guidance on consent, para 41 [Accessed 20 Nov 2020]
250 General Optical Council (2016) Standards of Practice for Optometrists and Dispensing Opticians para 11.7 [Accessed 20 Nov 2020]
251 Department of Health (2010) Confidentiality: NHS code of practice. Supplementary guidance: public interest disclosures [Accessed 20 Nov 2020]
252 It is the view of the British Medical Association that the Counter-Terrorism and Security Act 2015, which places a duty on some organisations – including health bodies in England, Scotland and Wales – to have ‘due regard to the need to prevent people from being drawn into terrorism’, creates ‘no new obligations or immunities with regards to the sharing of confidential information’. ‘In almost all circumstances, therefore, doctors should seek consent for the sharing of this information’. [Accessed 20 Nov 2020].
253 General Optical Council (2020) Disclosing confidential information [Accessed 20 Nov 2020]
254 General Medical Council (2018) Confidentiality: good practice in handling patient information [Accessed 20 Nov 2020]