Home > Guidance for doctors > List of ethical guidance > Confidentiality: Protecting and Providing Information

Confidentiality: Protecting and Providing Information

Frequently Asked Questions

Our guidance Confidentiality: Protecting and Providing Information (2004) sets out the principles which you should follow when deciding whether to disclose confidential information.

The Frequently Asked  below explain how these principles apply in situations which doctors often meet, or find hard to deal with. Cross-references are given to the relevant paragraphs of the guidance.

We propose to review these FAQs regularly to ensure that they are up to date and relevant to problems doctors face, and reflect any legal differences between the UK countries. We will be publishing further versions on the web. Printed copies will be available on request only.

Issues

Questions

Computers, e-mail and fax

1, 2

Sharing data within teams and to social services

3, 4

Disclosing information to disease registers or databases

5, 6

Disclosing information to monitor public health

7

Publishing case studies

11, 19

Using information in teaching

8, 12

Disclosing information for financial and administrative purposes

9

Disclosures for research

10

Disclosures to insurers and employers and in litigation

13

Disclosures in the public interest

Sex offenders

14

Child abuse

15

Protecting patients from health care professionals with health problems

16

Patients driving/DVLA

17

Disclosures after a patient’s death

18, 19, 20

Legislation and case law on confidentiality

21

Questions relating to guidance on protecting information

(paragraphs 4–5 of Confidentiality: Protecting and Providing Information 2004)

Q1 What are my responsibilities for protecting information held on computers?

You must be satisfied that there are appropriate arrangements for the security of personal information when it is stored, sent or received by fax, computer, e-mail or other electronic means.

If necessary, you should take appropriate authoritative professional advice on how to keep information secure before connecting to a network. You should record the fact that you have taken such advice.

Q2 Can I send information by fax and e-mail?

Yes, you can.When information is sent between individuals or organisations, whether on paper or electronically, there is always some risk that information will be disclosed inadvertently.

You must therefore take reasonable steps to ensure that information is transmitted and received securely. For example, you must make sure your own fax machines and computer terminals are in secure areas. If it is practicable, check that the fax machine you are sending to is in a secure area too.

E-mail sent by internet can be intercepted. Anonymise or encrypt data where that is practicable. If it is not practicable, consider whether the benefits of electronic transmission warrant sending identifiable data in a way which cannot be secured.

Questions relating to guidance on sharing information in the health care team or to others providing care

(paragraphs 10–12 of Confidentiality: Protecting and Providing Information 2004)

Q3 Sometimes administrative staff in my GP practice need access to patients’ records. At present they can call up the whole record on screen. Is that all right?

The principles set out in paragraph 1 of Confidentiality: Protecting and Providing Information (2004) make clear that disclosures should always be kept to the minimum necessary. When using computerised records, make sure that administrative data, such as names and addresses, can be accessed separately from clinical information, so that sensitive data is not automatically displayed. This will also help to reduce the risk of accidental breaches of confidentiality in reception areas or other areas to which patients have access.

Administrative staff form part of the team which supports the provision of care, so sensitive information may be shared with them without express consent from patients. But you should make sure that patients are given information about who is in the health care team, why they may need access to information about them, and the protections in place against improper disclosures. This information can be provided in leaflets, or face to face, when new patients join a practice.

All staff who have access to clinical information must understand their duty of confidentiality, and their responsibilities. Make sure new staff receive proper training.

Q4 Do I need consent before passing information to social services departments for the provision of care?

Where information is needed for the provision of care, you should tell patients about the proposed disclosure and about their right to object. You should explain to patients if withholding information may compromise the care they receive, but you should respect the patients’ wishes. In Scotland, in line with advice from the Scottish Executive, you should obtain express consent before passing on information to social services.

Information may be disclosed without consent, or where a patient has withheld consent, if there is an overriding public interest in the disclosure, for example, where the safety of child is in question (see also paragraphs 27–28 of Confidentiality: Protecting and Providing Information 2004).

Questions relating to guidance on disclosing information where consent is needed

(paragraphs 16–17 of Confidentiality: Protecting and Providing Information 2004)

Q5 When can information be disclosed to disease registers?

National and regional NHS disease registers1 are vital components of our public health programme, and provide data necessary for planning services, monitoring public health, research and the care of individuals. It is best practice to seek consent to any disclosure, but the GMC believes that registers of this kind serve the public interest2 and that disclosing information to registers is not improper, where patients have been informed about disclosures and reasonable steps have been taken to act on any objections they raise.

Patients must be informed at the earliest opportunity, in writing, or face to face, if identifiable information about them will be passed to registers. They must also be informed of the nature of the information to be disclosed, who will receive the information and the purpose of the disclosure3. If patients object to the disclosure, you must comply with their wishes if it is possible to do so. If it is not possible, you must explain the reasons for this to the patient and the options open to them. You must keep a record of such discussions and their outcome.

Where this guidance has been followed, information to these registers will not be regarded as improper by the GMC.

In England and Wales, Section 60 of the Health and Social Care Act 2001 provides for Regulations to be made to allow disclosure of information for specified purposes that have been approved by an independent statutory body, the Patient Information Advisory Group. This provides a secure basis in law for disclosures where it is not practicable to obtain patients’ consent. Regulations have been passed enabling disclosure of data to cancer registries and to some other national databases4. Up to date information about Regulations is available at http://www.advisorybodies.doh.gov.uk/PIAG/register.htm.

Q6 Are databases within trusts and research organisations covered by the same guidance as national or regional databases.

If you are considering setting up, or contributing to local registers, you should consider their purpose and objectives and whether you will need research ethics committee approval for the collection or review of data.

You should always:

a. Use anonymised data wherever this will serve the purpose.

b. Inform patients about how information about them will be used.

c. Seek patients’ consent for use of identifiable data.

If you believe that it is not practicable to seek patients’ consent, (for example where a patient cannot be traced, or is unconscious) or to act on patients’ decision (for example because computer systems do not allow for individual choice about disclosure), you must always seek further, impartial advice before disclosing data.

In England and Wales you should seek a regulation under s60 of the Health and Social Care Act 2001. Regulations are made where, following consideration by the Patient Information Advisory Group (PIAG), it has been decided that there is a significant potential benefit from the research, and that it will not usually be practicable to seek consent from patients, or to anonymise the data. For this reason, where a Regulation has been made, you may rely on the PIAG assessment that it is not practicable to seek consent to disclosures. Further details are available from http://www.advisorybodies.doh.gov.uk/PIAG/register.htm.

In Scotland and Northern Ireland, you should discuss the issues with your Caldicott Guardian and/or seek advice from your defence organisation, professional association such as the BMA or from the GMC.

Q7 When can information be disclosed for monitoring the public health and the safety of medicines?

Professional organisations and government regulatory bodies5 which monitor the public health or the safety of medicines or devices rely on information from patients’ records for their effectiveness in safeguarding the public health. You must provide relevant information wherever possible, following the guidance in Q6 above.

Q8 Can I use identifiable records for teaching?

Anonymised records will usually be sufficient for medical teaching and education. If for any reason you cannot anonymise records, you must not disclose non-anonymised data for education without the patient’s implied or express consent.

Q9 What about releasing records for financial and administrative purposes?

You should record financial or other administrative data separately from clinical information. When asked to disclose information you should provide it in anonymised form, or obtain express consent to disclosure wherever that is not possible. However, some current systems may prevent data being anonymised, or express consent being sought or acted on.

You must draw attention to systems which prevent you from following best practice, and recommend change. Until that is achieved you should obtain implied consent, by ensuring patients are aware of disclosures made for financial, administrative and similar purposes, and of their right to object, or be satisfied that such information has been provided. You should provide further information about the nature and purpose of disclosures, if this is requested. You should do your best to act on any objections to disclosures. However, in some cases, it may not be possible to provide care if patients object to disclosures. Where this is the case, and you are satisfied that there is no means of complying with the patient’s wishes, you should explain to the patient the options open to him or her.

Additionally, in England and Wales, you can seek support for such disclosures without consent under s60 of the Health and Social Care Act 2001.

Q10 Do I still need consent to disclose information for research, if a research ethics committee has approved the project?

Express consent to the use of records in research must be obtained in all but the most exceptional circumstances. These are likely to arise where research involves patients unable to consent, or where patients cannot be traced. In such circumstances you should follow the guidance on disclosures in the public interest set out in the answer to the question on disclosures for epidemiology studies above.

Additionally in England and Wales you may seek support for such disclosure under s60 of the Health and Social Care Act 2001, or be satisfied that those undertaking research have done so. If it is possible to inform patients about the use of the data, and respect any objections, you should do so.

Further guidance is available in Research:The Role and Responsibilities of Doctors (2001).

Q11 I have some interesting case studies of patients which I would like to write up and publish. Do I need consent?

It is very difficult to anonymise case studies fully, especially if they are of interest because they deal with a rare condition, or the detailed history of a patient with mental illness. Similar problems apply to many photographs.

For this reason, you must obtain express consent from patients before publishing personal information about them as individuals in media to which the public has access, for example in journals or text books, whether or not you believe the patient can be identified. Express consent must therefore be sought to the publication of, for example, case-histories about, or photographs of, patients.

Q12 What about using case studies and photographs in teaching?

You should obtain express consent, wherever that is practicable. If it is not practicable, you may use photographs and case studies in teaching and training, provided the material is not published or otherwise in the public domain.

You must do your best to ensure that no patient is identifiable from such material.

Q13 I am employed by a company to provide medical reports on people applying for life insurance. If they attend the consultation, can I assume they agree to the report being sent?

There are many circumstances in which doctors are asked to provide information to third parties, such as insurers or employers, either following an examination of a patient or from existing records. Although the circumstances vary in which doctors with ‘dual obligations’ may be asked to disclose information, the following principles of good practice generally apply. You should:

a. Be satisfied that the patient has been told, at the earliest opportunity, about the purpose of the examination and/or disclosure, the extent of the information to be disclosed and the fact that relevant information cannot be concealed or withheld.You might wish to show the form to the patient before you complete it to ensure the patient understands the scope of the information requested.

b. Obtain, or have seen, written consent to the disclosure from the patient or a person properly authorised to act on the patient’s behalf. You may, however, accept written assurances from an officer of a government department that the patient’s written consent has been given.

c. Disclose only information relevant to the request for disclosure: accordingly, you should not usually disclose the whole record. The full record may be relevant to some benefits paid by government departments.

d. Include only factual information you can substantiate, presented in an unbiased manner.

e. The Access to Medical Reports Act 1988 entitles patients to see reports written about them before they are disclosed, in some circumstances. In all circumstances you should check whether patients wish to see their report, unless patients have clearly and specifically stated that they do not wish to do so6.

Questions relating to guidance on disclosures in thepublic interest7

(paragraphs 22–27 of Confidentiality: Protecting and Providing Information 2004)

Q14 I work with sex offenders who are transferred from prison to hospital during their custodial sentence. A patient has recently been discharged, but I know he does not intend to register his new address with the police, as he is required to do by law. Should I tell the police he has been discharged?

The Sex Offenders Act 1997 requires the offender to register his name and address with the police. However, disclosures without consent are justified when a failure to disclose information may put the patient, or someone else, at risk of death or serious harm. If you believe that the patient poses a risk to others, and you have good reason to believe that he does not intend to notify the police of his address, then disclosure of the patient’s discharge would be justified.

Q15 A child in my practice has recently been taken to hospital suffering serious injuries from abuse. His father is now being prosecuted. I’ve been asked to provide information about the child and her family for a Case Review. I’m the GP to the child’s father and he won’t give consent to the release of information, what should I do?

Case Reviews are often set up to identify why a child has been seriously harmed, to learn lessons from mistakes and to improve systems and services for children and their families. (In England and Wales such reviews are often referred to as Part 8 Reviews).

Where the overall purpose of a review can reasonably be regarded as serving to protect other children from a risk of serious harm, you should co-operate with requests for information, even where the child’s family does not consent, or if it is not practicable to ask for their consent. Exceptionally, you may see a good reason not to disclose information; in such cases you should be prepared to explain your decision to the GMC.

Q16 A patient of mine is a doctor; I am concerned that he has a drinking problem which could affect his judgement. It has taken me a long time to get him to admit to any problems, and if I disclose the information to his employer or the GMC now he will probably deny everything and find another doctor.What should I do?

This patient has the same right to good care and to confidentiality as other patients. But, there are times when the safety of others must take precedence. If you are concerned that his problems mean that he is an immediate danger to his own patients, you must tell his employing authority or the GMC straight away. If you think the problem is currently under control, you must encourage him to seek help locally from counselling services set up for doctors or for the public generally. You must monitor his condition and ensure that if the position deteriorates you take immediate action to protect the patients in his care.

Q17 A patient of mine suffers from a serious mental illness. He is often erratic and unstable. I know that he drives, although I have warned him that it is often unsafe for him to do so. He insists that his illness does not affect his judgement as a driver. Should I tell the DVLA?

The DVLA is legally responsible for deciding if a person is medically unfit to drive. The Agency needs to know when driving licence holders have a condition which may now, or in the future, affect their safety as a driver.

Where patients have such conditions you should:

a. Make sure that patients understand that the condition may impair their ability to drive. If a patient is incapable of understanding this advice, for example because of dementia, you should inform the DVLA immediately.

b. Explain to patients that they have a legal duty to inform the DVLA about the condition.

If patients refuse to accept the diagnosis or the effect of the condition on their ability to drive, you can suggest that the patients seek a second opinion, and make appropriate arrangements for the patients to do so. You should advise patients not to drive until the second opinion has been obtained.

If patients continue to drive when they may not be fit to do so, you should make every reasonable effort to persuade them to stop. This may include telling their next of kin, if they agree you may do so.

If you do not manage to persuade patients to stop driving, or you are given or find evidence that a patient is continuing to drive contrary to advice, you should disclose relevant medical information immediately, in confidence, to the medical adviser at the DVLA.

Before giving information to the DVLA you should try to inform the patient of your decision to do so. Once the DVLA has been informed, you should also write to the patient, to confirm that a disclosure has been made.

Questions relating to the guidance on disclosure after a patient’s death

(paragraph 30 of Confidentiality: Protecting and Providing Information 2004)

Q18 Is it true that the duty of confidentiality continues after the patient’s death?

Yes, but the extent to which information may be disclosed will depend on the circumstances. Confidentiality: Protecting and Providing Information 2004 sets out criteria you need to consider. But there are circumstances in which you should disclose information, for example:

  • to assist a Coroner, Procurator Fiscal or other similar officer with an inquest or fatal accident inquiry (see also paragraph 32 of Good Medical Practice 2001);
  • to National Confidential Inquiries or other clinical audit or for education or research. Information should be anonymised wherever possible;
  • on death certificates. You must complete death certificates honestly and fully;
  • to provide information for public health surveillance. Anonymised information should be used unless identifiable data are essential for the purpose;
  • where a parent seeks information about the circumstances and causes of a child’s death;
  • where a partner, close relative or friend seeks information about the circumstances of an adult’s death, and you have no reason to believe that the patient would have objected to such a disclosure;
  • where a person has a right of access to records under the Access to Health Records Act 1990, that is information relating to a claim which may arise out of a patient’s death, made to ‘the patient’s personal representative and any person who may have a claim arising out of the patient’s death.’

Q19 Can I publish case studies about patients who have died?

You should follow the patient’s wishes, if they are known to you. If not, you should consider whether publishing information which could be identified would cause distress to relatives or the patient’s spouse or partner.

If you are satisfied that the publication would not cause distress, and that you have no reason to think that the patient would have objected, you may use the case study or photo in published material. You should of course do your best to ensure that the patient is not identifiable from the material you publish.

Q20 What about disclosing information to insurance companies after a patient has died?

If insurers seek information in order to decide whether to make a payment on a life assurance policy, you should disclose information to those lawfully entitled to deal with the person’s estate – for example the executors of the person’s will – but you should inform them of the possible consequences of the disclosure. It may also be appropriate to inform those close to the deceased person about the release of this information.

Questions relating to guidance on disclosure to courts or in connection with litigation

(paragraphs 18–19 of Confidentiality: Protecting and Providing Information 2004)

Q21 What does the law say?

This section sets out some key elements of the law on confidentiality. It is not intended to be a comprehensive list of relevant case law and legislation. There is a large number of Acts that provide for some form of access to confidential records, which may include health records. If you receive a request for information but are unsure about the legal basis for that request, you should ask for clarification from the person making the request and, if necessary, seek legal advice.

In all four countries of the UK the common law requires consent for disclosure of identifiable data, unless there is a legal provision authorising or requiring disclosure of data, or there is an overriding public interest in the disclosure.

Some of the key judgements in recent cases are:

Common law

A-G v Guardian Newspapers [1988] 3 All ER 545
A general summary of the law on confidence

W v Egdell [1990] 1 All ER 835 and X v Y [1998] 2 All ER 648
The application of the law of confidence to doctors

R v Department of Health exparte Source Informatics Ltd [2000] 1 All ER 786
The effect of anonymisation on confidentiality

Legislation

Access by patients

Two pieces of legislation give patients, or their authorised representatives, access to information about themselves:

Data Protection Act 1998
Rights of access for patients to their medical records.
Right to know about what data is used for.

Advice on how the guidance applies in clinical care and in research, epidemiology etc is available from the Office of the Information Commissioner (www.dataprotection.gov.uk). The Data Protection Act 1998 also places a duty on those who process data to do so lawfully (in accordance with relevant legislation or case law) and fairly (keeping people informed about how their personal information is being used).

Access to Medical Reports Act 1988
Provides for patients to see reports written about them for insurance or education purposes by a doctor who has provided their clinical care.

Access by others

Disclosure in relation to a court order
The courts, both civil and criminal, have power by virtue of the various pieces of legislation that govern their operation, to order disclosure of information. A court order will generally explain the basis on which disclosure is being ordered, so we have not listed the legislation here.

Access to Health Records Act 1990
Access to records of deceased persons

Abortion Act 1967 and Abortion Regulations 1991 (SI 1991 No 499)
Disclosure of information on abortion for purposes specified in the Regulations

Audit Commission Act 1998
Information required to allow the Audit Commission to carry out its functions under the Act

Criminal Appeal Act 1995
Information required by the Criminal Cases Review Commission to assist in the exercise of their functions

Health and Social Care Act 2001
Gives the Secretary of State for Health the power to make Regulations specifying information to be disclosed in the public interest, or in the interest of improving patient care, for England and Wales only

Health (Community Health and Standards) Act 2003
Gives Commission for Healthcare Audit and Inspection right of access to fulfil its statutory functions

Human Fertilisation and Embryology Act 1990 (as amended by the Human Fertilisation (Disclosure of Information) Act 1992)
Disclosure of information to the HFEA

Medical Act 1983
Disclosure of information to the GMC in respect of its powers to investigate complaints

NHS (Venereal Diseases) Regulations 1974 (SI 1974 No 29)
Emphasises the importance of confidentiality but provides for limited sharing of information between doctors

Police and Criminal Evidence Act 1984
Gives power to the police to apply to a court for access to records to assist in an investigation

Prevention of Terrorism (Temporary Provisions) Act 1989
Requires anyone to inform the police of information about terrorist activity

Public Health (Control of Disease) Act 1984 and SI 1988 No 1546
Notification of specified diseases and food poisoning incidents

Road Traffic Act 1988
Gives powers to police to require doctors to provide information which might identify a driver alleged to have committed a traffic offence

Footnotes

1 For example, cancer registries and Scottish Care Information Diabetes Collaboration (SCI-DC).

2 The public interest is determined only by the courts.

3 This is a requirement of the Data Protection Act 1998..Where this guidance has been followed, sending identifiable

4 Regulations have been passed covering amongst other uses of data, disclosures to cancer registries; and disclosures to control communicable disease and other risks to public health; in addition, collection of data for a number of individual data bases have been approved, including: NHS Wide Clearing Service (NWCS), the Health Episode Statistics (HES), the National Health Authority Information System (NHAIS) and the Patient Episode Database for Wales (PEDW). Full details are available from the DH website.

5 Such as the Medicines and Healthcare products Regulatory Agency, the Committee on Safety of Medicines, the Medical Devices Agency, the Drug Safety Research Unit and the Health Protection Agency.

6 In some cases other bodies give patients access to reports, for example, the Department of Social Security gives all claimants access to reports made in connection with state benefits. In such cases it is not necessary for you to check patients’ wish to see the report.

7 See also our guidance Reporting Gunshot Wounds: Guidance for Doctors in Accident and Emergency Departments