• Confidentiality is central to the relationship between all healthcare professionals and their patients, even after death.

    If asked by any third party to provide information about patients you must inform the patient and request consent to disclosure in writing. There are exceptions under some statutes and common law where you do not need a patient’s consent for disclosure but you should always be prepared to justify your decisions.

    There are also circumstances where patients can give implied consent such as sharing information with other healthcare professionals or disclosing information for clinical audit, but you must always explain to the patient why this information is needed. Express consent is always required for clinical research where patient personal data will be disdraft and identifiable.

    Disclosure can be required by law, such as authorisation by Court Order or Statutory Regulatory Bodies. More difficult questions arise with disclosure “in the public interest” without the patient’s consent where the benefits to society outweigh the duty to keep individual information confidential. There are also exceptions where disclosure of personal data might protect the patient or others from imminent physical or mental injury.

    Difficult practical questions arise in relation to children or other patients who lack competence to give consent to disclose. Decisions may have to be made on occasion to disclose in a person’s best interests after having consulted with them and informed them of the decision to disclose.

    After a patient’s death, there remains an obligation to keep personal information confidential but the extent of that protection will depend on the particular circumstances and the patient’s own wishes.

    Further details on confidentiality of electronic and paper records

    For further details on confidentiality of electronic and paper records refer to the Data Protection Act 1998 and the Access to Health Records Act 1990, (which applies to personal representatives of deceased patients). From 25 May 2018, the General Data Protection Regulation (GDPR) will become law. There is some useful information on websites www.dh.gov.uk and www.gmc-uk.org and a guide at www.ico.org.uk.

    This content is correct at time of publication

    Can we help?

    Take a look at our Data Protection and GDPR, Healthcare page for useful information, resources, guidance, details of our team and how we may be able to help you

  • Get in touch

    Please fill out the below form or alternatively you can call us on 01622 690691

      By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry. If you subscribe to any of our newsletters, you can unsubscribe any time using the link in the email. Please view our privacy statement for more information