Confidentiality of electronic and paper records for Healthcare
All patients have a right to expect that information about their personal medical condition is held in confidence by their doctors and by NHS healthcare professionals. Confidentiality is central to the relationship between all healthcare professionals and their patients, even after death.
If asked by any third party to provide information about patients you must inform the patient and request consent to disclosure in writing. There are exceptions under some statutes and common law where you do not need a patient’s consent for disclosure but you should always be prepared to justify your decisions.
There are also circumstances where patients can give implied consent such as sharing information with other healthcare professionals or disclosing information for clinical audit, but you must always explain to the patient why this information is needed. Express consent is always required for clinical research where patient personal data will be disclosed and identifiable.
Disclosure can be required by law, such as authorisation by Court Order or Statutory Regulatory Bodies. More difficult questions arise with disclosure “in the public interest” without the patient’s consent where the benefits to society outweigh the duty to keep individual information confidential. There are also exceptions where disclosure of personal data might protect the patient or others from imminent physical or mental injury.
Difficult practical questions arise in relation to children or other patients who lack competence to give consent to disclose. Decisions may have to be made on occasion to disclose in a person’s best interests after having consulted with them and informed them of the decision to disclose.
After a patient’s death there remains an obligation to keep personal information confidential but the extent of that protection will depend on the particular circumstances and the patient’s own wishes.
Further details on confidentiality of electronic and paper records
For further details on confidentiality of electronic and paper records refer to the Data Protection Act 1998 and the Access to Health Records Act 1990, (which applies to personal representatives of deceased patients). From 25 May 2018 the General Data Protection Regulation (GDPR) will become law. There is some useful information on websites www.dh.gov.uk and www.gmc-uk.org and a guide at www.ico.org.uk.
Download the file on Confidentiality Fact Sheet