patient-access-logo-2018-inv
Back

Confidentiality

Purpose and definitions

The purpose of this policy is to provide guidance for staff and assurance to patients that Grove Medical Centre is committed to continually providing high quality healthcare for all patients and supporting the staff who provide this care. The aim of the policy is to provide staff with a framework of understanding of the concepts involved when we consider the issues of confidentiality in dealing with people and including the specific issues with teenagers.

All patients regardless of age, gender, ethnic background, culture, cognitive function, or sexual orientation have the right to have their privacy and dignity respected.

Scope

This policy applies to all employees of Grove Medical Centre, contractors, seconded staff, placements, and agency staff.

Roles, rights, and responsibilities

All staff

All healthcare professionals are placed at the heart of the patient consultation and, therefore, electronic and paper records.

They need to know how to maintain and store these records, digital and paper records, securely, so that they are contemporaneous, accurate, and confidential.

They also need to understand when it is appropriate to share information from the practice and with whom.

Practice manager

To update the policy, ensure that it is aligned with national guidelines, distribute appropriately, and ensure that staff are trained at induction and at regular intervals so that they are aware of the principles of confidentiality in dealing people and especially with teenagers and the content of the practice policy.

Principles of this policy

This policy adheres to local and national guidance and policy including the NHS Essence of Care 2010 and the Department of Health Confidentiality NHS Code of Practice.

Storing and maintaining primary healthcare records

  • We are aware that all GP premises have to securely store written and digital patient records.
  • Digital records are protected by our software provider, but we also ensure that we make appropriate safeguards when accessing computer systems, such as smartcard security, username, and password protection.
  • Paper records are only accessible to appropriate staff and locked securely when not in use.

Sharing patient details

The GMC have set out the principles of what is appropriate when patient details should, should not, and can be shared. We therefore adhere to the following principles:

  • Use the minimum necessary personal information. Will use anonymised information if it is practicable to do so and if it will serve the purpose.
  • Manage and protect information. Make sure any personal information we hold, or control is effectively protected at all times against improper access, disclosure, or loss.
  • Aware of our responsibilities. We will develop and maintain an understanding of information governance that is appropriate to our role.
  • Comply with the law. We will be satisfied that we are handling personal information lawfully.
  • Share relevant information for direct care in line with the principles in this guidance unless the patient has objected.
  • Ask for explicit consent to disclose identifiable information about patients for purposes other than their care or local clinical audit unless the disclosure is required by law or can be justified in the public interest.
  • Tell patients about disclosures of personal information you make that they would not reasonably expect, or check they have received information about such disclosures, unless that is not practicable or would undermine the purpose of the disclosure. We will keep a record of our decisions to disclose, or not to disclose, information.
  • Support patients to access their information. Respect, and help patients exercise, their legal rights to be informed about how their information will be used and to have access to, or copies of, their health records.

We are aware of the explicit and implicit consent principles.

However, exceptions to the rules of explicit and implicit patient consent do exist and include:

  • Where a patient lacks capacity to consent, but the disclosure of information is in their best interests.
  • Where information has been requested as part of legal proceedings by court order or to prevent or detect crime, such as by coronial request.
  • Where the disclosure is in the public interest, such as prevention of a serious crime.
  • Where the information relates to public safety or public health, for example in the case of notifiable communicable diseases.
  • Where we have reason to believe that seeking consent would put ourselves or others at serious risk of harm.

Advice relating to these disclosures will be sought from our local Caldicott Guardian, Data Protection Officer, or legal indemnity provider, depending on the situation.

Confidentiality and teenagers

We have the same duties of confidentiality when using, sharing, or disclosing information about children and young people as about adults. We will therefore:

  • Disclose information that identifies the patient only if this is necessary to achieve the purpose of the disclosure.
  • Inform the patient about the possible uses of their information, including how it could be used to provide their care and for clinical audit.
  • Ask for the patient’s consent before disclosing information that could identify them, if the information is needed for any other purpose, other than in the exceptional circumstances.
  • Keep disclosures to the minimum necessary.

Sharing information with the consent of a child or young person

Sharing information with the right people can help to protect children and young people from harm and ensure that they get the help they need.

Sharing information without consent

If a child or young person does not agree to disclosure, we are aware that there are still circumstances in which you should disclose information these include:

  • When there is an overriding public interest in the disclosure.
  • When you judge that the disclosure is in the best interests of a child or young person who does not have the maturity or understanding to make a decision about disclosure.
  • When disclosure is required by law.

Public interest

A disclosure is in the public interest if the benefits that are likely to arise from the release of information outweigh both the child or young person’s interest in keeping the information confidential and society’s interest in maintaining trust between doctors and patients.

We will make this judgement case by case, by weighing up the various interests involved and taking advice from the Caldicott Guardian.

When considering whether disclosure is justified:

  • Tell the child or young person what you propose to disclose and why, unless that would undermine the purpose or place the child or young person at increased risk of harm.
  • Ask for consent to the disclosure, if you judge the young person to be competent to make the decision, unless it is not practical or appropriate to do so.

If a child or young person refuses consent, or if it is not practical or appropriate to ask for consent, we will consider the benefits and possible harms that may arise from disclosure. We will disclose information if this is necessary to protect the child or young person, or someone else, from risk of death or serious harm. For example, if:

  • A child or young person is at risk of neglect or sexual, physical, or emotional abuse.
  • The information would help in the prevention, detection, or prosecution of serious crime.
  • A child or young person is involved in behaviour that might put them or others at risk of serious harm, such as serious addiction or self-harm.

If we judge that disclosure is justified, we will disclose the information promptly to an appropriate person or authority and record our discussions and reasons. If we judge that disclosure is not justified, we will record our reasons for not disclosing.

Disclosures when a child lacks the capacity to consent.

When a child who lacks the capacity to consent shares information with us on the understanding that their parents are not informed, we will try on these occasions to persuade the child to involve a parent in such circumstances.

If they refuse and we consider it is necessary in the child’s best interests for the information to be shared (for example, to enable a parent to make an important decision, or to provide proper care for the child), we will disclose information to parents or appropriate authorities. We will record our discussions and reasons for sharing the information.

Disclosures required by law.

We will of course disclose information as required by law. For example, disclosure of information when directed to do so by a court.

Distribution

Employees will be made aware of this policy via TeamNet.

Patients will be made aware of this policy using patient leaflets and on the practice website.

Training

All staff will be given training on confidentiality in dealing with teenagers at induction and at regular intervals thereafter.

Any training requirements will be identified within an individual’s Personal Development Reviews. Training is available in the Training module within TeamNet.

Equality and diversity impact assessment

In developing this policy, an equalities impact assessment has been undertaken. An adverse impact is unlikely, and on the contrary the policy has the clear potential to have a positive impact by reducing and removing barriers and inequalities that currently exist.

If, at any time, this policy is considered to be discriminatory in any way, the author of the policy should be contacted immediately to discuss these concerns.

Monitoring and reporting

Monitoring and reporting in relation to this policy are the responsibility of the practice manager.

The following sources will be used to provide evidence of any issues raised:

  • Significant and learning events.

Any incidents relating to confidentiality in dealing with people and teenagers will be monitored via incident reporting.

Summary of NHS legal and mandatory documentation

NHS. Essence of Care 2010 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/216691/dh_119978.pdf

Department of Health. Confidentiality NHS code of practice https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/200146/Confidentiality_-_NHS_Code_of_Practice.pdf

National Data Guardian. Caldicott Review: information governance in the health and care system 2013 https://www.gov.uk/government/publications/the-information-governance-review

Information Commissioners Office https://ico.org.uk/

Primary Care Support NHS England. How to move medical records with labels https://pcse.england.nhs.uk/services/medical-records/how-to-move-medical-records/

Care Quality Commission. Code of practice on confidential personal information https://www.cqc.org.uk/files/code-practice-confidential-personal-information

 

OPTING OUT OF SHARING MEDICAL RECORDS

Type 1 Opt-out: medical records held at your GP practice

You can tell your GP practice if you do not want your confidential patient information held in your GP medical record to be used for purposes other than your individual care. This is commonly called a type 1 opt-out. This opt-out request can only be recorded by your GP.

If you choose a Type 1 opt-out, please inform us in writing.

 

Type 2 Opt-out: information held by NHS Digital

A Type 2 opt-out is an objection that prevents an individuals personal confidential information from being shared outside of NHS Digital, that is used for research and planning.

Previously you could tell your GP surgery if you did not want NHS Digital to share confidential patient information that is collected from across the health and care service for purposes other than your individual care. This was called a type 2 opt-out.

From 25 May 2018 the type 2 opt-out has been replaced by the national data opt-out. Type 2 opt-outs that have been recorded previously have been automatically converted to national data opt-outs.

To find out more or to make your choice visit: nhs.uk/your-nhs-data-matters 

or call 0300 303 5678

and/or view the NHS Digital patient Leaflet