By clicking “Accept”, you agree to the storing of cookies on your device to help us understand how our site is used and improve user experience. View our Cookie Policy for more information.

Patient confidentiality

We respect your right to privacy and keep all your health information confidential and secure. It is important that the NHS keeps accurate and up-to-date records about your health and treatment so that those treating you can give you the best possible care.

This information may be used for management and audit purposes. However, it is usually only available to, and used by, those involved in your care. You have the right to know what information we hold about you. If you would like to see your records please contact the Practice Manager.

Importance of confidentiality

Confidentiality is a fundamental part of health care and crucial to the trust between doctors and patients. Patients entrust their practice with sensitive information relating to their health and other matters in order to receive the treatment and services they require. They should be able to expect that this information will remain confidential unless there is a compelling reason why it should not. All staff in the NHS have legal, ethical and contractual obligations of confidentiality and must ensure they act appropriately to protect patient information against improper disclosure.

Some patients may lack the capacity to give or withhold their consent to disclosure of confidential information but this does not diminish the duty of confidence. The duty of confidentiality applies to all patients regardless of race, gender, social class, age, religion, sexual orientation, appearance, disability or medical condition.

Information that can identify individual patients must not be used or disclosed for purposes other than healthcare unless the patient (or appointed representative) has given explicit consent, except where the law requires disclosure or there is an overriding public interest to disclose. All patient identifiable health information must be treated as confidential information, regardless of the format in which it is held. Information which is effectively redacted can be used with fewer constraints.

The confidentiality of other sensitive information held about the practice and staff must also be respected.

Obligations for all staff

All staff must:

  • always endeavour to maintain patient confidentiality;
  • not discuss confidential information with colleagues without patient consent (unless it is part of the provision of care);
  • not discuss confidential information in a location or manner that allows it to be overheard;
  • handle patient information received from another provider sensitively and confidentially;
  • not allow confidential information to be visible in public places;
  • store and dispose of confidential information in accordance with the Data Protection Act 1998 and the Department of Health’s Records Management Code of Practice (Part 2);
  • not access confidential information about a patient unless it is necessary as part of their work;
  • not remove confidential information from the premises unless it is necessary to do so to provide treatment to a patient, the appropriate technical safeguards are in place and there is agreement from the information governance lead or Caldecott Guardian;
  • contact the information governance lead or Caldecott Guardian if there are barriers to maintaining confidentiality;
  • report any loss, inappropriate storage or incorrect disclosure of confidential information to the information governance lead or Caldecott Guardian;
  • if applicable, document, copy, store and transfer information in the ways agreed with other providers (see Annex 1).

It is expected that members of staff will comply with the law and guidance/codes of conduct laid down by their respective regulatory and professional bodies.

Information disclosures

When a decision is taken to disclose information about a patient to a third party due to safeguarding concerns/public interest, the patient should always be told and asked for consent before the disclosure unless it would be unsafe or not practical to do so.

In the circumstances that consent cannot be sought, then there must be clear reasons and necessity for sharing the information.

Disclosures of confidential information about patients to a third party must be made to the appropriate person or organisation and in accordance with the principles of the Data Protection Act 1998 (Annex 1), the NHS Confidentiality Code of Practice, and the GMC’s Good Medical Practice.

Obligations of employers

The employers at the practice must ensure that confidential information can be stored securely on the premises and that there are processes in place to guarantee confidentiality.