Confidentiality is the cornerstone of healthcare and central to the work of everyone employed in General Practice. All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the practice.
The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person.
All patients can expect that their personal information will not be disclosed without their permission other than in the most exceptional circumstances, when somebody is at grave risk of serious harm.
Responsibilities of practice staff
All health professionals must follow their professional codes of practice and the law. This means that they must make every effort to protect confidentiality. It also means that no identifiable information about a patient is passed to anyone or any agency without the express permission of that patient, except when this is essential for providing care or necessary to protect somebody’s health, safety or wellbeing. The patient is entitled to refuse to give their consent for disclosure.
All health professionals are individually accountable for their own actions. They should also work together as a team to ensure that standards of confidentiality are upheld, and that improper disclosures are avoided.
Additionally, the GP as an employer:
- Is responsible for ensuring that everybody employed by the practice understands the need for, and maintains, confidentiality;
- Has overall responsibility for ensuring that systems and mechanisms to protect confidentiality are in place; and
- Has vicarious liability for the actions of those working in the practice – including the health professionals and non-clinical staff.
Standards of confidentiality apply to all health professionals, administrative and ancillary staff – including receptionists, secretaries, practice managers, cleaners and maintenance staff who are bound by contracts of employment to maintain confidentiality – and also to students or others observing practice.
They must not reveal to anybody outside the practice personal information they learn in the course of their work, or due to their presence in the surgery, without the patient’s consent.
Nor will they discuss with colleagues any aspect of a patient’s attendance at the surgery in a way that might allow identification of the patient, unless to do so is necessary for that patient’s care.
If disclosure is necessary
If a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the relevant health professional will counsel the patient about the benefits of disclosure. If the patient refuses to allow disclosure, the health professional can take advice from colleagues within the practice, or from a professional, regulatory or defence body, in order to decide whether a disclosure without consent is justified to protect the patient or another person. If a decision is taken to disclose, the patient should always be informed before the disclosure is made, unless to do so could be dangerous.
If a member of staff is faced with such a request, any such decisions should be shared with another member of the practice team and the matter should be discussed in the first instance with the relevant team leader, for onward referral to the Practice Manager as needed.
Any decision to disclose information to protect health, safety or wellbeing will be based on the degree of current or potential harm, not on the age of the patient.
Author: T Davies
Date of review: 26 May 2023
Next review due: 26 May 2025