Intended for healthcare professionals

Practice Competent Novice

Confidentiality

BMJ 2008; 336 doi: https://doi.org/10.1136/bmj.39521.357731.BE (Published 17 April 2008) Cite this as: BMJ 2008;336:888
  1. Julius Bourke, specialist registrar, ST4 1,
  2. Simon Wessely, head2
  1. 1General Adult Psychiatry, Maudsley Hospital, London SE5 8AZ
  2. 2Department of Psychological Medicine, Institute of Psychiatry, King’s College, London SE5 8AF
  1. Correspondence to: J Bourke Julius.bourke{at}slam.nhs.uk

Confidentiality in the medical setting refers to “the principle of keeping secure and secret from others, information given by or about an individual in the course of a professional relationship,”1 and it is the right of every patient, even after death.2

Breaches of confidentiality are common, albeit usually accidental.2 Around a third of the calls received by the Medical Protection Society from doctors are related to confidentiality, particularly in general practice.3 It is the most common reason for doctors, at any stage of their training, to seek advice from their indemnity unions. Confidentiality lies at the heart of the relationship between doctor and patient, and one survey suggests that the public view any breaches of this as the most important reason for striking doctors off the medical register.4

Maintaining confidentiality is part of the “good faith” that exists between doctor and patient.5 Ignoring patients’ rights to confidentiality would lose their trust, and might prevent people from seeking help when needed. Confidentiality preserves individual dignity, prevents information misuse, and protects autonomous decision making by the patient.6

Key points

  • Take care with personal data: do not disclose details in a public place and do not allow letters, notes, or electronic data to be accessed by others unnecessarily

  • Ask yourself whether disclosure is really necessary

  • Always try to obtain consent to share patient data and if not possible discuss with a senior colleague

  • Contact your indemnity union for advice in tricky situations

  • Keep notes as this shows that you have thought about the problem and provides documentary evidence

  • If contacting a patient by phone, use their personal number and make sure you are talking to the patient

  • Any patient objections to clinical audit must be taken into account; express consent is needed when audits are carried out externally if the data cannot be anonymised

What are the challenges?

During conversation

With colleagues

Although disclosure is necessary at certain times (box 1), maintaining confidentiality can be a problem in a busy ward or practice environment. Junior doctors often need to speak to people on the telephone, but how often do we stop to think about who might overhear?

Box 1 Day to day disclosure of confidential information

  • Acquiring consent for disclosure: first ensure the patient understands what is to be disclosed, the reasons for it, and any potential consequences

  • Disclosure within the healthcare team: patients are usually aware of this and its purposes, but if they object this must be respected. In emergencies, information can and should be passed on to staff involved in the patient’s care

  • When the conscious patient lacks capacity to give informed consent,7 try to persuade other appropriate people to be involved in the consultation. If the patient refuses consent, and the doctor is convinced that disclosure is essential in the patient’s medical interests, disclosure is permissible to appropriate people. This will not incur legal liability as long as capacity has been properly assessed and action is taken in the patient’s best interests

Communication with colleagues is of course vital—but take care—a Canadian observational study found that breaches of confidentiality occurred in 11% of lift journeys made by doctors (names were disclosed in 3%).8 Our own unpublished observations suggest that this practice is not unknown in the United Kingdom. It would be futile to ban all conversations about patients as ward rounds progress around the hospital, but we should think about who can overhear and whether we need to name the patient. Another problem is that it is hard to ensure that patients in neighbouring beds do not overhear confidential information during a ward round. The strong and healthy tradition of medical students presenting cases at the bedside during the consultant ward round is also problematic. Likewise, ward staff need to know the name and location of all patients, but does this information need to be as prominent as it is in most wards?

With relatives

Concerned relatives can also cause dilemmas regarding confidentiality. Relatives often provide valuable information, but patients do not always want their family to know about their diagnosis or what you are treating them for. The bottom line is to respect your patient’s request—although you are not duty bound to lie. When a patient does not want information disclosed to relatives, be wary of how the family may try to circumvent this request. For example, relatives’ complaints about the standard of care may cause you inadvertently to reveal confidential information.

Conversely, relatives sometimes know the seriousness of the diagnosis but do not want the patient to be told, often because they think that he or she “couldn’t cope.” But the patient’s best interests should not be determined by relatives, and you should try to avoid such confrontations. A good policy is to explain to the family that you understand their concerns, but that you cannot lie to your patient, and do they really want to deprive their loved one of the ability to make final arrangements or to say goodbye to others? You could also point out that patients often realise what is going on and that keeping a terminal diagnosis from them may result in both parties knowing the truth but being afraid to mention it. Finally, confidentiality exists to protect privileged information shared between you and your patient, not between you and a third party.

When writing

Computers and data entry

Computers have an ever expanding role in patient care, especially as the new NHS information technology program becomes a reality. In theory, computer systems should be better at protecting confidentiality than notes—which were forever lying around for all to see—but how often do you leave a computer terminal logged on after looking up results? If you are in an outpatient department or your practice consulting room, is the screen visible to passers by? It is tempting to lend your password to some else who needs urgent access, but don’t. Automatic logouts and regular changes of passwords can help reduce these risks, but nothing will surpass your own vigilance.

The Data Protection Act

The Data Protection Act 1998 protects the use and “processing” (altering, erasing, retrieving, or disclosing) of “personal data.” It refers to “data subjects” (your patients) and “data controllers” (your trust or primary care trust). The act deals with more than just “health records” but defines these as any record “relating to the physical or mental health or condition of an individual” that has been made “by or on the behalf of a health professional in connection with the care of an individual.”9

The act affects all NHS employees, including ward clerks, secretaries, and other non-clinical staff involved in the handling of personal data.10

Consent is needed each time we share personal data, however. For example, consent is not needed when data are used for the personal care of a patient, otherwise signed consent would be needed every time you wrote a radiology request or filled in an investigation form. Beyond this, personal data can be used for preventive medicine, the general provision of medical care, and management of healthcare services (including audit). So consent is not always needed, but even when it is not, always stop to think whether disclosure of confidential information is actually necessary.

Confidentiality, consent, and children under 16 years

Broadly speaking, patients under 16 should be afforded the same respect as adults where confidentiality is concerned. However, unlike people over 16, they are considered to lack capacity to consent unless proved otherwise. Complications can arise when patients under 16 don’t want their parents told of what they disclose. Contentious areas are mainly contraception or abortion in young girls, and it was from this scenario that the Gillick saga arose. The ruling from the Gillick case dictates that children under 16 may be given medical advice or treatment without parental involvement, providing the child is mature and intelligent enough to fully understand what is proposed—“Gillick competence.”11 12 It is wise to try to persuade patients to involve their parents in decisions about treatment that carries serious risks, a view that is endorsed by the General Medical Council.2 But what about patients who are under 16 and not Gillick competent? One problem is that the Gillick case did not specifically deal with confidentiality. Under such circumstances, the GMC advises that efforts be made to persuade patients to involve their family but that, ultimately, disclosure to the adult with parental responsibility (note that this responsibility does not automatically fall to step parents as it would with biological parents) is permissible. Furthermore, you would normally need to obtain parental consent to carry out any procedures and to be able to treat children in their best interests.

Compulsory disclosure

The law views confidentiality as a balance of public interests rather than a “right” afforded to the individual, and this potentially conflicts with the medical definition. Rarely, it is compulsory to disclose confidential information. Instances include disclosure to protect others, disclosure of information to the police, disclosure of notifiable diseases, and disclosure of information about a patient’s fitness to drive.

Protection of the public and third parties

Your duty of confidence to a patient can be over-ridden by the duty to protect a third party from serious physical harm. In the UK, you must not ignore the threat a patient poses to others and you must weigh your duty to your patient against your duty to others and society. This was established in the Egdell case, when the courts supported a doctor who disclosed information about a patient with serious mental health problems whom he believed to pose a great risk to the public.13 However, this is an extreme case, and the threshold for such disclosure is rightly set very high. A doctor contemplating such action should first consult colleagues, a defence organisation, and his or her employer’s legal advisers. Disclosing information about less serious crimes could amount to professional misconduct. We are guided in this respect by the NHS code of practice, which advises that we can disclose personal information to “prevent and support the detection, investigation and punishment of serious crime and/or prevent abuse/serious harm to others.”10 What constitutes “serious crime” is a grey area, but box 2 lists the crimes included in the code of practice. There is some room for discretion, however, and if you act reasonably on the evidence before you after sensible consultation and advice, then you are unlikely to be penalised by the courts for the action you take.

Box 2 NHS code of practice (2003) definitions

Serious crime
  • Rape

  • Murder

  • Manslaughter

  • Treason

  • Kidnapping

  • Child abuse

Risk of harm
  • Child abuse

  • Neglect

  • Assault

  • Road traffic accidents

  • Notifiable diseases

Criminal proceedings and police investigations

It is a popular myth that doctors are obliged by criminal law to contact the police about a patient’s criminal conduct. It is not a crime for a doctor not to inform the police of evidence acquired in a professional capacity which indicates that a patient has committed or plans to commit a crime.14

Statutory obligations

Every member of society, including doctors, must report activity that may relate to terrorism to the police.15 Likewise, all members of society are obliged to give details that might identify people involved in road traffic incidents, if asked by the police.16 However, it would seldom be appropriate to hand over clinical information to fulfil this obligation, because it is unlikely to help identify the people involved. If you are unsure, speak with a senior colleague, but you are protected from surrendering such details without a court order or the patient’s express consent.16 When access to such information is considered vital, the police can access medical records if they have a search warrant.

The courts

Doctors are not afforded the same privilege as lawyers when it comes to giving evidence about their patients. The court is the final arbiter of confidentiality so any information requested by a court must be disclosed.

Which crimes should be disclosed?

Disclosure of information relating to less serious crimes must be judged carefully and after taking sound advice. The GMC advises that disclosure of serious crimes—including “those against the person, such as abuse of children”—is defensible.2 In this case you should consult your trust’s child protection specialist.

Notifiable diseases

Compulsory disclosure also applies to highly infectious and “notifiable” diseases, and the Data Protection Act allows for this in terms of “preventable medicine.” In the case of sexually transmitted infections, legal provisions for tracing sexual contacts seek to ensure that the identity of patients and contacts remains confidential.17 Notifiable diseases must be reported to the “proper officer” of the local health authority. Junior doctors are unlikely to be responsible for this task, but you should be aware of which diseases are notifiable, and a comprehensive list is available from the Health Protection Agency.18 19

Medical conditions affecting fitness to drive

A regularly updated list of these conditions is available from the Driver and Vehicle Licensing Agency (DVLA; www.dvla.gov.uk/media/pdf/medical/aagv1.pdf). Patients with any of these conditions should be told to contact the DVLA and inform them of the diagnosis. If they refuse, you can suggest a second opinion, but you should still try to persuade them to contact the agency. If they still refuse, tell them that you are required to inform the medical officer at the DVLA and let them know when you have done this.16 20 You are also required to inform the DVLA when patients cannot fully understand this advice—for example, in the case of serious cognitive impairment.16 20

Audit, research, and publications

Without research, audit, and teaching the NHS would cease to function. Research in particular is a primary function of the NHS and, together with audit, is essential for improving patient care and safety. Both may require the use of identifiable patient details and clinical information. The Data Protection Act acknowledges the role of audit in ensuring a safe and effective NHS and the importance of medical research.

In general, research using patient data proceeds on the same basis as other types of research—by informed consent. Alternatively, data may be fully anonymised so that individual patients cannot be identified, in which case the Data Protection Act does not apply. Data can also be “pseudoanonymised.” In this case, unique identifiers connect the patient to the raw data without revealing the patient’s identity, but a “key” (which is kept totally separate) is used to match the patients to the data.

As a junior, you are unlikely to want to carry out large scale research on patient records without informed consent or true anonymisation. You should know that this is possible, though, if obtaining consent is very difficult, if it involves a disproportionate cost, or if it would invalidate the research by introducing insuperable bias. It must also be shown that the data cannot be obtained any other way and that the risk of harm is minimal. You can get further details from your trust’s Caldicott guardian (a senior member of hospital staff in the UK who ensures that patient data are kept secure) or research and development department, the Department of Health (www.advisorybodies.doh.gov.uk), or a recent report by the Academy of Medical Sciences.6

Your research career may well start with a case report. You should be aware that journals will not publish without consent being obtained first. The Committee of Publication Ethics (www.publicationethics.org.uk) has useful information on this topic. Box 3 provides information about the use of audiovisual and photographic materials.

Box 3 Audiovisual and photographic records

  • These may be used for teaching, presenting research, or as part of clinical records

  • Obtain consent

  • Efforts should be made to anonymise the record by:

    1. Pixelating the face

    2. Blacking out the eyes (although the BMJ has long declined to use this method because it believes that it does not provide adequate anonymisation)

    3. Removing identifiable data (such as date of birth and name on a radiograph)

When photographs and videos are required, use a qualified medical imager, who will have release forms for the patient to sign and will be able to advise on future storage or disposal of such materials

Conclusion

Confidentiality is the cornerstone of medical ethics. We seldom choose to ignore this duty, but we can inadvertently let it slip. If you are in doubt, talk to senior colleagues. Documentation of obtained consent or conversations with seniors or indemnity unions is vital—“if it is not written down, then it didn’t happen.” But above all, ensure that your patients can have confidence in your confidence.

Footnotes

  • This series aims to help junior doctors in their daily tasks and is based on selected topics from the UK core curriculum for foundation years 1 and 2, the first two years after graduation from medical school

  • Competing interests: None declared.

  • Provenance and peer review: Commissioned; externally peer reviewed.

References

View Abstract