Confidentiality is critical to the doctor-patient relationship. Patients need to be able to confide in their doctor very personal information without which patient care could be compromised.
However, confidentiality is not absolute and there may be rare instances where disclosure of patient information is warranted. A request from the police or where there is a legal obligation may be one of these cases, but your duty of confidentiality and your legal and ethical obligations must still be carefully considered.
Concerns have been raised that the Police, Crime and Sentencing Bill may be going to Parliament at this timeundermine the public's trust in healthcare professionals to protect sensitive health information. Regardless of what the final law says, it is vital that public trust is maintained. Here we discuss current laws and guidelines that general practitioners should be aware of.
Protection of Confidential Information
The GMC says that you should not share personal information with third parties without the patient's express consent, unless it is for the general benefit of an incompetent patient, required by law, ordered by a court, or justified in the public interest.
It is not uncommon for police to ask GPs to divulge information about a patient. Examples of cases where you are required by law to disclose or voluntarily provide information to the police are the Traffic Act 1988 and the Terrorism Act 2000. Another situation where you are required to disclose information is when he is under his Work discovers an act of female genital mutilation (FGM) on a girl under 18 in England and Wales.
In other circumstances, however, you must weigh the potential harm to the patient and your professional relationship against the benefits of disclosing the information. When the police request information, they should consider whether a waiver of their duty of confidentiality can be justified in the best interest of the public.
The following anonymous scenarios are based on queries from MDU members:
A patient in custody
A police officer visited a general practitioner's office and explained that a patient was in custody for a serious crime. When the officer requested a copy of a patient's medical record, the officer cited Data Protection Act (DPA) Program 2 Sections 2 and 5 and gave the GP a form signed by a senior officer.
MDU-Tips
The provisions cited by the officer may mean that there is no violation of the Data Protection Act by passing information on to the police. For example, when used to prevent or detect crime.
However, providing is only permitted and does not require you to disclose the requested information. Your ethical duty of trust still applies.
You must have the patient's consent or determine that disclosure without consent would be in the public interest. The police may be able to obtain a search warrant, which means you must disclose the specific information referenced in the search warrant without the patient's consent.
GMC Privacy Guidestates that confidential information may be disclosed in the public interest without the patient's consent, or in exceptional circumstances where consent has been withheld, "when the benefit to an individual or society outweighs both the public and the patient's interest in the confidentiality of the patient information prevails.
This means that you must weigh the potential harm to the patient and the overall trust between patients and doctors that disclosure of the information creates, against the benefits that disclosure could bring to an individual or to society.
One such example arises when failure to disclose records "may expose others to risk of death or serious harm." In this case, the patient is in pre-trial detention and does not pose a danger to the public, so it would be difficult to justify disclosure without the patient's consent.
If the patient lacks capacity, you must act in their best interests. This probably depends on the circumstances of the situation.
For example, if medical information has been requested so that the patient can receive medical or psychiatric treatment, the relevant information should be passed directly to the doctor responsible for treating the patient and not to the police.
The MDU counselor suggested that the practice director ask the police officer if the police had obtained the patient's consent or had a reason why they could not obtain consent. The practice manager might also ask the police what the alleged crime was, why they needed information from the medical records, and what type of information they were looking for. Police are unlikely to need a patient's full medical record.
This additional information would help the firm decide whether or not it could justify disclosing the records. If disclosure is appropriate, they should disclose only the relevant parts. Any disclosure without consent must be necessary, proportionate and dependent on the reason for the request.
The practice was advised to record the reasons why they made the decision to disclose or withhold the requested information in case they are later asked to justify the decision.
Public Interest Disclosure
A GP saw a patient he had been treating for stress. The patient was very upset during the recent review about media coverage of past child abuse. He further confessed that he recently abused a friend of his 13-year-old granddaughter while she was sleeping at his home.
He asked the GP not to tell anyone because he was very sad and embarrassed and said he would never do anything like this again. The GP was shocked by the confession and called the MDU to ask if the police should be informed.
MDU-Tips
They must assess whether failure to disclose this information "could put others at risk of death or serious harm" (Section 64 of the GMC Confidentiality Guide). A confession to a serious crime, such as child molestation, is an example of when disclosure is likely to be appropriate.
The GMC does not define serious crimes in its guidelines, but refers to examples in theNHS Confidentiality Code. This includes murder, manslaughter, rape, kidnapping and child abuse or neglect causing significant harm.
When considering disclosure in the public interest, the GMC says you must balance the impact of disclosure on the patient and trust in physicians in general, against the potential benefits of disclosing information.
If you believe that non-disclosure would pose a risk so serious that it outweighs the patient's and the public's interest in confidentiality, you must promptly disclose the relevant information to the appropriate person or authority.
Despite the man's assurances, he has confessed to a serious crime and the children may be in danger. If you choose to disclose without consent, the GMC says you must first let the patient know if it's safe to do so.
traffic accident
Police contacted a family doctor to ask if he could identify a driver from cell phone pictures taken by a passerby at the scene of the accident. The driver of the car had been involved in an incident in which a cyclist was injured after the car left the operating room parking lot. Witnesses at the scene reported that the driver drove recklessly and then ran away.
The police officers said they urgently needed information to identify the driver. The GP recognized the driver as a patient and considered giving the police his name and address.
MDU-Tips
Disclosure under the Road Traffic Act 1988 is one of the limited circumstances in which you have a legal obligation to disclose or offer information to the police.
In certain circumstances, the law allows police to collect information from anyone, including doctors, that may lead to the identification of a driver suspected of a traffic offence. It is important to note that failure to comply with these police requirements is a criminal offense.
GMC expects you to disclose information when required by law, but only information relevant to the request and only as required by law. GMC's confidentiality policy states that it must also "inform patients of such disclosures whenever practicable, unless doing so would undermine the purpose of the disclosure."
In this situation, you are required by law to provide the police with relevant driver identification information (usually name and address). You must be able to prevent the disclosure of other information, such as B. Details of the patient's medical care without justifying the patient's consent. It is important that you record your conversation with the police, noting what information was disclosed and why.
in summary
If you are considering making a disclosure without consent, seek the advice of your colleagues, your Caldicott guardian, or your medical advocacy group.
You can do this anonymously without revealing the patient's identity. If you choose to provide information to the police, you should limit the information you provide to the minimum necessary for the purpose and only provide relevant information.
It is important that you clearly document in the patient record your reasons for disclosure, what information you disclosed, the steps you took to obtain patient consent, or your reasons for not doing so.
FAQs
When can you share confidential information? ›
Ask for consent to share information unless there is a compelling reason for not doing so. Information can be shared without consent if it is justified in the public interest or required by law. Do not delay disclosing information to obtain consent if that might put children or young people at risk of significant harm.
When can practitioners break confidentiality? ›Breaking confidentiality is done when it is in the best interest of the patient or public, required by law or if the patient gives their consent to the disclosure. Patient consent to disclosure of personal information is not necessary when there is a requirement by law or if it is in the public interest.
Can doctors break confidentiality to the police? ›You will need to have patient consent or to determine that in the absence of consent, the disclosure would be in the public interest. The police may be able to obtain a court order which would then mean you must disclose the specific information referred to in the order, without the patient's consent.
Can you give police confidential information? ›You need to be satisfied that the personal data is necessary for the law enforcement authority to fulfil its law enforcement purposes. For example, a police force should tell you why it needs the personal data you hold. You must only share personal data that is limited to what is requested and what is reasonable.
What are the 5 confidentiality rules? ›- Ask for consent to share information.
- Consider safeguarding when sharing information.
- Be aware of the information you have and whether it is confidential.
- Keep records whenever you share confidential information.
- Be up to date on the laws and rules surrounding confidentiality.
Members of a care team should share confidential information when it is needed for the safe and effective care of an individual. Information that is shared for the benefit of the community should be anonymised. An individual's right to object to the sharing of confidential information about them should be respected.
What are the 3 limits of confidentiality? ›- Limits Imposed Voluntarily (i.e., Not Legally Required) ...
- Limits That Can Be Imposed by Law (i.e., Possible “Involuntary” Disclosures) ...
- Possible Limitations on Confidentiality Created by Use of Technology in the Setting.
The principle of confidentiality is about privacy and respecting someone's wishes. It means that professionals shouldn't share personal details about someone with others, unless that person has said they can or it's absolutely necessary.
In what situations can you use or share a clients health information without their consent? ›You can use or disclose health information where it is unreasonable or impracticable to obtain consent to the use or disclosure, and you reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
How do I give information to the police? ›Reporting non-emergencies
Report crimes online or by calling 101 if they are not an emergency. You can also call 101 to give information to the police or make an enquiry.
What are the limits of patient confidentiality? ›
He or she cannot divulge any medical information about the patient to third persons without the patient's consent, though there are some exceptions (e.g. issues relating to health insurance, if confidential information is at issue in a lawsuit, or if a patient or client plans to cause immediate harm to others).
Can health professionals share information with the investigating officer? ›The police may ask health and care organisations to provide them with information about patients and service users to support their work. There are times when this information: must be provided to the police because the law requires it, for example, information relating to a road traffic accident.
When can you share data without consent? ›Under the GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful reason to do so, such as where safety may be at risk. You will need to base your judgment on the facts of the case.
Under what conditions can you disclose confidential information? ›You may only disclose confidential information in the public interest without the patient's consent, or if consent has been withheld, where the benefits to an individual or society of disclosing outweigh the public and patient's interest in keeping the information confidential.
Do I have to give my details to the police? ›You DO NOT have to give your name and address unless the officer points out an offence he / she suspects you have committed. However, not providing your details may lead to you being detained for longer.
What are the 7 principles of confidentiality? ›- Justify the purpose(s) of using confidential information.
- Only use it when absolutely necessary.
- Use the minimum that is required.
- Access should be on a strict need-to-know basis.
- Everyone must understand his or her responsibilities.
- Understand and comply with the law.
Some information is always confidential, such as information about someone's health or medical history, especially if given to a healthcare professional. The formal status of other information may be less clear, and gossip would be a good example of this.
What are the 8 principles of confidentiality? ›The eight Caldicott principles are listed below as follows:
Justify the purpose for using confidential information. Don't use personal confidential data unless absolutely necessary. Use the minimum necessary personal confidential data. Access to personal confidential data should be on a strictly need-to-know basis.
- a. PROTECT – look after the patient's or service user's information.
- b. INFORM – ensure that individuals are aware of how their.
- c. PROVIDE CHOICE – allow individuals to decide, where appropriate,
- d. IMPROVE – always look for better ways to protect, inform, and.
Confidential information should only be disclosed to third parties if the strict legal test for requiring or permitting the disclosure is met. If any confidential information is to be disclosed, it should generally be limited to the minimum information necessary to protect the safety of the patient or the third party.
What are the key elements of confidentiality? ›
- 1) What information is considered confidential? ...
- 2) Exceptions to confidentiality. ...
- 3) Obligations/Requirements of signees. ...
- 4) Consequences of breaking the confidentiality agreement. ...
- 5) Length of the agreement.
Confidentiality protects sensitive information from unauthorized disclosure or intelligible interception. Cryptography and access control are used to protect confidentiality.
What are the 6 principles of confidentiality? ›- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitation.
- Integrity and confidentiality (security)
- Accountability.
Key points. You can disclose a patient's health information to a 'responsible person' where: the patient lacks the capacity to consent or is unable to communicate consent, and. the disclosure is either necessary to provide appropriate treatment, or is made for compassionate reasons.
When may you release confidential information over a patient's objection? ›Under the CMIA, medical information must be released when compelled: by court order. by a board, commission or administrative agency for purposes of adjudication. by a party to a legal action before a court, arbitration, or administrative agency, by subpoena or discovery request.
How do you ensure privacy and confidentiality? ›- Create thorough policies and confidentiality agreements. ...
- Provide regular training. ...
- Make sure all information is stored on secure systems. ...
- No mobile phones. ...
- Think about printing.
Police will attempt to verify any details you give, perhaps by looking you up on the police computer or sending local police around to the address you have given to confirm you live there. If they can't verify they may not release you on bail. Previous What happens if I'm Arrested?
Can I make a Freedom of Information request to the police? ›The Freedom of Information Act 2000 (FOIA)(opens an external website in the same tab) provides any person, anywhere in the world, the right to access information held by public authorities, subject to a number of exemptions. All police forces are separate public authorities subject to this Act.
What questions do you have to answer to the police? ›Q: Do I have to answer questions asked by law enforcement officers? A: No. You have the constitutional right to remain silent. In general, you do not have to talk to law enforcement officers (or anyone else), even if you do not feel free to walk away from the officer, you are arrested, or you are in jail.
When can information be shared in relation to safeguarding? ›Under the GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful basis to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case.
How do you maintain confidentiality in an investigation? ›
- Be careful with your open laptop. ...
- Use code words. ...
- Don't disclose the names of clients to anyone. ...
- Find a private meeting location. ...
- Invest in an encrypted audio recorder. ...
- Password-protect your smartphone. ...
- Password-protect your documents. ...
- Triple-check the addressee.
Health and care professionals have a duty to share information to support individual care. Implied consent can be used when sharing relevant information with those who are directly involved in providing care to a patient or service user, unless a patient has indicated an objection.
When someone's personal information is used without permission is called? ›Defamation. To prove defamation, a photo posted on a social networking site by someone else must defame you.
Can someone give out your personal information? ›It is generally illegal to publish embarrassing or personal information that is not already known to the public. It is generally illegal to publish information that would make someone look worse than they really are.
What are three examples of when confidential information can be released? ›- Consulting with other practitioners. ...
- Court or disciplinary actions. ...
- Dangerous clients. ...
- Abused or abusive clients.
"Confidential information" is defined as information to which the public does not have general access. This policy governs the use or further disclosure of such information.
Can I refuse to give my details? ›Anti-social behaviour is defined as behaviour likely to cause “harassment, alarm or distress”. In this situation it's a criminal offence to refuse to give your name and address. You could be arrested if the police think it's necessary to do so in order to find out your name and address.
Do I have to give details to police UK? ›If asked to do so, you must give your name, address, date and place of birth and nationality to the officer. You may also be asked for an explanation of your behaviour. If you give false information or refuse to answer, you are committing an offence for which you could be arrested and charged.
Can you ask police for information? ›You have the right to ask for any of this information, whether it's for an employment vetting process, a visa application, family court proceedings or to check the accuracy of what we hold. Find out below all the different circumstances in which the police can disclose information about you.
What are the 7 rules for information sharing? ›Necessary, proportionate, relevant, adequate, accurate, timely and secure: ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and up- to-date, is shared in a timely fashion, and is shared securely (see ...
What are the guidelines for confidential information? ›
Keep all confidential information in a secure place. Do not leave it lying on your desk top or anywhere it can be easily accessed by unauthorized persons. It is best to keep it in a locked drawer or file cabinet. You may be asked to return all confidential information, or destroy it at the option of the owner.
When information can be shared in relation to safeguarding? ›"Disclosure may be necessary in the public interest where a failure to disclose information may expose the patient, or others, to risk of death or serious harm. In such circumstances you should disclose the information promptly to an appropriate person or authority." (para 18).
What are the golden rules of confidentiality? ›accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely.
What is the information sharing and confidentiality policy? ›Staff are bound by their conditions of service to respect the confidentiality of any information that they may come into contact with and under no circumstances should such information be divulged or passed to any persons or organisation in any form unless such disclosure is authorised under this policy.
How do you ensure confidential information is protected? ›- Proper labelling. ...
- Insert non-disclosure provisions in employment agreements. ...
- Check out other agreements for confidentiality provisions. ...
- Limit access. ...
- Add a confidentiality policy to the employee handbook. ...
- Exit interview for departing employees.
Information about a child or young person should not be collected or retained without the permission of the parents/carers and they should have open access to it if they wish. Information should only be shared with professionals with the formal permission of parents/carers, by signature.
What is the role of a practitioner in safeguarding? ›They must provide advice, support and guidance to any other staff on an ongoing basis, and on any specific safeguarding issue as required. The lead practitioner must attend a safeguarding training course that enables them to identify, understand and respond appropriately to signs of possible abuse and neglect.
What is the common law of confidentiality? ›In practice, this means that all patient/client information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient/client.