Disclosure (extracts from ‘Confidentiality’ (2009))
Patients have a right to expect that information about them will be held in confidence by their doctors. Confidentiality is central to trust between doctors and patients. Without assurances about confidentiality, patients may be reluctant to seek medical attention or to give doctors the information they need in order to provide good care.
(Safeguarding information)
You must make sure that any personal information about patients that you hold or control is effectively protected at all times against improper disclosure. Many improper disclosures are unintentional: you should not share identifiable information about patients where you can be overheard and not share passwords or leave patients’ records, either on paper or on screen, unattended or where they can be seen by other patients, unauthorised healthcare staff, or the public. You should familiarise yourself with and follow policies and procedures designed to protect patients’ privacy where you work and when using computer systems provided for your use. You must not abuse your access privileges and must limit your access to information you have a legitimate reason to view.
You should make sure that information is readily available to patients explaining that, unless they object, their personal information may be disclosed for the sake of their own care and for local clinical audit. Patients usually understand that information about them has to be shared within the healthcare team to provide their care. But it is not always clear to patients that others who support the provision of care might also need to have access to their personal information. And patients may not be aware of disclosures to others for purposes other than their care, such as service planning or medical research. You must inform patients about disclosures for purposes they would not reasonably expect, or check that they have already received information about such disclosures. You must respect the wishes of any patient who objects to particular personal information being shared within the healthcare team or with others providing care.
(Audit)
All doctors in clinical practice have a duty to participate in clinical audit and to contribute to National Confidential Inquiries. If an audit is to be undertaken by the team that provided care, or those working to support them, such as clinical audit staff, you may disclose identifiable information, provided you are satisfied that the patient: has ready access to information that explains that their personal information may be disclosed for local clinical audit; and that they have the right to object, and has not objected. If a patient does object, you should explain why the information is needed and how this may benefit their own, and others’ care. If it is not possible to provide safe care without disclosing information for audit, you should explain this to the patient and the options open to them. If clinical audit is to be undertaken, but not by the team that provided care or those who support them, the information should be anonymised or coded where practicable.
You should respect, and help patients to exercise, their legal rights to be informed about how their information will be used, and have access to, or copies of, their health records.