Trinity Medical Centre complies with the Data Protection Act. Confidentiality is a cornerstone of health care and is central to the work of everyone working in general practice. All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the practice. The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person. All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances, when somebody is at grave risk of serious harm.
Responsibilities of practice staff
All health professionals must follow their professional codes of practice and the law. This means that they must make every effort to protect confidentiality. It also means that no identifiable information about a patient is passed to anyone or any agency without the express permission of that patient, except when this is essential for providing care or is necessary to protect somebody’s health, safety or well-being. All health professionals are individually accountable for their own actions. They should also work together as a team to ensure that standards of confidentiality are upheld, and that improper disclosures are avoided.
Additionally, the GP as an employer
- Is responsible for ensuring that everybody employed by the practice understands the need for, and maintains, confidentiality.
- Has overall responsibility for ensuring that systems and mechanisms to protect confidentiality are in place.
- Has vicarious liability for the actions of those working in the practice – the health professionals and the non-clinical staff.
Standards of confidentiality apply to all health professionals, administrative and ancillary staff – including receptionists, secretaries, practice managers, cleaners and maintenance staff who are bound by contracts of employment to maintain confidentiality – and also to students or others observing practice. They must not reveal, to anybody outside the practice, personal information they learn in the course of their work, or due to their presence in the surgery, without the patient’s consent. Nor will they discuss with colleagues any aspect of a patient’s attendance at the surgery in a way that might allow identification of the patient, unless to do so is necessary for that patient’s care.
If disclosure is necessary
if a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the relevant health professional will counsel the patient about the benefits of disclosure. If the patient refuses to allow disclosure, the health professional can take advice from a professional, regulatory or defence body, in order to decide whether a disclosure without consent is justified to protect the patient or another person.
New GDPR Guidelines
With the introduction of GDPR, please remember that patients who are aged 13 years and over MUST NOW GIVE CONSENT before you can discuss their medical records with a third party (including their patent or guardian). If consent has been given we will add it as an alert on the patient record – if there is no alert then you must assume that consent needs to be sought prior to sharing.
Due to the history relating to accessing data and the age of consent for this, any new changes are a manual process unfortunately, so please be vigilant if considering sharing data for patients aged 13 and over. All patients, nationally, will be receiving or have received letters direct from NHS Digital and these letters advise that any dependent children now aged 13 or over will receive their own letters about how NHS data is used.
Please ask at reception for Patient Consent Forms/or find form below.