Confidentiality
Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and laws.
The GMC has produced updated Guidance on Confidentiality
with a supplementary booklet specifically covering DVLA, employment and insurance, serious communicable illnesses,finance and admin, education and training, responding to press criticism and gunshot and knife injuries
In 2007 Dr Christine Dewbury produced an authoritative 14 page document pulling guidelines together and you may view or download the document here
The legal and ethical principles of confidentiality and disclosure should only be breached
- if there is a legal obligation to do so
- if it is matter of life and death
- if it is for the prevention of serious mental or physical harm
- or if it is overwhelmingly in the public interest
Data Sharing Checklist
1. Is there a legal obligation to share this data without consent and if so have I limited it to the minimum data possible to serve the purpose?
2. Would my patients be aware how their data may be processed?
3. Would my patients know who is processing their data?
4. Would my patients know why their data is being processed?
5. Have I made a reasonable attempt to inform my patients of the ways in which their data will be held and processed?
6. Have I provided the name of the data controller, who must be a member of the practice, who can provide more information if they wish to know more?
7. Have I given them an opportunity to raise any objections?
8. Have I explained their right to access and correct the data?
9. Are all individuals who have access to identifiable medical data bound by a strict professional and contractual duty of confidentiality?
10. If non-professionals have access to medical data are they bound by a strict contractual duty of confidentiality?
11. Has the data been anonymised, or anonymised and aggregated, wherever possible?
12. Is disclosure likely to cause serious harm to the patient's health or well-being?
13. Am I breaching a third party confidence (excluding a medical professional caring for the patient)?
14. Have I sought consent wherever possible?
15. Has the patient expressed an objection to sharing this data? (Any objection must be respected even after death.)
16. If consent is not possible is it essential to share patient-identifiable data in the best interests of the patient's health and well being?
17. If consent is not possible is it overwhelmingly in the public interest to share patient-identifiable data?
18. If consent is not possible have I informed or do I intend to inform the patient as soon as possible if I have disclosed identifiable data?
19. Have I restricted the data I intend to disclose to the minimum that would serve the intended purpose?
20. Is the data to be disclosed for a clearly identified and limited purpose?
21. Is the data to be disclosed to a clearly identified individual(s)
22. Are all members of staff who handle this data aware of the need to ensure that data sharing is always checked before disclosure?
23. Would I object to my own most personal medical data being shared in this way?
24. Would I be prepared to defend this disclosure in a court of law or before the GMC?
CED/FS June 09
GMC link updated Oct 09 FS
