Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and laws.
The GMC has produced updated Guidance on Confidentiality with individual leaflets covering how care guidance applies in a range of situations doctors often encounter or find hard to deal with.
The legal and ethical principles of confidentiality and disclosure should only be breached if:
- The patient has given consent.
- The disclosure is of overall benefit to a patient who lacks capacity to make the decision.
- The disclosure is required by law.
- The disclosure can be justified in the public interest.
Data Sharing Checklist
- Is there a legal obligation to share this data without consent and if so have I limited it to the minimum data possible to serve the purpose?
- Would my patients be aware how their data may be processed?
- Would my patients know who is processing their data?
- Would my patients know why their data is being processed?
- Have I made a reasonable attempt to inform my patients of the ways in which their data will be held and processed?
- Have I provided the name of the practice's Data Protection Officer who can provide more information if they wish to know more?
- Have I given them an opportunity to raise any objections?
- Have I explained their right to access and correct the data?
- Are all individuals who have access to identifiable medical data bound by a strict professional and contractual duty of confidentiality?
- If non-professionals have access to medical data are they bound by a strict contractual duty of confidentiality?
- Has the data been anonymised, or anonymised and aggregated, wherever possible?
- Is disclosure likely to cause serious harm to the patient's health or well-being?
- Am I breaching a third party confidence (excluding a medical professional caring for the patient)?
- Have I sought consent wherever possible?
- Has the patient expressed an objection to sharing this data? (Any objection must be respected even after death.)
- If consent is not possible is it essential to share patient-identifiable data in the best interests of the patient's health and well being?
- If consent is not possible is it overwhelmingly in the public interest to share patient-identifiable data?
- If consent is not possible have I informed or do I intend to inform the patient as soon as possible if I have disclosed identifiable data?
- Have I restricted the data I intend to disclose to the minimum that would serve the intended purpose?
- Is the data to be disclosed for a clearly identified and limited purpose?
- Is the data to be disclosed to a clearly identified individual(s)
- Are all members of staff who handle this data aware of the need to ensure that data sharing is always checked before disclosure?
- Would I object to my own most personal medical data being shared in this way?
- Would I be prepared to defend this disclosure in a court of law or before the GMC?
This helpful document provides guidance for patients and Healthcare professional and summarises guidance already available. This is with regard to clinicians accessing medical information without direct consent such as a radiologist wanting to view the history to help interpret a CXR or a clinical biochemist wanting to look at the medication list when interpreting results.