Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and laws.
The GMC has produced updated Guidance on Confidentiality with individual leaflets covering how care guidance applies in a range of situations doctors often encounter or find hard to deal with.
The legal and ethical principles of confidentiality and disclosure should only be breached if:
- The patient has given consent.
- The disclosure is of overall benefit to a patient who lacks capacity to make the decision.
- The disclosure is required by law.
- The disclosure can be justified in the public interest.
Data Sharing Checklist
- Is there a legal obligation to share this data without consent and if so have I limited it to the minimum data possible to serve the purpose?
- Would my patients be aware how their data may be processed?
- Would my patients know who is processing their data?
- Would my patients know why their data is being processed?
- Have I made a reasonable attempt to inform my patients of the ways in which their data will be held and processed?
- Have I provided the name of the practice's Data Protection Officer who can provide more information if they wish to know more?
- Have I given them an opportunity to raise any objections?
- Have I explained their right to access and correct the data?
- Are all individuals who have access to identifiable medical data bound by a strict professional and contractual duty of confidentiality?
- If non-professionals have access to medical data are they bound by a strict contractual duty of confidentiality?
- Has the data been anonymised, or anonymised and aggregated, wherever possible?
- Is disclosure likely to cause serious harm to the patient's health or well-being?
- Am I breaching a third party confidence (excluding a medical professional caring for the patient)?
- Have I sought consent wherever possible?
- Has the patient expressed an objection to sharing this data? (Any objection must be respected even after death.)
- If consent is not possible is it essential to share patient-identifiable data in the best interests of the patient's health and well being?
- If consent is not possible is it overwhelmingly in the public interest to share patient-identifiable data?
- If consent is not possible have I informed or do I intend to inform the patient as soon as possible if I have disclosed identifiable data?
- Have I restricted the data I intend to disclose to the minimum that would serve the intended purpose?
- Is the data to be disclosed for a clearly identified and limited purpose?
- Is the data to be disclosed to a clearly identified individual(s)
- Are all members of staff who handle this data aware of the need to ensure that data sharing is always checked before disclosure?
- Would I object to my own most personal medical data being shared in this way?
- Would I be prepared to defend this disclosure in a court of law or before the GMC?