Information Governance - Staff and Confidentiality
The LMC is occasionally contacted by practices that have received complaints relating to a member of staff breaching patient confidentiality. In some of these cases they relate to staff who are no longer employed by the practice.
We would recommend that you:
- Check that you all have a clause in your contracts of employment that relate to confidentiality.
- Each member of staff should sign a confidentiality agreement. This should include all temporary staff, cleaners and other workers (including volunteers), if unaccompanied by a practice staff member.
- At your next staff training event, talk about patient confidentiality and remind all staff members of their responsibilities, not only whilst they work for you but also when they cease to work for the practice.
- Ensure that all your staff receive appropriate levels of training on information governance, including updates.
Serious breaches of confidentiality can result in the termination of a contract of employment. Individual members of staff who misuse data may be committing an offence under Data Protection legislation and subject to prosecution by the Information Commissioner's Office. Any staff who seriously breach confidentiality should be reported to the ICO as a data breach (as required by UK GDPR) and they will determine if they will pursue a prosecution.
It is worth remembering that there are no sanctions that can be imposed once a member of staff has left the practice.
If a patient wishes to take action, then it would be the practice and partnership who would be held responsible.