How we protect your data
Confidentiality is the cornerstone of health care and central to the work of everyone working in general practice. All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the practice.
The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person.
All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances, when somebody is at grave risk of serious harm.
Responsibilities of practice staff
All health professionals must follow their professional codes of practice and the law. This means that they must make every effort to protect confidentiality. It also means that no identifiable information about a patient is passed to anyone or any agency without the express permission of that patient, except when this is essential for providing care or necessary to protect somebody’s health, safety or well being.
All health professionals are individually accountable for their own actions. They should also work together as a team to ensure that standards of confidentiality are upheld and that improper disclosures are avoided.
Additionally, the GP as employer:
- is responsible for ensuring that everybody employed by the practice understands the need for. and maintains, confidentiality;
- has overall responsibility for ensuring that systems and mechanisms to protect confidentiality.are in place;
- has vicarious liability for the actions of those working in the practice -including the health professionals and non-clinical staff.
Standards of confidentiality apply to all health professionals, administrative and ancillary staff – including receptionists, secretaries, practice managers, cleaners and maintenance staff who are bound by contracts of employment to maintain confidentiality -and also to students or others observing practice. They must not reveal to anybody outside the practice, personal information they learn in the course of their work, or due to their presence in the surgery, without the patient’s consent. Nor will they discuss with colleagues any aspect of a patient’s attendance at the surgery in a way that might allow identification of the patient, unless to do so is necessary for that patient’s care.
If disclosure is necessary
If a patient or another person is at grave risk of serious harm which disclosure to an appropriate person would prevent, the relevant health professional will counsel the patient about the benefits of disclosure. If the patient refuses to allow disclosure, the health professional can take advice from colleagues within the practice, or from a professional, regulatory or defence body, in order to decide whether a disclosure without consent is justified to protect the patient or another person. If a decision is taken to disclose, the patient should always be informed before the disclosure is made, unless to do so could be dangerous. If at all possible, any such decisions should be shared with another member of the practice team.
Any decision to disclose information to protect health, safety or well being will be based on the degree of current or potential harm, not on the age of the patient.
All staff have to sign a document which legally binds them to abide by the above agreement.
General Data Protection Regulation (GDPR)
GDPR stands for General Data Protection Regulations and is a new piece of legislation that will work alongside the Data Protection Act. It will not only apply to the UK and EU; it covers anywhere in the world in which data about EU citizens is processed.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which the practice already complies with) but strengthens many of the DPA’s principles.
Link to view our Data Protection Privacy Notice for Patients