But can we as GPs guarantee this and are there ever circumstances when we have a duty to divulge this information?
The Caldicott guardian is the person within an NHS organisation, such as a PCT, who is responsible for the systems that protect patient records and data.
Each GP practice should have a nominated information governance lead – a Caldicott lead – to oversee confidentiality processes within the practice and that the practice is up to date with current legislation, such as the Data Protection Act.
This team member needs to consider the implications for the practice of proposals such as the sharing and purchase of online anonymised patient data by private research firms.
The Caldicott lead needs to ensure that all staff members understand their responsibilities relating to confidential data. It is important to ask them to sign a statement about keeping patient details confidential or to make this part of the contract of employment.
The lead should check up on simple things, such as how the practice gets rid of paper waste and making sure there is a shredder and that it is used. They should also ensure that NHS Smartcards are used by the named member of staff only and are not left in a computer terminal overnight.
Practices' telephone lines are never silent. Calls can be from the hospital asking for details about a patient, from the district nurse while on a home visit or from a relative making an enquiry about a family member.
When put in this difficult position, it is important to verify the identity of the person making the request. You can request the number they are calling from and call them back to confirm that the request is genuine.
However, information about patients cannot be disclosed to members of the public on the telephone unless you have the patient's explicit consent recorded in their medical record.
Queries about relatives
As GPs we should not discuss a patient's illness with a relative without that patient's permission, regardless of how closely related they are.
This is a particularly difficult dilemma when a telephone call is received from a distressed close family member ringing from Australia about a patient who may be dangerously ill.
The situation is more complex still if that family member is under the age of 18. Parents have a right to request access to their children's medical records, but only if access is not refused by a competent child (who is mature enough to make decisions).
Occasionally a GP has an obligation to talk to a parent or guardian about an under 16-year-old who is deemed not to be competent but is at risk as a result of illness or potential abuse.
It is important to be aware that England, Wales, Northern Ireland and Scotland each have their own guidance regarding this.
Unfortunately, many people have a casual approach to writing emails. In relation to the NHS, one of the greatest concerns regards confidentiality.
An email should be thought of as an open envelope that potentially anyone may read.
To protect against this, emails should be encrypted (translated into secret code). Encryption makes emails secure and is the basis on which NHSnet works. However, no mode of electronic transmission can be 100% secure, so always think twice before sending an email with potentially sensitive information.
Also take care that you are sending the email to the intended person. It is so easy to insert the wrong email address. Similarly, if you are copying an email to another person, check before sending.
Imagine that an elderly couple comes to see you. You know them socially as they live nearby and you ask why the husband always seems to drive in the middle of the road.
What will you do if it transpires that the wife tells her husband if the car is veering to the wrong side of the road because 'he cannot see'? Hopefully this is a clear reason for you to contact the DVLA, so you inform the patient sensitively why this is necessary.
Similar challenging situations may arise with epileptic patients or a person with diabetes who has no warning of hypos. Even more difficult is the doctor who is a patient and discloses information that you judge may affect patient safety.
The Caldicott lead needs to consider many other potentially difficult situations. These include for example, electronic transfer of patient records, passing information to out-of-hours providers, solicitors' requests for information, when to fax or not fax information, texting patients about their appointments and leaving messages on answering machines.
- Professor Charlton is a GP and a professor of medical education at Swansea University
|CPD IMPACT: EARN MORE CREDITS
These further action points may allow you to earn more credits by increasing the time spent and the impact achieved.
Save this article and add notes with your free online CPD organiser at gponline.com/cpd