[DAYS_LEFT] days left of your Medeconomics free trial

Subscribe now

Your free trial has expired

Subscribe now to access Medeconomics

Keeping patient data confidential

Practices must take steps to avoid accidental information disclosures.

GPs must ensure that patient records do not get into the wrong hands (Photograph: Alamy)
GPs must ensure that patient records do not get into the wrong hands (Photograph: Alamy)

Patients may tell us some very personal and intimate details and we have a duty to ensure that this does not go outside the consulting room.

But can we as GPs guarantee this and are there ever circumstances when we have a duty to divulge this information?

Caldicott leads
The Caldicott guardian is the person within an NHS organisation, such as a PCT, who is responsible for the systems that protect patient records and data.

Each GP practice should have a nominated information governance lead – a Caldicott lead – to oversee confidentiality processes within the practice and that the practice is up to date with current legislation, such as the Data Protection Act.

This team member needs to consider the implications for the practice of proposals such as the sharing and purchase of online anonymised patient data by private research firms.

The Caldicott lead needs to ensure that all staff members understand their responsibilities relating to confidential data. It is important to ask them to sign a statement about keeping patient details confidential or to make this part of the contract of employment.

The lead should check up on simple things, such as how the practice gets rid of paper waste and making sure there is a shredder and that it is used. They should also ensure that NHS Smartcards are used by the named member of staff only and are not left in a computer terminal overnight.

Practices' telephone lines are never silent. Calls can be from the hospital asking for details about a patient, from the district nurse while on a home visit or from a relative making an enquiry about a family member.

When put in this difficult position, it is important to verify the identity of the person making the request. You can request the number they are calling from and call them back to confirm that the request is genuine.

However, information about patients cannot be disclosed to members of the public on the telephone unless you have the patient's explicit consent recorded in their medical record.

Queries about relatives
As GPs we should not discuss a patient's illness with a relative without that patient's permission, regardless of how closely related they are.

This is a particularly difficult dilemma when a telephone call is received from a distressed close family member ringing from Australia about a patient who may be dangerously ill.

The situation is more complex still if that family member is under the age of 18. Parents have a right to request access to their children's medical records, but only if access is not refused by a competent child (who is mature enough to make decisions).

Occasionally a GP has an obligation to talk to a parent or guardian about an under 16-year-old who is deemed not to be competent but is at risk as a result of illness or potential abuse.

It is important to be aware that England, Wales, Northern Ireland and Scotland each have their own guidance regarding this.

Unfortunately, many people have a casual approach to writing emails. In relation to the NHS, one of the greatest concerns regards confidentiality.

An email should be thought of as an open envelope that potentially anyone may read.

To protect against this, emails should be encrypted (translated into secret code). Encryption makes emails secure and is the basis on which NHSnet works. However, no mode of electronic transmission can be 100% secure, so always think twice before sending an email with potentially sensitive information.

Also take care that you are sending the email to the intended person. It is so easy to insert the wrong email address. Similarly, if you are copying an email to another person, check before sending.

Difficult situations
Imagine that an elderly couple comes to see you. You know them socially as they live nearby and you ask why the husband always seems to drive in the middle of the road.

What will you do if it transpires that the wife tells her husband if the car is veering to the wrong side of the road because 'he cannot see'? Hopefully this is a clear reason for you to contact the DVLA, so you inform the patient sensitively why this is necessary.

Similar challenging situations may arise with epileptic patients or a person with diabetes who has no warning of hypos. Even more difficult is the doctor who is a patient and discloses information that you judge may affect patient safety.

The Caldicott lead needs to consider many other potentially difficult situations. These include for example, electronic transfer of patient records, passing information to out-of-hours providers, solicitors' requests for information, when to fax or not fax information, texting patients about their appointments and leaving messages on answering machines.

  • Professor Charlton is a GP and a professor of medical education at Swansea University

These further action points may allow you to earn more credits by increasing the time spent and the impact achieved.

  • Find out about the differences between England, Wales, Northern Ireland and Scotland regarding guidance for keeping children safe before they are 18 years old.
  • Check what your obligations are if a relative of a deceased patient asks for details from the patient's medical records.
  • Have a discussion with the practice manager to be sure you are up to date with the Data Protection Act and the DH Guidance for Access to Health Records Requests.

Save this article and add notes with your free online CPD organiser at gponline.com/cpd

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Sign up now
Already registered?
Sign in

Would you like to post a comment?

Please Sign in or register.

Database of GP Fees

Latest Jobs