Membership information 1800 509 441
Medicolegal advice +44 113 241 0200

Confidentiality

MPS identified confidentiality as the second biggest risk in general practice in 2012 based on the results of more than 120 Clinical Risk Self Assessments (CRSAs) in the UK and Ireland. We highlight some areas to be cautious of and offer guidance on difficult situations you might face

Confidentiality is the cornerstone of a successful doctor–patient relationship. As a doctor you have access to sensitive personal information about patients and you have a legal and ethical duty to keep this information confidential. Although problems with confidentiality do not normally result in negligence claims, they can lead to complaints and/or a referral to the Medical Council.

Whatever decision you take, you must be prepared to justify it. As this may well be a considerable time after the event, it is a good idea to make a comprehensive note of your reasoning in the patient’s records at the time.

Clinical Risk Self Assessments (CRSAs)

MPS undertakes CRSAs of general practices to identify risks and develop practical solutions to ensure quality of practice and prevent harm to patients. Over the past nine years MPS has conducted more than 1,000 CRSAs.

The data collected, analysing the results of more than 120 CRSAs conducted during 2012, reveals that 96% had risks associated with confidentality

The data collected, analysing the results of more than 120 CRSAs conducted during 2012, reveals that 96% had risks associated with confidentality, including:

  • Patients and visitors waiting in the reception areas overhearing confidential conversations
  • Giving patient information on the phone or at the desk to third parties 
  • Receptionists asking the patient what the appointment is for to allocate an appropriate appointment time
  • Patients waiting at the reception desk seeing the computer screen
  • Patient-identifiable information left lying around on desks in the office and consulting rooms
  • Set fax numbers not used when sending patientidentifiable information
  • Staff contracts including a clause relating to confidentiality that does not extend to staff postemployment
  • Staff and their families as patients – concerns about maintaining confidentiality
  • Leaving messages for patients on answering machines/giving out results to a person on the telephone – how can you be sure that it’s the right patient?
  • Medical records stored on open shelves in the reception office.

If you are interested in booking a CRSA for your practice, please contact MPS Educational Services on +44 113 241 0359. For further information about a CRSA, please visit www.medicalprotection.org/ireland/crsa

Reducing the risk

Using manual records

  • Make yourself familiar with the procedure for booking out and returning records, and follow it. Return files as soon as possible after use.
  • Do not leave files unattended – even for a short time – where they can be seen by members of the public.

Out and about

  • When travelling or on visits, do not leave information lying unattended in a car or easily accessible area.
  • In a small community, where everyone knows everyone else, anonymising information can be difficult. Make it a policy not to gossip.

Security in the surgery 

  • Shut and lock doors and cabinets as required.
  • Do not be afraid to query the status of strangers.
  • Do not tell anyone how the security system works.

On the telephone

  • Only identify yourself after you have confirmed that you are speaking to the patient.
  • There are circumstances in which letting a third party know that a doctor is calling them could be embarrassing and breach confidentiality.
  • Take particular care when calling a patient’s place of work.
  • Similarly, be aware of where you are making the call. Can you be overheard by anyone?

Mobile phones

  • Many people talk more loudly on a mobile phone, particularly if the signal is poor. Be aware of this, and the fact that you may be overheard in rooms that you would normally consider safe.
  • Patients who sign up to a practice text message service, eg, to inform them of appointments or flu vaccinations, should be advised of the importance of informing the surgery of a change of mobile number. If they choose to give their old phone to a friend or family member, there is obvious potential for breach of confidentiality.

Using a computer

  • Always clear a previous patient’s details from the screen before the next patient arrives. Make sure your screen cannot be overlooked by others.
  • Do not leave a computer logged in and unattended – always lock it, even if you are only leaving it briefly.

Faxes

  • Consider developing a “fax policy”, which should include the use of “fast dial” stored numbers used regularly (such as to a hospital safe haven) and the process to be followed if a confidential fax was to be sent to another location.

Confidentiality after death

  • Patient information remains confidential even after death. If it is unclear whether the patient consented to disclosure of information after their death, you should consider how disclosure of the information might benefit or cause distress to the deceased’s family or carers. You should also consider the effect of the disclosure on the reputation of the deceased and the purpose of the disclosure.

When something goes wrong

  • Establish what happened and what went wrong.
  • Get in touch with the patient(s) to explain what has happened, and apologise if necessary.
  • Give an assurance that lessons have been learned and identify how such a mistake can be avoided in the future. Disclosing confidential information There are occasions where a breach of confidentiality may be justified. The Medical Council advises that this may happen when necessary to protect the interests of the patient, the welfare of society or to safeguard the welfare of another individual or patient.
  • Public interest disclosures: Disclosure of patient information without consent may be justifiable in exceptional circumstances where it is necessary to protect the public; you should consider the possible harm that may result to the patient, as well as the benefits that are likely to arise.
  • Children and older children: Confidentiality within family situations can be difficult. In general, the Freedom of Information Act and the Data Protection Act can allow access by parents or guardians to the medical records of children. When relationships break down, disputes involving the children can spill over into their healthcare, with one parent asking for information on a child’s health or to see medical records. In these cases, you need to be clear about whether those applying for information are parents or guardians. If in doubt, ask for clarification. You may also need to consider the wishes of those minors under 16 years old. The interests of the child are paramount. This is a contentious area which may benefit from medicolegal discussion – if in doubt contact MPS for advice.
  • Child abuse: You should be aware of national guidelines for the protection of children. If you have any concerns regarding alleged or suspected sexual, physical or emotional abuse or neglect of children, you must report this promptly to an appropriate agency. You should inform the child’s parents or guardian of your intention to report unless this might endanger the child.

Case scenario

Kate, 26, accompanied by her mother, attends an appointment with Dr Burns. Kate has an ongoing depressive illness where she has required regular family support, which was why Kate’s mother accompanied her to the surgery.

During the consultation, Dr Burns proceeds to talk about relevant personal matters in front of Kate’s mother, without Kate’s explicit consent. Subsequently, Kate falls out with her mother and makes a complaint to the Medical Council, and although it doesn’t make it to a hearing, MPS had to arrange representation for the GP.


Learning points:

The implied consent upon which our member relied in this consultation should not necessarily be taken for granted. Always double-check with the patient.

Leave a comment