Confidentiality is an important legal and ethical principle

Confidentiality is central to the trust patients place in their doctors. It is an important legal and ethical principle – doctors must abide by the principles of the 1998 Data Protection Act (see Box 7) and by the GMC’s guidance.

As of 6 April 2010, the Information Commissioner can impose a Civil Monetary Penalty of a maximum of £500,000 if there is a serious breach of the Data Protection Act and the data controller acted deliberately, or was reckless, and the breach was of a kind likely to cause substantial distress or damages to an individual.

Box 7: Data Protection Act principles

Broadly, the Data Protection principles state that personal data must:

  • Be obtained and processed fairly and lawfully.
  • Be held for the lawful purposes described in the Data Users Register entry.
  • Be adequate, relevant and not excessive in relation to the purposes for which they are held.
  • Be accurate and, where necessary, kept up-to-date.
  • Be held no longer than is necessary for the registered purposes.
  • Be processed in accordance with the rights of the individual concerned to have information about themselves corrected or erased.
  • Be surrounded by proper security and disclosed only to those people described in the Register entry.
  • Not be transferred to countries outside the European economic area, unless that country can ensure adequate protection for the rights and freedoms of the data subject.


General advice

Make it clear that they have the right to withhold consent if they wish

Avoid problems by:

  • Being familiar with the principles and basic requirements of the Data Protection Act in relation to your work.
  • Obtaining the patient’s consent (and recording it) before disclosing information to a third party. Make sure that the recipient of the information understands that it is given in confidence.
  • Being able to justify disclosure without the patient’s consent as being in the public’s interests. You may need to take advice from senior colleagues or MPS.
  • Letting patients know (directly or through leaflets and posters) that information about them may be shared with other healthcare professionals. Make it clear that they have the right to withhold consent if they wish.
  • Being aware of your trust’s policy on information security and patient confidentiality.
  • Taking care not to discuss patients where others can overhear – especially public areas such as corridors, lifts and the hospital canteen.

Confidentiality and medical records

  • Keep medical records in a secure place – do not leave them lying around in publicly accessible areas.
  • Be aware of local policies for safe storage and removal of records from premises.
  • Do not use information contained in the medical records for purposes other than patient care, unless consent has been obtained or the data anonymised.
  • For research or audit, anonymise information about patients in such a way that they cannot be identified. If this isn’t possible, obtain the patient’s consent.
This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more