confidentiality

Question 1

what is the basic principle of confidentiality

Answer 1

Information gleaned by a Health
Care Professional should not be
divulged to others

Question 2

what is the ethical and legal basis for confidentiality

Answer 2

Patients tell more if it remains a
secret
• Patient has a right to privacy – all pts info must not be disclosed w/o consent – irrelevant on age/mental state  
• No Statute of Confidentiality
– Just a principle and exceptions

Question 3

how does MDT fit in with confidentiality

Answer 3

pt is managed as part of the MDT
where do you draw the line of who is in the team - eg Phlebs dont need to know the med history
there is implied consent by presence in hospital
as long as not identifiable
- publications are fine

Question 4

breaking confidentiality with the patients consent

Answer 4

must be express or implied consent
most relatives don’t have rights to know how much info is given, other than that they have a right to be consulted
how much info should be shared and to who and in what circumstances, particularly important if likely to lose capacity - need to document the patient’s wishes in the notes

Question 5

confidentiality and information required by statute

Answer 5

Notification of Death
Notification of Termination
Treatment of addict with specified drugs
Notifiable Infectious Disease

Question 6

when do you have to break confidentiality by law

Answer 6

1. Road Traffic Act 1988
2. Prevention of Terrorism Act 1989
3. s60 Health and Social Care Act 2001
4. Public Health (Control of Disease) Act 1984
5. Supreme Court Act 1981

Question 7

what do you disclose about notifiable infectious diseases

Answer 7

– may disclose to close contact people, if think risk of harm and pt not informed them and cannot be persuaded to

Question 8

what is the GMC view on confidentiality

Answer 8

confidences must be respected
Consent by patient is the primary exception to
the principle of keeping confidential information
secret.
where secrecy would risk death or serious
harm to the patient or another, then disclosure
is allowed.
Patients should be told at the outset how
information about them is to be used.
Personal information can be only be disclosed
in the public interest. This must be exceptional.

Question 9

how are medical students affected by rules of confidentiality

Answer 9

'’make sure they follow GMC’s guidance on consent and confidentiality’’

Question 10

confidentiality and assisting the police principle

Answer 10

police have no power to get staff to give info

Question 11

exceptions to the principle of assisting the police and confidentiality

Answer 11

Under a warrant from a circuit judge
To aid police request in identifying drivers
suspected of offences - only have to give name and address
To aid police in all matters with suspected terrorist
patient
inform police if gunshot wound/stab - shouldnt be informed whether it appears to be accidental or self-harm
contacting police might not be proportional if you think no-one else is at risk, other than the pt, so disclosing would cause greater harm to the pt and damage trust
child arriving with gunshot wound/stab injury - likely to raise child protection concerns - therefore report

Question 12

confidentiality and the wider public interest

Answer 12

balance between duty to the patient and society
may be challenged
must justify action, or inaction - action/inaction and reasoning must be documented

Question 13

confidentiality and the DVLA

Answer 13

people’s fitness to drive – dr owes confidentiality to pt, and wider duty to protect public – pt have to tell DVLA, so dr have to tell pt to do this. If pt continues to drive but unfit to do so – dr have to make decision about whether to tell the DVLA in wider interest of public safety

Question 14

case of W v Egdell

Answer 14

o W in mental health prison because killed people and explosives – max security prison
o Commissioned psychiatrist to assess mental state to hopefully get favourable report to move to lower security prison
o Psychiatrist said very dangerous so couldn’t get out – W took him to court, because not-favourable. Found that disclosure in public interest so it was the right thing to do

Question 15

who has overall responsibility for patient confidentiality

Answer 15

Caldicott guardian

Question 16

who is the Caldicott guardian

Answer 16

senior person in health organisation
makes sure that personal info is used legally, ethically and appropriately and that confidentiality is maintained
role has no statutory basis - advisory role but guardians are accountable for any advice

Question 17

what is the purpose of the Caldicott guardian

Answer 17

act as the conscious of the organisation

Question 18

why was the Caldicott guardian set up

Answer 18

report issued by chief medical officer about concerns about ways that pt info was being used
set up committee chaired by Dame Caldicott around pt info and security

Question 19

what are the Caldicott principles

Answer 19

One should justify the purpose of holding patient
information
Information on patients should only be held if
absolutely necessary.
• Use only the minimum of information that is
required.
• Information access should be on a strict need to
know basis.
• Everyone in the organisation should be aware of
their responsibilities.
• The organisation should understand and comply
with the law - GDPR

Question 20

confidentiality and anonymised info

Answer 20

There is no obligation of confidence when
information is in a form that is not capable of
identifying the patient - protect privacy when making available resources that make research and planning reliable, audits and allocation of funds
legitimate to use personal data for certain purposes eg when intention is to inform decisions about certain individuals or to provide services
consent generally not needed for anonymisation process

Question 21

exception to anonymisation

Answer 21

Where a patient can be identified because the
symptoms are rare or where the patient is part
of a small community, then an obligation of
confidence is owed despite anonymisation of
patient information.

Question 22

what is the motivated intruder test

Answer 22

– see if would be successful if reasonably competent and has access to internet and docs – if could do it even with anonymysation = breach of confidence

Question 23

confidentiality after death

Answer 23

o Confidentiality is still important
o The GMC, BMA and DOH say that must continue beyond death otherwise disciplinary action
o Think if disclosure will be distress or benefit to family
o Maintain confidentiality and think of effect of info if you disclose info
whether disclosure about the deceased will in effect disclose
information about the patient’s family or other people,
• whether the information is already in the public domain or can
be anonymised
• the purpose of the disclosure.

Question 24

case of Bluck v Information Commissioners 2007

Answer 24

o Died after childbirth, negligence was admitted and damages paid to husband – mother applied for notes under freedom of info act to find out what happened
o Hospital refused because of next of kin (husband) refused

Question 25

discussion about the Bluck case

Answer 25

whether disclosure of the
records would amount to a breach of confidentiality.
The Tribunal concluded that the public interest in
maintaining confidentiality outweighed, ‘by some
way’, the public interest in disclosure. Also the doctor
patient relationship would be undermined if a patient
believed the information might be released to the
public after death.
Thus, any disclosure by the hospital would be
actionable by the husband, and would also be
contrary to his rights under Article 8, the Right to
Respect for Private and Family Life, of the HRA.

Question 26

when can you disclose information after death

Answer 26

assisting police or for coroner’s inquiry
Under s251 of NHS Act 2006; for research, in public
interest, education.
death certificates
national audits
When a partner, close relative or friend asks for
information about the circumstances of an adult’s
death, and you have no reason to believe that the
patient would have objected to such a disclosure,
• When a person has a right of access to records under
the Access to Health Records Act 1990

Question 27

how can you send records to other hospitals

Answer 27

NHS email - encrypted

CD - encrypted

Question 28

if writing a case report for publication and want to include an XR do you need pt consent

Answer 28

o When publishing info about identifying living – should get signed consent
o If consent cant be obtained – publishing only possible if anonymised as long as pt or no one else can identify
o If dead UK data protection law doesn’t apply – relative by courtesy. If not balance worth of publish to risk of offence and identifiable
o If lack capacity – anonymised or not published
o Anonymise where possible

Question 29

what does anonymisation mean

Answer 29

that neither the pt nor anyone else can identify the pt

Question 30

do you need consent before submitting pt identifiable data to national cancer database registry

Answer 30

no - because too much work
disproportionate work load
section 251 of NHS act allows data to be used for such purposes w/o consent

Question 31

children and confidentiality

Answer 31

The decision to maintain or breach
confidentiality is based on best interests
If the child is <16 and not Gillick competence
the doctor can breach confidentiality if it is in
the child’s best interests (or with parental
consent)
• If the child is Gillick competent then he/she
can give or refuse consent to disclosure. But
confidentiality can still be lawfully breached if
it is in the child’s best interests

Question 32

children >16 and confidentiality

Answer 32

then he/she is
presumed competent and disclosure should
only be made with their consent. But
confidentiality can still be lawfully breached
if it is in the child’s best interests
• HOWEVER, it will generally not be in the
best interests of a competent child to
override their competentrefusal

Question 33

what are the GDPR principles

Answer 33

personal data shall be:
processed lawfully
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
adequate relevant and limited to what is necessary in relation to the purposes for which they are processed
accurate and, where necessary, kept up to date
kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data is processed
processed in a manner that ensures appropriate security of them - including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

Question 34

what is the GDPR

Answer 34

o Set out requirements for how to deal with personal date

o Should be lawfully, fairly and transparent

Question 35

GDPR and individual rights

Answer 35

provides these rights for individuals: 
right to be informed 
right of access
right to rectification 
right to erasure 
right to restrict processing 
right to data portability 
right to object

Question 36

summarise the right for erasure

Answer 36

no absolute right to be forgotton
can ask for personal data to be erased but only when no compelling reason for continued processing
requests have to be assessed on their own merits
individuals have right to erased - if data no longer needed for purpose or relying on consent as lawful basis for holding data and pt withdraws consent
cant ask for notes to be destroyed

Question 37

GDPR and breach of info

Answer 37

must notify the supervisory authroity of a breach likely to result in a risk to the rights and freedoms of individuals, and in some cases to the individuals affected eg
damage to reputation
financial loss
loss of confidentiality
any other significant economic or social disadvantage
report the breaches within 72hrs
fail to notify breach = fine

Question 38

• Should condition be on death certificate if family refuse

Answer 38

o Discuss with coroner
o Absolute to fill out death certificate – but coroner expert so can word it in a way that the family would be happy with – word correctly and not upset the family