confidentiality Flashcards
what is the basic principle of confidentiality
Information gleaned by a Health
Care Professional should not be
divulged to others
what is the ethical and legal basis for confidentiality
Patients tell more if it remains a secret • Patient has a right to privacy – all pts info must not be disclosed w/o consent – irrelevant on age/mental state • No Statute of Confidentiality – Just a principle and exceptions
how does MDT fit in with confidentiality
pt is managed as part of the MDT
where do you draw the line of who is in the team - eg Phlebs dont need to know the med history
there is implied consent by presence in hospital
as long as not identifiable
- publications are fine
breaking confidentiality with the patients consent
must be express or implied consent
most relatives don’t have rights to know how much info is given, other than that they have a right to be consulted
how much info should be shared and to who and in what circumstances, particularly important if likely to lose capacity - need to document the patient’s wishes in the notes
confidentiality and information required by statute
Notification of Death
Notification of Termination
Treatment of addict with specified drugs
Notifiable Infectious Disease
when do you have to break confidentiality by law
- Road Traffic Act 1988
- Prevention of Terrorism Act 1989
- s60 Health and Social Care Act 2001
- Public Health (Control of Disease) Act 1984
- Supreme Court Act 1981
what do you disclose about notifiable infectious diseases
– may disclose to close contact people, if think risk of harm and pt not informed them and cannot be persuaded to
what is the GMC view on confidentiality
confidences must be respected
Consent by patient is the primary exception to
the principle of keeping confidential information
secret.
where secrecy would risk death or serious
harm to the patient or another, then disclosure
is allowed.
Patients should be told at the outset how
information about them is to be used.
Personal information can be only be disclosed
in the public interest. This must be exceptional.
how are medical students affected by rules of confidentiality
'’make sure they follow GMC’s guidance on consent and confidentiality’’
confidentiality and assisting the police principle
police have no power to get staff to give info
exceptions to the principle of assisting the police and confidentiality
Under a warrant from a circuit judge
To aid police request in identifying drivers
suspected of offences - only have to give name and address
To aid police in all matters with suspected terrorist
patient
inform police if gunshot wound/stab - shouldnt be informed whether it appears to be accidental or self-harm
contacting police might not be proportional if you think no-one else is at risk, other than the pt, so disclosing would cause greater harm to the pt and damage trust
child arriving with gunshot wound/stab injury - likely to raise child protection concerns - therefore report
confidentiality and the wider public interest
balance between duty to the patient and society
may be challenged
must justify action, or inaction - action/inaction and reasoning must be documented
confidentiality and the DVLA
people’s fitness to drive – dr owes confidentiality to pt, and wider duty to protect public – pt have to tell DVLA, so dr have to tell pt to do this. If pt continues to drive but unfit to do so – dr have to make decision about whether to tell the DVLA in wider interest of public safety
case of W v Egdell
o W in mental health prison because killed people and explosives – max security prison
o Commissioned psychiatrist to assess mental state to hopefully get favourable report to move to lower security prison
o Psychiatrist said very dangerous so couldn’t get out – W took him to court, because not-favourable. Found that disclosure in public interest so it was the right thing to do
who has overall responsibility for patient confidentiality
Caldicott guardian
who is the Caldicott guardian
senior person in health organisation
makes sure that personal info is used legally, ethically and appropriately and that confidentiality is maintained
role has no statutory basis - advisory role but guardians are accountable for any advice
what is the purpose of the Caldicott guardian
act as the conscious of the organisation
why was the Caldicott guardian set up
report issued by chief medical officer about concerns about ways that pt info was being used
set up committee chaired by Dame Caldicott around pt info and security
what are the Caldicott principles
One should justify the purpose of holding patient
information
Information on patients should only be held if
absolutely necessary.
• Use only the minimum of information that is
required.
• Information access should be on a strict need to
know basis.
• Everyone in the organisation should be aware of
their responsibilities.
• The organisation should understand and comply
with the law - GDPR
confidentiality and anonymised info
There is no obligation of confidence when
information is in a form that is not capable of
identifying the patient - protect privacy when making available resources that make research and planning reliable, audits and allocation of funds
legitimate to use personal data for certain purposes eg when intention is to inform decisions about certain individuals or to provide services
consent generally not needed for anonymisation process
exception to anonymisation
Where a patient can be identified because the
symptoms are rare or where the patient is part
of a small community, then an obligation of
confidence is owed despite anonymisation of
patient information.
what is the motivated intruder test
– see if would be successful if reasonably competent and has access to internet and docs – if could do it even with anonymysation = breach of confidence
confidentiality after death
o Confidentiality is still important
o The GMC, BMA and DOH say that must continue beyond death otherwise disciplinary action
o Think if disclosure will be distress or benefit to family
o Maintain confidentiality and think of effect of info if you disclose info
whether disclosure about the deceased will in effect disclose
information about the patient’s family or other people,
• whether the information is already in the public domain or can
be anonymised
• the purpose of the disclosure.
case of Bluck v Information Commissioners 2007
o Died after childbirth, negligence was admitted and damages paid to husband – mother applied for notes under freedom of info act to find out what happened
o Hospital refused because of next of kin (husband) refused
discussion about the Bluck case
whether disclosure of the
records would amount to a breach of confidentiality.
The Tribunal concluded that the public interest in
maintaining confidentiality outweighed, ‘by some
way’, the public interest in disclosure. Also the doctor
patient relationship would be undermined if a patient
believed the information might be released to the
public after death.
Thus, any disclosure by the hospital would be
actionable by the husband, and would also be
contrary to his rights under Article 8, the Right to
Respect for Private and Family Life, of the HRA.
when can you disclose information after death
assisting police or for coroner’s inquiry
Under s251 of NHS Act 2006; for research, in public
interest, education.
death certificates
national audits
When a partner, close relative or friend asks for
information about the circumstances of an adult’s
death, and you have no reason to believe that the
patient would have objected to such a disclosure,
• When a person has a right of access to records under
the Access to Health Records Act 1990
how can you send records to other hospitals
NHS email - encrypted
CD - encrypted
if writing a case report for publication and want to include an XR do you need pt consent
o When publishing info about identifying living – should get signed consent
o If consent cant be obtained – publishing only possible if anonymised as long as pt or no one else can identify
o If dead UK data protection law doesn’t apply – relative by courtesy. If not balance worth of publish to risk of offence and identifiable
o If lack capacity – anonymised or not published
o Anonymise where possible
what does anonymisation mean
that neither the pt nor anyone else can identify the pt
do you need consent before submitting pt identifiable data to national cancer database registry
no - because too much work
disproportionate work load
section 251 of NHS act allows data to be used for such purposes w/o consent
children and confidentiality
The decision to maintain or breach
confidentiality is based on best interests
If the child is <16 and not Gillick competence
the doctor can breach confidentiality if it is in
the child’s best interests (or with parental
consent)
• If the child is Gillick competent then he/she
can give or refuse consent to disclosure. But
confidentiality can still be lawfully breached if
it is in the child’s best interests
children >16 and confidentiality
then he/she is presumed competent and disclosure should only be made with their consent. But confidentiality can still be lawfully breached if it is in the child’s best interests • HOWEVER, it will generally not be in the best interests of a competent child to override their competentrefusal
what are the GDPR principles
personal data shall be:
processed lawfully
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
adequate relevant and limited to what is necessary in relation to the purposes for which they are processed
accurate and, where necessary, kept up to date
kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data is processed
processed in a manner that ensures appropriate security of them - including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage
what is the GDPR
o Set out requirements for how to deal with personal date
o Should be lawfully, fairly and transparent
GDPR and individual rights
provides these rights for individuals: right to be informed right of access right to rectification right to erasure right to restrict processing right to data portability right to object
summarise the right for erasure
no absolute right to be forgotton
can ask for personal data to be erased but only when no compelling reason for continued processing
requests have to be assessed on their own merits
individuals have right to erased - if data no longer needed for purpose or relying on consent as lawful basis for holding data and pt withdraws consent
cant ask for notes to be destroyed
GDPR and breach of info
must notify the supervisory authroity of a breach likely to result in a risk to the rights and freedoms of individuals, and in some cases to the individuals affected eg
damage to reputation
financial loss
loss of confidentiality
any other significant economic or social disadvantage
report the breaches within 72hrs
fail to notify breach = fine
• Should condition be on death certificate if family refuse
o Discuss with coroner
o Absolute to fill out death certificate – but coroner expert so can word it in a way that the family would be happy with – word correctly and not upset the family
