Wk6 In Confidence Flashcards
What is confidentiality?
“patients have a right to expect that their personal information will be held in confidence by their doctors” - GMC, 2017
“And whatsoever I shall see or hear in the course of my profession… if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.” - Hippocrates 5th century BC
What are arguments for confidentiality if we look at 4 principles?
NON-MALEFICENCE : Disclosure - potential harm
AUTONOMY : requires security
self-determination
BENEFICENCE : It’s rare that breaching a patient’s confidentiality would be in their interests
JUSTICE : Fairness
- would you accept a society where in order to access healthcare you had to divulge information to broader society?
- or where doctors could use their power and disclose information at will?
Deontological arguments for confidentiality
Rationally, there are strong arguments for a duty of confidentiality
“A duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence. It –
a. is a legal obligation that is derived from case law;
b. is a requirement established within professional codes of conduct; and
c. must be included within NHS employment contracts as a specific requirement linked to disciplinary procedures.”
Utilitarian arguments for confidentiality
There would be multiple and potentially severe ramifications for individual patients and for society as a whole if doctors breached confidentiality
Therefore rule utilitarians would support maintaining confidentiality generally … act utilitarians would assess on a case-by-case basis
Virtue ethicist confidentiality arguments
Would a good doctor breach confidentiality?
You’re going to have a strange set of values if you conclude that a good doctor is one who goes around broadcasting their patient’s histories / results / sensitive information …
What is a full house?
Ethical consensus for maintaining confidentiality - but does that mean its absolute?
What is confidential?
No single act of legislation
The principle of confidentiality comes from the Common Law
The principle has been summarized (by the UK government) as :
“if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent. In practice, this means that all patient/client information, whether held on paper, computer, visually or audio recorded, or held in the memory of the professional, must not normally be disclosed without the consent of the patient/client.”
What constitues a legal breach?
An individual can sue in the civil courts for breach of confidentiality It is also possible to pursue a criminal case
To establish a legal breach :
● The information disclosed must have the quality of confidentiality
● The information must have been gained in confidential circumstances
● The plaintiff must show that there was unauthorized use of the information
Successful suits also show that harm resulted from the breach The breach does not have to be deliberate
GMC guidance on confidentiality?
In general, you can only share personal information about a patient within the
healthcare team, or for the purposes of audit
… even then, you should make every effort to ensure patients are aware that
their information might be shared in this way
… and patients can refuse to let you do so
If this will affect their care (eg. not being able to refer to another team), you must make sure your patient is aware of that
What should you do?
There is a Common Law obligation towards confidentiality
Even slips which fall short of a legal breach would fall short of the professional standards
Assume anything your patient tells you, or anything you only know because you are their doctor, is covered by confidentiality
Share the minimum information possible, for purposes of direct care
‘No surprises’
When can confidentiality be breached with patients consent?
Research
- Publication (eg. a photograph in a textbook, even if you do not think
they could be identified from it)
- Teaching (it’s rare you would need to use identifiable information)
- Third party requests (eg. insurance companies)
When can confidentiality be breached without consent?
- required by law
- in public interest
What disclosures are required by law?
● notifications of specific infectious diseases (Public Health Act, 1984)
● disclosure to courts if information is ordered by a judge
● Abortion Regulations 1991 —a doctor carrying out a TOP must notify the Chief Medical Officer
● Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1985 —deaths, major injuries, and
accidents resulting in more than 3 days off work, certain diseases, and dangerous occurrences must be
reported
● Road Traffic Act 1988— provide to the police, on request, information that may identify a driver alleged to
have committed a traffic offence
● Terrorism Act 2000—must inform police of any information that may help to prevent an act of terrorism, or
help in apprehending or prosecuting a terrorist
● Information Sharing Index (England) Regulations 2006 (ContactPoint)— basic identifying information to the
local authority for every child contact
● NHS Act 2006 - NHS counter-fraud investigations are entitled to access patient’s confidential records
● Medical Act 1983 - the GMC can access to a patient’s medical records to investigate a doctor’s fitness to practise
What does the data protection act 2018 do?
- Covers all healthcare records of living patients - paper and electronic
- Harm suffered due to contravening the Act is subject to compensation
- Enacted with the GDPR, applies post-Brexit
- Organisations are accountable for following the Act and must be able to demonstrate that they do so
What must DPA personal data must be?
● processed fairly and lawfully
● obtained only for one or more specified and lawful purposes
● adequate, relevant and not excessive in relation to the purposes
● accurate and up to date
● not kept for any longer than is necessary
● processed in accordance with the rights of data subjects within the Act
● protected against unauthorised processing, accidental loss, damage or
destruction
● not transferred overseas unless that country ensures adequate protection for the data
