Skip to main content

Confidentiality policy

1. Aims of Policy

The purpose of the protocol is to set out the obligations for all working at Hall Green Health concerning the confidentiality of information held about patients and Hall Green Health.

2. Scope

This protocol is relevant to all employers and anyone who works at Hall Green Health, including non-clinical staff. Individuals on training placements and visitors/observers on the premises must also adhere to this.

3. Introduction

Due to the nature of the information that we deal with as a practice, confidentially of information including but not limited to patient, staff and financial is of the utmost importance.

4. Importance of Confidentiality

  • 4.1.1 Confidentiality is a fundamental part of health care and crucial to the trust between doctors and patients. Patients entrust their practice with sensitive information relating to their health and other matters in order to receive the treatment and services they require. They should be able to expect that this information will remain confidential unless there is a compelling reason why it should not. All staff in the NHS have legal, ethical and contractual obligations of confidentiality and must ensure they act appropriately to protect patient information against improper disclosure.
  • 4.1.2 Some patients may lack the capacity to give or withhold their consent to disclosure of confidential information but this does not diminish the duty of confidence. The duty of confidentiality applies to all patients regardless of race, gender, social class, age, religion, sexual orientation, appearance, disability or medical condition.
  • 4.1.3 Information that can identify individual patients must not be used or disclosed for purposes other than healthcare unless the patient (or appointed representative) has given explicit consent, except where the law requires disclosure or there is an overriding public interest to disclose. All patient identifiable health information must be treated as confidential information, regardless of the format in which it is held. Information which is effectively anonymised can be used with fewer constraints.
  • 4.1.4 The confidentiality of other sensitive information held about the practice and staff must also be respected.

5. Obligations for all Staff

  • 5.1.1 All staff must:
    • 5.1.1.1 Sign a confidentiality agreement on commencing employment at Hall Green Health, to confirm they have read, understood and agreed to abide by the practice’s confidentiality protocol see Appendix D
    • 5.1.1.2 Always endeavour to maintain patient confidentiality.
    • 5.1.1.3 Not discuss confidential information with colleagues without patient consent (unless it is part of the provision of care).
    • 5.1.1.4 Not discuss confidential information in a location or manner that allows it to be overheard or on internet forums or social networking sites
    • 5.1.1.5 Not post defamatory or derogatory comments on internet forums or social networking sites relating to a patient, the practice or staff members. Doing so could result in disciplinary action and legal action
    • 5.1.1.6 Handle patient information received from another provider sensitively and confidentially.
    • 5.1.1.7 Not allow confidential information to be visible in public places.
    • 5.1.1.8 Not share passwords
    • 5.1.1.9 Store and dispose of confidential information in accordance with the General Data Protection Regulation 2018 and the Department of Health’s Records Management Code of Practice (Part 2).
    • 5.1.1.10 Not access confidential information about a patient unless it is necessary as part of their work.
    • 5.1.1.11 Not remove confidential information from the premises unless it is necessary to do so to provide treatment to a patient, the appropriate technical safeguards are in place and there is agreement from the information governance lead (IT Manager) or Caldicott Guardian (Dr Ajay Singal).
    • 5.1.1.12 Contact the information governance lead or Caldicott Guardian if there are barriers to maintaining confidentiality.
    • 5.1.1.13 Report any loss, inappropriate storage or incorrect disclosure of confidential information to the information governance lead or Caldicott Guardian.
    • 5.1.1.14 If applicable, document, copy, store and transfer information in the ways agreed with other providers
    • 5.1.1.15 Comply with the law and guidance/codes of conduct laid down by their respective regulatory and professional bodies.
    • 5.1.1.16 Not access their own or family members records unless express consent is held. Seek assistance from line manager.
  • 5.1.2 It is usual for a breach of confidentiality to result in disciplinary action, which could result in summary dismissal.

6. Information Disclosures

  • 6.1.1 When a decision is taken to disclose information about a patient to a third party due to safeguarding concerns/public interest, the patient should always be told and asked for consent before the disclosure unless it would be unsafe or not practical to do so.
  • 6.1.2 In the circumstances that consent cannot be sought, then there must be clear reasons and necessity for sharing the information.
  • 6.1.3 Disclosures of confidential information about patients to a third party must be made to the appropriate person or organisation and in accordance with the principles of the GDPR 2018 the NHS Confidentiality Code of Practice and the GMC’s Good Medical Practice.

7. Obligations for Partners and Managers

  • 7.1.1 Hall Green Health will:
    • 7.1.1.1 Ensure that confidential information can be stored securely on the premises and that there are processes in place to guarantee confidentiality.
    • 7.1.1.2 Make sure that all individuals to whom this protocol is relevant have confirmed that they have read and understood this protocol (via Bluestream elearning module)
    • 7.1.1.3 Review and update this protocol on a regular basis.

8. Review

  • 8.1.1 This policy is in line with current legislation at the time of writing and is subject to periodic review.
  • 8.1.2 In the event of any incident linked to this policy; findings of an audit that identifies a gap or a need for a review or a change of legislation impacting on this policy, the policy will be updated and will supersede this policy.
  • 8.1.3 Unless there are changes to regulations that affect this policy then this policy will be reviewed on an annual basis.

9. Version Control

Version Number – 1.0

Key Changes – Introduced version control

Name – Jamal Syed

Position – IT Manager

Date – 07/01/2020

Version Number – 1.1

Key Changes –

Name – Ann Cartmill

Position – Clinical Governance Lead

Date – 21/04/2021

Review date: April 2022

Page published: 27 July 2023
Last updated: 27 July 2023