The Health Centre & Heaton Avenue Surgeries are committed to the delivery of a first-class confidential service. This means ensuring that all patient information is processed fairly, lawfully and as transparently as possible so that the public:

 

• Understand the reasons for processing personal information.
• Give their consent for the disclosure and use of their personal information.
• Gain trust in the way the Practice handles information.
• Understand their rights to access information held about them.

 

 

What is confidential patient information?

 

A duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence. It –

 

• Is a legal obligation that is derived from case law;
• Is a requirement established within professional codes of conduct;
• Must be included within NHS employment contracts as a specific requirement linked to disciplinary procedures.

 

Patients entrust us with, or allow us to gather, sensitive information relating to their health and other matters as part of their seeking treatment. They do so in confidence, and they have the legitimate expectation that staff will respect their privacy and act appropriately. In some circumstances patients may lack the competence to extend this trust, or may be unconscious, but this does not diminish the duty of confidence. It is essential, if the legal requirements are to be met and the trust of patients is to be retained, that the Practice provides, and is seen to provide, a confidential service.

 

Information that can identify individual patients must not be used or disclosed for purposes other than healthcare without the individual’s explicit consent, some other legal basis, or where there is a robust public interest or legal justification to do so. In contrast, anonymised information is not confidential and may be used with relatively few constraints.

 

 

Disclosing and using confidential patient information.

 

It is extremely important that patients are made aware of information disclosures that must take place in order to provide them with high quality care. In particular, clinical governance and clinical audits, which are wholly proper components of healthcare provision, might not be obvious to patients. Therefore, this is highlighted in the Patient Leaflet provided to all new patients and readily available to existing patients.

Patients generally have the right to object to the use and disclosure of confidential information that identifies them and are made aware of this right in the Patient Leaflet. Sometimes, if patients choose to prohibit information being disclosed to other health professionals involved in providing care, it might mean that the care that can be provided is limited and, in extremely rare circumstances, that it is not possible to offer certain treatment options. Patients must be informed if their decisions about disclosure have implications for the provision of care or treatment. Clinicians cannot usually treat patients safely, nor provide continuity of care, without having relevant information about a patient’s condition and medical history. However, should a patient wish to restrict the disclosure of information their decision must be respected.

 

As all patients are informed of the use and disclosure of their information associated with their healthcare via the Patient Leaflet, consent is not usually required for information disclosures needed to provide healthcare.

 

Should a patient choose to opt out of sharing their information their medical record should be updated with the EMIS Read Code:-

 

• 9Nd1. No consent given for electronic record sharing
• 9NdH  Declined consent to share patient data with specified 3^rd party.

 

Where the purpose is not directly concerned with the healthcare of a patient however, it would be wrong to assume consent. The Patient must be initially contacted in order to gain consent. If the patient agrees to share their information their medical record should be updated with the EMIS Read Code:-

 

• 9Nd7  Consent given for electronic record sharing.
• 9NdG  Consent given to share patient data with specified 3^rd party.

 

There are situations where consent cannot be obtained for the use or disclosure of patient identifiable information, yet the public good of this use outweighs issues of privacy. Section 60 of the Health and Social Care Act 2001 currently provides an interim power to ensure that patient identifiable information, needed to support a range of important work such as clinical audit, record validation and research, can be used without the consent of patients.

 

The disclosure and use of confidential patient information needs to be both lawful and ethical. Whilst law and ethics in this area are largely in step, the law provides a minimum standard that does not always reflect the appropriate ethical standards that the government and the professional regulatory bodies require. For example, the Department of Health and the General Medical Council are in agreement that, whilst there are no clear legal obligations of confidentiality that apply to the deceased, there is an ethical basis for requiring that confidentiality obligations, as outlined in this document, must continue to apply.

 

Obligations on individuals working in the NHS

 

All staff should meet the standards outlined in this document, as well as their terms of employment. All staff are aware of the Data Protection Act and Patient Confidentiality as outlined in their contracts. Each contract is signed by each individual staff member before commencing their post as an understanding of their agreement.  

 

 

Protect patient information

 

Patients’ health information and their interests must be protected through a number of measures:

 

• Procedures to ensure that all staff are at all times fully aware of their responsibilities regarding confidentiality.
• Recording patient information accurately and consistently.
• Keeping patient information private.
• Keeping patient information physically secure.
• Disclosing and using information with appropriate care.
• Respects the rights of the patient and exercise the right to allow them access to their health record on request.
• Be aware of the issues surrounding confidentiality, and seek training or support where uncertain in order to deal with them appropriately.
• Report possible breaches or risk of breaches to the Practice Manager or to the Partners (Caldicott Lead).
• No gossiping about patient’s.
• Taking care when discussing cases in public places. It may be pertinent to discuss cases with colleagues for professional reasons (to gain advice, or share experience and knowledge), but care must be taken to ensure that others do not overhear these conversations. Generally, there is no need to identify the patient concerned.

 

 

Record keeping best practice.

 

Patient records should:

 

• Be factual, consistent and accurate.
• Be written as soon as possible after an event has occurred, providing current information on the care and condition of the patient
• Be typed clearly and legibly.
• Be written in such a manner that any alterations or additions are dated, timed and the author can be identified in such a way that the original entry can still be read clearly.
• Be accurately dated, timed and identifiable, with the name of the author.
• Be written, wherever applicable, with the involvement of the patient or carer.
• Be clear, unambiguous, (preferably concise) and written in terms that the patient can understand. Abbreviations, if used, should follow common conventions.

 

• Be consecutive.
• Use standard coding techniques and protocols.
• Be written so as to be compliant with the Race Relations Act and the Disability Discrimination Act.
• Be relevant and useful.
• Provide evidence of the care planned, the decisions made, the care delivered and the information shared.
• Provide evidence of actions agreed with the patient (including consent to treatment and/or consent to disclose information).
• Include medical observations: examinations, tests, diagnoses, prognoses, prescriptions and other treatments.
• Relevant disclosures by the patient – pertinent to understanding cause or effecting cure/treatment.
• Facts presented to the patient.
• Correspondence from the patient or other parties.

 

Patient records should not include;

 

• Unnecessary abbreviations or jargon.
• Meaningless phrases, irrelevant speculation or offensive subjective statements.

Irrelevant personal opinions regarding the patient.

 

 

Keeping patient information physically and electronically secure.

 

This section covers both manual and electronic records. Staff should not leave medical notes or files in unattended cars or in easily accessible areas. All files are stored under lock and key when not actually being used. Staff should not normally take patient records home, and where this cannot be avoided, procedures for safeguarding the information effectively should be followed.

 

• Always log-out of any computer system or application when work on it is finished.
• Never leave a terminal unattended and logged-in.
• Never share logins with other people. If other staff have need to access records, then appropriate access should be organised for them – this must not be by using others’ access identities.
• Never reveal passwords to others.
• Change passwords at regular intervals to prevent anyone else using them.
• Avoid using names or words that are known to be associated with them (e.g. children’s or pet’s names or birthdays).
• Always clear the screen of a previous patient’s information before seeing another.
• Use a password-protected screen-saver to prevent casual viewing of patient information by others.

 

Sharing patient information

 

Protocols for sharing patient information must always be followed.