Confidentiality and Privacy

Different codes of confidentiality apply to different professions, and it is the common law which gives clients a legal right to confidentiality with regard to certain types of information, or information which is given in certain circumstances.

The basic rule is that if someone receives information about a person in a situation where it would be expected that it would be kept confidential, it should be kept confidential, unless the person about whom that information was concerned (and sometimes the provider of it) agree that it should be passed on.

In any large organisation such as a social services department, or the NHS, there has been traditionally believed to be an exception to the need for consent when information falls to be passed on to other team members – the exception being, in effect, based on a perceived ‘need to know’. This has extended to administrative staff who need the information to help them manage the service.

The kind of information on social services files is almost always of the sort which a court would regard as confidential. There may be other exceptional circumstances justifying a disclosure but they would be related to the public interest such as the prevention or detection of crime, the protection of a person or the prevention of a serious public health risk.

If personal information is passed on in breach of confidence it is best to use the complaints procedure or the local government ombudsman; and if the ‘discloser’ is a service provider working on behalf of the local authority, the matter should be raised with them first, and then the social services department contracting for the package. As a last resort, recourse to professional bodies or even legal action for damages, is possible.

Where an authority has confidential information in its control, and is asked for disclosure, it will need to consider carefully whether this is lawful under the Data Protection Act, and whether the conditions for lawful processing apply.

The circumstances when personal information can be disclosed to others are covered by the conditions in schedules 2 and 3. Disclosure must comply with one of the conditions set out in sched 2, and additionally one in sched 3, if it is sensitive information involved. Consent, and explicit consent, respectively, of the person about whom the data is held, are listed as conditions. But there are exceptions related to the discharge of statutory functions.

Exceptions to the need for consent

Where the disclosure of the data is necessary to comply with a legal obligation imposed on an authority, it is not necessary.

The guidance goes on to say (in tiny writing) that much of the personal information held for social services purposes is required under statute, and in many, if not most cases there will be no need to seek the subject’s consent to use. However, the guidance suggests that good practice requires that the client be told about the obligation in play. It also suggests that non- return of a form asking for consent is not consent.

Processing may be necessary for the administration of justice;

consent is not needed then.

Where it may be necessary to protect the vital interests of the data subject;

consent is not necessary.

Under the indicative ‘social services’ purposes, where consent is not a requirement, the guidance lists disclosure to staff directly involved in a case and their line managers; to anyone else who cares for a client where the information is needed for care (this includes volunteers), and to Health, Education, child protection, inspection, audit, finance, and the police – because the provision of the information may be needed in order to enable the authority to gain confirmation of it, or doubts as to the information, for the purposes of discharging its own statutory functions.

Intra-departmental sharing of information – illegal disclosure?

We have seen commentary to the effect that under the new law, since it is local authorities which count in law as the data controllers for the purposes of the Act, not social services departments, it means that other employees of the local authority will be ‘recipients’ of personal data disclosed to them, ie treated as if they were third parties, thereby increasing protection for those about whom social services hold intimate personal information.

On the one hand, this approach is supported by the fact that there are exemptions relating to the discharge of statutory functions, and they would not be necessary unless information sharing intra-departmentally and inter-departmentally counts as disclosure. On the other hand, the definition of a recipient is worded so as to exclude someone to whom the disclosure is made with a view to an enquiry on their part under a power conferred by law. Thus we do not agree that information sharing has got any harder within an authority. We think that so long as it is done carefully on a need to know basis, it will be covered by exemptions.

Different codes of confidentiality apply to different professions, and it is the common law which gives clients a legal right to confidentiality with regard to certain types of information, or information which is given in certain circumstances.

The basic rule is that if someone receives information about a person in a situation where it would be expected that it would be kept confidential, it should be kept confidential, unless the person about whom that information was concerned (and sometimes the provider of it) agree that it should be passed on.

In any large organisation such as a social services department, or the NHS, there has been traditionally believed to be an exception to the need for consent when information falls to be passed on to other team members – the exception being, in effect, based on a perceived ‘need to know’. This has extended to administrative staff who need the information to help them manage the service.

The kind of information on social services files is almost always of the sort which a court would regard as confidential. There may be other exceptional circumstances justifying a disclosure but they would be related to the public interest such as the prevention or detection of crime, the protection of a person or the prevention of a serious public health risk.

If personal information is passed on in breach of confidence it is best to use the complaints procedure or the local government ombudsman; and if the ‘discloser’ is a service provider working on behalf of the local authority, the matter should be raised with them first, and then the social services department contracting for the package. As a last resort, recourse to professional bodies or even legal action for damages, is possible.

Where an authority has confidential information in its control, and is asked for disclosure, it will need to consider carefully whether this is lawful under the Data Protection Act, and whether the conditions for lawful processing apply.

The circumstances when personal information can be disclosed to others are covered by the conditions in schedules 2 and 3. Disclosure must comply with one of the conditions set out in sched 2, and additionally one in sched 3, if it is sensitive information involved. Consent, and explicit consent, respectively, of the person about whom the data is held, are listed as conditions. But there are exceptions related to the discharge of statutory functions.

Exceptions to the need for consent

Where the disclosure of the data is necessary to comply with a legal obligation imposed on an authority, it is not necessary.

The guidance goes on to say (in tiny writing) that much of the personal information held for social services purposes is required under statute, and in many, if not most cases there will be no need to seek the subject’s consent to use. However, the guidance suggests that good practice requires that the client be told about the obligation in play. It also suggests that non- return of a form asking for consent is not consent.

Processing may be necessary for the administration of justice;

consent is not needed then.

Where it may be necessary to protect the vital interests of the data subject;

consent is not necessary.

Under the indicative ‘social services’ purposes, where consent is not a requirement, the guidance lists disclosure to staff directly involved in a case and their line managers; to anyone else who cares for a client where the information is needed for care (this includes volunteers), and to Health, Education, child protection, inspection, audit, finance, and the police – because the provision of the information may be needed in order to enable the authority to gain confirmation of it, or doubts as to the information, for the purposes of discharging its own statutory functions.

Intra-departmental sharing of information – illegal disclosure?

We have seen commentary to the effect that under the new law, since it is local authorities which count in law as the data controllers for the purposes of the Act, not social services departments, it means that other employees of the local authority will be ‘recipients’ of personal data disclosed to them, ie treated as if they were third parties, thereby increasing protection for those about whom social services hold intimate personal information.

On the one hand, this approach is supported by the fact that there are exemptions relating to the discharge of statutory functions, and they would not be necessary unless information sharing intra-departmentally and inter-departmentally counts as disclosure. On the other hand, the definition of a recipient is worded so as to exclude someone to whom the disclosure is made with a view to an enquiry on their part under a power conferred by law. Thus we do not agree that information sharing has got any harder within an authority. We think that so long as it is done carefully on a need to know basis, it will be covered by exemptions.

 

Advice to NHS professionals in relation to public interest disclosure without a person’s consent

Gathering relevant information:

It is important to begin by gathering relevant information to inform the public interest judgement to be made, such as:

  • The purpose(s) served by the disclosure, and whether the purpose(s) could be served without the disclosure of confidential patient information;
  • The individual(s) and/or organisation(s) affected by disclosure or non-disclosure, and the resulting level of detriment or benefit;
  • The confidential information that is requested or required;
  • The proposed recipient(s) of the disclosure, and whether they will disclose the information further;
  • Whether there is either a statutory barrier or requirement to disclose;
  • Who should be involved in the decision and who will be accountable; and
  • The urgency of the decision.

 

Consent may be forthcoming – it should be asked for first:

The patient should be asked to consent to the disclosure (thus avoiding the need for public interest override) and/or for their perspective on the impact of disclosure (which can be helpful when weighing up whether to disclose), unless it is impractical to do so, or when contacting the patient would undermine the purpose of the disclosure.

 

Is disclosure justifiable under the DPA?

Where confidential information is being disclosed for a purpose other than those identified as medical purposes in schedule 3 of the Data Protection Act 1998 then another justification must be found for the “processing”. In practice, it will be very rare that such a justification will not be available as “functions of a public nature exercised in the public interest” is itself a schedule 3 justification, as are “administration of justice” and vital interests (matters of life and death).

Is the disclosure necessary to prevent serious harm?

It is important to distinguish between serious harm to the individual to whom information relates and serious harm to others. Confidential information can be disclosed without consent to prevent serious harm or death to others. This is likely to be defensible in common law in the public interest.

Incapacity and best interests

Where the patient is an adult lacking capacity, the Mental Capacity Act applies, and the best interests of the patient concerned can be sufficient to justify disclosure, i.e. information can be disclosed to prevent a patient who lacks capacity from being harmed.

However, an individual’s best interests are not sufficient to justify disclosure of confidential information where he/she has the capacity to decide for him/herself. There has to be an additional public interest justification, which may or may not be in the patient’s best interests. In some circumstance, e.g. where parents refuse to permit disclosure of information about a child who lacks capacity, clinicians should ultimately act in the best interest of the child.

Examples of where public interest can be a defence include:

  • Reporting to the Driver & Vehicle Licensing Centre a patient who rejects medical advice not to drive (although health professionals should inform the patient of their intention to report it);
  • Breaching the confidentiality of a patient who refuses to inform his or her sexual partner of a serious sexually transmissible infection;
  • Releasing relevant confidential information to social services where there is a risk of significant harm to a child.

Is disclosure necessary to prevent, detect or prosecute serious crime?

Confidential patient information can be disclosed in the public interest where that information can be used to prevent, detect, or prosecute, a serious crime. “Serious crime” is not clearly defined in law but will include crimes that cause serious physical or psychological harm to individuals. This will certainly include murder, manslaughter, rape, treason, kidnapping, and child abuse or neglect causing significant harm and will likely include other crimes which carry a five-year minimum prison sentence but may also include other acts that have a high impact on the victim.

On the other hand, theft, fraud or damage to property where loss or damage is not substantial are less likely to constitute a serious crime and as such may not warrant breach of confidential information, though proportionality is important here. It may, for example, be possible to disclose some information about an individual’s involvement in crime without disclosing any clinical information.

In the grey area between these two extremes a judgement is required to assess whether the crime is sufficiently serious to warrant disclosure. The wider context is particularly important here. Sometimes crime may be considered as serious where there is a prolonged period of incidents even though none of them might be serious on its own (e.g. as sometimes occurs with child neglect). Serious fraud or theft involving significant NHS resources would be likely to harm individuals waiting for treatment. A comparatively minor prescription fraud might be serious if prescriptions for controlled drugs are being forged.

In some circumstances there may not be sufficient information available to determine whether or not a disclosure may serve to prevent or detect a serious crime. It may help to first hold an anonymised discussion with colleagues to establish whether concerns are justified and greater sharing of information is required may be appropriate.

Note that the public interest defence is separate from, and additional to, specific statutory requirements for disclosure in relation to crime. There is a legal duty to report financial assistance of terrorism, and legislation requires health professionals to release, where requested by police:

  • The names of patients treated after a car accident, to assist in the investigation of alleged dangerous driving;
  • Medical records / information, human tissue or fluid, if the request is backed by a court order or search warrant;
  • Medical records / information where there are reasonable grounds for believing the records are evidence in relation to an offence and it is necessary for police to seize them in order to prevent loss or alteration of evidence.

Would disclosure serve another public interest?

There are clearly cases where disclosure of information may be in the public interest for a reason unrelated to serious harm or serious crime. The decision to disclose must take account of the likelihood of detriment (harm, distress or loss of privacy) to the individuals concerned, but a proportionate disclosure may be acceptable where there is clear benefit to the public. For example, a national clinical audit study into the effectiveness of a particular intervention may require the use of historic patient case notes where the majority of the affected patients are not contactable because they have since moved or died. There would be little or no detriment to the patients concerned and the public good resulting from the clinical audit may justify extracting confidential information from the case notes. Similar considerations may apply to some research uses which do not affect the rights, freedoms or legitimate interests of individual patients.

However, since there is little case law in this area it is recommended that advice is sought from the National Information Governance Board (NIGB) before making such a disclosure. The NIGB advises the Secretary of State for Health on the use of powers provided under section 251 of the NHS Act 2006 that make it permissible to disclose, without consent, confidential data about groups of patients for “secondary”8 purposes where there is no clear public interest.

Confer with colleagues and weigh up public and individual’s interest in maintaining confidentiality against the public interest argument for disclosure. The key factors in deciding whether or not to share confidential information are necessity and proportionality9. The disclosure of confidential patient information must be necessary in order to satisfy an important public interest. Public interest must be judged on the merits of the case. Such a defence is only applicable in limited circumstances; public interest does not mean “of interest to the public”.

There must be a balancing of the competing interests: the public interest achieved by the disclosure against both the potential damage caused to the individual whose confidentiality is to be breached and society’s interest in the provision of a confidential health service. A fair balance should be struck between the rights of the patient, and the rights of other affected persons. Relevant factors to take into account are the potential damage to the care relationship between the health professional(s) and the patient, and the potential impact of the patient terminating that relationship. The health professional or another clinician must therefore be involved in the decision. Account should also be taken of the risk of a breakdown in trust between the patient and the NHS, and of the risk of loss of confidence amongst the public of the confidentiality of NHS services.

Health professionals must objectively assess public interest (e.g. through conferring with colleagues and by accessing independent advice) and not their own subjective views of what constitutes a public interest. Colleagues may identify additional factors to consider, and assist in weighing up the options. Where possible, the appropriate Caldicott Guardian should be involved. The identity of the patient should not be revealed in discussions. Seeking such advice may not be practicable in cases where the decision is urgent and there are no suitable colleagues available.

Health professionals may be protected by a public interest defence for disclosing information to avert a real risk of danger to the public, but they still have a duty of confidence and have to judge the most appropriate information and recipient of it to minimise detriment to the individual concerned. Disclosure should be to the appropriate person(s), and the confidential information provided should be limited to that necessary to fulfil the purpose of the disclosure. It may be possible to restrict the contents, recipient(s), or conditions of disclosure to limit the detriment caused but still achieve the public interest aim so that the disclosure is proportionate.

It will often be appropriate to place conditions on the recipient(s) of the disclosure e.g. that the confidential information is held securely and only used for a designated purpose and/or that it is not disclosed beyond specified limits.

Within the NHS Care Records Service, patients will be able to restrict access to their confidential information in various ways. In some circumstances, the opportunity will exist for clinicians to override the patient’s restriction and access the restricted information, justifying their action in the public interest. This raises a different problem than in the normal case where a clinician discloses information to other person(s). The difficulty here is that the clinician will not know what information has been withheld and therefore what public benefit will be derived from access. This makes the weighing up of the benefits and disbenefits of disclosure difficult, but a public interest disclosure might still be justified.

Is disclosure clearly in the public interest?

In some cases, it will be clear that a proportionate disclosure is required in order to:

  • Prevent serious harm being caused to one or more other individual(s), such as child abuse, or a serious assault;
  • Report a doctor or nurse with Hepatitis B who carries out exposure–prone procedures without taking proper precautions to protect patient safety; and/or
  • Prevent, detect or prosecute what is clearly a serious crime like murder or rape.

In other cases, further advice should be sought because it is less clear that a public interest defence is applicable. This might arise where, for example:

  • It is unclear whether the crime or harm is sufficiently serious to justify disclosure; or
  • A risk of serious crime or harm being committed exists but it is not clear whether the likelihood of it occurring is sufficient to justify the disclosure; or
  • A risk of serious crime or harm being committed exists but it is not clear whether it could be prevented without the disclosure (and thus whether the disclosure is “necessary”); or
  • Where harm is less severe but is prolonged (e.g. the impact on a child witnessing domestic violence over a long period);
  • Another important public interest other than preventing serious harm or serious crime would be served by the disclosure (e.g. a secondary use like research); or
  • The patient(s) have explicitly refused to consent to the disclosure, or
  • Some affected patients consent and some dissent to the disclosure; or
  • The benefit and detriment from disclosure are finely balanced.

 

Case studies

Scenario 1: A receptionist at a GP surgery sees a patient leave the building and get into a car. On driving from the car park, the patient’s car collides with and damages another patient’s car. The driver does not stop, believing that nobody has seen the incident and instead drives away without leaving their details. Through her role at the surgery, the receptionist knows the identity of the patient.

Can the receptionist report the crime? What details can the receptionist provide about the accident and the driver?

Decision 1: A minor crime has been committed, but no serious crime or serious harm done. Therefore there is insufficient public interest (or any other) justification for revealing confidential patient information (e.g. from within the patient’s case notes or even reveal that the patient had attended the surgery). However, a crime has been committed and the receptionist would be entitled to report the incident, including the identity of the patient, to the police, but (s)he should not reveal confidential patient information.

Scenario 2: In one evening, at separate times, two patients enter an Accident & Emergency Department. Each of the patients has been a victim of a knife crime. Both patients report that they have been attacked by an individual and both describe what seems to be the same person. The patients claim that the attacks were unprovoked and that they did not know the attacker. The attacks happen within a mile of each other in a busy city centre. One of the patients is happy to speak to police and informs A & E staff of this. However, the other victim does not wish to have his information disclosed to the police because he does not want to be a police witness. He leaves before the police are called out.

Should the A & E staff report both incidents to the police? Should the identity of the patients and the details of the injuries be reported?

Confidentiality

 

Decision 2: It is generally accepted that the reporting of knife and gun crimes will be within the public interest. A & E units should have standard procedures for informing the police that a knife crime has occurred. It should also be standard practice for staff to seek patient consent to involve the police. A knife attack may be sufficient to justify a public interest disclosure of confidential information even when consent is not given, where it is likely to assist in the prevention, detection or prosecution of a serious crime. Staff should ensure that they consider the proportionality of any disclosures. In this example, police could be called to interview the first patient, who could then be expected to identify himself, and provide a description of the attack and the attacker, and of his injuries. If the patient refused to provide some of these details, the hospital could provide them.

For the second patient, it is likely to be proportionate to provide the police with details of the patient, the attacker, the attack and the patient’s injuries.

Scenario 3: One day during surgery hours a GP notices Mr Smith arrive, park his car and enter the surgery building. Mr Smith had attended an appointment in the previous month with the GP. At a previous appointment, the GP had prescribed Mr Smith with drugs and informed him that they were likely to make him drowsy, and that he should avoid driving. During the consultation Mr Smith had assured the GP that he’d “be fine!” when accepting the prescription. The GP knows Mr Smith well, and that he might ignore advice not to drive, and so has some concern over whether Mr Smith was fit to drive.

What action should the GP take?

Decision 3: In principle, Mr Smith could cause serious harm to others by continuing to drive. The GP should speak to Mr Smith and try to establish whether his medication is having the effect of making him drowsy and unfit to drive, and if so, to encourage him once more to stop driving. Discussion with colleagues may assist the GP in assessing the risk posed to the public from the effect of Mr Smith’s medication, and in weighing up whether a breach of confidence is justified. If Mr Smith is unfit to drive but nevertheless persists in driving, it would be justifiable in the public interest to inform the Driver and Vehicle Licensing Agency.

Scenario 4: Mrs Jones arrives at the Accident & Emergency Department with a number of cuts and bruises and stab wounds of some kind (from a screwdriver or penknife). She is very shaken up and anxious. Whilst treating the patient, A & E staff discover that this is the third time in three months that Mrs Jones has presented at A & E with injuries. It is also noted that Mrs Jones has a ten year-old son. She tells the staff that she is very clumsy and keeps having accidents. However, the injuries this time are not consistent with a clumsy accident, and the A & E staff are concerned that she may be the victim of assault, and that her son might also be at risk.

What should A & E staff do?

Decision 4: With further discussion and reassurance, Mrs Jones may reveal the true cause of her injuries. It may help if A&E staff explain that they believe her injuries are not consistent with her story. If Mrs Jones does admit that she is being assaulted by someone she lives with or sees regularly, then it will be easier for staff to decide whether they need to take any action to protect the child, such as notifying social services. This action could be justifiable in the public interest if it was considered that there was a risk of serious harm to the child. If Mrs Jones was prepared to admit to the cause of the violence and take action to safeguard the child, then it may not be considered necessary to inform social services. Such cases are often difficult and advice and guidance from a Caldicott Guardian and child protection advisor is likely to be helpful.

Scenario 5: A patient has been arrested on suspicion of robbery and the police have asked a consultant psychiatrist for a ‘background’ report based on prior knowledge. The police do not explain any more about the nature of the alleged crime but say they will use the report when preparing the papers for the Crown Prosecution Service. The consultant has not been asked to assess the patient and is not convinced that the patient would consent to the disclosure of information.

Should the consultant provide the report?

Decision 5: The consultant’s decision hinges on whether robbery is a serious crime. Were the police to not provide further details (e.g. as to whether it is robbery with violence), it would be reasonable for the consultant to assume this does not constitute a serious crime. Without a court order, the police can not force the consultant to provide a report. However, in this case, the police disclose that the robbery was with serious violence, and the consultant judges this to be an investigation of a serious crime. The consultant consults the Caldicott Guardian and another colleague. They consider whether the public interest in disclosure outweighs the potential damage from the disclosure. In this case, they feel that the patient’s relationship with the psychiatrist (and with any future psychiatric services the patient may receive) would be seriously damaged by a disclosure. Furthermore, the patient receives services through an outreach centre, and the doctors fear that this may lead to other patients withdrawing from the outreach services. They judge that no report should be provided without the patient’s consent.

Scenario 6: Following a series of complaints to a Member of Parliament from local residents, all of whom suffer from a particular disease and live close to a nuclear power station, a project is set up to investigate whether the proximity to the power station could contribute to the onset of the disease. The investigation team from the Public Health Observatory seeks access to confidential information within approximately two thousand paper case notes in Newtown Hospital Trust in order to discover the prevalence of relevant symptoms. The team argues that it is not feasible to seek consent from patients within the timescales of the enquiry and that their work can be justified in the public interest.

Decision 6: The Newtown Hospital Trust Caldicott Guardian considers that the risk of serious harm is not sufficient to breach the confidence of thousands of patients.

However, she feels there is a strong public interest in the investigation. In order to minimise the potential detriment caused, she offers to assist the investigation by providing local clinical coding staff to extract relevant data from the case notes and provide it to the investigation team. Nevertheless, the data to be provided could still reveal patient identity, and so she instructs the investigation team that the information provided must be stored and processed securely, and that no identifiable patient information will be published without explicit patient consent.

 

 

 

Related Links

Data Protection Act 1998 Protection and Use of Patient Information

The Information Commissioner’s legal guidance to the Data Protection Act 1998.

NHS Code of Practice on Confidentiality – 2003

 

Leave a Reply

Your email address will not be published.