The practice is committed to complying with the requirements of the legislation governing patient confidentiality including: Access to Health Records 1990, Caldicott Guidelines 1997, Confidentiality Code of Practice 1998, Data Protection Act 1998 and the current GDC Standards.
For the purpose of this policy, confidential information is defined as all the information that is learnt in a professional role including personal details, medical history, what treatment a patient is having and how much it costs. The definition of personal details includes, but is not limited by, such details as name, age, address, personal circumstances, race, health, sex and sexual orientation, etc. Note that even the fact that a patient attends the practice is confidential. Confidential information may be supplied or stored on any medium including images, videos, health records, and computer records or may be transmitted verbally.
All staff members must be aware of their responsibilities for safeguarding patient confidentiality and keeping information secure and must have received appropriate training on the legislation requirements and the current GDC Standards to ensure that:
- No personal information given or received in confidence is passed on to anyone else without the patient's prior consent. To obtain consent a patient is advised what information will be released and why and the likely consequences of the information release. The patient is given an opportunity to withhold their permission to share information, unless exceptional circumstances apply, and record is made on their notes of whether or not they gave their permission
- If a patient consents to sharing information about them the team member will ensure that all recipients of the information understand that it is confidential
- If it is not necessary for a patient to be identified, they will remain anonymous in any information released
- If a patient's information or images are used for research or marketing the team member will advise the patient how these will be used, check that the patient understands what s/he is agreeing to, obtain and record the patient's consent to their use and only release the minimum information for the purpose. The patient will be advised that s/he can withdraw permission at any time
- The duty to keep information confidential also covers originals and copies of a patient's photographs, videos or audio recordings, including those made on a mobile phone. No images or recordings will be made without the patient's permission
- Patient information is kept confidential even after death
Before releasing information without the patient's permission, an effort is always made to either convince the patient to release the information himself or herself or give the practice permission to do so, with the details of the discussion fully documented in the patient record. If obtaining consent from a patient is not practical or appropriate or if the patient will not give their permission, the team member will obtain advice from their professional indemnity organisation before releasing it.
A patient's information will only be released without their prior permission in the following exceptional circumstances:
- It is in the best interests of the public or the patient and the information released could be important in preventing or detecting a serious crime
- If a team member has information that a patient could be at risk of significant harm or may be a victim of abuse, in which case the appropriate care agencies or the police will be informed
- If a team member is required to disclose information by a court or a court order, in which case only the minimum amount of information necessary to comply will be released
The practice treats breaches of confidentiality very seriously. No team member shall knowingly misuse any confidential information or allow others to do so. Failure to comply with this policy may result in disciplinary action.
This policy should be read in conjunction with the Information and Communication Policy (M 233-IAC), the Social Media Policy (M 233-SMD ) and the Information Governance Procedures (M 217C).
Data Protection Policy
The practice is committed to complying with the Data Protection Act 1998 and the GDC Standards by collecting, holding, maintaining and accessing data in an open and fair fashion.
The practice only keeps relevant information about employees for the purposes of employment, and about patients to provide them with safe and appropriate dental care. The practice does not process any relevant 'sensitive personal data' without prior informed consent. As defined by the Act, 'sensitive personal data' is that related to political opinion, racial or ethnic origin, membership of a trade union, the sexual life of the individual, physical or mental health or condition, religious or other beliefs of a similar nature. Sickness and accidents records are also kept confidential.
Hard copy and computerised records are stored, reviewed and updated securely and confidentially. Records are are securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it and the team are trained on our policies and procedures to keep patient information confidential.
To facilitate patients' health care, the personal information may be disclosed to a doctor, health care professional, hospital, NHS authorities, HMRC, the Benefits Agency (when claiming exemption or remission from NHS charges) or private dental schemes of which the patient is a member. In all cases only relevant is shared. In very limited cases, such as for identification purposes, or if required by law, information may have to be shared with a party not involved in the patient's health care. In all other cases, information is not disclosed to such a third party without the patient's written authority.
All confidential information is sent via secure methods. Electronic communications and stored data are encrypted. All computerised clinical records are backed up and encrypted copies are kept off-site.
No information or comments about patients are posted on social networking or blogging sites.
Criminal record check information is kept securely in a lockable, non-portable storage cabinet with access strictly controlled and limited to persons who need to have access to this information in the course of their duties.
Access to records
Patients and team members can have access to view the original of their records free of charge. Copiesof patient or team member records are provided following a written request to the [Practice Manager] together with a payment of [£10] for a copy of computerised records or [£25] for a copy of paper records, x-ray copies are charged at the current cost of taking x-rays at the practice. The requested copies will be provided within 40 days. An employee or a patient may challenge information held on record and, following investigation, should the information be inaccurate the practice will correct the records and inform person of the change in writing.
This policy should be read in conjunction with Confidentiality Policy (M 233-CON), and the Information Governance Policy (M 217B).