Whatever in connection with my professional practice or not in connection with it I see or hear in the life of men which should not be spoken of abroad I will not divulge as reckoning that all such should be kept secret

(Hippocratic Oath, C5 BC)




GPs and practice staff have a legal, professional and moral duty to ensure that confidentiality of patient information is maintained.  Any information held about patients must be factual, consistent and accurate, and recorded in line with the Recording of Patient Information Policy.

At St Paul’s we aim to follow the NHS Confidentiality Model, which is to:

  • PROTECT – keep patient information secure
  • INFORM – ensure patients know how information held about them is used
  • PROVIDE CHOICE – allow patients to decide whether their information can be disclosed or used in particular ways within the restrictions of the law
  • IMPROVE – on all of the above

Patients should be able to:

  • Understand the reasons for processing personal information about them
  • Give consent for the disclosure and use of personal information
  • Gain trust in the way the NHS handles information, and
  • Understand their rights to access information held about them.

The following precautions and procedures must be observed by all St Paul’s GPs and employees, locums, contractors, attached, visiting, community, Trust and voluntary workers, students, trainees and work-experience placements.  The policy must be read in conjunction with the:

  • Subject Access Request policy
  • IMT & IG policy


1:1 – Disclosure of information to the patient

1:1:1    Patients have a legal right to view and have copies of entries in their paper-based and/or computer held records, and to have these explained to them.  The process for dealing with such requests is given in the Subject Access Request policy.

1:1:2    Patients may ring or call in to find out the results of investigations etc.  Staff members may give the result to the patient AS INDICATED BY THE DOCTOR’S NOTES ON THE SCREEN, provided they have first confirmed the patient’s date of birth and are satisfied that they are speaking to the patient personally (or appropriate representative – see 1:3).

1:1:3    If a staff member needs to contact a patient to inform them of test results or arrange an appointment and is unable to do so by ‘text message or telephone, a letter must be sent to the patient’s home address, clearly marked with the patient’s name and annotated ‘Private and Confidential’.

1:1:4    Staff must be mindful of potential communication difficulties for example if the patient has little English, has a learning disability or a sight or hearing deficiency.  Every effort must be made to ensure the patient can fully understand the information being disclosed to them, and it may be appropriate on occasion to recommend the assistance of an interpreter, representative or advocate.  A loop system is in operation for patients with hearing aids.

1:1:5    If a patient wishes to speak to an admin staff member privately, the staff member should inform a manager so that cover can be arranged, and take the patient to a vacant consulting room, provided also that is no indication that this could cause a safety risk to the staff member.  The staff member must ensure that he/she knows the location of the panic alarm within the consulting room and that the manager knows which room is to be used and the name of the patient.  If there is a risk to the staff member, he/she must not see the patient alone.

1:1:6    Access is available for patients to view their problems, medications and investigations online.  They must register for online access via one of the available applications and provide a form of photographic identification (unless using the NHS App as their identification has already been verified) for admin to grant permission on EMIS Web.   If the patient wants full access to all their medical records a manager will be informed and the records checked to redact any information that could breach another person’s confidentiality, cause harm to the patient or risk leading to harm to others.  Permission to give access to redacted notes will be sought from the patient’s GP and if granted patient access will be opened for access to all records.

1:2 – Disclosure of information to other healthcare workers

1:2:1    There is a legal basis under GDPR to share information with healthcare providers who are CURRENTLY and DIRECTLY involved in that’s patient’s care.

1:2:2    Local data-sharing agreement allow services such as Extensive Care and Out of Hours services (111 via FCMS) to access the patient record when required to provide health care or advice to the patient.

1:2:3    Patients may prohibit information being disclosed to other healthcare professionals.  Their wishes must be respected wherever possible, but they must be informed about and understand the implications of their decision for the provision of care or treatment.  The same considerations relating to communication difficulties as listed in 1:1:3 must be made.

1:2:4    It may be necessary to give information about a patient to healthcare workers without consent if they are likely to be at particular risk in dealing with the patient, for example if the patient is mentally unstable, violent, or a carrier of a serious contagious disease.

1:2:5    There is a legal basis under GDPR to share about a patient with health and social care staff or the police without consent if there is a risk to or from the patient under child and adult safeguarding procedures or in the interests of serious crime investigation.

1:2:6    Passing confidential information to a healthcare worker about a patient when there is NO risk to the worker and they are NOT directly involved in the patient’s care is NOT permissible.

1:2:7    Information about named patients must NOT be discussed by reception or other non-clinical staff unless there is a risk to their safety.  Individual patient cases are not to be the subject of casual conversation.

1:3 – Disclosure to family or others

1:3:1    Medical information, including test results etc, may only be divulged to a relative, friend or advocate if the patient has given explicit consent in writing or in person, or the requester has a legal right to the information as described in the Subject Access Request policy.

1:3:2    Particular care must be taken when a parent or guardian requests information about a child.  Refer to the Subject Access Request policy for guidance.

1:3:3    Confidentiality extends beyond the grave.  There are restrictions on who may request information from deceased patients’ records – refer to the Subject Access Request policy

1:3:4    Staff must check with the Caldicott Lead or a manager before divulging information if there is any doubt about the requester’s right to the information – see the Subject Access Request policy

1:4 – Disclosure to health authorities, hospitals, etc

1:4:1    Enquiries from hospitals to confirm a patient’s personal details can usually be answered.  If there is any doubt about the authenticity of the request, take the caller’s number and ring them back.

1:4:2    IOS or enhanced services claims may require details of patients, including the NHS number, and the procedures carried out.  Staff must comply with the procedures and avoid giving confidential information unnecessarily to health providers or authorities.

1:4:3    Explicit patient consent is NOT required where mandatory notification of infectious diseases is required.

1:4:4    Patients must be informed that their records may be subject to inspection by health authority officers for the purposes of practice quality control or claims verification.

1:4:5    Great care must be taken when accessing patient details and processing referrals through Choose & Book and any of the Care Records Service functions as they come on-line.

1:5 – Disclosure to third parties

1:5:1    See the Subject Access Request policy for full details

1:5:2    The decision of whether or not to disclose must be made by a GP or a manager, preferably after discussion with the Caldicott Guardian or at least one colleague and if necessary, the medical defence body.


2:1       Under the Children Act, any COMPETENT young person, regardless of age, can independently seek medical advice, give valid consent for medical treatment and expect the same standards of confidentiality as an adult.  Confidentiality must be maintained in these cases in the same way as would be the case for an adult, and with the same exceptions.

2:2       A young person is deemed to be competent to consent to advice or treatment provided the Fraser guidelines (1985) have been satisfied.  Although these have been worded in terms of a doctor giving specifically contraceptive advice and treatment, they should be applied to any healthcare professional giving any healthcare advice or treatment.  The criteria are shown below:

  • The young person understands the doctor’s advice
  • The doctor cannot persuade the young person to inform his/her parents or allow them to be informed
  • The young person is very likely to begin or continue having intercourse with or without contraceptive treatment
  • Unless he/she receives contraceptive advice or treatment the young person’s physical or mental health or both are likely to suffer
  • The young person’s best interests require the doctor to give contraceptive advice, treatment or both without parental consent.

2:3       People will seek health advice more willingly if they can trust that their consultations and treatment will be kept confidential.  This is particularly true for teenagers and young people aged under 16 years who may need advice on any clinical issue, but may be particularly reluctant to discuss sensitive issues such as sexual health and contraception, pregnancy, termination, depression, self-harm, addiction and substance abuse, etc.

2:4       Care must be taken when communicating with young patients by home telephone or post if there is a risk that the information may be heard/seen by another person.  A secure or acceptable means of communication should be agreed with the young person at the time of the consultation wherever possible.

2:5       Patients should be assured that their confidentiality will be maintained by providing information via the practice website, leaflet and information in the waiting room.

2:6       If the healthcare provider considers the young person to be incapable of giving consent because of immaturity, illness or mental capacity, they should encourage the young person to allow an appropriate adult to be involved in the consultation.  If they refuse and the healthcare provider is convinced that it is essential in their medical interests, he/she may disclose relevant information to an appropriate person or authority.  In such cases, the patient must be informed before disclosure, and where appropriate, the views of an advocate or carer sought.  All the steps taken must be documented in the patient’s medical record.


3:1 – Lloyd George (manual) records

3:1:1    Lloyd George notes must not be left accessible to unauthorised users and all storage cabinets must be locked when not in use and when the Medical Centre is closed.

3:1:2    Medical records must not be taken home.  Home visit print-outs must not be left in practitioners’ cars or homes, from where they could be stolen or seen by others without the patient’s consent.

3:1:3    Patients/visitors to the practice must not be left unaccompanied in rooms where medical records could be accessible, for example in consulting rooms, reception or other offices.  Documents containing patient identifiable data must be locked away when not in use.

3:1:4    Test result slips, hospital letters, etc must not be left on the reception desks where they might be seen by people at the counter.

3:1:5    Any rooms containing medical records must be locked when unoccupied.

3:1:6    All reasonable steps must be taken to avoid unauthorised access to the medical records.  For example, the reception area should not be left vacant while patients or visitors to the practice are on the premises.

3:1:7    People who are seen within the surgery who cannot be identified as a genuine patient or visitor with grounds to be on the premises must be challenged, provided this can be done safely without risk of harm to the staff member.

3:1:8    A manager must be informed immediately if any medical records are lost or stolen or if there is believed to have been a breach of confidentiality.

3:2 – Computer records

3:2:1    All security measures described in the IMT & IG policy must be adhered to.

3:2:2    Patients or others must not be left unaccompanied in rooms where they could access computer information.  It is necessary to log off or lock the computer when leaving a room for a period of time.

3:2:3    Logins and passwords must not be shared.  Refer to the IM&T and IG policy for further details on using the computers and computer held information.

3:2:4    Computer screens showing information about patients must be positioned to avoid other patients seeing the screen.

3:2:5    Data must be wiped before a computer, photocopier, fax machine, scanner or other equipment capable of storing information is decommissioned or destroyed.

3:2:6    Smart cards, passwords and mobile devices must be stored securely to prevent access by unauthorised users in line with the IMT & IG policy.

3:2:7    Loss of smart cards or mobile devices must be reported immediately to the manager.


4:1 – Verbal transmission

4:1:1    Assuming justification/consent for disclosure has been established, information must be transmitted accurately, effectively and securely.

4:1:2    Discussion with or about patients must not take place within hearing of potential eavesdroppers.

4:1:3    When on the telephone, the identity of the patient to whom you are speaking must not be made explicit if you are within earshot of the waiting room.

4:1:4    Messages must NOT be left on patients’ answering machines or with relatives.  If unable to contact a patient by ‘phone results/information must be sent by post marked private and confidential.

4:1:5    Particular care must be taken when contacting competent patients aged under 16.  Ways in which to contact them confidentially should be agreed with them in advance wherever possible.

4:1:6    Patient enquiries at the reception counter must be answered discreetly, so that other patients cannot overhear.  If the information is particularly sensitive, or if the patient wishes to speak to the receptionist privately, they should be taken to a vacant room.

4:1:7    The practice has a loop system, which can be used to assist patients with hearing aids to hear clearly without the need for the receptionist or practitioner to speak loudly.

4:1:8    Personal information may be texted to patients by prior arrangement with the patient provided they have given permission and updated their mobile ‘phone number each time such an arrangement is made.

 4:2 – Written information

4:2:1    Envelopes must be marked private and confidential when writing to patients.

4:2:2    Letters, forms or other information must not be left where other patients or visitors could see them.

4:2:3    Confidential information awaiting disposal, including repeat prescription slips, must be placed in the confidential waste disposal bins


5:1       All new staff must receive training in Confidentiality and the application of this policy as part of their induction.

5:2       All staff members are required to keep their knowledge about confidentiality and consent up-to-date in line with the mandatory training programme and their role within the practice.  Training resources are available on the Bluestream Academy website.


6:1       Clinical audit is a valid use of patient information.  Individual consent is not required unless direct patient feedback is involved.  However, if consent has not been sought, personally identifiable information about participating patients must NOT be included in the write up or discussion.

6:2       Medical or personal information about patients or staff that a staff member has become aware of from a source outside the Medical Centre must be treated confidentially, as others may perceive disclosure of such information to be a breach of confidentiality from the Medical Centre.  Disclosure of such information will be treated as a breach of confidentiality from a disciplinary point of view.

6:3       Personal information about staff members including telephone numbers must NOT be disclosed to enquirers.

6:4       All contractors visiting the site must sign the visitors’ register and complete a confidentiality agreement prior to commencing work on-site.

6:5       If it is believed that a breach of confidentiality may have occurred, whether deliberate or accidental, the practice a manager must be informed immediately, so that investigation and action can be put in place to protect the patient’s information as far as possible.  Advice should be sought from the medical defence body if necessary.

6:6       Any queries about this policy must be directed to the practice business manager.

6:7       Clarification about the disclosure of information in a particular situation can be sought from a manager or the Caldicott Lead.

6:8       Patients must be informed about confidentiality and the use of their records in the practice patient information leaflet, poster in the waiting room and via privacy notices on the website.

6:9       Copies of this policy may be given to patients under the Freedom of Information Act.

6:10     The practice must periodically assess its performance against the principles of the Data Protection Act, GDPR and the Caldicott Committee recommendations.


Public authorities including the NHS are obliged to comply with Administrative Law, which requires them to act intra vires (within their lawful powers).

Confidentiality is covered by various professional regulations, including the GMC, IHM and NMC Codes of Conduct, the common law duty of confidentiality and the NHS codes of practice for Confidentiality and Records Management.  In addition, the NHS Care Record Guarantee for England and HSC 1999/012 require the highest standards of patient confidentiality to be maintained.  Aspects of the holding and disclosure of personal and medical information are also protected by statute within the following legislation:

  • Abortions Regulations 1991
  • Access to Health Records Act 1990
  • Access to Medical Reports Act 1988
  • Caldicott Committee 1997
  • Children Act
  • Computer Misuse Act 1990
  • Crime and Disorder Act 1998
  • Data Protection Act 1998
  • Freedom of Information Act 2000
  • Health and Social Care Act 2001
  • HSC 1999/012
  • Human Fertilisation & Embryology Act 1990
  • Human Rights Act 1998
  • Mental Capacity Act 2005
  • NHS Venereal Diseases Regulations 1974
  • Public Health (Control of Diseases) Act 1984
  • General Data Protection Regulations


 Personal Data – Information about living, identifiable individuals, e.g. name and address etc.  Statements of fact/expressions of opinion about an individual and information about the data controllers’ intentions towards them are personal data.

 Processing – Processed by computer or other technology such as document image-processing systems.  Processing also includes obtaining, storing & disclosing data.

 Manual Records – Information that is recorded as part of a ‘relevant filing system’ (e.g. Lloyd George), where records are structured either by reference to individuals or by reference to certain criteria, so that specific information relating to individuals is readily available (e.g. disease registers).

 Data Users – Those who control the contents & use of a collection of personal data.

 Data Controller – Those who determine the purposes and manner in which any personal data are processed i.e. St Paul’s Medical Centre

 Health Records – Record that relates to the physical or mental health of an individual, which has been made by or on behalf of a health professional in connection with the care of that individual.

 Sensitive Personal Data – Information relating to:

  • Racial/ethnic origin of the subject
  • Political opinion
  • Religious or other similar beliefs
  • Trade Union membership
  • Physical/mental health or condition
  • Sexual life
  • Commission or alleged commission of any offence
  • Details of any proceedings for any offence/alleged offence


Records containing personal information should…

  • Be obtained and processed lawfully and fairly.
  • Be obtained for only one or more specified and lawful purpose and not used for anything incompatible with that purpose.
  • Be adequate, relevant and not excessive in relation to the purpose for which they are held.
  • Be accurate and, where necessary, up to date.
  • Be held for no longer than is necessary for the purpose for which they are held.
  • Be processed in accordance with the rights of data subjects under this Act.
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing and against accidental loss or destruction or damage to personal data.
  • Not to be transferred to a country outside the EU unless that country ensures an adequate level of protection for the rights and freedoms of data subjects.


  • Justify the purpose – every proposed use/transfer of patient identifiable information should be clearly defined and scrutinised, with continuing users regularly reviewed by an appropriate guardian.
  • Do not use patient identifiable information unless it is absolutely necessary.
  • Use the minimum necessary patient identifiable information.
  • Access to patient identifiable information should be on a strict need to know basis.
  • Everyone should be aware of their responsibilities.
  • Understand and comply with the law.
  • The duty to share information can be as important as the duty to protect patient confidentiality


  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase or ‘the right to be forgotten’
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision-making and profiling

 DoH Standards of Information Handling (HORUS)

Information must be:

  • Held securely and confidentially
  • Obtained fairly and efficiently
  • Recorded accurately and reliably
  • Used effectively and ethically
  • Shared appropriately and lawfully

Caldicott Audit completed _______________________ (date)

Data Protection Register No:              Z5620272 (SPMC)      

Data Protection Security No:              10230267 (SPMC)     

Signed ______________________________            Date _______________

Dr R Straker- Bennett

Guardian of Confidentiality