- Maintaining patient confidentiality includes:
- keeping confidential your patients’ identities and other personal information, and any opinions you form about them in the course of your work
- ensuring that your staff or anyone else attending your clinic in a professional capacity (for example, students of osteopathy, potential students or peers) keep such information confidential
- ensuring that the information is kept confidential even after the death of a patient
- not releasing medical details or information about the care of a patient to anyone – or discussing such information with anyone – including their spouse, partner or other family members, unless you have the patient’s consent to do so (see standard D5(7) and standard D5(8) below)
- taking appropriate measures to ensure that that such information is securely protected against loss, theft and improper disclosure.
- Patients are entitled to obtain copies of their notes and, if such a request is made, you must comply with this in accordance with relevant legislation and good practice.
- You should have adequate and secure methods for storing patient information and records. Patient records should be kept:
- for a minimum of eight years after their last consultation
- if the patient is a child, until their 25th birthday.
- You should have a written policy regarding retention, transfer and disposal of patient information and records, which should include whether it is your practice to retain them beyond eight years, or, in the case of a child, beyond their 25th birthday. Your patients should be made aware of this.
- You should make arrangements for records to continue to be kept safely after you finish practising, or in the event of your death or incapacity. Patients should know how they can access their records in such circumstances.
- You must comply with the law on data protection and associated legislation. For further information on data protection, please refer to the website of the UK Information Commissioner’s Office.
- There may be times when you want to ask your patient if they (or someone on their behalf) will give consent for you to disclose confidential information about them; for example, if you need to share information with another healthcare professional. In that case, you should:
- explain to the patient the circumstances in which you wish to disclose the information, and make sure they understand what you will be disclosing, the person you will be disclosing it to, the reasons for its disclosure, and the likely consequences
- allow them to withhold permission if they wish
- if they agree, ask them to provide their consent in writing or to sign a consent form
- advise anyone to whom you disclose information that they must respect the patient’s confidentiality
- disclose only the information you need to (for example, does the recipient need to see the patient’s entire medical history?).
- In general, you should not disclose confidential information about a patient without their consent; however, there may be circumstances in which you are obliged to do so. Such circumstances might include:
- if you are compelled to do so by order of a court or other legal authority. You should only disclose the information you are required to under that order.
- if it is necessary, in the interests of the patient’s health, to share the information with their medical adviser, legal guardian or close relatives, and the patient is incapable of giving consent.
Management of patient information
Disclosure of confidential information
Disclosure of confidential information without consent
if it is necessary in the public interest. In this case, your duty to society overrides your duty to your patient. This might happen when a patient puts themselves or others at serious risk; for example, by the possibility of infection, or a violent or serious criminal act.