Navigating the Confidentiality Maze
DENTAL BULLETIN, ISSUE 49
Principle 4 of the GDC outlines the standards expected of dentists in collecting and protecting a patient’s personal information. Confidentiality is central to the doctor/patient relationship, and there is a clear obligation upon all medical professionals to keep personal details, medical history, treatments and the costs associated with it private.
So in what circumstances, if any, is it permissible to disclose a patient’s confidential information?
If your patient requires a referral to another medical professional, as a general rule it will only be possible to make that referral with the consent of the patient. It must be made plain to the patient the reasons why the information will be disclosed, the extent of the disclosure and what the consequences might be of releasing the information. The patient must be given a clear opportunity to refuse consent. All referrals should be clearly marked as confidential.
Releasing confidential information in Exceptional Circumstances:
In very limited circumstances, a dentist can release confidential information about a patient, and can only be done if it is in the best interests of the patient or the public to do so. For example, if a patient is a risk to themselves or others, then a dentist may be able to release confidential information. However, every effort should be taken to obtain patient consent to either release the information themselves, or allow the dentist to do so.
However, there are circumstances where it is not possible or practical to obtain consent; for example where a serious crime is about to be committed. In those circumstances it would be advisable to seek legal advice before acting.
When a complaint is made:
The situation is much clearer when a patient makes a complaint to the GDC or instructs a lawyer to seek compensation for clinical negligence. A letter of impending action from a lawyer should explicitly advice the dentist to contact their indemnity insurer, thus implicitly giving patient consent for their information to be shared with the dentist’s legal representatives. Similarly, when a patient makes a formal complaint to the GDC regarding their dentist’s activity, the GDC obtain the consent of the individual to disclose the details of the complaint to the dentist, and by implication their legal advisors or union representatives.
When a complaint is made to a dentist directly, can the patient’s confidential information be provided to the indemnity insurers or union representatives? Patient’s consent should be obtained before their confidential information is passed to insurers, or for the purpose of obtaining legal advice regarding a complaint. Dentists should consider carefully whether it is in fact necessary to provide any confidential information for the purposes of seeking advice. Practices should consider including in their complaints procedure the fact that when a formal complaint is made it may be necessary to provide information regarding their healthcare to indemnity insurers or legal advisors. The policy should confirm that information will only be used for the purposes of dealing with the complaint and that any information will be kept confidential by those bodies. Patients should be invited to contact the practice if they do not want any information shared. If a patient refuses consent, it should be made clear that this may result in the dentist not being able to fully respond to the complaint that has been made. When information is provided to lawyers or insurers it should be clearly marked as confidential.
Research and Articles:
There are numerous publications and on line forums that allow clinical work to be showcased. Whilst formal publications have clear guidelines as to the anonymisation of patients in articles and research, on line forums are less meticulous. The urge to post an impressive clinical case on Facebook appears to be overwhelming to some; however, the requirements of confidentiality persist even if it is shared with a select few. If you are going to use patient information or photographs for any reason, including for teaching and research purposes, it is essential to obtain that patient’s consent, explain to them how the images are going to be used and ensure that they understand exactly what they are agreeing to. Best practice is to obtain consent in writing, and retain that consent with the patient’s records. It should be made clear to the patient that their consent can be withdrawn at any time.
Even where there is no way a patient can be identified, if for example the dentist is relying on an image of the inside of a tooth, then it is still best practice to obtain patient consent. If consent is not obtained then extra care should be taken to ensure that a patient cannot be identified. Remember, confidentiality is paramount.
The growing trend of selfie taking whilst sitting in the dentist’s chair is a potential minefield. Just because a patient has shared the image on line, this does not necessarily equate to their consent for the image to be used for marketing purposes. If in doubt, get the patient’s agreement in writing.
It is now common place for CCTV cameras to be installed within many businesses. If CCTV cameras are installed externally, then signs warning patients of their presence must be clearly visible; it should be made clear if cameras have audio capabilities.
Extreme caution should be exercised when installing cameras in reception and waiting room areas, where patients are being asked to complete medical history forms, or where there is the potential for confidential medical information to be disclosed. There have also been concerns raised over the installation of CCTV cameras in treatment rooms. Practice principles have justified this decision on the basis that it was in response to allegations of misconduct by staff members. However, the unintended consequence was that patients were being recorded during private consultations. Again it should be made absolutely clear to anyone who enters a practice where and why cameras are in operation. However any data recorded by those cameras must be treated and secured in the same way as confidential medical information.
What rights to patients have to information relating to their own treatment?
Whilst a patient does not own their own notes, they do have the right to access them under the Data Protection Act. A request for patient information must be made in writing, and whilst there is no prescribed format for these requests, practices would be well advised to have a pro-forma document that deals specifically with requests of this type. For more information on dentist’s obligations under the Data Protections Act and registration with the Information Commissioners Officer, read our Dental Bulletin issue 31.
When dealing with confidential patient information exercise extreme caution. Ensure that wherever possible, before any disclosures are made that the patient has provided full written consent to the disclosure of the information, and it is clearly set out what the information will be used for. If in doubt, don’t disclose.
If you have any concerns about confidentiality, if or when to disclose confidential information, or would like to discuss any of the information contained in our dental bulletins, please contact Julia Furley on 020 7388 1658, or email her at email@example.com.
If you find this article interesting, please like, comment and share it!
Julia Furley, Senior Barrister
Please note that the information contained in this article was correct at the time of writing. There may have been updates to the law since the article was written, which may affect the information and advice given therein.