Requirement

The NHS Confidentiality Policy and the NHS Confidentiality Code of Practice state that all staff working in the NHS are bound by a legal duty of confidence to protect personal information they may encounter during their work. This is not purely a requirement of their contractual responsibilities; it is also a requirement within the common law duty of confidence.

NHS Confidentiality Code of Practice

All staff are to adhere to the principles of confidentiality outlined in the NHS Confidentiality Code of Practice:
·         Person-identifiable or confidential information must be effectively protected against improper disclosure when it is received, stored, transmitted or disposed of

·         Access to person-identifiable or confidential information must be on a need-to-know basis 

·         Disclosure of person-identifiable or confidential information must be limited to the purpose for which it is required 
·         Recipients of disclosed information must respect that it is given to them in confidence

·         If the decision is taken to disclose information, that decision must be justified and documented 
·         Any concerns about the disclosure of information must be discussed with a line manager 

·         Patients are to be informed of the intended use of their information and Warley Road Surgery will adhere to the detailed requirements shown at Annex A to the  code

Warley Road Surgery will ensure that the requirements within the above Code of Practice are strictly followed, and that staff will immediately report any breaches of confidence or potential risks to the Caldicott Guardian or IG Lead.

Non-disclosure of information

All employees must adhere to the clauses outlined in their individual contract of employment in relation to confidentiality, data protection and intellectual property.

Breach of confidential information

 Any breach of confidentiality will be managed in accordance with Warley Road Surgery’s Information Governance Breach Reporting Policy.

Disclosing information

The GMC offers guidance in the document titled Disclosing patients’ personal information: a framework. Supporting information can also be found in the organisation’s Consent Guidance.

Protecting information under the Gender Recognition Act

Section 22 of the Gender Recognition Act 2004 states that it is an offence for a person who has acquired protected information in an official capacity to disclose the information to any other person.

This is classified as protected information and is defined in Section 22(2) as information relating to a person who has applied for a Gender Recognition Certificate (GRC) under the Act, and which concerns that application (or a subsequent application by them) or their gender prior to being granted a full GRC. 

While Section 22 is a privacy measure that prevents officials from disclosing that a person has a trans history, there are exemptions for medical professionals as detailed within Statutory Instrument 2005 No.635 (Section 5) provided all the following circumstances apply:

·         The disclosure is made to a health professional

·         The disclosure is made for medical purposes; and

·         The person making the disclosure reasonably believes that the subject has given consent to the disclosure or cannot give such consent

As a precautionary measure, it is good practice to apply the Section 5 criteria to all disclosures of information about the trans status of a patient. Furthermore, patients should never be asked to produce a GRC to ‘prove’ their trans status

Confidentiality and non-disclosure agreement

All persons engaged to work for and on behalf of Warley Road Surgery will be required to sign the confidentiality and non-disclosure agreement to be found at Annex A. A signed copy will be held on the individual’s personnel file. Visitors to Warley Road Surgery will also be expected to sign the organisation’s third-party confidentiality agreement incorporating fire safety and risk awareness for visitors.

National data opt-out

The national data opt-out or (NDO-O) is a service that allows patients to opt out of their confidential patient information being used for research and planning. Additional information can be found in the National data opt-out guidance.

Abuse of privilege

As detailed in the NHS Confidentiality Policy, it is strictly forbidden for employees to knowingly browse, search for or look at any personal or confidential information relating to themselves, their own family, friends or other persons without a legitimate purpose. Action of this kind will be viewed as a breach of confidentiality and of the Data Protection Act 2018, and disciplinary action may be taken.