Patient confidentiality: when can a breach
be justified?
Matrix refernce 1F01,
K Blightman MBChB FRCA GDL DFMS LLM 1F02, 1F03, 1F05
SE Griffiths BSc MBBS FRCA LLM
C Danbury MPhil FRCP FRCA FFICM
Downloaded from https://academic.oup.com/bjaed/article/14/2/52/271401 by guest on 01 August 2024
Key points Confidentiality is central to the preservation of - have the necessary quality of confidence,
trust between doctors and their patients. The - be imparted in circumstances importing an
Confidentiality is central to
moral basis is consequentialist, in that it is to obligation of confidence,
the preservation of trust
between doctors and their improve patient welfare. There is a wider com- - be disclosed without the permission and to
patients. munitarian public interest in the protection of the detriment of the person originally com-
confidences; thus, preservation of confidentiality municating it,
Patient confidentiality is not
is necessary to secure public health. Failure to - not already be in the public domain,
absolute.
maintain this venerable obligation may result in - be in the public interest to protect it.
Legitimate exceptions are suboptimal treatment (X v Y [1992] 3 BMR 1).
disclosures with patient Enforcement of a legal duty in the UK has to
For centuries, doctors have upheld this ethical
consent, when required by date been relatively weak. Both the GMC and
principle underpinned by the Hippocratic Oath
law and where there is a Department of Health3 provide ethical guidance
public interest. that has been updated by the international com-
for professionals that would nonetheless be
munity assenting to the Declaration of Geneva.
When breaching patient given considerable weighting by the courts or in-
The practice of doctors in the UK is subject to
confidentiality and patient dependently lead to professional disciplinary
the regulatory authority of the General Medical
consent cannot be obtained, action. There has to date been no criminal con-
seek advice from senior Council (GMC) who strongly uphold this profes-
viction of a doctor for breach of confidence, al-
colleagues or a medical sional duty. The British Medical Association
though civil claims in negligence have occurred
defence union and (BMA) advises doctors to consider the benefits
and damages awarded (Cornelius v Taranto
document your reasons of breaching patient confidentiality against the
[2001] 68 BMR 62) when confidence has been
clearly. harmful consequences of damaging the profes-
breached by revealing medical information
sional relationship and risking public trust in a
without explicit consent.
confidential service.1
The NHS has historically had a poor record
However, medical confidentiality is not abso-
K Blightman MBChB FRCA GDL DFMS of data protection. In 1997, the Caldicott Report
LLM lute in modern medicine. There are occasions
was commissioned to provide a framework for
Specialist Registrar when there is a need to breach this idealism. The
the storage and use of patient information as
Royal National Orthopaedic Hospital legitimate exceptions are specified by the
Brockley Hill shown in Table 1. As a result, each NHS Trust
GMC’s professional code of conduct:2
Stanmore has a nominated Caldicott Guardian responsible
Middlesex HA7 4LP - disclosures with consent; for protecting patient confidentiality by ensuring
UK
- disclosures required by law; the Caldicott principles are followed when
SE Griffiths BSc MBBS FRCA LLM - disclosures in the public interest. breaching confidentiality.
Specialist Registrar More recently, a review of information gov-
Royal Marsden Hospital
Fulham Rd
ernance by Dame Fiona Caldicott was commis-
London SW3 6JJ Characteristics of confidential sioned by the government in 2012 to look at the
UK information need to balance the protection and sharing of
C Danbury MPhil FRCP FRCA FFICM patient information in order to improve patient care
The general principles of what is considered
Consultant in Anaesthesia and Intensive in a modern world.
Care and Visiting Fellow in Health Law confidential have been outlined in common law.
Intensive Care Unit A duty of confidence arises when one person
Royal Berkshire Hospital discloses information to another (e.g. a patient
London Road Breaching patient
to a doctor) in circumstances where it is reason-
Reading RG15AN
able to expect that the information be held in
confidentiality
UK
Tel: þ44 1183 228840 confidence. To represent a breach, confidential Inadvertent breaches are potentially common-
E-mail: chris.danbury@nhs.net
(for correspondence) information must: place on wards if medical notes are left visible
doi:10.1093/bjaceaccp/mkt032 Advance Access publication 28 August, 2013
52 Continuing Education in Anaesthesia, Critical Care & Pain | Volume 14 Number 2 2014
& The Author [2013]. Published by Oxford University Press on behalf of the British Journal of Anaesthesia.
All rights reserved. For Permissions, please email: journals.permissions@oup.com
, Patient confidentiality
Table 1 The Caldicott principles for storage and use of personal Table 2 The data protection principles
information
Personal data shall
Justify the purpose of disclosure Be processed fairly and lawfully
Only use patient-identifiable information where absolutely necessary Be obtained only for one or more specified and lawful purposes
Use the minimum necessary patient identifiable information Be adequate, relevant, and not excessive in relation to the purpose or purposes
for which they are processed
Access to personal information should be on a strict need-to-know basis
Be accurate and, where necessary, kept up-to-date
All users and handlers of patient-identifiable data should be aware of their
responsibilities Not be kept longer than necessary
Understand and comply with the law Be processed in accordance with the rights of data subjects
Downloaded from https://academic.oup.com/bjaed/article/14/2/52/271401 by guest on 01 August 2024
Have appropriate technical and organizational measures taken to prevent
unauthorized or unlawful processing of personal data and against accidental loss
or patient consultations and preoperative assessments are conducted or destruction of, or damage to, personal data
in an open environment. The increased use of computerized docu- Not be transferred to a country or territory outside of the European Economic Area
mentation results in faster and wider distribution of information with unless that country or territory has adequate protection for the rights and freedoms of
the data subjects in relation to processing of personal data
an increased risk of unauthorized access.
Unintentional breaches of patient information may occur when
e-mailing colleagues. Data encryption e-mail services must be used
by both the sender and recipient if patient details are communicated networking sites to discuss clinical events, users must be particularly
in this manner to prevent unauthorized interception of messages. mindful to not disclose any identifying information such as the date
NHSmail is the only NHS e-mail service provider that securely and location of the event and also patient-specific details.7
transmits messages and is endorsed by the government and BMA. The circumstances permitting deliberate disclosures will now be
Confidential patient information maintained on personal computers discussed further. The three general principles underlying disclosures
must also be encrypted since password protection can be easily are those with patient consent, those regarding a statutory obligation,
bypassed. and those for which the public interest outweighs the preservation of
Confidential patient documents, including theatre lists, should confidence.
be discarded by paper shredding, while electronic data shredding
should be used when disposing of computer hardware. Photography
Making a disclosure with the patient’s
and video forming part of patient records must be subject to strict
consent
control using only hospital trust equipment, obtaining consent for
the recording and minimizing identification where possible. Images This is the most common reason for revealing confidential details.
of internal organs, pathology slides, or radiographic images can be If the patient expressly consents to disclosure, a doctor is relieved from
taken under the proviso of implicit consent for the investigation or the duty of confidence. Consent may be explicit or implied. Explicit
treatment.4 Put simply, any information, written or electronic, which consent requires active agreement but may be written or oral. It is the
can identify a patient directly or indirectly, is subject to the duty of preferred form as there is no doubt as to what has been agreed and is
confidence. usually required for sharing more sensitive data. The patient must
The Data Protection Act has outlined the principles (Table 2), but have the necessary capacity to consent, that is, understand, retain, and
several incidences of public authorities ‘losing’ personal data show balance the information, and also communicate their decision. This
how poor information governance can be.5 Significant financial penal- can be challenging in the critical care setting when patients are often
ties have been imposed by the Information Commissioner for such sedated or suffering disease processes affecting their conscious level.
breaches, and as such, systems must be in place to secure personal Disclosures made with the patient’s consent are in theory not
data within the healthcare setting. In a recent survey of trainees of all breaches providing the consent is fully informed and freely given.
specialities, anaesthetists were among the least aware of guidelines to Patients should ideally disclose information voluntarily or be in-
protect confidential information.6 In one Trust known to the authors, formed of the disclosure beforehand, and where practicable consent
anaesthetists have been subject to investigation by the Caldicott obtained.
guardian when a theatre list was found in a car park. This could have Other disclosures may be justified on the presumption of implied
resulted in referral to the GMC. consent, when obtaining consent is undesirable or not possible, for
Health professionals must be vigilant to the potential risks of in- example, a sedated patient on intensive care unit (ICU). This may
advertent breaches when using social networking sites such as extend to Independent Mental Capacity Advocates, Lasting Powers
Facebookw, Internet forums, and blogs to communicate either per- of Attorney, or deputies appointed by the courts for decision-making
sonally or professionally. Not only does the duty to protect patient on matters of healthcare. Any decision made on behalf of an individ-
confidentiality extend to the Internet, but libel laws can also apply to ual lacking capacity to disclose should be done so proportionately
inappropriate comments made on these websites. When using social and in their best interests.
Continuing Education in Anaesthesia, Critical Care & Pain j Volume 14 Number 2 2014 53
