Purpose of Document

The purpose of this document is to ensure all staff members at the practice are aware of their legal duty to maintain confidentiality, to inform them of the processes in place to protect personal information, and to provide guidance on disclosure obligations.

Introduction

Everyone working for the practice or elsewhere within the business is under a legally obligated to keep patients’ personal information confidential. Patients who believe their confidence has been breached may make a complaint to the practice, and they could take legal action or report it to the ICO. In the case of a registered dental professional, the patient could also make a complaint to the General Dental Council, which, in worst-case scenarios, may end in erasure from the GDC register.

This policy is concerned with protecting personal information about patients, although its content would apply equally to staff personal or business-sensitive information.

Personal information is data in any form (paper, electronic, tape, verbal, etc.) from which a living individual could be identified, including:

• Name, age, address, and personal circumstances, as well as sensitive personal information like race, health, sexuality, etc.

• Information regarding appointments

• Information regarding medical histories

• Information regarding finances, including any bad debts.

Although the Data Protection Act 2018 is only relevant to the personal information of living individuals, this code also covers information about deceased patients. This policy applies to all staff, including permanent, temporary, and locum staff members.

Confidentiality:

Under the Data Protection Act 2018 and UK GDPR, dental practices must keep personal data about their patients safe and secure and ensure it is only accessed by persons who need to see it for the purposes of providing safe, effective care. Registered dental professionals have an ethical and legal duty to keep all patient information confidential.

Dental practices are also required to ensure that they do not ‘advertise’ to other patients or the public that a particular person is a patient of the practice or that they have had appointments or have appointments due. This means that day lists, appointment cards that identify the patient and record cards must not be seen by other patients in the practice. It is also important that confidential telephone calls that name a particular patient are not held in earshot of other patients. Messages should not be left with a 3rd party confirming or cancelling appointments.

Caldicott Principles

The Caldicott Principles are the guidelines for ensuring people's information is kept confidential and used or shared appropriately within a healthcare setting.

All NHS organisations must have an appointed Caldicott Guardian. This won't apply to most dental practices, although there should be someone within the practice who is responsible for ensuring patient information is kept confidential and shared appropriately when required.

The Caldicott Principles

• Principle 1: Justify the purpose for using the confidential information.

• Principle 2: Use confidential information only when it is necessary

• Principle 3: Use the minimum necessary confidential information

• Principle 4: Access to confidential information should be on a strict need-to-know basis

• Principle 5: Everyone with access to confidential information should be aware of their responsibilities

• Principle 6: Comply with the law

• Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality

• Principle 8: Inform patients and service users about how their confidential information is used.

Disclosing Patient Information

Personal information relating to a patient should only be shared with third parties where the patient has given consent or in exceptional circumstances (GDC Standards 4.3).

Examples of where information may be shared without consent include:

• In safeguarding concerns, where it is not possible to gain consent, and a referral needs to be made to the local authority or to the police.

• Where information has been ordered by a court or by a coroner, where a court order has requested information, only the minimum amount of information should be disclosed.

Before disclosing information to third parties where consent has not been obtained, you are advised to contact your indemnity provider.

The Importance of Confidentiality

The relationship between clinician and patient is based on the understanding that any information revealed by the patient to the clinician will not be divulged without the patient’s consent.  Patients have the right to privacy, and it is vital that they give clinicians full information on their state of health to ensure that treatment is carried out safely and effectively.  The intensely personal nature of health information means that many patients would be reluctant to provide the clinician with information if they felt the information would be passed on. 

Care must be taken to ensure that confidentiality is never breached, even to the most minor degree, in the use of social media or websites (GDC Standards 4.2.3).

Recognise Your Obligations

A duty of confidence arises out of the common law duty of confidence, employment contracts and for registered dental professionals, it is part of their professional obligations. Breaches of confidence and inappropriate use of records or computer systems are serious matters that could result in disciplinary proceedings, dismissal ,and possibly legal prosecution.

So, make sure you do not:

• Put personal information at risk of unauthorised access.

• Knowingly misuse any personal information or allow others to do so. Access records or information that you have no legitimate reason to look at.

• This includes records and information about your family, friends, neighbours and acquaintances.

GDC Standards Guidance

Dental care professionals have an ethical and legal duty to ensure they are familiar with and comply with the GDC’s standards and guidance. All practice team members must also follow this guidance and ensure patient confidentiality. Copies of this publication in full are available as PDF downloads from the GDC’s website www.gdc-uk.org

4.2  You must protect the confidentiality of patients’ information and only use it for the purpose for which it was given.

4.2.1 Confidentiality is central to the relationship and trust between you and your patients. You must keep patient information confidential. This applies to all the information about patients that you have learnt in your professional role, including personal details, medical history, what treatment they are having and how much it costs.

4.2.2 You must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times.

4.2.3 You must not post any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice , you must be careful that the patient or patients cannot be identified.