Pin Me

Maintaining the Confidentiality of Patient Records

written by: Profacgillies • edited by: Anurag Ghosh • updated: 7/1/2009

There are both ethical and legal obligations to keep personally identifiable patient information private. The legal framework varies according to your jurisdiction, but the ethical principles are more universal. This article explores the duty of confidentiality in a modern IT-enabled world

  • slide 1 of 2

    The ethical and legal obligations to keep patient information private.

    There are both ethical and legal obligations to keep personally identifiable patient information private. The legal framework varies according to your jurisdiction, but the ethical principles are more universal.

    According to the UK General Medical Council, who are responsible for regulating the medical profession. One of the key responsibilities of a doctor is to “respect and protect confidential information" (source: GMC Standards of Practice). Other professional groups have similar rules. For example, registered nurses and midwifes, must protect confidential information:

    “You must treat information about patients and clients as confidential and use it only for the purposes for which it was given."

    You should seek patients' and clients' wishes regarding the sharing of information with their family and others."

    Source: UK Nursing & Midwifery Council Code of professional conduct

    The first issue arising from these codes is: what constitutes confidential information? Under data protection legislation, all personal identifiable data is subject to protection and all users and organisations holding such information have a duty to keep it private.

    There is also an obligation to use as little patient identifiable data as possible. Wherever possible, non-identifiable data should be used. This is often possible for purposes such as clinical audit, financial and performance management, or research

    However, removing a name and address from a patient record may not be enough to make it truly anonymous data. It may still be identifiable from other factors. For example, it would be difficult to identify a patient from a diagnosis of asthma, as this is very common. However, as we refine the diagnosis, and combine it with other factors such as age gender and ethnicity, we may quickly provide a unique profile of a patient, who could be identified.

    For information which is required to be used in patient identifiable data, consent is required both for the information and the purpose for which it is used. Consider the contents of a highly personal consultation with your doctor. You are quite happy to share it with him or her for the purpose of treating you. You are not giving them permission to use it for gossip over the dinner table that evening with a group of friends.

    However, there are less extreme cases. When a patient discloses private information to their doctor, or another individual clinician, they do not necessarily expect that information to be available to another member of their healthcare team. They may go further and explicitly state that they wish it remain confidential to that individual clinician. In the modern healthcare system, however, care is often a team activity based upon a common electronic medical record, and may require information sharing amongst the team.

    The tradition of the relationship between a patient and their registered GP is very strong in the UK. Most patients would be happy to share more personal information with their own GP than with another clinician. Equally, they would be happier to share it with a clinician who is directly involved in their treatment than one who is not, or a manager who is using the information for a purpose that has a less direct impact upon the care of that patient. This relationship has been undermined somewhat since 2004 by the requirement for UK patients to register with a group of doctors.

    It is currently being further brought into question by the uploading of a summary electronic record to a national IT system known as the national data spine.

    Thus technology is not responsible for the widening of access to sensitive data, but it does make it possible. It also provides a range of safeguards to ensure that only appropriate individuals have access to the summary record.

    There is a clear trade-off between disclosure of information to professional colleagues on a 'Need-to-know' basis and the desire for patient privacy. However, there is a clear principle that patients' consent must be sought for disclosure, and that that consent must be properly informed.

  • slide 2 of 2

    Further Reading

    Data Protection Act (1998) Chapter 29, The Stationery Office, London

    Gillies AC (2006) The Clinicians Guide for Surviving IT, Radcliffe Publishing, Abingdon

    Gillies AC (2008) The legal and ethical changes in the NHS landscape accompanying the policy shift from paper-based health records to electronic health records, Studies in Ethics, Law and Technology, vol 1 no 2 article no 4

Protecting Patient Privacy

As the use of information technology becomes more prevalent in the strorage of patient records, the task of maintaining patient privacy becomes more complex. This series explores the issues, and argues that technology is as much a part of the solution as the problem.
  1. The Duty of Care for Patients' Information
  2. Maintaining the Confidentiality of Patient Records
  3. Patient Privacy in Technologically Facilitated Multi-Agency Care
  4. How to Manage the Risks to Patient Information