Duty of Care and Patient Privacy and Information: 5 Principles Every Health Professional Should Use

Page content

Duty of Care: Information and Patients

All health care professionals have a duty of care to their patients. In our increasingly technological world, this duty of care extends to looking after patients’ information as well as the patients themselves to protect their privacy. The traditional view of doctor-patient confidentiality is inadequate for the modern world which is characterised by multi-professional and inter-agency team working. Much of this is facilitated by information technology.

In the UK, the protection of information has been gathered under a banner of “information governance”

According to the NHS in Scotland, the main aim of information governance is to “support the provision of high quality care by promoting the effective and appropriate use of information.”

Information Governance is guided by five basic principles on the protection and use of patient information guidance from the UK Department of Health:

  • Don’t use patient information unless absolutely necessary.

  • Use the minimum necessary.

  • Access on a strict need-to-know basis.

  • Be aware of responsibilities.

  • Understand and comply with the law.

It is not specifically an IT issue. However, the increased adoption of IT and clinical staff’s occasional unfamiliarity with it can raise particular governance issues. It makes it easier to store and distribute information for better for worse. There is a common view that information governance was invented because of computers. In reality, the use of IT forced the UK NHS to consider many issues that it should have addressed many years before. You may like to think of IT as a barium meal for information governance. Increased use of technology may reveal existing challenges in governance.

The problems of information governance outside of computers were highlighted in public inquiries into scandals at hospitals in Bristol and Liverpool. These cases highlighted a traditionally paternalistic attitude to the use of patient information. In both cases, whilst the key requirement was a change in culture and attitude, IT is offered as part of the solution providing ways of supporting new systems and ways of working.

However, legal obligations go further. Throughout Europe, national legislation is based upon the 1996 European Data Protection Directive which requires all people and organisations holding personal data to keep it safe and in accordance with a strict set of rules.

Further Reading

Data Protection Act (1998) Chapter 29, The Stationery Office, London

Gillies AC (2006) The Clinicians Guide for Surviving IT, Radcliffe Publishing, Abingdon

Kennedy, I (2001) The Report of the Public Inquiry into children’s heart surgery at the Bristol Royal Infirmary 1984-1995: Learning from Bristol, The Stationery Office, London

Redfern, M (2001), The Report of the Royal Liverpool Children’s Inquiry, The Stationery Office, London

This post is part of the series: Protecting Patient Privacy

As the use of information technology becomes more prevalent in the strorage of patient records, the task of maintaining patient privacy becomes more complex. This series explores the issues, and argues that technology is as much a part of the solution as the problem.

  1. The Duty of Care for Patients’ Information
  2. Maintaining the Confidentiality of Patient Records
  3. Patient Privacy in Technologically Facilitated Multi-Agency Care
  4. How to Manage the Risks to Patient Information