Reducing the risk

Using manual records

• Make yourself familiar with the procedure for booking out and returning records, and follow it. Return files as soon as possible after use.
• Do not leave files unattended – even for a short time – where they can be seen by members of the public.

Out and about

• When travelling or on visits, do not leave information lying unattended in a car or easily accessible area.
• In a small community, where everyone knows everyone else, anonymising information can be difficult. Make it a policy not to gossip.

Security in the surgery 

• Shut and lock doors and cabinets as required.
• Do not be afraid to query the status of strangers.
• Do not tell anyone how the security system works.

On the telephone

• Only identify yourself after you have confirmed that you are speaking to the patient.
• There are circumstances in which letting a third party know that a doctor is calling them could be embarrassing and breach confidentiality.
• Take particular care when calling a patient’s place of work.
• Similarly, be aware of where you are making the call. Can you be overheard by anyone?

Mobile phones

• Many people talk more loudly on a mobile phone, particularly if the signal is poor. Be aware of this, and the fact that you may be overheard in rooms that you would normally consider safe.
• Patients who sign up to a practice text message service, eg, to inform them of appointments or flu vaccinations, should be advised of the importance of informing the surgery of a change of mobile number. If they choose to give their old phone to a friend or family member, there is obvious potential for breach of confidentiality.

Using a computer

• Always clear a previous patient’s details from the screen before the next patient arrives. Make sure your screen cannot be overlooked by others.
• Do not leave a computer logged in and unattended – always lock it, even if you are only leaving it briefly.

Faxes

• Consider developing a “fax policy”, which should include the use of “fast dial” stored numbers used regularly (such as to a hospital safe haven) and the process to be followed if a confidential fax was to be sent to another location.

Confidentiality after death

• Patient information remains confidential even after death. If it is unclear whether the patient consented to disclosure of information after their death, you should consider how disclosure of the information might benefit or cause distress to the deceased’s family or carers. You should also consider the effect of the disclosure on the reputation of the deceased and the purpose of the disclosure.

When something goes wrong

• Establish what happened and what went wrong.
• Get in touch with the patient(s) to explain what has happened, and apologise if necessary.
• Give an assurance that lessons have been learned and identify how such a mistake can be avoided in the future. Disclosing confidential information There are occasions where a breach of confidentiality may be justified. The Medical Council advises that this may happen when necessary to protect the interests of the patient, the welfare of society or to safeguard the welfare of another individual or patient.
• Public interest disclosures: Disclosure of patient information without consent may be justifiable in exceptional circumstances where it is necessary to protect the public; you should consider the possible harm that may result to the patient, as well as the benefits that are likely to arise.
• Children and older children: Confidentiality within family situations can be difficult. In general, the Freedom of Information Act and the Data Protection Act can allow access by parents or guardians to the medical records of children. When relationships break down, disputes involving the children can spill over into their healthcare, with one parent asking for information on a child’s health or to see medical records. In these cases, you need to be clear about whether those applying for information are parents or guardians. If in doubt, ask for clarification. You may also need to consider the wishes of those minors under 16 years old. The interests of the child are paramount. This is a contentious area which may benefit from medicolegal discussion – if in doubt contact MPS for advice.
• Child abuse: You should be aware of national guidelines for the protection of children. If you have any concerns regarding alleged or suspected sexual, physical or emotional abuse or neglect of children, you must report this promptly to an appropriate agency. You should inform the child’s parents or guardian of your intention to report unless this might endanger the child.