Confidentiality Policy
Brewery Yard Dental Surgery
Date of adoption: 20.3.23
Purpose
This policy statement sets out how this practice safeguards patient confidentiality. Patients have a right to privacy and all team members are required to comply with the confidentiality clause in their contract of employment or self-employed agreement to provide services. Confidentiality and information security applies before, during and after engagement.
For the purpose of this policy confidential information is defined as personal information provided by an individual in confidence including, but not limited to, such details as name, age, contact details, personal and family circumstances, race, health (medical, mental, oral) and sexuality. A patient’s care plan, financial transactions and payment history are confidential, as is the fact that he or she attends the practice, or visited/failed to attend an appointment at any time.
Background
Our policies establish internal organisational standards which support our team to meet external standards. This particular policy is required to comply with the legislations and guidelines outlined in our Information Governance Policy.
Caldicott Guardians - NHS organisations have a Caldicott Guardian responsible for protecting confidentiality. Although we are not an NHS organisation it is useful to follow the 8 principles anyway. The 8 principles set out in the Caldicott Report (2013) are a useful guide:
-
The purpose of using confidential information must be justified.
-
Confidential information must only be used when absolutely necessary.
-
The minimum necessary to achieve the purpose should be used.
-
Access to confidential information must be on a strict need-to-know basis.
-
Everyone accessing confidential information must understand his or her responsibilities.
-
Everyone accessing confidential information must comply with the law.
-
The duty to share information can be as important as the duty to protect patient confidentiality
-
Inform patients and service users about how their confidential information is used
Scope
All team members, whether permanent, temporary, employed or contracted to provide services at or on behalf of the practice, are responsible for ensuring that they are aware of and comply with the requirements of this policy as well as the procedures and guidelines supporting it.
Associated Procedures
This policy is underpinned by the following procedures/guidelines:
-
Confidentiality clause in contracts of employment or agreements to provide services.
-
Confidentiality Code of Conduct
Respect for Privacy
Always:
-
Inform patients about how their personal data is held and used
-
Involve patients in decisions to share limited data in referrals, on a need to know basis
-
Gain consent to share personal information
-
Talk to patients about sensitive issues where cannot be overheard
Never:
-
Tell unauthorised personnel how security systems operate
-
Discuss patients or personnel in the practice’s public areas
-
Let anyone overhear personal details while you are sharing them on the phone
-
Discuss identifiable information about patients with anyone outside the practice
-
Use information given for one purpose for a different purpose
-
Put personal information on notice boards that could be accessed by non-authorised staff
-
Confirm a patient’s attendance directly with a school, employer or other third party. Sign the patient’s appointment card or give the patient a confirmation letter directly.
Know:
-
That patients have the right to object to unauthorised use of confidential information
-
Your duty of confidentiality extends beyond death
-
That disclosure of appointment books/record cards/ other information to police officers or Inland Revenue officials can only be made upon the dentist’s instructions (the data controller)
Telephones
-
Always verify the identity of a caller requesting personal information by asking for their number, checking your records then calling them back
-
Do not play back answerphone messages using a speakerphone
-
Do not leave a message about a patient’s care with third parties or on answering machines. A message to call the practice is all that can be left
-
Never discuss a patient or a patient’s appointments with their employers/ schools/personal assistants unless express consent has been provided by the patient and recorded.
-
Practice telephones are not for personal calls except in an emergency.
Letters
-
Recall cards, letters and other personal information must be sent in an envelope
-
Practice stationery is not for personal correspondence
-
Personal mail should not be directed to the practice
Emails
-
Use work email for work purposes and keep personal emails separate
-
Nothing that could be considered defamatory, aggressive or unprofessional should ever be sent to external or internal email addresses.
Information transfer
-
If you are authorised to (and have consent for) transfer patient information, only do so in accordance with practice procedures.
(see Information Handling Policy)
Releasing information to other health professionals
Information the patient consents to share will be disclosed to those who would be unable to provide effective care and treatment without it, but limited to the minimum required to provide that careThis may be a specialist providing care on referral or any other health care professional involved in care.
Patients should be involved and informed about circumstances in which their personal data may be shared or released on this “basis with other team members or healthcare professionals involved in their care or treatment.
They should be given the opportunity to withhold consent unless exceptional circumstances apply and permission or refusal must be recorded in patient notes. Personal information provided for one purpose may not be used for a different purpose or passed to anyone else without consent.
Sometimes, patients may ask for certain (usually extremely sensitive) information to be kept private and this must be respected. The practice will not process any relevant ‘sensitive personal data’ without prior informed consent. As defined by the Data Protection Act ‘sensitive personal data’ is that related to political opinion, racial or ethnic origin, membership of a trade union, the sexual life of the individual, physical or mental health or condition, religious or other similar beliefs.
However, in certain circumstances, this information may need to be released if failure to disclose would place others at risk of death/ serious harm. A patient’s HIV or similar status should not be disclosed without the patient’s consent, as this does not normally fall within the “risk of death or serious harm” exception.
Releasing information in the public interest
Information should not be disclosed to third parties without the consent of the patient except in certain specific circumstances where it cannot be gained. Responsibility for disclosure rests with the patient’s dentist alone, and no other team member has authority to make a disclosure.
(see Access to Health Records Policy)
Releasing information accidentally
Confidential conversations must not take place where they can be overheard and all paper, electronic and other records must be stored and handled securely.
(see Information Security Policy and Information Handling Policy)
Training
All staff are expected to improve their personal effectiveness through continuing personal and professional development which leads to an increase of knowledge and/or skills.
Standard 4.2 of the GDC Standards for Dental Team places individual responsibility on team members to protect the confidentiality of patients’ information and only use it for the purpose for which it was given by:
-
Keeping patient information confidential. Confidentiality is central to the relationship and trust between you and your patients. This applies to all the information about patients that you have learnt in your professional role including personal details, medical history, what treatment they are having and how much it costs.
-
Ensuring that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times.
-
Not posting any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice you must be careful that patient(s) cannot be identified.
-
Not talking about patients or their treatment in places where you can be overheard by people who should not have access to the information you are discussing.
-
Explaining to patients the circumstances in which you may need to share information with others involved in their healthcare. This includes making sure that they understand what information you will be releasing, why you will be releasing it and the likely consequences of you releasing the information
-
Giving your patients the opportunity to withhold their permission to share information in this way unless exceptional circumstances apply. You must record in your patient’s notes whether or not they gave their permission.
-
If a patient allows you to share information about them, you should ensure that anyone you share it with understands that it is confidential.
-
If other people ask you to provide information about patients (for example, for teaching or research), or if you want to use information such as photographs for any reason, you must:
-
explain to patients how the information or images will be used
-
check that patients understand what they are agreeing to
-
obtain and record the patients’ consent to their use
-
only release or use the minimum information necessary for the purpose and
-
explain to the patients that they can withdraw their permission at any time.
-
If it is not necessary for patients to be identified, you must make sure they remain anonymous in any information you release.
-
You must keep patient information confidential even after patients die
-
The duty to keep information confidential covers recordings or images of patients such as photographs, videos or audio recordings (originals and copies), including those made on a mobile phone. You must not make any recordings or images without a patient’s permission.
We support this by providing all team members with training on confidentiality and record security, and a confidentiality clause is included in their contracts.
Patient Focus
Our relationship with patients is key to our success, and it is a team wide responsibility to exceed patient expectations by providing a safe, caring, responsive, effective and well led service.
Duty of confidentiality
Not only is privacy a fundamental human right, all those who record, handle, store or otherwise have access to health records have a personal, common-law duty of confidence. All members of the dental team also have a duty to maintain professional ethical standards of confidentiality.
Responsibilities of clinical team members - Dentists and other healthcare professionals have an ethical duty to respect patient confidentiality and should only access records if they are involved in the patient’s care on a ‘need-to-know’ basis.
Responsibilities of administrative team members - Non-clinical staff are increasingly required to access patients’ records for administrative purposes, raising concerns about preserving confidentiality. Their access to patient information should be restricted to what they need for carrying out their specific duties.
Incoming and outgoing business mail is monitored. Breach of confidence, inappropriate use of health records or abuse of computer systems may lead to disciplinary measures, bring into question professional registration and possibly result in legal proceedings.
Monitoring
In order to ensure our services are safe, efficient and effective, team members are also involved in our quality monitoring and improvement processes which are outlined in our Information Governance Policy.
Responsibilities and accountabilities
The designated Information Governance lead for the practice is Matthew Peters whose key responsibilities are outlined in our overarching Information Governance Policy.
The registered provider for the practice is Brewery Yard Dental Surgery, whose key responsibilities are to ensure that all aspects of this policy are complied with. The day to day responsibilities for providing leadership and guidance for staff and overseeing implementation of this policy will be undertaken by Matthew Peters. Questions about this policy or associated procedures should be raised with either of the above.
Approval
This policy has been approved by the undersigned and will be reviewed on an annual basis.
Name: Matthew Peters
Date approved: 20.3.23
Position: Registered Manager
Review date: 20.3.24
Updated Jan 24 Next review Jan 25