Patient confidentiality: when can a breach

be justified?
Matrix refernce 1F01,
K Blightman MBChB FRCA GDL DFMS LLM 1F02, 1F03, 1F05

SE Griffiths BSc MBBS FRCA LLM

Downloaded from https://academic.oup.com/bjaed/article-abstract/14/2/52/271401 by PYEONGTAEK UNIVERSITY user on 04 May 2020

C Danbury MPhil FRCP FRCA FFICM

Key points Confidentiality is central to the preservation of - have the necessary quality of confidence,
trust between doctors and their patients. The - be imparted in circumstances importing an
Confidentiality is central to
moral basis is consequentialist, in that it is to obligation of confidence,
the preservation of trust
between doctors and their improve patient welfare. There is a wider com- - be disclosed without the permission and to
patients. munitarian public interest in the protection of the detriment of the person originally com-
confidences; thus, preservation of confidentiality municating it,
Patient confidentiality is not
is necessary to secure public health. Failure to - not already be in the public domain,
absolute.
maintain this venerable obligation may result in - be in the public interest to protect it.
Legitimate exceptions are suboptimal treatment (X v Y [1992] 3 BMR 1).
disclosures with patient Enforcement of a legal duty in the UK has to
For centuries, doctors have upheld this ethical
consent, when required by date been relatively weak. Both the GMC and
principle underpinned by the Hippocratic Oath
law and where there is a Department of Health3 provide ethical guidance
public interest. that has been updated by the international com-
for professionals that would nonetheless be
munity assenting to the Declaration of Geneva.
When breaching patient given considerable weighting by the courts or in-
The practice of doctors in the UK is subject to
confidentiality and patient dependently lead to professional disciplinary
the regulatory authority of the General Medical
consent cannot be obtained, action. There has to date been no criminal con-
seek advice from senior Council (GMC) who strongly uphold this profes-
viction of a doctor for breach of confidence, al-
colleagues or a medical sional duty. The British Medical Association
though civil claims in negligence have occurred
defence union and (BMA) advises doctors to consider the benefits
and damages awarded (Cornelius v Taranto
document your reasons of breaching patient confidentiality against the
[2001] 68 BMR 62) when confidence has been
clearly. harmful consequences of damaging the profes-
breached by revealing medical information
sional relationship and risking public trust in a
without explicit consent.
confidential service.1
The NHS has historically had a poor record
However, medical confidentiality is not abso-
K Blightman MBChB FRCA GDL DFMS of data protection. In 1997, the Caldicott Report
LLM lute in modern medicine. There are occasions
was commissioned to provide a framework for
Specialist Registrar when there is a need to breach this idealism. The
the storage and use of patient information as
Royal National Orthopaedic Hospital legitimate exceptions are specified by the
Brockley Hill shown in Table 1. As a result, each NHS Trust
GMC’s professional code of conduct:2
Stanmore has a nominated Caldicott Guardian responsible
Middlesex HA7 4LP - disclosures with consent; for protecting patient confidentiality by ensuring
UK
- disclosures required by law; the Caldicott principles are followed when
SE Griffiths BSc MBBS FRCA LLM - disclosures in the public interest. breaching confidentiality.
Specialist Registrar More recently, a review of information gov-
Royal Marsden Hospital
Fulham Rd
ernance by Dame Fiona Caldicott was commis-
London SW3 6JJ Characteristics of confidential sioned by the government in 2012 to look at the
UK information need to balance the protection and sharing of
C Danbury MPhil FRCP FRCA FFICM patient information in order to improve patient care
The general principles of what is considered
Consultant in Anaesthesia and Intensive in a modern world.
Care and Visiting Fellow in Health Law confidential have been outlined in common law.
Intensive Care Unit A duty of confidence arises when one person
Royal Berkshire Hospital discloses information to another (e.g. a patient
London Road Breaching patient
to a doctor) in circumstances where it is reason-
Reading RG15AN
able to expect that the information be held in
confidentiality
UK
Tel: þ44 1183 228840 confidence. To represent a breach, confidential Inadvertent breaches are potentially common-
E-mail: chris.danbury@nhs.net
(for correspondence) information must: place on wards if medical notes are left visible
doi:10.1093/bjaceaccp/mkt032 Advance Access publication 28 August, 2013
52 Continuing Education in Anaesthesia, Critical Care & Pain | Volume 14 Number 2 2014
& The Author [2013]. Published by Oxford University Press on behalf of the British Journal of Anaesthesia.
All rights reserved. For Permissions, please email: journals.permissions@oup.com

Table 1 The Caldicott principles for storage and use of personal
information
Justify the purpose of disclosure
Only use patient-identifiable information where absolutely necessary
Use the minimum necessary patient identifiable information
Access to personal information should be on a strict need-to-know basis
All users and handlers of patient-identifiable data should be aware of their
responsibilities
Understand and comply with the law
or patient consultations and preoperative assessments are conducted
in an open environment. The increased use of computerized docu-
mentation results in faster and wider distribution of information with
an increased risk of unauthorized access.
Unintentional breaches of patient information may occur when
e-mailing colleagues. Data encryption e-mail services must be used
by both the sender and recipient if patient details are communicated
in this manner to prevent unauthorized interception of messages.
NHSmail is the only NHS e-mail service provider that securely
transmits messages and is endorsed by the government and BMA.
Confidential patient information maintained on personal computers
must also be encrypted since password protection can be easily
bypassed.
Confidential patient documents, including theatre lists, should
be discarded by paper shredding, while electronic data shredding
should be used when disposing of computer hardware. Photography
and video forming part of patient records must be subject to strict
control using only hospital trust equipment, obtaining consent for
the recording and minimizing identification where possible. Images
of internal organs, pathology slides, or radiographic images can be
taken under the proviso of implicit consent for the investigation or
treatment.4 Put simply, any information, written or electronic, which
can identify a patient directly or indirectly, is subject to the duty of
confidence.
The Data Protection Act has outlined the principles (Table 2), but
several incidences of public authorities ‘losing’ personal data show
how poor information governance can be.5 Significant financial penal-
ties have been imposed by the Information Commissioner for such
breaches, and as such, systems must be in place to secure personal
data within the healthcare setting. In a recent survey of trainees of all
specialities, anaesthetists were among the least aware of guidelines to
protect confidential information.6 In one Trust known to the authors,
anaesthetists have been subject to investigation by the Caldicott
guardian when a theatre list was found in a car park. This could have
resulted in referral to the GMC.
Health professionals must be vigilant to the potential risks of in-
advertent breaches when using social networking sites such as
Facebookw, Internet forums, and blogs to communicate either per-
sonally or professionally. Not only does the duty to protect patient
confidentiality extend to the Internet, but libel laws can also apply to
inappropriate comments made on these websites. When using social
Continuing Education in Anaesthesia, Critical Care & Pain j Volume 14 Number 2 2014
Patient confidentiality
Table 2 The data protection principles
Personal data shall
Be processed fairly and lawfully
Be obtained only for one or more specified and lawful purposes
Downloaded from https://academic.oup.com/bjaed/article-abstract/14/2/52/271401 by PYEONGTAEK UNIVERSITY user on 04 May 2020
Be adequate, relevant, and not excessive in relation to the purpose or purposes
for which they are processed
Be accurate and, where necessary, kept up-to-date
Not be kept longer than necessary
Be processed in accordance with the rights of data subjects
Have appropriate technical and organizational measures taken to prevent
unauthorized or unlawful processing of personal data and against accidental loss
or destruction of, or damage to, personal data
Not be transferred to a country or territory outside of the European Economic Area
unless that country or territory has adequate protection for the rights and freedoms of
the data subjects in relation to processing of personal data
networking sites to discuss clinical events, users must be particularly
mindful to not disclose any identifying information such as the date
and location of the event and also patient-specific details.7
The circumstances permitting deliberate disclosures will now be
discussed further. The three general principles underlying disclosures
are those with patient consent, those regarding a statutory obligation,
and those for which the public interest outweighs the preservation of
confidence.
Making a disclosure with the patient’s
consent
This is the most common reason for revealing confidential details.
If the patient expressly consents to disclosure, a doctor is relieved from
the duty of confidence. Consent may be explicit or implied. Explicit
consent requires active agreement but may be written or oral. It is the
preferred form as there is no doubt as to what has been agreed and is
usually required for sharing more sensitive data. The patient must
have the necessary capacity to consent, that is, understand, retain, and
balance the information, and also communicate their decision. This
can be challenging in the critical care setting when patients are often
sedated or suffering disease processes affecting their conscious level.
Disclosures made with the patient’s consent are in theory not
breaches providing the consent is fully informed and freely given.
Patients should ideally disclose information voluntarily or be in-
formed of the disclosure beforehand, and where practicable consent
obtained.
Other disclosures may be justified on the presumption of implied
consent, when obtaining consent is undesirable or not possible, for
example, a sedated patient on intensive care unit (ICU). This may
extend to Independent Mental Capacity Advocates, Lasting Powers
of Attorney, or deputies appointed by the courts for decision-making
on matters of healthcare. Any decision made on behalf of an individ-
ual lacking capacity to disclose should be done so proportionately
and in their best interests.
53
Patient confidentiality
Multi-disciplinary teams
Frequently, disclosures of personal information take place between
members of a healthcare team. Most patients accept that information
needs to be shared within the healthcare team to provide optimal
patient care or learning opportunities. Alternatively, it could be
argued that non-disclosure may result in negligence on behalf of the
doctor for omitting important facts relevant to care. Disclosures
should always be limited to reveal only the relevant and appropriate
information.3
Student doctors and nurses have access to patient records as part
of their training. They are not subject to discipline by GMC but by
their undergraduate medical or nursing school. It is expected that they
maintain professional standards with regard to patient confidentiality.
Audit and secondary uses of confidential information
The public is not likely to be aware of the degree to which their
information is transferred. Medical research requires express consent
to be sought. Audit is often undertaken under the presumption of
implied consent and is therefore acceptable if data are sufficiently
anonymized. Educational publications require signed consent except
in exceptional circumstances when a subject cannot be traced.
Ideally, it is important for doctors to maintain professional integrity
by making efforts to gain express consent where applicable.
Children
Children may wish to withhold sensitive information from their
parents. The mature minor’s right to confidentiality is permitted
when it is deemed in their best interests (Gillick v Norfolk and
Wisbech Area HA [1986] AC 112). There does remain a duty on the
doctor to persuade the child to inform their parent or to allow the
doctor to do so. If the doctor suspects the child is at risk, they are
required to report their concerns to the relevant authorities. This
applies to anaesthetists who may only be caring for the child during
a short visit for surgery. The duty to disclose is a fine balance
whereby a missed case of child abuse can result in ongoing neglect
and potentially recrimination of the healthcare professionals
involved,8 but conversely, an ill-founded accusation may cause sub-
stantial distress to the accused.
Disclosures to relatives, friends, or third parties
In a critical care setting, it may seem unreasonable to refuse to
provide information to a next-of-kin when a patient is seriously ill as
this may be in the patient’s overall best interests. There is no legal
definition of next-of-kin, although, under Section 26 of the Mental
Health Act 1983, the patient’s husband or wife, including civil
partner, takes precedence for taking responsibility for the patient in
the context of mental illness. In this context, if separated, the partner
remains the legal next-of-kin until they are divorced unless an alter-
native person is nominated. Channelling information through one
next-of-kin places some limits on the extent of disclosure.
54 Continuing Education in Anaesthesia, Critical Care & Pain j Volume 14 Number 2 2014
Information is accessible to third parties when requested by
employers, insurance companies, and lawyers. Doctors are required
to maintain an honest statement, not give opinion, and use substan-
tiated evidence. Complaints procedures may also require access to
personal data. This must be made with the explicit consent of the
Downloaded from https://academic.oup.com/bjaed/article-abstract/14/2/52/271401 by PYEONGTAEK UNIVERSITY user on 04 May 2020
parties, although the GMC and Audit Commission are permitted
access to records via statutory legislation.
Statutory disclosures and judicial
proceedings
If information is required by law, this will not amount to a penalty
for a breach. This area can be confusing. It is important for clinicians
to be aware that the police do not have automatic powers to demand
disclosure nor has a lawyer rights to demand medical information.
A court order is required for this purpose. However, a judge can pen-
alize a doctor for contempt of court for failure to assist with the pro-
vision of necessary information. In addition, incorrect or misleading
information must not be given to the police in their investigation.
If a patient is admitted to the ICU intubated and ventilated after
an accident and a police officer requests a blood alcohol sample for
forensic investigation, do you take the sample? In this situation, the
patient is unable to consent to the test being performed. If the
sample is necessary to direct clinical management, this should not
be delayed. The sample is lawful, and furthermore, the result can
remain confidential. It cannot be used by the courts, unless requested
by law, or the treating doctor is satisfied there is an overriding public
interest to disclose this information. More often, a request is made to
a forensic practitioner. They may be permitted, or assisted, to take a
sample provided you as the treating doctor feel that this does not
interrupt treatment or compromise your duty of care. It is the corre-
sponding author’s practice to require the police officer requesting a
sample to make a written request to be filed in the patient’s medical
notes confirming the rationale. However, by refusing a sample to be
taken on the grounds there is no consent, you may be hindering the
police investigation or guilty of an offence. The BMA have provided
comprehensive guidance on taking blood tests on drivers unable to
give valid consent.8
Prevention or detection of crime
The Police and Criminal Evidence Act 1984 considers a ‘serious
offence’ a crime giving risk to national security, interfering with
justice, and causing death or serious injury. The Act provides police
with powers to access materials normally classified as excluded such
as medical records, providing a warrant has been obtained by a
circuit judge.
Disclosure is demanded when national security is at risk, as
defined by the Prevention of Terrorism Act 2005 where there is a
duty to report suspicion of terrorist activity. Likewise, the Terrorism
Act 2006 requests healthcare professionals to inform police of any
information that may help prevent an act of terrorism, or assist in
apprehending or prosecuting a terrorist.

The Road Traffic Act 1991 requests medical practitioners to give
patient details to the police when a driver is alleged to have commit-
ted an offence. Doctors may face prosecution for failure to disclose
such relevant information (Hunter v Mann [1974] 2 All ER 414).
Disclosures may be made for statistical purposes via secondary
legislation, for example, Abortion Regulations 1991, or for the pro-
tection of individuals, for example, Misuse of Drugs (Supply of
Addicts) Regulations 2001.
Coroners have authority to investigate the circumstances of
certain deaths under the Coroners and Justice Act 2009. This applies
if the coroner suspects the deceased died a violent or unnatural
death, the cause of death is unknown, or if the deceased died while
in custody. Coroners are entitled to request medical details relevant
and necessary to their enquires; therefore, pertinent clinical informa-
tion must be disclosed upon request.
Disclosures in the public interest
Public interest ranges from public health to prevention or detection
of serious crime. This justification is more subjective and in conten-
tious cases, the courts may be required to decide. There is a distinc-
tion between ‘in the public interest and what the public are
interested in’. Consider a scenario where a patient admits to a crime
while under the influence of your sedative medication. What should
you do with the information? The confession could easily be dis-
missed as delusional but could also be considered meaningful as
sometimes people do make truthful comments when inebriated.
Your actions will be governed by your professional judgement and
depend partly on what crime has been admitted to. A breach in confi-
dentiality would be difficult to justify for a minor offence such as a
parking infringement compared with that involving gun or knife
crime where there is a statutory requirement to disclose the informa-
tion to assist with the investigation of a serious crime.
Public safety
As already mentioned, in the UK, there are now several statutory
obligations placed on doctors to disclose information based on the
threat of harm. In the USA, there is a prima facie duty to breach con-
fidentiality and warn an identifiable victim where there is a risk of
harm from a patient (Tarassoff v The Regents of the University of
California [1976] 17 Cal 3d 358). In the UK, greater evidence is
likely to be required, but doctors may be found negligent for failure
to disclose confidential information when others are at potential
serious risk (W v Edgell [1990] 1 All ER 835). On the whole, provid-
ing the doctor acts reasonably, does not ignore the risk to others, and
balances their duty to the patient with that of society, they are less
likely to be found negligent. The duty to protect the public relies on
sufficient legal proximity of those parties involved (Palmer v Tees
HA [1999] EWCA 1533). So unless there is a clearly identified indi-
vidual at risk, there is unlikely to be a duty to warn and thus disclos-
ure depends on professional judgement. Furthermore, when the
‘need to know’ basis is exceeded, disciplinary proceedings may
Continuing Education in Anaesthesia, Critical Care & Pain j Volume 14 Number 2 2014
Patient confidentiality
arise (Duncan v Medical Practitioners Disciplinary Committee
[1986] 1 NZLR 513) or patients may seek damages for inappropriate
breaches (Cornelius v Taranto [2001] 68 BMLR 62).
Public health
Downloaded from https://academic.oup.com/bjaed/article-abstract/14/2/52/271401 by PYEONGTAEK UNIVERSITY user on 04 May 2020
Public health is the overarching aim of healthcare and there are cir-
cumstances where disclosure outweighs the benefits of individual
privacy. Historically, doctors have been required to provide epi-
demiological information by compulsory reporting of specific com-
municable diseases or industrially related disease, governed by the
Public Health (Control of Disease) Act 1982.
HIV notably, although indisputably infectious and associated
with criminal prosecutions for reckless transmission, remains a con-
troversial area for disclosure, partly because of perceived stigmatiza-
tion. The AIDS (Control) Act 1987 states that the disease is not
notifiable and so limits requirements to prevalence statistics only.
Two other pieces of legislation provide additional guidance but in-
terpretation varies. HIV represents a serious communicable disease
but to date, there has not been liability for failing to disclose to a
third party.
Up to 40% of patients with HIV are not aware of their diagnosis
on admission to intensive care.9 Dealing with a newly diagnosed
patient, when they do not have the necessary capacity to permit dis-
closure of the information to at-risk partners or contact tracing is
legally and ethically challenging. The local HIV team should prefer-
ably be involved in such circumstances. Disclosure of a patient’s
HIV status to a third party may be justified in exceptional circum-
stances with compelling reasons, for example, partner pregnancy10
or unprotected sexual contact. If at all possible, the patient must be
given the opportunity to consent to the disclosure first.
Ideally, the ethical duty of confidence persists after a patient’s
death. For public health reasons, personal data are available to the
public audience in the form of death certification. Inclusion of HIV/
AIDS on certification may therefore be provocative. Doctors are
required to be honest and full in their disclosure. If a serious commu-
nicable disease has contributed to a patient’s death, this must be
recorded on the death certificate.11 Information relating to serious
communicable disease should be passed on to the relevant author-
ities, while preferably maintaining anonymity to improve control
and maintain surveillance. This includes HIV, tuberculosis, and
hepatitis B and C. Under the Coroners and Justice Act 2009, while
the cause of death must still be recorded, a shortened version of the
death certificate which is intended to protect the deceased patient’s
medical history will be available from 2013 and can be used by the
family for administrative purposes.
Access to medical records
There are various legislative procedures permitting access to
medical records.12 The Data Protection Act 1998 provides a frame-
work to govern the processing of information that identifies living
individuals, including health records. This enshrines the legal
55
Patient confidentiality
ownership of personal data and sets minimum standards for its privi-
leged use. The duty of confidentiality is extended beyond doctors as
individuals to an organizational level and applies to both public and
private health records. Data controllers, including NHS organiza-
tions, are required to comply with the eight data protection princi-
ples as summarized in Table 1. Fines may be imposed under the Act
if personal information is disclosed unlawfully.
This has implications for anaesthetists when maintaining a
logbook. For trainees, it is compulsory to maintain a logbook and
sufficient information must be recorded to enable their educational
supervisor to verify the information is accurate. This requires the
recording of patient identifying details. The RCoA/AAGBI Joint
Informatics Committee recommends recording the patient’s hospital
number and age to enable verification by educational supervisors
while arguably providing sufficient data protection. Anaesthetists
who maintain a logbook should, however, consider registering them-
selves as a data controller under the DPA.
Limited information may be disclosed to solicitors or persons
entitled to claims upon death under the Access to Health Records Act
1990. The Medical Reports Act 1988 permits individuals access to per-
sonal medical reports for employment or insurance purposes. The
Freedom of Information Act 2000 provides for disclosure of informa-
tion held by public authorities and is not intended to allow people to
gain access to their personal information. Public authorities are defined
under the Act and includes any organization treating NHS patients.
The Human Rights Act 1998 has been used by the courts to
provide some legal redress to a breach of confidentiality. NHS hospi-
tals are public bodies and are required to comply with the Act.
Article 8 asserts a fundamental right to privacy but deviation from
this right includes:
National security, public safety, or the economic well-being of
the country, for the prevention of disorder or crime, protection
of health or morals, or for the protection of rights and freedoms
of others.
Disclosures and the media
Public curiosity is not a justification to breach confidentiality and is
generally considered unacceptable. The Public Interest Disclosure
Act 1998 authorizes such breaches in confidence, referred to as
‘qualifying disclosures’, and offers protection to ‘whistleblowers’
who report wrongful or illegal activity. Such disclosures are per-
mitted if the employee reasonably believes that there is criminal ac-
tivity, a failure to comply with a legal obligation, a miscarriage of
justice, or a risk of health or safety to an individual. Injustice may
be considered a suitable cause for breach. However, great care must
be taken when using the media to highlight concerns over patient
welfare when breaches may cause distress to patients or their relatives
and result in disciplinary proceedings.
To summarize, anaesthetists must be vigilant to the duty of confi-
dentiality and the legitimate exemptions. This applies when caring
for patients, communicating with colleagues, and maintaining
records. When a disclosure is contemplated, each case must be
56 Continuing Education in Anaesthesia, Critical Care & Pain j Volume 14 Number 2 2014
considered on its own merits. In such cases, it is advisable to consult
with senior colleagues, your hospital legal representative or local
Caldicott guardian, or medical defence union.
Declaration of interest
Downloaded from https://academic.oup.com/bjaed/article-abstract/14/2/52/271401 by PYEONGTAEK UNIVERSITY user on 04 May 2020
None declared.
Disclaimer
This article summarizes the main medico-legal issues involving
patient confidentiality. The authors advise readers to seek formal
legal advice if clarification is required.
References
1. British Medical Association. Confidentiality and disclosure of health informa-
tion tool kit, December 2009. Available from http://bma.org.uk/practical-
support-at-work/ethics/confidentiality-tool-kit (accessed 21 January 2013)
2. General Medical Council. Guidance for doctors: confidentiality, October
2009. Available from http://www.gmc-uk.org/static/documents/content/
Confidentiality_0910.pdf (accessed 21 January 2013)
3. Department of Health. Confidentiality: NHS Code of Practice.
Supplementary Guidance: Public Interest Disclosures (November 2010).
Available from http://www.dh.gov.uk/prod_consum_dh/groups/dh_digitalassets/
@dh/@en/@ps/documents/digitalasset/dh_122031.pdf (accessed 21 January
2013)
4. General Medical Council. Supplementary Guidance, Making and using
visual and audio recordings of patients, April 2011. Available from http://
www.gmc-uk.org/static/documents/content/Making_and_using_visual_and_
audio_recordings_of_patients_2011.pdf (accessed 26 March 2013)
5. Jackson L, Lim M. Knowledge and practice of confidential data handling in
the Welsh Deanery: a brief report. J Med Ethics 2011; 37: 58–60
6. Cowen R, Yentis S. Patient confidentiality and internet fora—a word of
warning. Anaesthesia 2012; 67(Suppl. 2): 15
7. British Medical Association. Using social media: practical and ethical guid-
ance for doctors and medical students, September 1, 2011. Available from
http://bma.org.uk/practical-support-at-work/ethics/ethics-a-to-z (accessed
21 January 2013)
8. Taking blood specimens from incapacitated drivers. Guidance for doctors
from the British Medical Association and the Faculty of Forensic and Legal
Medicine. BMA Ethics, July 2010. Available from http://bma.org.uk/
practical-support-at-work/ethics/consent (accessed 21 January 2013)
9. Taegtmeyer M, Beeching N. Practical approaches to HIV testing in the in-
tensive care unit. J Intensive Care Soc 2008; 9: 37–41
10. Personal information and the NHS. A guide for people living with HIV.
Guidance 2010, p. 5. Available from http://www.nat.org.uk/Media%
20library/Files/Policy/2010/Confidentiality%20leaflet%20UPDATED.pdf
(accessed 21 January 2013)
11. General Medical Council. Supplementary Guidance, Confidentiality: dis-
closing information about serious communicable diseases, September
2009. Available from http://www.gmc-uk.org/static/documents/content/
Confidentiality_disclosing_info_serious_commun_diseases_2009.pdf
(accessed 21 January 2013)
12. Department of Health Guidance for Access to Health Records Requests,
February 2010. Available from http://www.dh.gov.uk/prod_consum_dh/
groups/dh_digitalassets/@dh/@en/@ps/documents/digitalasset/dh_
113206.pdf (accessed 21 January 2013)
Please see multiple choice questions 5–8.