Confidentiality in Health and Social Care

Maintaining confidentiality in health and social care is an integral part of working within this sector. Everybody deserves to be treated with respect and has a right to privacy, and confidentiality is an important part of ensuring that this privacy is maintained. If you work in health and social care, it’s important that you understand your duty in maintaining the confidentiality of your clients or patients. But what is confidentiality? How do you maintain confidentiality in care? And what is the legislation surrounding confidentiality? Here’s everything you need to know about confidentiality in health and social care:

What is Confidentiality?

Confidentiality is the art of maintaining an individual’s privacy and respecting that individual’s wishes. If a patient or client that you are working with shares personal information with you then expect that you will keep that personal information in confidence (effectively, in secret). They are trusting you not to discuss their care, their health condition, or their personal life with anyone else. In real terms, this means that if you know that someone has a sensitive illness (for example that they are HIV positive or that they have Aids) then that individual could be treated in a negative way by the wider community. This applies in social terms, for example, if a patient is claiming benefits but does not what this information to be more widely known. Confidentiality is needed for both the protection of the patient, and to maintain the trust and the relationship between the health and social care worker and their patient.

When you work closely with a patient or client in a health and social care setting, you will build a relationship with them and are likely to learn deeply personal information about them. Confidentiality is important because, in order to maintain the trust of your patient, you are required to keep this information to yourself (keep it confidential) at all times

Data Protection

The Data Protection Act of 2018 was introduced to replace the 1998 Data Protection Act, strengthening the rules around holding data and, in particular, focusing on modernising these laws for the digital age. The Data Protection Act 2018 is the UK version of the General Data Protection Regulations (GDPR) from the European Union. This Act covers the principles of data protection across all industries, and in all formats. In terms of confidentiality in health and social care, the key elements of the Data Protection Act of 2018 that you need to be aware of are:

• Data that is gathered from individuals (including confidential information relating to medical conditions or care) should be used in a way that is legal, open, and fair.
• Data should only be gathered and utilised for clearly defined reasons, and should only be used when it is needed.
• Data should not be kept for any longer than is needed. When data is no longer needed, it should be disposed of in as safe and secure way as possible.
• Data should be stored in a way that is as secure as possible, so that it can reasonably be considered to be safe from those people who may try to use it illegally.

Whilst these are the overarching principles of the data protection act, there are some exceptions that can apply to confidentiality in health and social care, and that you should be aware of if you’re working within these industries. For example, you are still allowed to share information about your clients and patients (either with or without their consent) if there is a safeguarding or public interest concern that could be mitigated by sharing this information.

Five Rules of Confidentiality

When dealing with confidentiality in health and social care, there are five key rules that you should abide by. These rules were clearly set out by the Health and Social Care Information Centre in 2013 and remain in place today. These rules should be followed by all individuals working within health and social care settings, and they are:

1. “Confidential information about service users or patients should be treated confidentially and respectfully.”
   In order to maintain a trust-based relationship between the social care worker and their client or patient, confidentiality should always remain in place. One of your primary roles should be to be respectful of your clients or patients and give them the confidence to know they can trust that you won’t share their personal information. You will need to record written information about your patients, for example in their care notes or medical records, but this should be done in a clear and factual way so that the patient’s respect is maintained.
2. “Members of a care team should share confidential information when it is needed, for the safe and effective care of an individual.”
   It is not always realistic not to share care information with other team members. Sharing the right information with a client or patient’s care team can be beneficial for their ongoing care. Team members that may be involved in sharing information include social workers, doctors and nurses, lab staff who may carry out tests, other care team workers, and administrative staff. Whilst all clients and patients have the right to request that their information is not shared, this request can be overridden in some circumstances, such as when the client or patient has a notifiable disease or there is a safeguarding issue, for example. The only information that should be shared between team members is information that is relevant to continued client care.
3. “Information that is shared for the good of the community should be anonymised.”
   Existing patient information can be invaluable for medical and social researchers who are looking to find out more about certain conditions. Where possible, these researchers should be given access to the information they need, but only if there is no risk of the individual being discussed being identified. If the information being shared may be identifiable, consent from the client or patient should be sought.
4. “An individual’s right to object to the sharing of confidential information about them should be respected.”
   If an individual objects to their confidential information being shared, then these objections must be respected. Whilst there is a certain level of data sharing that cannot be avoided, in order to provide a consistent standard of care, a patient can say no to anything beyond this. For example, sometimes government agencies might request information about people with care plans to be able to analyse the data. If necessary, health and social care workers can share this information in an anonymised form.
5. “Organisations should put policies, procedures, and systems in place to ensure the confidentiality rules are followed.”
   Each organisation that holds confidential information about their clients or patients should have a named member of staff who is responsible for maintaining confidentiality across the organisation and ensuring that all other team members follow these five rules. This means providing training for everyone that you oversee and ensuring that processes to maintain confidentiality are in place across the organisation.

Legislation Surrounding Confidentiality

Other legislation surrounding confidentiality in the UK that you need to be aware of include The Care Act and the Human Rights Act.

• The Care Act
  Whilst much of this piece is about the importance of not sharing information or breaching confidentiality, the focus of the Care Act 2014 states that you have a duty to breach confidentiality and share information if you have a safeguarding concern about a client or patient. Where possible you should seek the consent of your patients before you share information. If this is not appropriate or not possible then you can still share information without asking your clients or patients, if it is for the best of the well-being of the patient under your care. Domestic abuse situations are a great example of this: you may need to withhold from your patient that you will be sharing this information with the police, in order to afford them extra protection in this interim period. This does not give you a free pass to share information when you want to. The information you choose to share should be necessary, relevant, accurate, timely and secure. You should also keep a record of any information you share and a justification of why you chose to share it.
• The Human Rights Act
  The 1998 Human Rights Act is comprised of 13 articles, but it is article 8 that you need to be aware of when investigating confidentiality in health and social care. Article 8 protects each individual’s right to have a private and family life. This means that their information can only be shared with consent and should be treated confidentially. These principles are similar to those shared in the common law of confidentiality, which is outlined below. As well as covering the importance of consent, this act also covers the way data is stored about a person. When you make and keep confidential records about a person, whether they are stored digitally or in hard copy format, you have a responsibility to keep those records secure.

The Common Law of Confidentiality

There are many different principles of confidentiality, but most of these are taken from common law. The common law of confidentiality emphasises the importance of confidentiality: without it, patients or clients might not trust their caregivers with their issues and concerns, making it harder to treat or support them. For this reason, maintaining confidentiality wherever possible is essential. In UK common law, everyone has a duty to treat information that is shared with them with confidentiality. The overarching rule is that you can’t share information that you’ve been trusted with unless you have the direct consent of the individual that has trusted you with that information.

There are some circumstances where the duty of confidentiality can be overridden, for the greater good of either the individual or the general

• If you are providing personal care to an alcoholic who has been drinking and who mentions whilst you are caring for them that they intend to drive to the shop once you leave, the duty of confidentiality is overridden. You need to inform the police of the criminal offence they intend to carry out to protect the general public who could be harmed if a drunk driver is on the road.
• If a female client reveals that they have been a victim or Female Genital Mutilation (FGM), then this is another example of a criminal offence that the authorities should be informed about.
• You may also be legally obligated to breach confidentiality via a court order.
• If you are providing cover relief for another caregiver and you notice bruises on the body of the client whilst providing personal care for them, which they tell you was caused by the other caregiver but ask you not to tell anyone, then this could leave you in a confidentiality dilemma. But under the common law of confidentiality, you have a duty of care to protect the client, and therefore are able to breach their confidentiality. Anytime there is a serious safeguarding issue, or you suspect that someone is at risk, sharing this information is a part of your duty of care. Your primary role is to keep people safe.

Even if you’re working closely with a client or patient, common law safeguarding rules state that you should only have access to the data that you will need to complete your role. You might not necessarily need access to their full medical history in order to provide a high standard of relevant care, and some of this information might not be shared with you.

Once a patient or service user has died, there is no legal obligation for that confidentiality to continue.  From an ethical point of view though, there is no reason for you to share data about your clients or patients unless it is completely necessary.

When Confidentiality is Broken

There are some circumstances when confidentiality must be broken, if it relates to the protection of the general public, or the protection of your patient, for example. Understanding whether or not you can break confidentiality can be confusing and, in most circumstances, you should report any concerns to your manager or supervisor who can help you determine whether disclosing confidential information is appropriate in the specific situation and whether expressing your concerns will be considered to be a breach of confidentiality.

The simple answer to the question ‘when can confidentiality be broken’ is that there is no singular answer to this question. If your patient or client poses a danger to themselves, to the general public, or breaking their confidentiality will protect their best interests then confidentiality can often be broken. Some examples of when you can break patient confidentiality are:

• Your patient or client shares information that could put them at risk of harm.
• Your patient or client shares information that could pose a risk of harm to someone else.
• Your patient or client shares information that could pose a risk of harm to the wider general public.

Specific examples of situations in which confidentiality should be breached include if a client or patient shares that they are a victim of physical or emotional abuse, even if they ask you not to share this information with anyone else. If a client or patient develops a reportable disease or a disease that poses a risk to public health, then you may also be required to disclose this even if your client asks you not to.

You should create a plan of action for any further steps that reduce the risk of harm: you may create this plan in conjunction with your manager, supervisor, or another senior team member. Perhaps the easiest way to think about any breach of confidentiality is that situations should be handled on a ‘need to know’ basis: does any other medical professional need to know the information that has been shared with you? If not, then your confidentiality should remain intact.