Most of you won’t remember the old war-time poster that stated (under a wall sprouting an ear) ‘WARNING – Walls Have Ears – be careful what you say!’ Obviously, this was meant to remind people about keeping information safe. Like, for example, where your family might be stationed as this could help a spy with placing troop movements. A few years ago, a member of my staff learned a hard lesson when talking to a fellow member of the church congregation about treatment she had been involved in. Only to find the patient was sitting behind her. During the subsequent disciplinary investigation she opted to leave the practice, which saved us from a very difficult decision.
Confidentiality
Patients have a right to expect that we treat information about them as confidential and only use it for the purposes for which it is given. We have a responsibility to prevent information from being accidentally revealed and prevent unauthorised access by keeping information secure at all times.
There are limited reasons for disclosure such as to an insurer or solicitor, but only with the explicit written agreement of the patient. We also share information with other involved health-care professionals, such as on referral to a hospital or GP. Once in a ‘blue moon’, we might receive a court order to divulge information but that is a very rare occasion and we should always involve our defence insurer before complying.
Sneaky
We should be very aware of the fact that sometimes people try to gain information without consent. It is so tempting to just answer an innocent sounding question without thinking about the consequences. Real life scenarios that have affected my practice include the following:
- A husband ringing to ask if his wife had come for her appointment. An absolute ‘No-No’ is to give information on attendance to anyone. The same goes for schools contacting to check whether a pupil had an appointment.
- A driver asking for information about a patient who had just left (and hit his car!). We are under no obligation to give contact details, or even acknowledge that someone is a patient.
- A solicitor asking for records to support the complaint of another patient.
People can be really sneaky at this but we have to deny access even it means upsetting someone we know or who we think has a good case for knowing.
Practical issues.
Another aspect is accidental disclosure. This means having a look round the practice and make some risk assessments. Are written records left on the desk where other patients can see them? Can people see the computer screen when making appointments, and so able to read the names of other patients? Is there a private place where personal conversations about treatment or money can be held with anyone else hearing? If not, these are some risks that need urgent treatment! See the Quality Care Systems Confidentiality Policy for guidance.
Other actions we are guilty of putting off involve computer management. Do you change passwords regularly? Are screensavers password protected? Ask yourself these questions and relate the answers to the security of information in your care.
