Personal health information includes all notes, radiographs, photographs, details of treatment carried out, records of appointments, payments made and any personal information about the patient (e.g. medical condition). The confidentiality of all personal health information must be maintained.
Train staff in the importance of maintaining patient confidentiality and ensure that the practice policies on data protection and confidentiality are followed and that all staff comply with the Data Protection Act 2018 [1] and the (UK) General Data Protection Regulations (UK GDPR) [2] (see theĀ Data Protection, Confidentiality and Information Security Policy template).
Respect patient privacy when discussing confidential issues with patients (e.g. discussion of medical information, payment, or asking patients for proof of exemption status).
If it is necessary to share personal information with a third party and this has not been detailed in your practice Privacy Notice/data protection policy, seek specific consent from the patient to share this information (see Consent Form template).
If patients would like personal information to be withheld, explain the consequences for their care but allow the patient to make the final decision.
Ensure staff are aware of the seriousness of a breach of confidentiality and are aware that if a breach is made, disciplinary action, including dismissal, may be taken if appropriate.
Include a confidentiality clause in all staff contracts and agreements.