Ethical and legal duties of confidentiality

1. Trust is an essential part of the doctor-patient relationship and confidentiality is central to this. Patients may avoid seeking medical help, or may under-report symptoms, if they think their personal information will be disclosed2 by doctors without consent, or without the chance to have some control over the timing or amount of information shared.

2. Doctors are under both ethical and legal duties to protect patients’ personal information from improper disclosure. But appropriate information sharing is an essential part of the provision of safe and effective care. Patients may be put at risk if those who are providing their care do not have access to relevant, accurate and up-to-date information about them.

3. There are also important uses of patient information for purposes other than direct care. Some of these are indirectly related to patient care in that they enable health services to function efficiently and safely. For example, large volumes of patient information are used for purposes such as medical research, service planning and financial audit. Other uses are not directly related to the provision of healthcare but serve wider public interests, such as disclosures for public protection reasons.

4. Doctors’ roles are continuing to evolve and change. It is likely to be more challenging to make sure there is a legal and ethical basis for using patient information in a complex health and social care environment than in the context of a single doctor-patient relationship.

In this guidance, we aim to support individual doctors to meet their professional responsibilities while working within these complex systems.

Acting within the law

5. Doctors, like everyone else, must comply with the law when using, accessing or disclosing personal information. The law governing the use and disclosure of personal information is complex, however, and varies across the four countries of the UK.

6. In the legal annex to this guidance, we summarise some key elements of the relevant law, including the requirements of the common law, the Data Protection Act 1998 and the Human Rights Act 1998. In the main body of the guidance, we give advice on how to apply ethical and legal principles in practice, but we do not refer to specific pieces of law unless it is necessary to do so.

7. If you are not sure how the law applies in a particular situation, you should consult a Caldicott or data guardian, your defence body or professional association, or seek independent legal advice.