This site is intended for health professionals only

Strictly confidential

28 June 2011

Share this article


Management Consultancy Director

Anne is the director of a management consultancy specialising in conciliation, complaints and conflict management. She is the author of Conciliation in Healthcare: managing and resolving complaints and conflict (2008). Anne is also a non-executive director and deputy chairman of Northumberland, Tyne and Wear NHS Foundation Trust

The roll out of the Summary Care Record (SCR) in England reached me on 1 April this year.(1) As I read through the explanatory leaflet, the date seemed significant when I noticed the answer given to the frequently asked question, “How will you protect my confidentiality?” I was assured that “by law, everyone working for us, or on our behalf, must respect your confidentiality and keep all information about you secure”. Equally reassuring, I was informed about the ‘NHS Care Record Guarantee for England’, which details “how the NHS will collect, store and allow access to your electronic records”.

In the face of data loss in recent years affecting thousands of patients, a ‘guarantee’ sounds too good to be true.(2) In fact, the earlier statements in the leaflet are qualified by the comment, “No matter how careful we are, there are always risks when information is held on computers, as there are when they are held on paper”. This is all too apparent, as the recent furore over the breach of Sony PlayStation Network data – in which users’ credit card details and other personal information was hacked into, leading to a lawsuit filed against the US firm – demonstrates.

Practice managers will be only too well aware that it was concern about the risks attached to uploading entire health records that resulted in the current compromise. In fact, ensuring the confidentiality, integrity and appropriate availability of patient information in your practice is likely to rate among your chief concerns. This was certainly a finding from the clinical risk self-assessments carried out by the Medical Protection Society in 2009, which found that confidentiality and issues relating to Caldicott principles were rated as the top risk in all practices included in the sample.(3)

Similarly, the National Patient Safety Agency has reported that issues relating to confidentiality are among the top reported incident types in general practice.(4)

Your practice risk register is an invaluable tool in helping you to identify, and where possible eliminate or mitigate, risks in relation to confidentiality. But it must be regularly updated to ensure it is an accurate reflection of the current risks the practice faces at any time. Is this true of your risk register? Do you think it provides a good reflection of the risks the practice is exposed to in this area as well as the actions being taken to manage those risks? And have you considered the actions you should take in relation to a breach in data security?

All practices should have a strategy in place with which staff are familiar, and know what steps to take in the event of such a breach. Your strategy 
should include:

  • A recovery plan to limit the damage caused.
An immediate assessment of the risks associated with the breach, which will include personal, professional and reputational consequences.
Notification of the breach to those individuals concerned and also other relevant organisations, including the Information Commissioner’s Office.
A thorough investigation into the breach, which should identify areas for improvement.

Inadvertent breaches of patient confidentiality can occur in a range of circumstances, including:

Consultations, either by telephone or face-to-face, which can be overheard.
Staff speaking to patients in front of others, such as in reception areas or other public spaces in the building.
Computer screens that are sited so that friends or relatives accompanying a patient can see parts of the health record the patient may not wish to share.
Fax machines, computers or filing cabinets that are not secured appropriately.
Memory sticks, disks or laptops containing unencrypted personal data that can be mislaid or stolen.
Personal information provided over the telephone to the wrong person – for example, by being left on a voicemail or answer phone.
Prescriptions being collected by relatives or friends without explicit consent.

Practices have to be registered with the Information Commissioner’s Office. Financial penalties can be imposed for serious breaches of data security under the Data Protection Act (1998).

Bear in mind that in addition to health records, for which the Information Commissioner has published specific guidance, practices will hold many other kinds of personal data, such as information about employees, that are equally subject to the Act.5 Best practice in information governance is to follow the Caldicott principles and to have a clinician in the practice who takes responsibility for 
this function.(6)


Aim to develop a culture within your practice in which the observance of confidentiality is seen by all staff as key to their interaction with patients and an important part of the quality of the patient/customer experience. You can use training opportunities to develop staff awareness not only of the practice’s policies and procedures, but also of the areas in which inadvertent breaches of confidentiality may occur in day-to-day work. The best kind of training involves scenarios with real-time examples. The General Medical Council has an interactive web section in which issues relating to confidentiality are included in the range of case studies presented.


Looking critically at what goes on in your own practice may prove an eye-opener. A study of confidentiality in the waiting room, carried out in 2007 in a group of practices, showed that there were 44 inadvertent breaches of confidentiality over 26 hours of observation (see Box 3).(7)  


All staff need to be aware of the requirements of the NHS code of confidentiality 2003, together with the supplementary guidance in relation to public interest disclosures 2010, and data sharing issues relating to children and vulnerable adults.8-10 Regular training in security and confidentiality should include non-clinical staff, such as receptionists, who represent the practice’s front-of-house and may be the first people with whom a patient has contact.

In 2005, the British Medical Association published a discussion paper entitled Confidentiality as part of a bigger picture.11 The key findings are as applicable now as they were then. Patients were:

Worried about whether their personal data was kept securely.
Unsure about the extent to which their personal information could be shared both within the NHS and externally.
Unaware of the range of healthcare professionals other than their doctors who could access their data.

It is, therefore, vital that patients feel confident their personal details will not be divulged inappropriately. This is essential where staff may be handling data relating to neighbours, relatives or friends, and you should be aware of any areas in which there is a potential for conflicts of interest to arise. Deliberate and unlawful breaches of confidentiality can and do occur and, for some patients, fear that their confidentiality may be breached can prevent them accessing necessary healthcare.(12)

Since confidentiality is such an important component of the delivery of high-quality healthcare, you will want to ensure that your practice communicates effectively with patients on this subject. Your website and practice literature will need to cover the key aspects of this topic in a way that reassures the patient but is also factually accurate. It is helpful for patients to know:

What confidentiality means and how and to whom this applies.
Who may have access to their personal data and for what purpose.
What is meant by secondary use of patient data in anonymised form.
Practice procedures for the use of telephone, email and fax, including steps to verify patient identity.
Occasions where there may be sharing of information under particular legislation (with or without consent).
If your receptionists are trained to ask for information that will assist clinical staff in prioritising aspects of care.
That they do not have to disclose the reasons for making an appointment to the receptionist or other non-clinical staff if they do not wish to do so.

Issues relating to confidentiality will always remain a key risk for practices. No system will ever be foolproof and no cast-iron guarantee can ever be made. There is always the potential for human error or deliberate misuse of personal data. You can, however, take steps to mitigate the risks through a proactive and vigilant approach, and by recruiting high-calibre staff for whom observance of confidentiality is seen as central to the delivery of high-
quality healthcare.


1. NHS Summary Care Records. Your emergency care summary. Available from:

2. The Information Commissioner. Poor data security in the NHS. Press release, 15 June 2010. Available from:…

3. Medical Protection Society. New MPS data identifies the top five risks to general practices in 2009. Press release, 24 February 2010. Available from:

4. The National Patient Safety Agency. Seven steps to patient safety in general practice. London: NPSA; 2009.

5. The Information Commissioner. Use and disclosure of health data: Guidance on the Application of the Data Protection Act 1998. Available from…

6. NHS Information Governance Toolkit. Available from:

7. Scott K, Middlemass JB, Dyas JV, et al. Confidentiality in the waiting room: an observational study in general practice. Br J Gen Pract 2007;57:490-3.

8. Department of Health. Confidentiality: NHS Code of Practice. London: DH; 2003.

9. Department of Health. Confidentiality: NHS Code of Practice. Supplementary Guidance: Public Interest Disclosures. London: HM Government; 2010.

10. General Medical Council. Confidentiality. London: GMC; 2009.
British Medical Association. Confidentiality as part of a bigger picture. London: BMA; 2005.

12. Ward Platt, A. Keeping confidence: how easy is it? Management in Practice 2011;24:46-8.