This is closely related to respect for autonomy. The duty to maintain confidentiality is important, but not absolute.
Patients are allowed to see their own records and under the Data Protection Act (1998) – this data must be accurate, held for defined purposes, relevant and neither kept any longer that necessary, nor disclosed to unauthorized persons.
There are a few different exceptions to the rule of confidentiality. For example, if the person is likely to cause serious mental or physical harm to either themselves or another person, then you’re allowed to breach confidentiality. In one famous case (1-), a doctor broke confidence and sought permission to disclose the medical records of patient W, an extremely violent serial killer, to the Home Office and the medical director of the hospital caring for W so as to inform them of how potentially dangerous he could be.
Confidentiality is not breached if the patient gives consent for his/her information to be shared or if it is shared with others involved in the patient’s care.
Confidentiality has to be very carefully maintained as highlighted in a case mentioned by the BMA (2002: 167): Over a golf match between a dentist and a GP the two men discovered they shared a patient. The GP told the dentist that the patient had had an abortion. The dentist told his wife, who told a friend. The friend then mentioned it to the patient.
Patients are often most concerned that their personal information will leak to their own social circle if confidentiality is breached and the NHS Information Authority found that although people did not mind other doctors seeing their medical records, they weren’t happy about receptionists seeing the same.
Doctors are required to disclose information in certain circumstances:
- When required by a judge in court or if issued a warrant under the Police and Criminal Evidence Act (1984)
- To a coroner if they request information about a deceased person whose death they are investigating
- If they need evidence about a living person during a public inquest 88
- To police under the Road Traffic Act (1983) but in this case they are only required to provide the name and address of the person
- Under the Terrorism Act (2000) where doctors are compelled to supply information they have relating to potential acts of terrorism
- If they suspect child abuse of any kind. There are also certain statutory duties:
- Infectious diseases that you have to tell the government of (TB, typhoid, measles, cholera etc.- but not AIDS – provided responsible behaviour on the part of those infected, it is not a significant risk to others)
- The registration of births and deaths
- Children born under the Human Fertilisation and Embryology Act (1990)
- Perhaps most controversially, under the Abortion Act (1967), the Chief Medical Officer must be notified of all terminations of pregnancy.
The risk of confidentiality breaches has increased significantly with electronic storage of information, and it’s pretty easy to see that while a patient is in hospital, their confidentiality is hardly kept under lock and key with their medical chart hanging at the end of their bed for anybody to pick up and look at.
How to answer a question about confidentiality
As a doctor you will have access to incredibly sensitive and personal data about many people- be they patients or colleagues. You may only break confidentiality in the cases stated above. It is incredibly important and it only takes a second of thinking about it from the other side – as the patient whose data may be compromised – to understand how essential it is you keep their details confidential. The issue of using data for research is quite contentious. You could argue that as certain research can be so valuable to so many people, anonymous records with nothing that could help identify the person it is about should be allowed, however some people just don’t want anybody to know their details and it is essential to respect their privacy.
1- W v Edgell  1 All ER 835
Also published on Medium.