Learn more about how your confidential patient data can be used beyond your individual care. For more information on the CAG, please see: www.hra.nhs.uk/about-us/committees-and-services/confidentiality-advisory-group/ If disclosure is not permitted under the common law, the patient or client may sue not only the organization but also the person responsible for the violation. All employees caring for the patient are bound by a duty of confidentiality and the patient must be informed. If a patient objects to the disclosure of information and you believe that it is not possible to treat them safely without sharing this information, you should explain this to them and point out that it may not be possible to refer them for treatment. It is essential that patients/service users have clear and accessible information on how their health and care information is used and shared. This should be included in the privacy notices that may be provided in the organizations` brochures and on the websites. To rely on implied consent, there should be no surprises for patients, so the information should clearly indicate with which health and care organizations the information can be shared. The Privacy Notice should be updated periodically to reflect changes in the way information is used and shared. According to the British Medical Association (BMA), any identifiable information about a patient stored by a healthcare professional in any form is confidential. This information includes, for example, clinical information, images of the patient, who the patient`s doctor is, which clinics the patient visits and when, and anything that can be used to directly or indirectly identify a patient.

10 The Information Commissioner strongly recommended that the consent of health and care organizations not be used as a condition of processing under the GDPR. Consent under the GDPR must be „voluntary, specific, informed and unambiguous.“ It is difficult to provide care without processing the information, which could interfere with a patient`s care. As a result, consent in the health and care sector is rarely given „voluntarily“. When deciding whether or not to disclose information about mentally incapable adults, you should make patient care your first concern, encourage the patient to get involved, respect their dignity, and consider their past desires, feelings, beliefs, and values. 40 If the disability is temporary, you should consider whether decision-making could be delayed. The opinion of permanent power of attorney of a mentally incapable person should be sought and a preliminary ruling should be given.40,41 In cases where a person is at risk of being neglected or abused, the information must be disclosed without delay to an appropriate responsible person or authority. 42 Transparency is an important element of data protection. You need to make sure your patients know how their data is being used and for what purposes it is being shared. There should be „no surprises“ to a patient regarding how their data is used.

If consent cannot be obtained for purposes other than individual care, permission to share medical or health planning services may be sought from the Health Research Authority or the Secretary of State for Health and Social Services under the Health Services (Control of Patient Information) Regulations, 2002. This is often referred to as „section 251 support.“ Section 251 allows the common law disclosure requirement to be waived for a period of time, subject to verification, so that confidential patient information can be used without breaching the obligation of confidentiality. For more information, see the RHS Guidelines. The common law duty of confidentiality presumably applies to the records of deceased patients as they appear in the Appeal Number of the Information Tribunal: EA/2006/0010 of 17 September 2007 between Pauline Bluck, Chief Information Officer and Epsom & St Helier University NHS Trust and Lewis v Secretary of State for Health [2008] EWHC 2196. Organizations may use a „privacy statement“ or „fair treatment“ to inform their patients, or use other methods. By law, the information provided must be concise, easy to understand and easily accessible. If you make a decision about disclosing confidential information, you must weigh the benefits of disclosure against the disadvantages of not disclosing that information. If you have doubts about whether or not to disclose information, you should contact an experienced colleague, Caldicott Guardian, or, for example, a panel child protection physician.58 You must obtain the patient`s consent for disclosure, unless this is not feasible, increases the risk of harm, or would compromise the purpose of the disclosure.59 You must provide clear documentation and the reasons for the disclosure, as if you were challenged in the future, you should be able to justify your decisions. Sets the standards required for NHS organisations with regard to patient privacy. In most cases, health and care workers will rely on consent as the basis for accessing and using confidential patient information. .