3. 1 Introduction
2 Confidentiality
3 Confidentiality — Guidelines
4 Data Protection Act 1998
5 Access to Medical Records
6 Privacy
7 Other Legal Provisions
5. ‘… a duty of confidence arises when
confidential information comes to the
knowledge of a person (the confidant) in
circumstances where he has notice, or is held to
have agreed, that th e information is
confidential, with the effect that it would be
just in all the circumstances that he should be
precluded from disclosing the information to
others.’
AG v Guardian Newspapers (No 2)[1988] 3 All ER 545
6. The material for which protection is claimed must be:
1 Of limited public availability; and
2 Of a specific character.
SPECIFIC CHARACTER
For material to be protected as confidential it must be possible to
point to a definite body of material or source of information. The
material must not be so intermingled with material publicly
available that it is impossible to indicate its limits. This has been
stressed by the courts in relation to injunctions which must be so
drafted as to leave the party enjoined in no doubt as to what is
forbidden.
7. In order for a person to be held liable for breach of confidence, it must
be shown that:
1 The material communicated to them had the necessary quality
of confidence.
2 It was communicated or became known to them in
circumstances entailing an obligation of confidence.
3 There was an unauthorised use of that material.
Coco v AN Clark (Engineers) Ltd [1969] RPC 41 at 47–48, per Megarry J
Some authorities require that the unauthorised use be to the
detriment of the claimant.
An obligation of confidence which is or becomes unreasonable may
not be enforced even if detriment to the claimant is shown.
8. R (on the application of Leonard O’Reilly) v Blenheim Healthcare Ltd. [2005] EWHC 241 (Admin)
F a cts
The claimant was detained under sections 37 and 41, having been convicted of ABH on his father.
He attributed the motivation, or at least the background, for his assault, to abuse that he said he
suffered at the hands of his father during his childhood. The RMO wished to enquire into the
claimant's past personal history.
The claimant sought judicial review. The issue which arose was whether the claimant had a legal
right to prevent such enquiries being made. He argued that his rights under art 8 of the European
Convention on Human Rights would be infringed because if the enquiries took place there would
be a communication by the RMO to the claimant's parents of confidential medical information
relating to the claimant himself, which would be wrong without the consent of the claimant or
other legal justification.
He ld
The claim would be dismissed.
(1) The inquiries sought to be made by the RMO were not treatment. An enquiry of a third party
was not within that category.
(2) It had not been established that there was any real risk of confidential information being
disclosed. Moreover, mere contact itself between the RMO and the claimant's parents could not
infringe the Article 8 rights of the claimant. The object of the enquiry is to obtain information and
not to communicate it. Accordingly there was no possible infringement of Article 8.
9. The confidentiality of information concerning misconduct or
iniquity which in the public interest ought to be disclosed will
not be protected.
This applies to matters relating to past and contemplated crime,
health risks to the public, and matters within the purview of
regulatory bodies or public inquiries set up to investigate the
efficiency of public bodies or institutions.
See, e.g., A Health Authority v X [2001] EWCA Civ 2014, [2002] 2
All ER 780, where it was held that there is a high public interest
in seeing that professional disciplinary hearings for medical
malpractice are properly administered, and that this could
outweigh the confidentiality of patient records that are
inextricably linked with the case papers.
10. ‘The crucial question is how, on the special
facts of the case, the balance should be
struck between the public interest in
maintaining professional confidences and
the public interest in protecting the public
against possible violence.’
Egdell case
W. v. Egdell and others [1990] Ch. 359
11. It had never been doubted that the circumstances imposed on
Dr. Egdell a duty of confidence to W. The breadth of that duty
was dependent on the circumstances. The decided cases very
clearly established (1) that the law recognised an important
public interest in maintaining professional duties of confidence
but (2) that the law treated such duties not as absolute but as
liable to be overridden where there was held to be a stronger
public interest in disclosure.
The crucial question was how, on the special facts of the case,
the balance should be struck between the public interest in
maintaining professional confidences and the public interest in
protecting the public against possible violence.
12. ‘There was one consideration which weighed the balance of public interest
decisively in favour of disclosure. It could be shortly put. Where a man had
committed multiple killings under the disability of serious mental illness,
decisions which might lead directly or indirectly to his release from hospital
should not be made unless a responsible authority was properly able to make an
informed judgment that the risk of repetition was so small as to be acceptable. A
consultant psychiatrist who became aware, even in the course of a confidential
relationship, of information which led him, in the exercise of what the court
considered a sound professional judgment, to fear that such decisions might be
made on the basis of inadequate information, and with a real risk of consequent
danger to the public, was entitled to take such steps as were reasonable in all the
circumstances to communicate the grounds of his concern to the responsible
authorities. There was no doubt that the judge’s decision in favour of Dr. Egdell
was right on the facts of this case. Nor could it be said that if Dr. Egdell was
entitled to make some disclosure he should have disclosed only the crucial
paragraph of his report and his opinion. An opinion, even from an eminent source,
could not be evaluated unless its factual premise was known, and a detailed 10-
page report could not be reliably assessed by perusing a brief extract.’
13. R v Crozier (1990) The Guardian, 8 May
The defendant had pleaded guilty to attempted murder and
proceedings had been adjourned for medical reports. Dr M was
instructed to examine Mr Crozier. However, his report did not reach
defence counsel at the time of the hearing. The defendant was
sentenced to nine years in prison.
Dr M then arrived late. Approaching counsel for the prosecution, he
informed him that in his opinion the defendant was suffering from a
psychopathic disorder under the Mental Health Act 1983. He also
said that another doctor who had originally been of the view that the
defendant was not suffering from that mental disorder had changed
his mind. The prosecution applied for and obtained variation of
sentence, with the judge making hospital and restriction orders.
The defendant’s appeal was rejected. The Court of Appeal said that
Dr M had been in very much the same position as had Dr Egdell.
Both doctors had believed that they were acting in the public
interest.
15. See, Good Medical;
Practice, 2006
Guidelines General Medical Council
16. ‘37. Patients have a right to
expect that information about
them will be held in
confidence by their doctors.
You must treat information
about patients as confidential,
including after a patient has
died. If you are considering
disclosing confidential
information without a
patient’s consent, you must
follow the guidance in
Confidentiality: Protecting and
providing information.’
‘Good Medical Practice’ General Medical Council
17. See, Confidentiality:
Protecting and
Providing Information,
April 2004
April 2004 Guidance General Medical Council
18. 1. If you are asked to provide information about patients you must:
inform patients about the disclosure, or check that they have already received
information about it;
anonymise data where unidentifiable data will serve the purpose;
be satisfied that patients know about disclosures necessary to provide their care,
or for local clinical audit of that care, that they can object to these disclosures but
have not done so;
seek patients’ express consent to disclosure of information, where identifiable
data is needed for any purpose other than the provision of care or for clinical audit
– save in the exceptional circumstances described in this booklet;
keep disclosures to the minimum necessary; and
keep up to date with and observe the requirements of statute and common law,
including data protection legislation.
April 2004 Guidance
19. Circumstances where patients may give implied consent to disclosure
Sharing information in the health care team or with others providing care
10. Most people understand and accept that information must be shared within the
health care team in order to provide their care. You should make sure that patients
are aware that personal information about them will be shared within the health
care team, unless they object, and of the reasons for this … You must respect the
wishes of any patient who objects to particular information being shared with
others providing care, except where this would put others at risk of death or
serious harm.
11. You must make sure that anyone to whom you disclose personal information
understands that it is given to them in confidence, which they must respect …
12. Circumstances may arise where a patient cannot be informed about the sharing
of information, for example because of a medical emergency. In these cases you
must pass relevant information promptly to those providing the patient’s care.
April 2004 Guidance
20. Disclosures required by law
18. You must disclose information to satisfy a specific statutory requirement, such
as notification of a known or suspected communicable disease. You should inform
patients about such disclosures, wherever that is practicable.
Disclosures to courts or in connection with litigation
19. You must also disclose information if ordered to do so by a judge or presiding
officer of a court …
Disclosures to statutory regulatory bodies
21. Patient records or other patient information may be needed by a statutory
regulatory body for investigation into a health professional’s fitness to practise …
April 2004 Guidance
21. Disclosures in the public interest
22. Personal information may be disclosed in the public interest, without the patient’s consent,
and in exceptional cases where patients have withheld consent, where the benefits to an
individual or to society of the disclosure outweigh the public and the patient’s interest in
keeping the information confidential ...
23. Before considering whether a disclosure of personal information ‘in the public interest’
would be justified … you should still try to seek patients’ consent, unless it is not practicable to
do so, for example because … the patients are not competent to give consent …; or the patient
has been, or may be violent; or obtaining consent would undermine the purpose of the
disclosure (e.g. disclosures in relation to crime) …
24. In cases where there is a serious risk to the patient or others, disclosures may be justified
even where patients have been asked to agree to a disclosure, but have withheld consent (for
further advice see paragraph 27).
25. You should inform patients that a disclosure will be made, wherever it is practicable to do
so …
April 2004 Guidance
22. Disclosures to protect the patient or others
27. Disclosure of personal information without consent may be justified in the
public interest where failure to do so may expose the patient or others to risk of
death or serious harm. Where the patient or others are exposed to a risk so serious
that it outweighs the patient’s privacy interest, you should seek consent to
disclosure where practicable. If it is not practicable to seek consent, you should
disclose information promptly to an appropriate person or authority. You should
generally inform the patient before disclosing the information. If you seek consent
and the patient withholds it you should consider the reasons for this, if any are
provided by the patient. If you remain of the view that disclosure is necessary to
protect a third party from death or serious harm, you should disclose information
promptly to an appropriate person or authority. Such situations arise, for example,
where a disclosure may assist in the prevention, detection or prosecution of a
serious crime, especially crimes against the person, such as abuse of children.
April 2004 Guidance
23. Disclosures in relation to the treatment sought by children or others who lack capacity to give
consent
28. Problems may arise if you consider that a patient lacks capacity to give consent to treatment
or disclosure. If such patients ask you not to disclose information about their condition or
treatment to a third party, you should try to persuade them to allow an appropriate person to
be involved in the consultation. If they refuse and you are convinced that it is essential, in their
medical interests, you may disclose relevant information to an appropriate person or authority.
In such cases you should tell the patient before disclosing any information, and where
appropriate, seek and carefully consider the views of an advocate or carer …
Disclosures where a patient may be a victim of neglect or abuse
29. If you believe a patient to be a victim of neglect or physical, sexual or emotional abuse and
that the patient cannot give or withhold consent to disclosure, you must give information
promptly to an appropriate responsible person or statutory agency, where you believe that the
disclosure is in the patient’s best interests …
April 2004 Guidance
24. Q14 I work with sex offenders who are transferred from prison to hospital during their
custodial sentence. A patient has recently been discharged, but I know he does not intend to
register his new address with the police, as he is required to do by law. Should I tell the police
he has been discharged?
The Sex Offenders Act 1997 requires the offender to register his name and address with the
police. However, disclosures without consent are justified when a failure to disclose information
may put the patient, or someone else, at risk of death or serious harm. If you believe that the
patient poses a risk to others, and you have good reason to believe that he does not intend to
notify the police of his address, then disclosure of the patient’s discharge would be justified.
April 2004 Guidance
25. 1.
Q15 A child in my practice has recently been taken to hospital suffering serious injuries from
abuse. His father is now being prosecuted. I’ve been asked to provide information about the
child and her family for a Case Review. I’m the GP to the child’s father and he won’t give
consent to the release of information, what should I do?
Case Reviews are often set up to identify why a child has been seriously harmed, to learn
lessons from mistakes and to improve systems and services for children and their families. (In
England and Wales such reviews are often referred to as Part 8 Reviews).
Where the overall purpose of a review can reasonably be regarded as serving to protect other
children from a risk of serious harm, you should co-operate with requests for information, even
where the child’s family does not consent, or if it is not practicable to ask for their consent.
Exceptionally, you may see a good reason not to disclose information; in such cases you should
be prepared to explain your decision to the GMC.
April 2004 Guidance
26. Q16 A patient of mine is a doctor; I am concerned that he has a drinking problem which could
affect his judgement. It has taken me a long time to get him to admit to any problems, and if I
disclose the information to his employer or the GMC now he will probably deny everything and
find another doctor. What should I do?
This patient has the same right to good care and to confidentiality as other patients. But, there
are times when the safety of others must take precedence. If you are concerned that his
problems mean that he is an immediate danger to his own patients, you must tell his employing
authority or the GMC straight away. If you think the problem is currently under control, you
must encourage him to seek help locally from counselling services set up for doctors or for the
public generally. You must monitor his condition and ensure that if the position deteriorates
you take immediate action to protect the patients in his care.
April 2004 Guidance
27. Q17 A patient of mine suffers from a serious mental illness. He is often erratic and unstable. I know that he
drives, although I have warned him that it is often unsafe for him to do so. He insists that his illness does not
affect his judgement as a driver. Should I tell the DVLA?
Where patients have such conditions you should:
a. Make sure that patients understand that the condition may impair their ability to drive. If a patient is
incapable of understanding this advice, for example because of dementia, you should inform the DVLA
immediately.
b. Explain to patients that they have a legal duty to inform the DVLA about the condition.
If patients refuse to accept the diagnosis or the effect of the condition on their ability to drive, you can suggest
that the patients seek a second opinion, and make appropriate arrangements for the patients to do so. You
should advise patients not to drive until the second opinion has been obtained. If patients continue to drive
when they may not be fit to do so, you should make every reasonable effort to persuade them to stop. This may
include telling their next of kin, if they agree you may do so.
If you do not manage to persuade patients to stop driving, or you are given or find evidence that a patient is
continuing to drive contrary to advice, you should disclose relevant medical information immediately, in
confidence, to the medical adviser at the DVLA. Before giving information to the DVLA you should try to inform
the patient of your decision to do so. Once the DVLA has been informed, you should also write to the patient, to
confirm that a disclosure has been made.
April 2004 Guidance
28. W h o i s m o s t a t r i s k o f v i o l enc e?
Are these individuals aware of the
risk, the history of violence, the
AE
context within which it occurred,
a n d a n y w a r n i n g s i g n s?
Will strictly observing th e
confidentiality of patient information
place any person(s) at greater risk?
Should information about the risks
therefore be shared with those
bearing the risks, as part of the risk
management strategy?
29. The Nursing and Midwifery Council Code of Professional Conduct
http://www.nmc-uk.org/(sknklt551haimf55pdsrmd25)/aFrameDisplay.aspx?DocumentID=475
The Chartered Society of Physiotherapy: Rules of Professional Conduct
http://www.csp.org.uk/director/effectivepractice/rulesofconduct/professionalconduct.cfm
General Social Care Council: Codes of Practice for Social Care Workers and Employers
http://www.gscc.org.uk/Good+practice+and+conduct/What+are+the+codes+of+practice/
Information on ethical practice
This can be obtained from the British Medical Association at:
http://www.bma.org.uk/ap.nsf/Content/Hubethics
Information on record keeping can also be obtained from the following:
N u r s i n g a n d M i d w if e r y C o u n c i l ( N M C ) G u i d a n c e 0 1 . 0 5
Guidelines prepared by the NMC on records and record-keeping practices for nurses and midwives. See:
http://www.nmc-uk.org/(k452wr55m2qj1p2ppgy3xf45)/aDisplayDocument.aspx?DocumentID=1120
Midwives' Rules and Standards - NMC Standards 05.04
The Nursing and Midwifery Order 2001 requires the NMC to set rules and standards for midwifery. The rules and standards
document provides guidance on the interpretation of these rules and standards and includes record keeping. See:
http://www.nmc-uk.org/(k452wr55m2qj1p2ppgy3xf45)/aDisplayDocument.aspx?DocumentID=169
31. Trusts are required by law to look after all personal
information in accordance with the Data Protection Act of
1998.
They will be registered as a ‘Controller’ of personal
information with the Office of the Information
Commissioner.
The Act replaces the Access to Health Records Act 1990
(except for records relating to people who have died) and
allows patients to have access to their medical records
subject to certain limited exceptions. However, the Act is
extensive and covers all types of data whether held on
computer database or in manual form.
32. Personal data Personal data means information which relates to
a living individual who can be identified from that
information, or other information held by the data
controller, and includes any expression of opinion
about the individual and any indication of the
intentions of the data controller or any other
person in respect of the individual. The definition
does not cover information relating to someone
who has died. Access to health records relating to
deceased individuals is still covered by the Access
to Health Records Act 1990.
Sensitive personal Sensitive personal data includes information
data relating to ethnic or racial origin, religious or
political beliefs, physical or mental health, sexual
matters and criminal offences.
33. Processing Processing has an extensive definition. It means
obtaining, recording or holding information or any
handling of the information, including organising,
altering, retrieving, using, disclosing or destroying
the information.
Data processor Data processor means any person (other than an
employee of the data controller) who processes
personal information on behalf of the data
controller.
Data subject Data subject means the individual to whom the
information refers. A data subject must be a living
individual. Organisations such as companies and
other corporate and unincorporated bodies of
persons cannot, therefore, be data subjects.
34. Data controller Data controller means the person who determines
the purposes for which and the manner in which
any information is to be processed (broadly
speaking, the person who holds the data). It is the
duty of the data controller to comply with the
Data Protection Principles. The definition of data
controller comprises individuals, companies and
other organisations including corporate and
unincorporated entities. More than one person
can be a data controller.
In terms of disclosure and the Act, disclosing information about a
patient’s mental health therefore involves a data processor/
professional processing/using and disclosing information/sensitive
personal data concerning the patient/data subject.
35. There are eight
principles governing the
proper handling of data
under the Act.
36. Personal data shall be processed fairly and lawfully and, in
particular, shall not be processed unless:
1 At least one of the conditions in Schedule 2 is met
And, in the case of sensitive personal data, either
2a At least one of the conditions in Schedule 3 is also met
OR
2b Processing is permitted in the public interest.
37. Is at least one of the
Patient (data subject) has given their consent.
The disclosure (processing) is necessary to
conditions in Schedule
comply with a legal obligation.
2 met? The disclosure (processing) is necessary in
order to protect the vital interests of the
patient (data subject), i.e. where the
processing is necessary for matters of life and
death.
The disclosure (processing) is necessary for
the administration of justice or the exercise of
functions of a public nature in the public
interest.
The processing is necessary for the pursuit of
legitimate interests by the trust (data
controller) or the person to whom the
information is being disclosed, unless such
processing is unwarranted because of
prejudice to the rights, freedoms or legitimate
interests of the data subject.
Is Schedule 2 satisfied? The Conditions
38. The data subject has given their explicit
consent to the processing (implied consent is
not sufficient).
The processing is necessary for the purposes
of exercising or performing any right or
obligation relating to employment.
The processing is necessary in order to protect
Is at least one of the
the “vital interests” of the data subject or
another person in a case where consent cannot
be given by or on behalf of the data subject, or
conditions in Schedule the data controller cannot reasonably be
expected to obtain their consent.
3 (also) met? The processing is necessary in order to protect
the vital interests of another person, in a case
where consent by or on behalf of the data
subject has been unreasonably withheld.
The processing is necessary for the exercise of
any functions conferred on any person by or
under any enactment.
The information has already been made public
by the data subject.
The processing is necessary for legal
proceedings or the administration of justice.
The processing is necessary for the provision
of care and treatment and the management of
healthcare services and is undertaken by a
health professional, or a person who in the
circumstances owes a duty of confidentiality
which is equivalent to that which would arise if
that person were a health professional.
The processing is permitted by the 2000 Order
(substantial public interest, see Step 3).
Is Schedule 3 satisfied? The Conditions
39. Sensitive personal data (for example information
relating to physical or mental health) may be lawfully
processed without explicit consent where there is a
substantial public interest in disclosing the data for any
Is the disclosure of the following purposes:
(processing) permitted
1. for the detection and prevention of crime;
2. for the protection of members of the public against
in the substantial malpractice, incompetence, mismanagement etc;
to publicise the fact of malpractice, incompetence,
public interest?
3.
mismanagement etc, for the protection of the
public;
4. to provide confidential counselling and advice
where explicit consent cannot be given nor
reasonably obtained, or where the processing must
(Alternative ground to
be carried out without explicit consent so as not to
prejudice that confidential counselling or advice; or
Step 2)
5. to undertake research that does not support
measures or decisions with respect to any particular
data subject unless the data subject has explicitly
consented and does not cause, nor is likely to
cause, substantial damage or substantial distress to
the data subject or any other person.
6. Where the processing is necessary for the exercise
of any functions conferred on a constable by any
r u l e o f l a w.
The 2000 Order
Public Interest
Conditions
See: The Data Protection (Processing of Sensitive Personal Data Order) 2000
40. 2 Lawful purpose Personal data shall be obtained only for one or
more specified and lawful purposes, and shall not
be further processed in any manner incompatible
with that purpose or those purposes.
3 Proportionality Personal data shall be adequate, relevant and not
excessive in relation to the purpose or purposes
for which they are processed.
4 Accuracy Personal data shall be accurate and, where
necessary, kept up to date. Information is
inaccurate if it is incorrect or misleading as to any
matter of fact.
5 Relevance Personal data processed for any purpose or
purposes shall not be kept for longer than is
necessary for that purpose or purposes. Data
controllers must therefore review the information
they hold on a regular basis and delete any
information no longer required.
41. 6 Compliance Personal data shall be processed in accordance with
the rights of data subjects under the Act. This means
that a data controller must comply with the provisions
of the Act relating to access to information, the
prevention of processing which causes distress and
the correction of inaccurate data.
7 Security Appropriate technical and organisational measures
shall be taken against unauthorised or unlawful
processing of personal data and against accidental
loss or destruction of, or damage to, personal data.
Data controllers must ensure that adequate safeguards
are taken to protect information and keep it
confidential.
8 Jurisdiction Personal data shall not be transferred to a country or
territory outside the European Economic Area unless
that country or territory ensures an adequate level of
protection for the rights and freedoms of data subjects
in relation to the processing of personal data.
42. In determining whether personal data are processed fairly,
regard is to be had to the method by which they are
obtained, including in particular whether any person from
whom they are obtained is deceived or misled as to the
purpose or purposes for which they are to be processed.
For the purposes of the first principle, data are to be
treated as obtained fairly if they consist of information
obtained from a person who—
(a) is authorised by or under any enactment to supply it, or
(b) is required to supply it by or under any enactment or
by any convention or other instrument imposing an
international obligation on the United Kingdom.
43. HSC1999/012, dated 22 January 1999, instructed Chief Executives of NHS
organisations to appoint a Caldicott Guardian by 31 March 1999.
A Caldicott Guardian is a senior person responsible for protecting the
confidentiality of patient and service-user information and enabling
appropriate information-sharing.
The Caldicott Guardian Manual takes account of developments in information
management in the NHS and in Councils with Social Services Responsibilities
since the publication of the Caldicott report. It sets out the role of the
Caldicott Guardian within an organisational Caldicott/confidentiality function
as a part of broader information governance.
For a copy of the manual, see
http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/Publication
sPolicyAndGuidance/DH_062722.
45. The Act provides that, upon making a request in writing and payment of a fee (currently no
more than £10 for computer records and £50 for paper records), an individual is entitled to be
told by the data controller whether they or someone else on their behalf is processing that
individual’s personal data and, if so, to be given a description of the information, the purposes
for which it is being processed and the people to whom it is or may be disclosed.
The individual is also entitled to be given a copy of the information in an intelligible and
permanent form unless this would involve “disproportionate effort”. The data controller must
comply with a request for access as soon as possible and, in any event, within 40 days of the
request.
The data controller must consider whether the information in question contains information
relating to an identifiable third party (who is not a health professional). If it does, then where
the data controller cannot comply with the request without disclosing information relating to
such other party, he is not obliged to comply unless the other individual has consented to the
disclosure. However, he can do so if it is reasonable in all the circumstances to comply without
the consent of the other individual.
46. Where the application is made on behalf of a child or an
incapacitated adult, the data controller may also withhold
any information which was provided on the understanding
that it would not be disclosed to that person.
Where information can be disclosed, the courts have held
that there is a discretion to disclose information to carers
in order to allow them to exercise their rights as carers,
even if the consent of the person being cared for cannot
be obtained.
A balance needs to be struck between the individual’s
right to confidentiality and the rights of the carer to be
able to exercise his or her responsibilities.
47. Special rules apply to health and social work records.
Access to health records may be refused on medical advice
by the data controller where disclosure would be “likely to
cause serious harm to the physical or mental health or
condition of the data subject or another
person”. However, the data controller can only do this
after consulting the “appropriate health professional”
(meaning the person most recently responsible for the
patient’s clinical care in connection with the subject matter
of the request).
There is a similar provision in relation to social work
records. In this case, however, the decision rests with the
social work authority alone, with no obligation to consult
any other professional.
48. 1 Processing causing If an individual believes that a data
distress controller is processing personal data in a
way that causes, or is likely to cause,
substantial unwarranted damage or distress,
t h e A c t p r o v i d e s t h a t t h e i n d i v i d u al c a n s e n d
a notice to the data controller requiring him
or her to stop the processing.
When the data controller receives such a
n o t i ce h e o r s h e m u s t , w i t h i n 2 1 d a y s , r e p l y
to the individual stating either that he or she
has complied with the request or explaining
what he or she intends to do. If the
individual is not happy with the decision of
the data controller, he or she can appeal to
the Information Commissioner.
49. 2 Dealing with An individual may feel aggrieved about errors, omissions
inaccurate facts or other inaccuracies which may be contained in personal
d at a.
If the complaint is about inaccurate facts as opposed to
disputed opinions, the individual may apply to the Court
for an order requiring the data controller to rectify, block,
erase or destroy the inaccurate data, together with any
other personal data which contain an expression of
o p i n i on w h i c h t h e C o u r t f i n d s i s b a s e d o n t h e i n a c c u r a t e
data. Data are only inaccurate if they are incorrect or
m i s l e a di ng a s t o a n y m a t t e r o f f a c t .
T h e C o u rt m ay als o m ak e s u c h an o rd e r if t h e d at a
subject has suffered damage due to any breach of the Act
and there is a substantial risk of further breaches
occurring.
In either of these cases the Court may order the data
controller to notify third parties to whom the data have
been disclosed of the rectification, blocking, erasure or
destruction.
50. 3 Dealing with It is far more difficult to alter statements of
disputed opinions opinion such as medical diagnoses, unless
these have clearly been formed from
obviously incorrect facts. In these
circumstances, the practical solution may be
f o r t h e d a t a s u b j e ct t o s u b m i t t o t h e d a t a
controller his or her own statement of facts,
with or without a second opinion. This can
t h en b e a d d e d t o t h e f i l e . I f t h e d a t a
controller refuses to record such statement,
t h e d a t a s u b j e ct m a y a p p l y t o t h e C o u r t ,
w h i ch c a n o r d e r t h a t t h e d a t a b e
supplemented by an approved statement of
t h e t rue fa c t s o r m a k e a ny o t he r o rde r a s it
se es f i t .
51. Records Management: NHS Code of Practice, Department of Health, April 5
2006
The NHS Information Governance Toolkit
The Information Governance Toolkit return is required from all NHS
organisations and provides guidance and best practice on all facets of
information governance including:
Data Protection Act 1998
Freedom of Information Act 2000
The NHS Confidentiality Code of Practice
Records Management
Information Quality Assurance
Information Security
Information Governance Management.
See: http://nww.nhsia.nhs.uk/infogov/igt/
53. 1. Everyone has the right to respect for his private and family
life, his home and his correspondence.
2. There shall be no interference by a public authority with the
exercise of this right except such as is in accordance with
the law and is necessary in a democratic society in the
interests of national security, public safety or the economic
well-being of the country, for the prevention of disorder or
crime, for the protection of health or morals, or for the
protection of the rights and freedoms of others.
54. Is the national measure, or the local policy or
procedure, which interferes with the enjoyment of a
Convention right proportionate to the (legitimate) aim
which the measure seeks to achieve?
Is the measure actually appropriate?
Does the measure have a wider effect than is strictly
necessary?
Does the measure impose an excessive burden on any
individual?
55. PRIVATE LIFE FAMILY LIFE
Personal life F a m il y t i e s
Relationships C o h a bita tion
Sexual identity Family visits/children
Telephone calls, data Protection from
H e a l th a n d i n j u r y domestic violence
Sexual practices Hospital transfers?
M ai l
Personal office space
56. In Z v Finland, the ECHR had
observed that ‘respecting the
confidentiality of health data
is a vital principle in the legal
systems of all the Contracting
Parties to the Convention. It is
crucial not only to respect the
sense of privacy of a patient
but also to preserve his or her
confidence in the medical
profession and in the health
services in general.’
Z v Finland (1997) 25 EHRR 371, 45 BMLR 107; See also MS
v Sweden (1997) 28 EHRR 313, 45 BMLR 133, 3 BHRC 248
57. Stone v South East Coast Strategic Health Authority and others
[2006] EWHC 1668 (Admin), CO/10426/2005
Following the conviction of Mr Stone at his first trial, the three Defendants
commissioned an independent Inquiry into his care, treatment and supervision.
In 2005, Mr Stone objected to the report in its full form being published to the world at
large. He accepted that the full report could be provided to health professionals and
relevant professional bodies and similar agencies (who would be under a duty of
confidentiality with regard to its contents).
He also accepted that some version of the report properly could, indeed should, be
placed before the public.
However, he asserted that the extensive citations from his private medical and other
such notes, and disclosure of psychiatric and other such information in the report
would, if publicised, be a disproportionate and unlawful interference with his private life,
contrary to art 8 of the European Convention on Human Rights.
It was also asserted that publication would breach the provisions of the Data Protection
A c t 1998.
58. Grounds of Appeal
Ultimately the two grounds pursued in court were that:
1. Publication to the world at large of the full report was not in accordance with law
or necessary in the public interest, by reference to Article 8 of the Convention.
2. In any event, such publication would constitute a breach of the provisions of the
Data Protection Act 1998.
He ld
It is notable that in a letter dated 9 July 2004 that the panel chairperson had
explained that in preparing its report the Panel had considered whether the facts set
out were (in the view of the panel) necessary to be included in the public interest
after taking account of Mr Stone's rights in respect of his privacy and the
confidentiality of his records. Specific examples were given to the court of matters
excluded from the final version of the report by the panel as not satisfying this
requirement.
59. The most weighty point in Mr Stone’s favour was his entitlement to claim a right of privacy (see
Article 8). However, this was significantly outweighed by a number of other considerations:
1) The publication of a report undertaken by a system of expurgation that involved removing
references to the contents of medical notes, and (in some respects) editing comments and
conclusions of the inquiry, was not viable and could even mislead.
2) There was a true public interest in the public knowing of the actual care and treatment supplied
to Mr Stone; and knowing, and being able to reach an informed assessment of, the failures
identified and the steps recommended to address identified deficiencies. Such an objective could
not be met simply by releasing a full version of the report to relevant health professionals.
3) Where individuals or agencies involved in Mr Stone's treatment were or were not criticised, the
public could legitimately expect to know the full reasons for that. The information to be disclosed
was disclosed solely with the aim of providing an informed view as to what went wrong, with a view
to important lessons being learned for the future, both for the assistance of other people in the
position of Mr Stone and for the protection and reassurance of the public. The actual details of the
case were crucial for an informed assessment of the Panel’s conclusions and comments.
60. 4) A justification for restricting Mr Stone's right to privacy in this context was
that the inquiry and publicity had arisen out of Mr Stone's own acts. He had, as
it were, put himself in the public domain by reason of those criminal acts.
5) A great deal of information relating to his background, treatment and
mental health was already in the public domain.
6) Josie Russell and Dr Russell - the victims - supported publication. So did
the panel itself and all the Defendants - the Secretary of State and relevant
Mental Health authorities.
7) Publication of the report in full could only assist the legitimate and ongoing
public debate about the treatment of the mentally ill and those with disturbed
personalities in the community.
61. Data Protection Act 1998
The Data Protection Act 1998 was made in consequence of Directive 95/46/EC of 24
October 1995. As a matter of principle, the Act should be sought to be interpreted so as
to accord with the policy and purpose behind the Directive.
A condition in Schedule 2 was satisfied (‘The processing is necessary . . . for the purpose
of any other functions of a public nature exercised in the public interest by any person’).
A condition in Schedule 3 was satisfied. Paragraph 7 provides that one such condition is
where ‘the processing is necessary . . . (b) for the exercise of any functions conferred on
any person by or under an enactment’. The Defendants had the power to commission
an inquiry and promulgate its report. It was established under section 2 of the National
Health Service Act 1977 and para 3 of the 2002 Regulations.
(Obiter) The report’s publication would also be within the ambit of "medical purposes",
for the purposes of para 8, as relating to "the management of healthcare services". It
would also be "necessary" for such medical purposes. Furthermore the processing would
be by the Defendants, who are within the class of persons owing a duty of confidentiality
equivalent to that which would arise if they were health professionals.
63. This Act has been repealed to the extent that it now only affects the
health records of deceased patients. It applies only to records created
since 1 November 1991.
The Act allows access to:
a) the deceased’s personal representatives (both executors or
administrators) to enable them to carry out their duties; and
b) anyone who has a claim resulting from the death.
However, this is not a general right of access, it is a restricted right
and the following circumstances could limit the applicant's access:
if there is evidence that the deceased did not wish for any or part of
their information to be disclosed; or
if disclosure of the information would cause serious harm to the
physical or mental health of any person; or
if disclosure would identify a third party (i.e. not the patient nor a
healthcare professional) who has not consented to that disclosure.
64. As with the Data Protection Act, a medical professional may be
required to screen the notes before release.
Under the Act, if the record has not been updated during the 40
days preceding the access request, access must be given within 21
days of the request. Where the record concerns information all of
which was recorded more than 40 days before the application,
access must be given within 40 days, however, as with the Data
Protection Act 1998, organisations should endeavour to supply the
information within 21 days.
A fee of up to £10 may be charged for providing access to
information where all of the records were made more than 40 days
before the date of the application. No fee may be charged for
providing access to information if the records have been amended
or added to in the last 40 days.
Where a copy is supplied, a fee not exceeding the cost of making the
copy may be charged. The copy charges should be reasonable, as
the doctor or organisation may have to justify them. If applicable,
the cost of posting the records may also be charged.
65. Records management considerations
Organisations should have processes that address where and how
the records of deceased persons are stored. Secure and
environmentally safe storage is vital to ensure that records are
maintained in good order and are available if required.
It is essential that organisations put in place processes and
procedures to enable the efficient and effective retrieval of such
records within the timescales specified by the Act.
66. Section 60 of this Act gives the Secretary of State
for Health the power to make regulations to
authorise or require health service bodies to
disclose patient information, including data
which is patient-identifiable, which is needed to
support essential NHS activity, in the interests of
improving patient care or in the wider public
interest.
The processing permitted is still subject to the
Data Protection Act 1998. However, it does mean
that the common law duty to obtain consent has
been set aside.
67. The aim of the Act is to allow individuals to see medical reports written about them, for employment or
insurance purposes, by a doctor who they usually see in a 'normal' doctor/patient capacity. This right can be
exercised either before or after the report is sent.
The chief medical officer of the employer/insurer is the applicant and he/she will send a request for a report to
the doctor. The request must be accompanied by a written and signed patient consent.
The patient may view the report by obtaining a photocopy, or by attending the organisation to read the report
without taking a copy away. The patient has a right to view the report from the time it is written and has a
window to do so before the report is supplied, or he/she may view it after supply for up to six months.
However, in certain circumstances the patient may be prohibited from viewing all or part of the report if:
in the opinion of the doctor, viewing the report may cause serious harm to the physical or mental health of the
patient; or
access to the report would disclose third-party information where that third party has not consented to the
disclosure.
The patient retains the right to withdraw consent to the report's preparation and/or supply at any time.
Therefore, if the patient is unable to view any of the report due to one of the circumstances listed above, he/she
can refuse to allow it to be supplied.
If a patient disagrees with the content of the report, he/she has several options. He/she can:
refuse to allow its supply;
ask the doctor to correct agreed inaccuracies; or
have a note added addressing the point(s) of disagreement.
Records management considerations
It is important that these reports remain accessible to the patient for at least six months after they have been
supplied to the employer or insurer. After six months, organisations should consider whether retention is
necessary; however, if they do decide to retain the report it must be accessible should a subsequent subject
access request be made. In some organisations, it may be easier to hold the report as part of the health record.
68. The Act allows a worker to breach their duty of confidentiality towards their
employer for the purpose of ‘whistle-blowing’. A disclosure qualifying for
protection under the Act is known as a ‘qualifying disclosure’.
Such a disclosure is allowed in the following circumstances:
where criminal activity or breach of civil law has occurred, is occurring, or is
likely to occur;
where a miscarriage of justice has occurred, is occurring or is likely to occur;
where health and safety has been, is, or is likely to be compromised;
where the environment has been, is being or is likely to be damaged; or
where information indicating evidence of one of the above circumstances is
being or is likely to be deliberately concealed.
69. A qualifying disclosure must only be made:
in good faith to the individual’s employer, or to any other person having
legal responsibility for the conduct complained of;
for the purpose of obtaining legal advice;
where the worker is employed by the Crown, in good faith to a Minister of
the Crown; or
in good faith to a person prescribed by the Secretary of State.
Under this Act, the worker must reasonably believe that any allegation s/he
makes is substantially true.
70. If it is the employer who is responsible for the conduct complained of, the Act
allows a worker to make a disclosure to a person not noted above, provided the
following conditions are met:
it must be made in good faith, and not for personal gain, with a reasonable
belief that the allegations complained of are true; and
the worker reasonably believes he will suffer a detriment if he makes the
disclosure to his employer; or
he has previously complained of the conduct and no action has been taken;
or
he reasonably believes that evidence of the conduct has been or will be
destroyed or concealed.
Such a disclosure will be subject to a test of reasonableness.
71. Multi Agency Public Protection Arrangements.
Sections 67 and 68 of the Criminal Justice and Court Services Act 2000 imposed duties upon
the police and probation services (jointly the Responsible Authority) in each of the 42 Areas of
England and Wales to establish the MAPPA. The legislation also empowered the Home Secretary
to issue guidance to the Responsible Authorities on how their MAPPA duties should be
discharged: (Section 67(6)).
Responsible Authorities must (i) establish arrangements to assess and manage the risks posed
by sexual and violent offenders; (ii) monitor those arrangements and make necessary changes;
and (iii) prepare and publish an annual report on the MAPPA.
Sections 325-327 of the Criminal Justice Act (2003) re-enacted and strengthened those
provisions. Section 325 of the Criminal Justice Act 2003 imposed a 'duty to co-operate' with
the MAPPA Responsible Authority upon a number of bodies including NHS trusts, PCTs, Health
Authorities local authorities with social services responsibilities. ‘Co-operation’ may include
the exchange of information.
For further information, see: LASSL (2004)3.
72. The population of relevant offenders falling within the remit
of MAPPA in each Area comprise the following:
Category 1: Registered sex offenders
Category 2: Violent and other sex offenders
Category 3: Other offenders
In the first year of operation of the MAPPA (2001/2) there
were over 47,000 offenders in England and Wales considered
by the Responsible Authorities under MAPPA. This comprised
approximately 18,500 Category 1 offenders, 27,500
Category 2 offenders and 1,200 Category 3 offenders.
73. The framework comprises four core functions:
(i) the identification of MAPPA offenders;
(ii) the sharing of relevant information among those
agencies involved in the assessment of that risk;
(iii) the assessment of the risk of serious harm; and,
(iv) the management of that risk.
74. The principles take into account the common law duty of
confidence, the Data Protection Act 1998 and the European
Convention on Human Rights.
Information sharing must:
(i) have lawful authority;
(ii) be necessary;
(iii) be proportionate; and done in ways which,
(iv) ensure the safety and security of the information shared;
and,
(v) be accountable.
