Confidentiality Policy

Introduction

At Chase Lodge Hospital (CLH), the Confidentiality Policy establishes the foundational principles that all staff must uphold to protect patient and business confidentiality. Every employee, associate, and contractor is legally obligated to safeguard personally identifiable information and other confidential data they encounter during their work. Adhering to this policy is essential not only to meet contractual obligations but also to comply with the common law duty of confidence and the Data Protection Act 2018.

Objectives

The primary objective of this Confidentiality Policy is to ensure that all personnel at CLH understand their responsibilities for maintaining confidentiality and preserving information security. Although CLH delivers private healthcare services, patient information may be shared with NHS colleagues, provided patient consent is obtained. This policy outlines the requirements for all staff regarding the sharing of information with both NHS and non-NHS organisations.

Definitions

Personally Identifiable Information (PII) refers to any data that can identify an individual, including names, addresses, postcodes, dates of birth, NHS numbers, and National Insurance numbers. Even photographs qualify as PII. Any data combination that can indirectly identify an individual is also included.

Special categories of personal information, as defined by the Data Protection Act 2018, encompass sensitive personal information such as:

• Race or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Health data
• Sexual history or sexual orientation
• Criminal data

Confidential information within healthcare typically includes health-related data and extends to any private information not publicly known or that individuals would not expect to be shared. This information can take various forms, including patient health data, employee records, and occupational health information.

Roles and Responsibilities:

Chief Executive Officer and Company Directors

The CEO and company directors are accountable for ensuring CLH policies comply with all legal, statutory, and best practice guidelines. They must provide the necessary resources to enable staff to implement these policies effectively. The company director also serves as the Data Protection Officer (DPO) and represents information governance issues at the Board level.

Registered Manager / Caldicott Guardian

The Registered Manager is responsible for safeguarding patient and service user information while facilitating appropriate information sharing. They provide guidance to staff and make risk-based decisions concerning the use and disclosure of confidential data. The Registered Manager collaborates with the DPO to ensure compliance with data protection laws.

All Staff, Associates, and Consultants

Confidentiality is an obligation shared by all staff members.

• Staff must complete mandatory training as required.
• Any breach or suspected breach of confidentiality must be reported through the incident reporting process for investigation.
• Inappropriate handling of health data, staff records, or business-sensitive information is a disciplinary offence, potentially leading to dismissal.

Consultants and Associate GPs

Doctors must ensure their Information Commissioner’s Office (ICO) certification remains current, providing evidence to the Executive PA.

Principles of Confidentiality

All staff must adhere to the following principles:

1. Protection: Personally identifiable or confidential information must be safeguarded against unauthorised disclosure during receipt, storage, transmission, or disposal.
2. Access Control: Access to personally identifiable or confidential information must be granted on a need-to-know basis.
3. Limitations on Disclosure: Disclosure of personally identifiable or confidential information must be limited to the specific purpose for which it is required.
4. Confidentiality Respect: Recipients of disclosed information must understand it is provided in confidence.
5. Justification: Any decision to disclose information must be justified and documented.
6. Consultation: Concerns about disclosing information must be discussed with the Registered Manager.

Sharing Information

Patients frequently share information with staff. Please refer to Appendix A for confidentiality do’s and don’ts. Care must be taken to ensure that information sharing occurs in appropriate environments:

• Telephone Calls: Conduct sensitive calls with awareness of potential listeners, ensuring appropriate volume and content.
• Face-to-Face Conversations: Hold confidential discussions in private settings.
• Patient Trust: Factors influencing how much information a patient shares must be considered, as respect for dignity fosters trust, essential for effective communication.

CLH is committed to protecting all information it holds and must always justify any decision to share information. To ensure appropriate sharing, staff must verify that recipients have a legal basis for accessing the information. Both sender and recipient details must be accurate.

Before disclosing information, staff must consider the necessary amount of confidential information and disclose only what is required. Information may be disclosed in the following ways:

• When effectively anonymised according to the Information Commissioner’s Office Anonymisation Code of Practice (https://ico.org.uk/).
• When legally mandated or required by court order, staff must first consult the Registered Manager, who may seek legal guidance.
• In identifiable form, when required for a specific purpose, with the individual’s written consent, or under the Health Service (Control of Patient Information) Regulations 2002.
• In child protection cases where disclosure serves the public or child’s interest, staff must consult the Registered Manager or Caldicott Guardian as necessary.
• Where disclosure is justified for other purposes, usually regarding public safety or the prevention of serious crime, staff should consult the Registered Manager or Caldicott Guardian before proceeding.

When transferring information, care must be taken to ensure the method used is secure. Data sharing agreements can formalise arrangements between organisations.

Email Communication Guidelines

When sending patient information or other confidential data via email, NHS encryption standards must be followed. Emails between NHS Mail accounts (nhs.net to nhs.net) comply with these standards, as do emails between NHS Mail and other secure government domains (e.g., nhs.net to gsi.gov.uk).

Confidential or sensitive information must not be included in the body of an email. For emails sent outside secure domains, information must be sent as an encrypted attachment, with the password communicated through a different channel or agreed upon in advance.

To mitigate the risk of inadvertently sending information to the wrong recipient, data sent via secure domains should be password-protected, with the password communicated separately.

Emailing information to patients is permissible, provided that the risks of using unencrypted email are explained, consent is obtained, or the information is not personally identifiable or confidential.

Environment Control

Access to rooms and offices containing terminals or confidential information must be controlled. Doors should be secured with keys, keypads, or swipe cards. In shared office environments, measures should be in place to prevent unauthorised access to personally identifiable information. Staff are required to clear their desks at the end of each day, ensuring that records containing personally identifiable or confidential information are stored securely. Unwanted printouts must be disposed of in confidential waste bins. All records should be locked away when not in use.

Breaches of Confidentiality

The CLH Contract of Employment and Practising Privileges includes a commitment to confidentiality. Appendix B outlines a summary of relevant legal and NHS mandated frameworks.

All breaches or potential breaches of confidentiality must be reported as incidents, and the Registered Manager must be informed without delay.

Breaches of confidentiality may be classified as gross misconduct, leading to severe disciplinary action, including dismissal.

Working Away from CLH Environment

There will be occasions when staff must work from alternative locations or while traveling. During these times, staff may need to carry confidential information, such as on a laptop, USB stick, or paper documents. However, removing paper documents containing personally identifiable or confidential information from CLH premises is strongly discouraged.

Safeguarding Confidential Information

To ensure the safety of confidential information, staff must keep it on their person at all times while traveling. If staff take confidential information home or to another location, it must be securely stored. Confidential information should always be safeguarded and kept in lockable locations.

Minimizing Personal Information

Staff should minimize the amount of personally identifiable information taken away from CLH premises. When transporting such information, staff must ensure the following:

• Any personal information is placed in a sealed, non-transparent container (e.g., windowless envelope, suitable bag) before being taken out of NHS England buildings.
• Confidential information is kept out of sight during transport.

If staff need to take personally identifiable or confidential information home, they must ensure it remains secure and confidential. This includes preventing family members, friends, or colleagues from seeing or accessing the information. Confidential information must not be left unattended at any time, particularly in cars. Staff must not forward any personally identifiable or confidential information via email to their home email accounts or store it on privately owned computers or devices.

Legal Duty of Confidence

All staff have a legal duty to maintain the confidentiality of personally identifiable or confidential information. Breaching this duty may result in personal liability. Staff must not:

• Discuss personally identifiable or confidential information in public places or anywhere they can be overheard.
• Leave any confidential information unattended, including telephone messages, computer printouts, faxes, and other documents.
• Leave a computer terminal logged into a system containing confidential information while unattended.

Physical safety and security must be ensured for both paper-based and electronic confidential information. Passwords must be kept secure and not disclosed to unauthorized individuals. Staff must not use another person’s password to access information. Such actions will be regarded as a serious breach of confidentiality and could be subject to legal repercussions under the Computer Misuse Act 1990.

Abuse of Privilege

Employees are strictly prohibited from knowingly browsing, searching for, or viewing any personal or confidential information about themselves without a legitimate purpose, unless through established self-service mechanisms where such access is permitted. Accessing records related to family, friends, or others without a legitimate purpose is also forbidden and constitutes a breach of confidentiality and the Data Protection Act 2018. Staff must recognize their personal responsibility and contractual obligations when handling personally identifiable or confidential information.

Evaluation and Review

Good practice requires that organizations handling personally identifiable or confidential information establish processes to identify actual or potential confidentiality breaches and evaluate the effectiveness of controls within their systems. This Confidentiality Policy will be reviewed every three years or sooner if changes in legislation occur.

References

• NHS England (2018). Confidentiality Policy. Link to Document (Last accessed 01.10.19)

Appendix A: Confidentiality Dos and Don’ts

Do

• Safeguard the confidentiality of all personally identifiable or confidential information encountered; this is a statutory obligation for everyone working on behalf of CLH (Regulation 17).
• Clear your desk at the end of each day, storing all non-digital records containing personally identifiable or confidential information in recognized filing and storage places that are locked when access is not directly controlled or supervised.
• Switch off computers with access to personally identifiable or business confidential information or put them into password-protected mode when leaving your desk for any length of time.
• Ensure that discussions regarding confidential matters cannot be overheard.
• Challenge and verify the identity of any individual requesting personally identifiable or confidential information to ensure they have a legitimate need to know.
• Share only the minimum information necessary.
• Transfer personally identifiable or confidential information securely when necessary (e.g., using an nhs.net email account to send confidential information to another nhs.net email account).
• Seek advice if needing to share patient or personally identifiable information without consent, documenting the decision and any actions taken.
• Report any actual or suspected breaches of confidentiality.
• Participate in training and awareness-raising sessions on confidentiality issues.

Don’t

• Share passwords or leave them lying around for others to see.
• Share information without the consent of the individual concerned unless there are statutory grounds for doing so.
• Use personally identifiable information unless absolutely necessary; anonymize the information where possible.
• Collect, hold, or process more information than needed and do not keep it longer than necessary.

Appendix B: Summary of Legal and NHS Mandated Frameworks

The Data Protection Act (2018) regulates the use of “personal data” and sets out eight principles to ensure lawful and fair processing of personal data. These principles include:

1. Processing data lawfully, fairly, and transparently.
2. Collecting data for specified, explicit, and legitimate purposes.
3. Ensuring data is adequate, relevant, and limited to what is necessary.
4. Maintaining data accuracy and keeping it updated.
5. Retaining data only as long as necessary for the purposes of processing.
6. Ensuring appropriate security for personal data against unauthorized access and accidental loss.

The Caldicott Report and subsequent reviews recommend principles for sharing confidential patient-identifiable information, including justifying the purpose for using such information, minimizing its use, and ensuring awareness of responsibilities.