Confidentiality means protecting personal information
This information might include details of a service user’s lifestyle, family, health or care needs which they want to be kept private.
Service users expect the health and care professionals who are involved in their care or treatment, or have access to information about them, to protect their confidentiality at all times.
Breaking confidentiality can affect the care or services you provide, as service users will be less likely to provide the information you need to care for them. Doing this may also affect the public’s confidence in all health and care professionals. This information builds on the principles of confidentiality and provides extra guidance about some of the issues which come up about confidentiality. It builds on the expectations of health and care professionals outlined in our standards of conduct, performance and ethics.
Our standards of conduct, performance and ethics
The following standards of conduct, performance and ethics describe the professional behaviour we expect from you. You must:
- promote and protect the interests of service users and carers;
- communicate appropriately and effectively;
- work within the limits of your knowledge and skills;
- delegate appropriately;
- respect confidentiality;
- manage risk;
- report concerns about safety;
- be open when things go wrong;
- be honest and trustworthy; and
- keep records of your work.
You can download these standards online or ask us to send you a copy.
As our registrants work in a variety of settings and roles, we have written our standards so that they are relevant, as far as possible, to all registrants and all professions. We have also written them in a way that means they can take account of any changes in the law, technology or working practices.
Our standards are flexible enough to allow registrants and employers to take account of local circumstances – such as availability of resources – to develop ways of working that are practical, effective and meet the needs of service users. We have written this document to help you meet our standards. However, there is often more than one way to do this. As a health and care professional, you need to make your own decisions (based on your own judgement) about the best way to meet our standards, taking account of your own practice and the needs of your service users. If someone raises concerns about your practice, we will take account of any steps you have taken, including following this guidance, when we decide whether you have met our standards.
Confidentiality and the law
You have a professional and legal responsibility to respect and protect the confidentiality of service users at all times. It is a professional responsibility because our standards are there to protect the public and say that you should protect the confidentiality of service users at all times. Confidentiality issues can affect your registration. It is a legal responsibility because of the principles set by law, which say that professionals have a duty to protect the confidentiality of the people they have a professional relationship with. The law also says how you should keep, handle and disclose information.
This guidance draws on relevant laws that affect health and care professionals and their service users. You are not expected to be an expert on the law, but you must keep up to date with and meet your legal responsibilities. Where helpful, we have referred directly to specific legislation which covers issues related to handling information, consent and capacity (see Consent and confidentiality for more information about these).
Apart from the law, there is a large amount of guidance produced by other organisations, such as professional bodies, which may apply to you. If you are employed, your employer is also likely to have policies about confidentiality and sharing information. You should keep up to date with and follow any guidance or policies that are relevant to your practice.
Accessing and using information
When we refer to ‘using’ information, we mean any way information is handled. This includes accessing information, as well as disclosing information to third parties and using information in research or teaching.
This guidance focuses mainly on disclosing or sharing information with other professionals or third parties. However, accessing information (including care records) without good reason, permission or authorisation is considered to be breaking confidentiality, even if you do not then share the information with a third party. You should be sure that you have a legitimate reason for accessing information about service users, for example where you need it to provide care, treatment or other services. For other reasons you are likely to need specific permission from the service user.