Confidentiality and the Patient's Rights

avatar
Created by
Eleanor Jubb

Cards (37)

  • Patients' rights:
    • Right to refuse treatment
    • Right to the best available treatment
    • Autonomy
    • Formulate advanced directives
    • Honesty
    • Confidentiality
  • The duty of confidentiality applies to ALL members of the dental team and about all of the information about the patient which you learn in your professional role
  • Breaches in confidentiality:
    • A breach of confidentiality is a breach of the trust between dentist and patient
    • Duty of Confidence - patients expect information to be held in confidence and have a right to know how their information is used
    • Explicit consent - disclosures in most circumstances need consent from the patient
    • Legal - confidentiality is a legal requirement
  • Consequences of confidentiality breaches:
    • Unnecessary, improper or accidental disclosure of patient information can have serious consequences:
    • Disciplinary proceedings by GDC i.e. Fitness to Practice
    • Employer disciplinary action
    • Breaches of statutory duty - Data Protection Act
    • Civil action - patient seeks damages through civil courts
    • Personal accountability - financial GDPR
  • GDC Standard 4: Maintain and protect patients' information
    • Patients expect:
    • Their records to be up to date, complete, clear, accurate, and legible
    • Their personal details to be kept confidential
    • To be able to access their dental records
    • Their records to be stored securely
  • GDC Standard 4: Maintain and protect patients' information
    • You must:
    • 4.1 Make and keep contemporaneous, complete and accurate patient records
    • 4.2 Protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.3 Only release a pt's information without their permission in exceptional circumstances
    • 4.4 Ensure that pts can have access to their records
    • 4.5 Keep pts' information secure at all times, whether your records are held on paper or electronically
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.1 Confidentiality is central to the relationship and trust between you and your pts. You must keep pt information confidential. This applies to all the info about pts that you have learnt in your professional role including personal details, medical history, what treatment they are having and how much it costs.
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.2 You must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep pt information confidential at all times.
    • 4.2.3 You must not post any information or comments about pts on social media. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice you must be careful that the pt or pts cannot be identified.
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.4 You must not talk about pts or their treatment in places where you can be overheard by people who should not have access to the information you are discussing.
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.5 You must explain to pts the circumstances in which you may need to share info with others involved in their healthcare. This includes making sure that they understand:
    • What info you'll be releasing
    • Why you'll be releasing it
    • The likely consequences
    • You must give your pts the opportunity to withhold their permission to share information unless exceptional circumstances apply. You must record in your pt's notes if they give permission.
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.6 If a pt allows you to share information about them, you should ensure that anyone you share it with understands that it is confidential
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.7. If other people ask you to provide information about pts, or if you want to use pt information (eg photos), you must:
    • Explain to pts how the info/images will be used
    • Check that pts understand what they are agreeing to
    • Obtain and record the pts' consent to their use
    • Only release or use the minimum information necessary for the purpose
    • Explain to the pts that they can withdraw their permission at any time
  • GDC Standard 4.2 You must protect the confidentiality of patients' information and only use it for the purpose for which it was given
    • 4.2.8 You must keep pt information confidential even after pts die.
  • Data Protection:
    • GDC Standard 4.5
    • You must keep patients' information secure at all times, whether your records are held on paper or electronically
    • You must make sure that patients' information is not revealed accidentally and that no one has unauthorised access to it by storing it securely at all times. You must not leave records where they can be seen by other patients, unauthorised staff or members of the public
  • Data Protection:
    • GDC Standard 4.5
    • If you are sending confidential information, you should use a secure method. If you are sending or storing confidential information electronically, you should ensure that it is encrypted
    • If clinical records are computerised, you should make back-up copies of clinical records, radiographs and other images
  • Releasing confidential information:
    • 4.4.1 Although patients do not own their dental records, they have the right to access them under Data Protection legislation
    • Disclosures should be made within the statutory one month disclosure period
    • Patients can't have original records but can view the originals and have copies
  • Releasing confidential information:
    • 4.4.2 In some circumstances you can charge patients a fee for accessing their records. Check the latest guidance issued by the Information Commissioner's Office
    • Approximately £50 for hard copies and £10 for electronic copies previously
    • Current advice not to pass on a charge unless request is unfounded or excessive
    • If you refuse must say why and respond within a month. Patient has right to complain to ICO - must tell them this
  • Checklist for release of information:
    • Who wants the information
    • Why do they want to know
    • Are they entitled to know
    • Has the patient given their consent
  • Who can access information:
    • The patient
    • Other healthcare professionals
    • Relatives
    • Deceased patients: still have confidentiality. Information, such as dental chartings and radiographs, can normally be disclosed to help identify a deceased patient (justified as in the public interest). Otherwise need authority from an executor of the patient's will, personal representative or next-of-kin. Benefactors from a will may be entitled under the Access to Health Records Act 1990
    • Solicitors
    • Police
    • Insurance companies and employers
  • Disclosure without pt's consent:
    • Serious situations where consideration of breaking trust between patient and dentist is necessary
    • Always take advice from your defence organisation
    • Always document clearly - try to obtain permission from the patient for the disclosure or make the patient aware a disclosure has been made
    • You must be able to justify and explain your decision and actions
  • Circumstances for disclosure without consent:
    • Safeguarding
    • Court order - release the minimum required information and do not disclose anything relating to a third party
    • Statutes - NHS Act 2006 (counter fraud), Criminal Appeal Act 1995, Terrorism Prevention and Investigation Measures Act 2011, Public Health (Control of Disease) Act 1984 and the Road Traffic Act 1988 (Section 172)
    • Justified in the public interest - protecting the patient or others from harm, prevention or detection of a serious crime
    • Identification of remains
  • Confidentiality of dental records:
    • Your notes must be accurate and contemporaneous
    • Your patient's confidential records include - hand-written notes, computer records, radiographs, consent forms, photographs, models, audio or visual recordings of consultations, laboratory prescriptions, and referral letters
    • As much detail as possible about the discussions you have with your patients, including evidence that valid consent has been obtained
  • Confidentiality of dental records:
    • You must follow appropriate national advice on retaining, storing and disposing of patient records
    • Must be clear and legible to all and include the name of the clinician providing treatment
    • Amendments to a patient's records you must make sure that the changes are clearly marked up and dated
    • Record referrals made
  • General Data Protection Regulation 2018:
    • EU wide
    • Organisations become more accountable
    • Gives individuals more control over their personal information, business needs to establish a lawful basis to having information - i.e. under contract to provide healthcare. 6 basis - consent, contract, legal obligation, vital interest, public interest, legitimate interest
    • Privacy - clear notices on how collecting and using information (lawful basis). Details on how to complain.
  • General Data Protection Regulation 2018:
    • Data Protection Officer - NHS must have one, PO not a must but must account why not considered necessary. Independent manner for duties, could be practice manager or external
  • The GDPR (General Data Protection Regulation) includes the following rights for individuals:
    • The right to be informed
    • The right of access
    • The right to rectification
    • The right to erasure - can request certain information deleted, but not dental records
    • The right to restrict processing - can opt out of marketing - NB recall letters not marketing
    • The right to data portability - new - patient request to transfer dental records to a new practice. Check secured transfer - no charge
    • The right to object
    • The right not to be subject to automated decision making, including profiling
  • Data Protection Act 2018:
    • This is the main statue regarding pt confidentiality
    • General data processing
    • Implements GDPR standards across all general data processing
    • Provides clarity on the definitions used in the GDPR in the UK context
    • Ensures that sensitive health, social care and education data can continue to be processed while maing sure that confidentiality in health and safeguarding situations is maintained
  • Data Protection Act 2018:
    • This is the main statue regarding pt confidentiality
    • General data processing
    • Provides appropriate restrictions to rights to access and and delete data to allow certain processing currently undertaken to continue where there is a strong public policy justification, including for national security purposes
    • Sets the age from which parental consent is not needed to process data online at age 13, supported by a new age-appropriate design code enforced by the Information Commissioner
  • A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. Each NHS organisation is required to have a Caldicott Guardian. Caldicott principles relate to justifying information sharing, minimal disclosure, compliance with the law, awareness of responsibilities and avoidance of use of patient identifiable information
  • Records are an essential part of patient care and can provide evidence if your standard of care is called into question.
  • Good patient records follow the 4 Cs:
    • Contemporaneous - records should be made at, or very close to, the time of the examination, treatment, observation or discussion, and they should be dated and signed legibly
    • Clear - records should be written carefully, so that they can be understood by anyone who may need to read and interpret them. Try to avoid abbreviations
    • Concise - records should be just long enough to convey the essential information
    • Complete - all aspects of a patient's visit should be recorded
  • Complete pt notes include: presenting complaints, histories (medical, dental and social), dental charting, findings on examination, including negative findings (e.g. No teeth tender to percussion), diagnosis, discussions about treatment options and risks, agreed treatment plan, consent to treatment, treatment given, mishaps and complications
  • Record keeping:
    • Request forms, such as those for pathology reports or radiographs, should be completed clearly with adequate detail, dated and signed legibly
    • All reports should be seen, evaluated and initialled before being filed, with any abnormal results noted in the clinical record and any action recorded
    • Do not change or delete entries, changes being made must be clear if occurring after the event
    • Do not use offensive, humorous or personal comments
  • Secure storage:
    • Fire precautions
    • Prevention of water damage
    • Use of passwords and encryption
    • Repairs - conducted on the premises with confidential agreements in place
  • Destroying records:
    • Complaints and claims for clinical negligence can arise many years after treatment and, in the absence of records, it may be difficult or impossible to defend an allegation successfully
    • The NHS General Dental Services contract (Schedule 3, part 5 paragraph 32) requires the contractor to keep patient records for up to 2 years after a course of treatment has finished
  • Destroying records:
    • Holding on to patient records for longer than 2 years may prove a vital part of your defence should you receive a claim under the Consumer Protection Act 1998
    • This Act allows claims in respect of defective products for up to 10 years and claims in contract for up to 6 years
    • Key points:
    • As an absolute minimum, NHS and private clinical records should be retained for:
    • 11 years after the last entry for adults
    • 11 years after the last entry for children or until they reach age 25, whichever is longer
  • Record disposal should only be carried out in a way that protects patient confidentiality e.g. Shredding paper records. Get specialist IT advice on destroying electronic copies.