Many different organisations will need to record information about you. For example, health professionals need to keep information about your treatment. This page explains how organisations should protect the information you give them.
- Professionals can only tell other people your personal information if you say they can, or if they have to.
- If you want your carers or family to know about your treatment, you can tell them yourself, or ask professionals to tell them.
- If you want your carer to be involved in your treatment, professionals should work with them, and listen to their concerns.
- If you think a professional has not kept your information confidential, ask for their reasons. You can complain or take legal action if you are not happy.
What is confidentiality?
Confidentiality is about privacy and respect for your wishes. It is important in your relationship with professionals. On this page, ‘professional’ includes the following people.
- Social workers
- Support workers
- Probation officers
- Housing officers
- Debt and benefit advisers
Confidentiality means that professionals should not tell other people personal things about you unless you say they can. Or if it is absolutely necessary.
What are the rules on confidentiality?
The law says that someone has to keep your information confidential if:
- the information is private – this means that other people don't already know it, and
- you want the information to be kept private, and the professional knows this.
This means that your conversations with doctors, nurses, solicitors, advisers, and other professionals should be confidential. In practice, this isn’t always simple.
Every organisation should have its own policy on confidentiality. NHS staff have to follow the NHS Code of Practice on Confidentiality. You can read more at digital.nhs.uk/data-security-information-governance.
Professional bodies also give guidance to professionals.
- General Medical Council offers guidance for doctors.
- Nursing and Midwifery Council offers guidance for nurses.
- Health and Care Professionals Council offers guidance for social workers.
This guidance tells professionals what they can do with the information you give them. Local teams may also have their own policies about confidentiality.
How can I find out an organisation’s confidentiality policy?
Most mental health organisations will have a confidentiality policy. You can ask the organisation to show you a copy of the policy. If they refuse, and they are a public body, like the NHS, you may be able to get the information under a ‘Freedom of Information’ (FOI) request.
An FOI request is where you ask a public body to give you information. Anyone has the right to make a FOI request. You can find more information on this here:
Can professionals share my information with others?
With your consent
Usually, a professional must ask you before they tell other people information about you. You can tell the professional not to share any information, or you can ask them to only share some information. For example, you may be happy for your doctor to tell other people about your treatment and care needs, but not your diagnosis.
Ask the professional to make a note on your records about what you would like them to share. This will help them to remember, and will make other NHS professionals aware.
When you are unwell, you might change your mind about letting your family or friends have information. It is a good idea to think about this before you become unwell. If you would prefer professionals to carry on sharing information, even if you tell them not to, you can put this in an advance statement. This does not guarantee that professionals will share information, but it makes it more likely that they will.
Advance statements set out what you would like to happen if you become unwell.
You can find more information about ‘Planning your care- Advance statements’ by clicking here.
Without your consent
Professionals can share information without your consent if:
- there is a risk of serious harm to you or to others, or
- there is a risk of a serious crime.
For example, if someone tells their doctor that they are planning to hurt themselves or other people, the doctor could decide to share this information with someone. Or contact the police.
In some situations, a professional can share your personal information if it is for the public good. Your personal information can also be shared if the law says it has to be. For example, a court could order your doctor to give information to them.
There may be times when you cannot give consent for a professional to share information because you are unconscious or very unwell. Being unable to make decisions for yourself is called ‘lacking capacity’. In this situation, your doctor may share information if this is in your best interests.
You can find more information about ‘Mental capacity and mental illness’ by clicking here.
What about my employer?
Your employer may have personal information about you. They will need to keep this information confidential. In rare situations your employer may have to break confidentiality, if they feel you are a risk to yourself or others. They may contact your GP or other health professionals to discuss the risks. Your employer should have a policy on this. You can ask your Human Resources department for a copy.
How does the Data Protection Act protect my personal information?
The Data Protection Act 1998 tells organisations how they should deal with your personal information, if it’s on a computer or in writing.
The information an organisation holds should be up-to-date, accurate, and relevant. An organisation should not hold more information about you than they need, or hold the information for longer than they need.
They should also make sure that people only have access to your personal information if they really need access to it.
How does the Human Rights Act protect my personal information?
The Human Rights Act 1998 protects your rights in line with the European Convention on Human Rights. Government organisations, like the NHS, should not breach these rights.
Article 8 of the convention says that you have the right to respect for your ‘private and family life’. If your doctor shares your personal information with other people without your consent, this could breach this right.
You can find more information about human rights from the Equality and Human Rights Commission website or the Equality Advisory and Support Service helpline. The contact details are at the bottom of this page.
How can I find out what information organisations hold about me?
If you would like to find out what information is held about you, you can make a ‘subject access request’. You normally have to pay for this.
The cost is usually no more than £10. But it can be more if the information is either:
- in certain types of records, such as health or education records, or
- a large number of paper records held by a public authority, like your local council.
The maximum cost for getting information from your health records is £50.
Sometimes an organisation is allowed to withhold information. This might be because the information also talks about other people, and those people don't want that information shared.
Information can also be withheld if it’s about things like:
- preventing, detecting, or investigating a crime,
- national security,
- the armed forces, or
If you think that the organisation has withheld information when they shouldn’t have done, you should report this to the Information Commissioner’s Office.
You can find more information on the Data Protection Act and subject access requests from the Information Commissioner’s Office. Their contact details are in the Useful Contacts section.
You can also look on the GOV.UK website at: www.gov.uk/data-protection/the-data-protection-act.
You can find more information about ‘Access to health records’ by clicking here.
What are the rules for carers?
You may want a carer, family member, or friend to know about your treatment. If this is what you want, make sure you tell the professionals involved in your care. It may be easier to fill in a consent form. You can find an example form in the Checklist in the downloadable factsheet on this page.
You do not have to let professionals share information with your carer, family, or friends. If you tell a professional not to share information with anyone then they should respect your wishes.
Your carers and family members may try to contact professionals without your consent. They may ask for information about you. Sometimes, they may want to share information or concerns about you. Professionals can listen to your carers and family, and take their views into account.
If you are a carer you might want information about your relative. You can find more information about ‘Confidentiality and information sharing: for carers, friends and relatives’ by clicking here.
What can I do if someone breaches my confidentiality?
A breach of confidentiality can be very upsetting. If you think that a professional has breached your confidentiality, try to find out what happened and why information was shared. Try to get a copy of the organisation’s guidelines on confidentiality.
If you are not happy with the professional’s reasons, or you feel that the organisation has not followed its guidelines, you can make a complaint. A member of staff from the organisation should be able to tell you about their complaints procedure. An advocate may be able to help you make a complaint.
You may also be able to take legal action if an organisation has breached your rights. Get specialist legal advice before making a claim.
You can find more information about: