Many different organisations will need to record information about you. For example, health professionals need to keep information about your treatment. This page explains how organisations should protect the information you give them. This page is for people who live with mental illness.
If you would like more advice or information you can contact our Advice and Information Service by clicking here.
- Professionals can only tell other people your personal information if you say they can, or if they have to.
- If you want your carers or family to know about your treatment you can tell them yourself. Or ask professionals to tell them.
- If you want your carer to be involved in your treatment professionals should work with them and listen to their concerns.
- If you think a professional has not kept your information confidential you can ask for their reasons. You can complain or take legal action if you are not happy.
Introduction & Rules
What is confidentiality?
Confidentiality is about privacy and respect for your wishes. It is important in your relationship with professionals. On this page, ‘professional’ includes the following people.
- Social workers
- Support workers
- Probation officers
- Housing officers
- Debt and benefit advisers
Confidentiality means that professionals should not tell other people personal things about you unless you say they can. Or if it is absolutely necessary.
What are the rules on confidentiality?
The law says that someone has to keep your information confidential if:
- the information is private – this means that other people don't already know it, and
- you want the information to be kept private and the professional knows this.
This means that your conversations with doctors, nurses, solicitors, advisers and other professionals should be confidential. In practice this isn’t always simple.
Every organisation should have its own policy on confidentiality. NHS staff have to follow the NHS Code of Practice on Confidentiality. You can read more at www.digital.nhs.uk/data-security-information-governance.
Professional bodies also give guidance to professionals.
- General Medical Council offers guidance for doctors.
- Nursing and Midwifery Council offers guidance for nurses.
- Health and Care Professionals Council offers guidance for social workers.
This guidance tells professionals what they can do with the information you give them. Local teams may also have their own policies about confidentiality.
How can I find out an organisation’s confidentiality policy?
Most mental health organisations will have a confidentiality policy. You can ask the organisation to show you a copy of the policy. If they refuse you may be able to get the information under a ‘Freedom of Information’ (FOI) request. But only if they are a public body, like the NHS.
An FOI request is where you ask a public body to give you information. Anyone has the right to make a FOI request. You can find more information on this here:
Data Protection Act
How does the Data Protection Act protect my personal information?
The Data Protection Act 2018 tells organisations how they should deal with your personal information.
The information an organisation holds on you should be up-to-date, accurate and relevant. An organisation should not hold more information about you than they need. Or hold the information for longer than they need.
They should also make sure that people only have access to your personal information if they really need access to it.
Human Rights Act
How does the Human Rights Act protect my personal information?
The Human Rights Act 1998 protects your rights in line with the European Convention on Human Rights. Government organisations, like the NHS, should not breach these rights.
Article 8 of the convention says that you have the right to respect for your ‘private and family life’. If your doctor shares your personal information with other people without your consent, this could breach this right.
You can find more information about human rights from the Equality and Human Rights Commission website or the Equality Advisory and Support Service helpline. These contact details are in the Useful Contacts section below.
Subject Access Request
How can I find out what information organisations hold about me?
You can make a ‘subject access request’ if you would like to find out what information is held about you.
How much will a subject access request cost?
Usually there is no charge for getting a copy of your personal information. But an organisation may charge a fee if:
- they think that your request is ’manifestly unfounded or excessive’, or
- if you ask for more copies of your information once you have already made a request.
There is no definition of what makes a subject access request ‘manifestly unfounded or excessive’. But an organisation should explain the reasons for their decision.
If an organisation charges a fee, the one-month time limit does not begin until they have received the fee.
Can an organisation withhold my personal information?
Sometimes an organisation can withhold information. This might be because the information also talks about other people, and those people don't want that information shared.
Information can also be withheld if it’s about things like:
- preventing, detecting, or investigating a crime,
- national security,
- the armed forces, or
You think might think that the organisation has withheld information when they shouldn’t have done. If you do you can report this to the Information Commissioner’s Office.
You can find more information on the Data Protection Act and subject access requests from the Information Commissioner’s Office. Their contact details are in the Useful Contacts section below.
You can also look on the GOV.UK website at: www.gov.uk/data-protection/the-data-protection-act.
You can find more information about ‘Access to health records’ by clicking here.
What are the rules for carers?
Your carers, family or friends have no right to access your information unless you consent to them doing so.
You do not have to let professionals share information with your carer, family, or friends. If you tell a professional not to share information with anyone then they should respect your wishes.
You may want professionals to share your information with a carer, family member or friend. If this is what you want, you can tell the professionals involved in your care.
It may be easier to fill in a consent form. This is a form you can sign to consent to professionals sharing information with a carer, family member or friend. You can find an example form in the Checklist, by downloading this factsheet using the link at the top of the page.
Your carers and family members may try to contact professionals without your consent. They may ask for information about you. Sometimes, they may want to share information or concerns about you. Professionals can listen to your carers and family and take their views into account. But they shouldn’t share your information without your consent.
If you are a carer you might want information about your relative. You can find more information about ‘Confidentiality and information sharing: for carers, friends and relatives’ by clicking here.
What can I do if someone breaches my confidentiality?
A breach of confidentiality is when a professional lets another person have your information without:
- your consent, or
- another valid reason.
A breach of confidentiality can be very upsetting. If you think that a professional has breached your confidentiality, try to find out what happened and why information was shared. Try to get a copy of the organisation’s guidelines on confidentiality.
If you are not happy with the professional’s reasons, or you feel that the organisation has not followed its guidelines, you can make a complaint. A member of staff from the organisation should be able to tell you about their complaint procedure. An advocate may be able to help you make a complaint.
You may also be able to take legal action if an organisation has breached your rights. Get specialist legal advice before making a claim.
You can find more information about:
Information Commissioner's Office
An authority designed to protect information rights and an individual’s right to have their data protected.
Equality and Human Rights Commission
An independent statutory body that aims to help eliminate discrimination, reduce inequality, and protect human rights to build good relations, ensuring that everyone has a fair chance to participate in society.
Equality Advisory Support Service (EASS)
Providing information, advice and support on discrimination and human rights issues to individuals in England, Scotland and Wales.
Telephone: 0808 800 0082. Lines are open Monday-Friday 9am-7pm, and Saturday 10am-2pm.
Textphone: 0808 800 0084
Webchat: via website
Email: via form on website.
Address: FREEPOST EASS HELPLINE FPN6521