Many different organisations will need to record information about you. For example, health professionals need to keep information about your treatment. This section explains how organisations should protect the information you give them. This section is for people who live with mental illness.
- Professionals can only tell other people your personal information if you say they can, or if they have to.
- If you want your carers or family to know about your treatment you can tell them yourself, or ask professionals to tell them.
- If you want your carer to be involved in your treatment professionals should work with them and listen to their concerns.
- If you think a professional has not kept your information confidential ask for their reasons. You can complain or take legal action if you are not happy.
What is confidentiality?
What is confidentiality?
Confidentiality is about privacy and respect for your wishes. It is important in your relationship with professionals. In this factsheet, ‘professional’ includes the following people.
- Social workers
- Support workers
- Probation officers
- Housing officers
- Debt and benefit advisers
Confidentiality means that professionals should not tell other people personal things about you unless you say they can. Or if it is absolutely necessary.
What are the rules on confidentiality?
The law says that someone has to keep your information confidential if:
- the information is private – this means that other people don't already know it, and
- you want the information to be kept private and the professional knows this.
This means that your conversations with doctors, nurses, solicitors, advisers and other professionals should be confidential. In practice this isn’t always simple.
Every organisation should have its own policy on confidentiality. NHS staff have to follow the NHS Code of Practice on Confidentiality. You can read more at www.digital.nhs.uk/data-security-information governance.
Professional bodies also give guidance to professionals.
- General Medical Council offers guidance for doctors.
- Nursing and Midwifery Council offers guidance for nurses.
- Health and Care Professionals Council offers guidance for social workers.
This guidance tells professionals what they can do with the information you give them. Local teams may also have their own policies about confidentiality.
How can I find out an organisation’s confidentiality policy?
Most mental health organisations will have a confidentiality policy. You can ask the organisation to show you a copy of the policy. If they refuse you may be able to get the information under a ‘Freedom of Information’ (FOI) request. But only if they are a public body, like the NHS.
An FOI request is where you ask a public body to give you information. Anyone has the right to make a FOI request. You can find more information on this here:
Can professionals share my information with others?
Can professionals share my information with others?
With your consent
Usually a professional must ask you before they tell other people information about you. You can tell the professional not to share any information. Or you can ask them to only share some information. For example, you may be happy for your doctor to tell other people about your treatment and care needs. But not your diagnosis.
Ask the professional to make a note on your records about what you would like them to share. This will help them to remember and will make other NHS professionals aware.
Without your consent
Professionals can share information without your consent if:
- there is a risk of serious harm to you or to others
- there is a risk of a serious crime,
- you are mentally incapable of making your own decision, or
- the NHS share your information under ‘implied consent’.
Risk of serious harm to you or to others or of a serious crime
An example could be if someone tells their doctor that they are planning to hurt themselves or other people. The doctor could decide to share this information with someone, such as the police.
In some situations, a professional can share your personal information if it is for the public good. Your personal information can also be shared if the law says it must be. For example, a court could order your doctor to give information to them.
If you lack mental capacity
There may be times when you lack the mental capacity to make your own decisions about your information. This might be if you are very unwell.
If you lack mental capacity professionals can sometimes share your information without your consent. But only if it is in your best interests.
You can find more information about ‘Mental capacity and mental illness’ by clicking here.
Advance statements set out what you would like to happen if you lack mental capacity.
If you lack mental capacity, you might change your mind about letting your family or friends have information. It is a good idea to think about this while you have capacity.
While you have capacity, you might decide you want professionals to carry on sharing information if you later lose capacity. Even if you tell them not to. You can put this in an advance statement. This doesn't guarantee that professionals will share information, but it makes it more likely that they will.
You can find more information about ‘Planning your care - Advance statements’ by clicking here.
The NHS or social services sharing information under ‘implied consent’
NHS and social services professionals can share information about you with other NHS and social care staff. They can do this without your consent if the staff directly support or care for you. They can do this under what they call ‘implied consent’.
Implied consent means circumstances in which it would be reasonable to think that you would agree to the information being shared.
An NHS service can only share your information under implied consent if:
- you have not objected to this,
- information is available to you saying how your information will be used. And that you have the right to object to information sharing, and
- the person who receives the information understands they are receiving it in confidence and they respect this.
Before social services professionals share your information under implied consent if they should make sure that.
- It is necessary to provide the information to the person receiving it.
- They only disclose the information that is relevant.
- The professional receiving the information understands why they are receiving it. And that they have a duty to keep it confidential.
Tell social services or an NHS service if you don’t want them to share information about you with staff who care for you. They then shouldn’t share the information unless:
- it is in the public interest. This means the information can be shared to protect an individual or individuals from the risk of serious harm or serious crime, or
- you lack the mental capacity to decide about sharing the information. And sharing the information is in your best interests.
What about my employer?
Your employer may have personal information about you. They will need to keep this information confidential.
In rare situations your employer may have to break confidentiality if they feel you are a risk to yourself or others. They may contact your GP or other health professionals to discuss the risks. Your employer might have a policy on this. You can ask your manager or the Human Resources department for a copy of the policy.
Data Protection Act
How does the Data Protection Act protect my personal information?
The Data Protection Act 1998 tells organisations how they should deal with your personal information if it’s:
- on a computer, or
- in writing.
The information an organisation holds on you should be up-to-date, accurate and relevant. An organisation should not hold more information about you than they need. Or hold the information for longer than they need.
They should also make sure that people only have access to your personal information if they really need access to it.
Human Rights Act
How does the Human Rights Act protect my personal information?
The Human Rights Act 1998 protects your rights in line with the European Convention on Human Rights. Government organisations, like the NHS, shouldn't breach these rights.
Article 8 of the convention says that you have the right to respect for your ‘private and family life’. If your doctor shares your personal information with other people without your consent, this could breach this right.
You can find more information about human rights from the Equality and Human Rights Commission website or the Equality Advisory and Support Service helpline. These contact details are in the Useful Contacts section below.
Subject Access Request
How can I find out what information organisations hold about me?
You can make a ‘subject access request’ if you would like to find out what information is held about you. You normally have to pay for this.
The cost is usually no more than £10. But it can be more if the information is either:
- in certain types of records, such as health or education records, or
- a large number of paper records held by a public authority, like your local council.
The maximum cost for getting information from your health records is £50.
Sometimes an organisation is allowed to withhold information. This might be because the information also talks about other people, and those people don't want that information shared.
Information can also be withheld if it’s about things like:
- preventing, detecting, or investigating a crime,
- national security,
- the armed forces, or
You think might think that the organisation has withheld information when they shouldn’t have done. If you do you can report this to the Information Commissioner’s Office.
You can find more information on the Data Protection Act and subject access requests from the Information Commissioner’s Office. Their contact details are in the Useful Contacts section below.
You can also look on the GOV.UK website at: https://www.gov.uk/data-protection
You can find more information about ‘Access to health records’ by clicking here.
What are the rules for carers?
Your carers, family or friends have no right to access your information unless you consent to them doing so.
You do not have to let professionals share information with your carer, family, or friends. If you tell a professional not to share information with anyone then they should respect your wishes.
You may want professionals to share your information with a carer, family member or friend. If this is what you want you can tell the professionals involved in your care.
It may be easier to fill in a consent form. This is a form you can sign to consent to professionals sharing information with a carer, family member or friend.
Your carers and family members may try to contact professionals without your consent. They may ask for information about you. Sometimes, they may want to share information or concerns about you. Professionals can listen to your carers and family and take their views into account. But they shouldn’t share your information without your consent.
If you are a carer you might want information about your relative. You can find more information about ‘Confidentiality and information sharing: for carers, friends and relatives’ by clicking here.
What can I do if someone breaches my confidentiality?
A breach of confidentiality is when a professional lets another person have your information without:
- your consent, or
- another valid reason.
A breach of confidentiality can be very upsetting. If you think that a professional has breached your confidentiality, try to find out what happened and why information was shared. Try to get a copy of the organisation’s guidelines on confidentiality.
If you are not happy with the professional’s reasons, or you feel that the organisation hasn't followed its guidelines, you can make a complaint. A member of staff from the organisation should be able to tell you about their complaints procedure. An advocate may be able to help you make a complaint.
You may also be able to take legal action if an organisation has breached your rights. Get specialist legal advice before making a claim.
You can find more information about:
Information Commissioner's Office
An authority designed to protect information rights and an individual’s right to have their data protected.
Telephone: 0303 123 1113 (or +44 1625 545 700 if you’re calling from
abroad). Lines are open Monday-Friday 9am-5pm.
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Fax: 01625 524 510
Email: mailto:firstname.lastname@example.org (please include your phone number)
Equality and Human Rights Commission
An independent statutory body that aims to help eliminate discrimination, reduce inequality, and protect human rights to build good relations, ensuring that everyone has a fair chance to participate in society.
Address: Correspondence Unit Arndale House Arndale Centre Manchester M4 3AQ
Contact form: www.equalityhumanrights.com/en/cysylltu-%C3%A2-
Equality Advisory Support Service (EASS)
Providing information, advice and support on discrimination and human rights issues to individuals in England, Scotland and Wales.
Telephone: 0808 800 0082. Lines are open Monday-Friday 9am-7pm, and Saturday 10am-2pm.
Textphone: 0808 800 0084
Email: via form on website.
Address: FREEPOST EASS HELPLINE FPN6521