Confidentiality

Many different organisations will need to record information about you. For example, health professionals need to keep information about your treatment. This page explains how organisations should protect the information you give them. This page is for people who live with mental illness.

Overview

  • Professionals can only tell other people your personal information if you say they can, or if they have to.
  • If you want your carers or family to know about your treatment you can tell them yourself. Or ask professionals to tell them.
  • If you want your carer to be involved in your treatment professionals should work with them and listen to their concerns.
  • If you think a professional has not kept your information confidential you can ask for their reasons. You can complain or take legal action if you are not happy.

Introduction & Rules

What is confidentiality?

Confidentiality is about privacy and respect for your wishes. It is important in your relationship with professionals. On this page, ‘professional’ includes the following people.

  • Doctors
  • Nurses
  • Social workers
  • Support workers
  • Probation officers
  • Housing officers
  • Advocates
  • Debt and benefit advisers
  • Employers

Confidentiality means that professionals should not tell other people personal things about you unless you say they can. Or if it is absolutely necessary.

What are the rules on confidentiality?

The law says that someone has to keep your information confidential if:

  • the information is private – this means that other people don't already know it, and
  • you want the information to be kept private and the professional knows this.

This means that your conversations with doctors, nurses, solicitors, advisers and other professionals should be confidential. In practice this isn’t always simple.

Every organisation should have its own policy on confidentiality. NHS staff have to follow the NHS Code of Practice on Confidentiality. You can read more at www.digital.nhs.uk/data-security-information-governance.

Professional bodies also give guidance to professionals.

This guidance tells professionals what they can do with the information you give them. Local teams may also have their own policies about confidentiality.

How can I find out an organisation’s confidentiality policy?

Most mental health organisations will have a confidentiality policy. You can ask the organisation to show you a copy of the policy. If they refuse you may be able to get the information under a ‘Freedom of Information’ (FOI) request. But only if they are a public body, like the NHS.

An FOI request is where you ask a public body to give you information. Anyone has the right to make a FOI request. You can find more information on this here:
www.gov.uk/make-a-freedom-of-information-request/the-freedom-of-information-act.

How my data can be shared

Can professionals share my information with others?

With your consent

Usually a professional must ask you before they tell other people information about you. You can tell the professional not to share any information. Or you can ask them to only share some information. For example, you may be happy for your doctor to tell other people about your treatment and care needs. But not your diagnosis.

Ask the professional to make a note on your records about what you would like them to share. This will help them to remember and will make other NHS professionals aware.

Without your consent

Professionals can share information without your consent if:

  • there is a risk of serious harm to you or to others
  • there is a risk of a serious crime,
  • you are mentally incapable of making your own decision, or
  • the NHS share your information under ‘implied consent’.

Risk of serious harm to you or to others or of a serious crime
An example could be if someone tells their doctor that they are planning to hurt themselves or other people. The doctor could decide to share this information with someone, such as the police.

In some situations, a professional can share your personal information if it is for the public good. Your personal information can also be shared if the law says it must be. For example, a court could order your doctor to give information to them.

If you lack mental capacity
There may be times when you lack the mental capacity to make your own decisions about your information. This might be if you are very unwell. If you lack mental capacity professionals can sometimes share your information without your consent. But only if it is in your best interests.

You can find more information about ‘Mental capacity and mental illness’ by clicking here.

Advance statements set out what you would like to happen if you lack mental capacity.

If you lack mental capacity, you might change your mind about letting your family or friends have information. It is a good idea to think about this while you have capacity.

While you have capacity, you might decide you want professionals to carry on sharing information if you later lose capacity. Even if you tell them not to. You can put this in an advance statement. This does not guarantee that professionals will share information, but it makes it more likely that they will.

You can find more information about ‘Planning your care - Advance statements’ by clicking here.

The NHS or social services sharing information under ‘implied consent’
NHS and social services professionals can share information about you with other NHS and social care staff. They can do this without your consent if the staff directly support or care for you. They can do this under what they call ‘implied consent’.

Implied consent means circumstances in which it would be reasonable to think that you would agree to the information being shared.

An NHS service can only share your information under implied consent if:

  • you have not objected to this,
  • information is available to you saying how your information will be used. And that you have the right to object to information sharing, and
  • the person who receives the information understands they are receiving it in confidence, and they respect this.

Before social services professionals share your information under implied consent if they should make sure that:

  • it is necessary to provide the information to the person receiving it,
  • they only disclose the information that is relevant, and
  • the professional receiving the information understands why they are receiving it. And that they have a duty to keep it confidential.

Tell social services or an NHS service if you don’t want them to share information about you with staff who care for you. They then shouldn’t share the information unless:

  • it is in the public interest. This means the information can be shared to protect an individual or individuals from the risk of serious harm or serious crime, or
  • you lack the mental capacity to decide about sharing the information. And sharing the information is in your best interests.

What about my employer?

Your employer may have personal information about you. They will need to keep this information confidential.

In rare situations your employer may have to break confidentiality if they feel you are a risk to yourself or others. They may contact your GP or other health professionals to discuss the risks. Your employer might have a policy on this. You can ask your manager or the Human Resources department for a copy of the policy.

Data Protection Act

How does the Data Protection Act protect my personal information?

The Data Protection Act 2018 tells organisations how they should deal with your personal information.

The information an organisation holds on you should be up-to-date, accurate and relevant. An organisation should not hold more information about you than they need. Or hold the information for longer than they need.

They should also make sure that people only have access to your personal information if they really need access to it.

Human Rights Act

How does the Human Rights Act protect my personal information?

The Human Rights Act 1998 protects your rights in line with the European Convention on Human Rights. Government organisations, like the NHS, should not breach these rights.

Article 8 of the convention says that you have the right to respect for your ‘private and family life’. If your doctor shares your personal information with other people without your consent, this could breach this right.

You can find more information about human rights from the Equality and Human Rights Commission website or the Equality Advisory and Support Service helpline. These contact details are in the Useful Contacts section below.

Subject Access Request

How can I find out what information organisations hold about me?

You can make a ‘subject access request’ if you would like to find out what information is held about you.

How much will a subject access request cost?

Usually there is no charge for getting a copy of your personal information. But an organisation may charge a fee if:

  • they think that your request is ’manifestly unfounded or excessive’, or
  • if you ask for more copies of your information once you have already made a request.

There is no definition of what makes a subject access request ‘manifestly unfounded or excessive’. But an organisation should explain the reasons for their decision.

If an organisation charges a fee, the one-month time limit does not begin until they have received the fee.

Can an organisation withhold my personal information?

Sometimes an organisation can withhold information. This might be because the information also talks about other people, and those people don't want that information shared.

Information can also be withheld if it’s about things like:

  • preventing, detecting, or investigating a crime,
  • national security,
  • the armed forces, or
  • tax.

You think might think that the organisation has withheld information when they shouldn’t have done. If you do you can report this to the Information Commissioner’s Office.

You can find more information on the Data Protection Act and subject access requests from the Information Commissioner’s Office. Their contact details are in the Useful Contacts section below.

You can also look on the GOV.UK website at: www.gov.uk/data-protection/the-data-protection-act.

You can find more information about ‘Access to health records’ by clicking here.

Carers

What are the rules for carers?

Your carers, family or friends have no right to access your information unless you consent to them doing so.

You do not have to let professionals share information with your carer, family, or friends. If you tell a professional not to share information with anyone then they should respect your wishes.

You may want professionals to share your information with a carer, family member or friend. If this is what you want, you can tell the professionals involved in your care.

It may be easier to fill in a consent form. This is a form you can sign to consent to professionals sharing information with a carer, family member or friend. You can find an example form in the Checklist, by downloading this factsheet using the link at the top of the page.

Your carers and family members may try to contact professionals without your consent. They may ask for information about you. Sometimes, they may want to share information or concerns about you. Professionals can listen to your carers and family and take their views into account. But they shouldn’t share your information without your consent.

If you are a carer you might want information about your relative. You can find more information about ‘Confidentiality and information sharing: for carers, friends and relatives’ by clicking here.

Problems

What can I do if someone breaches my confidentiality?

A breach of confidentiality is when a professional lets another person have your information without:

  • your consent, or
  • another valid reason.

A breach of confidentiality can be very upsetting. If you think that a professional has breached your confidentiality, try to find out what happened and why information was shared. Try to get a copy of the organisation’s guidelines on confidentiality.

If you are not happy with the professional’s reasons, or you feel that the organisation has not followed its guidelines, you can make a complaint. A member of staff from the organisation should be able to tell you about their complaint procedure. An advocate may be able to help you make a complaint.

You may also be able to take legal action if an organisation has breached your rights. Get specialist legal advice before making a claim.

You can find more information about:

• Advocacy by clicking here.
• Complaints - NHS or social services by clicking here.
• Legal advice – How to get help from a solicitor by clicking here.

Useful Contacts

Information Commissioner's Office
An authority designed to protect information rights and an individual’s right to have their data protected.

Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Webchat: www.ico.org.uk/global/contact-us/live-chat/
Website: www.ico.org.uk

Equality and Human Rights Commission
An independent statutory body that aims to help eliminate discrimination, reduce inequality, and protect human rights to build good relations, ensuring that everyone has a fair chance to participate in society.

Telephone: 0161 829 8327
Address: Arndale House, Arndale Centre, Manchester M4 3AQ
Email: dpo@equalityhumanrights.com
Website: www.equalityhumanrights.com

Equality Advisory Support Service (EASS)
Providing information, advice and support on discrimination and human rights issues to individuals in England, Scotland and Wales.

Telephone: 0808 800 0082. Lines are open Monday-Friday 9am-7pm, and Saturday 10am-2pm.
Textphone: 0808 800 0084
Webchat: via website
Email: via form on website.
Address: FREEPOST EASS HELPLINE FPN6521
Website: www.equalityadvisoryservice.com

We care about your privacy
This website uses cookies to give you the best experience.
Read our updated privacy policy and cookies policy