Confidentiality in the modern NHS: Part 2

In the second of our two articles exploring this important issue, we discuss situations when it is permissible to share patient information and examine the difficulties in maintaining patient confidentiality and privacy in an electronic age

Maintaining confidentiality is increasingly difficult in today’s NHS. The level of information sharing is higher than it ever was. Technology is increasingly used in communication with patients, and between professionals and providers about their care. Data moves around at the speed of light and storage capacity is effectively infinite. We barely have time to think what we’re doing before it’s done. Anonymised patient information is used for audit, quality control, epidemiology and research,¹ – but how anonymous is it?

This, the second article in a series on confidentiality, looks at the issues raised in sharing patient information with others, both within and outside the practice, talking to relatives and carers and the rules that apply to confidentiality after a patient’s death. It explores the issues around confidentiality and privacy in an electronic age and will present you with further hypothetical problem cases to discuss within your practice team.

SHARING WITHIN THE PRACTICE TEAM

Information about patients is shared within practices on a daily basis – but this information needs to be shared, as James Bond would say, on a ‘need to know’ basis.¹ To illustrate this, consider the hypothetical case of Mrs Jones, a lady with heart failure.

You can discuss Mrs Jones’ heart failure with the practice team in certain circumstances:

• If you are unsure how to treat her heart failure you could discuss her case with your colleagues since they have a ‘need to know’ in order to help you offer her optimal treatment
• If the practice team meets to learn about heart failure and can draw lessons from Mrs Jones’ case then she could be discussed, although her details should be anonymised.

There are also circumstances when it would be legitimate for you to look at her notes:

• You may look at her notes if you are auditing the practice’s performance, e.g. the number of patients in heart failure whose beta blocker dose has been maximised
• You may look at the relevant part of her notes as part of personal learning about the management of heart failure in order to improve care for Mrs Jones and other practice patients
• You can discuss her notes with the secretary of the consultant to whom she has been referred for advice.

There are also circumstances when you should NOT look at her notes:

• You may not look at her notes unless it is as part of her care, either specifically or in terms of general care for the practice’s patient population
• You may not look at them in order to discuss them (without consent) with her daughter who is worried about her, although you might look at them in order to ensure she is receiving optimal care if the daughter has given you information of concern
• You may not look just out of interest because you noticed she looked worse in the waiting room – although you might do so if your intention was to check that she was on the right medication.

SHARING OUTSIDE THE PRACTICE

Circumstances will also arise when patient information needs to be shared outside the practice, sometimes with multiple individuals across several organisations. We can share information outside the practice team with those who are helping us care for the patient. This might include physiotherapists, occupational therapists, dentists and others – although they only need relevant information, not the full medical record. It may also include social workers, although this is not always the case.

If a social worker is working with you in the interests of the patient – sharing some aspect of their health and social care – then it is appropriate to discuss relevant aspects of their case. However, social workers work with us in more than one way. In order to release information you must first be clear that the social worker is working with you for the patient’s benefit.

Consider the following hypothetical situation

A neighbour has reported that Mrs Smith has a black eye. A social worker visits, then rings to ask if you are aware of a history of alcohol misuse in either Mrs or Mr Smith.

You will need to tread carefully. It may be reasonable to discuss Mrs Smith’s alcohol history, since she is the patient for whom you are both caring. However, breaching Mr Smith’s confidentiality is less straightforward. You should not discuss his details unless you are certain that not doing so will result in harm to your patient. Even then you should talk to him in advance, unless you are in an emergency situation. You cannot divulge his medical history purely because it might be relevant to Mrs Smith’s bruising. You can only do so if he agrees or a court orders you to do so.

WORKING FOR OTHER PARTIES WHEN ASSESSING PATIENTS

You may have occasion to assess a patient on behalf of someone else. You might be an occupational health nurse assessing someone’s fitness for work for the benefits agency, or you might be working for the police examining someone’s injuries. You still owe the patient a duty of confidentiality – but you have performed your assessment on behalf of a third party, who expects the patient to agree to information being shared with them.

In the case of the police you need to inform the patient, in advance, that it is likely that anything they tell you might be revealed in open court on the direction of a magistrate. You are working for the police and in ethical terms the best interests of the general public may outweigh the autonomy of the patient.

In a benefits agency medical the patient must agree to information being shared – or maintain their confidentiality but drop their case. The patient cannot withhold information AND pursue their claim.

TALKING TO RELATIVES

For many years – until well into the 20th century – it was customary that physicians concealed from patients with fatal disease their incurable state, but communicated it freely to family and close friends.² Indeed, as recently as 1971, a doctor who told a 16 year old girl’s parents that she was on the contraceptive pill against her expressed wishes, because he thought this was in her best interests, had some prominent medical supporters.²

We have now moved away from this rather paternalistic approach to greater emphasis on patient autonomy. Sharing information with a patient’s relatives can be in their best interests, particularly if the relatives are carers and the patient lacks capacity. However, if the patient has capacity and does not want their information shared it would be unusual to do so on the basis of our own view of their best interests.

Discussing a patient with their relatives can be tricky. It’s usually best to give information to the patient, who can then pass it on, or have the patient present when information is being shared. Otherwise asking how much you can tell the relatives is an essential part of the consent.

If the patient lacks capacity you need to act in their best interests, which may mean sharing information. If someone is authorised through a power of attorney to act for the patient then you can talk to them. Sometimes in the later stages of palliative care patients indicate that they don’t want to know anything. It may then be appropriate to discuss medical matters with relatives who are acting as carers. You should make sure you are familiar with who everyone is and as far as possible make sure that the patient would not regard your speaking to them as a breach of trust.

You have no duty of confidentiality towards your patient’s relatives. If relatives are influencing a person’s care patients have the right to know this. You must not guarantee to relatives that you will not tell patients what you have discussed: you would only withhold this information if it was clearly in your patient’s best interests to do so. Usually, because of the potential for this to damage the trust between clinician and patient, discussions with relatives should not be kept secret from the patient.

FACING COMPLAINTS: CONFIDENTIALITY FOR US

Confidentiality extends only to patients – not to their healthcare professionals. We are listed publicly by our registering bodies and practise openly. If we are accused in the public domain we must not in any way breach confidentiality in our response. Even admitting that we have seen the relevant patient may constitute a breach so great care is needed and professional, medicolegal advice should always be sought. If your patient accuses you of misconduct in the media you cannot defend yourself with any specific details. This includes comments on social media, in the press and to friends and neighbours. You can only defend yourself in the most general terms.

CONFIDENTIALITY AFTER DEATH

The duty of confidentiality does not end with death. It is clearly humane to answer medical questions from immediate relatives soon after death. Beyond this, anyone who has a claim arising from the death (for instance a wife if her husband died through someone else’s fault) has a right of access to the relevant parts of the health records. In all other circumstances, the consent of all the executors or administrators to the estate should be obtained first.

Consider another hypothetical case

Three daughters come to see you after their father’s death from a brain tumour. They have been cut out of his will and would like to view his medical records to look for evidence that he was not of sound mind when he changed it. His widow does not wish you to share this information. Can they examine his records?

The law in England and Wales says that anyone who has a claim arising from a death has a right of access to relevant parts of the medical records. However, from what you have been told, the daughters do not currently have a claim, although they believe that they do. It is beyond your sphere of expertise to judge this aspect of the situation, so proceed with caution.

In these circumstances it would be unwise to discuss the patient’s history. The fact that his widow does not wish you to share the records is also relevant as she is his next of kin. A formal challenge to a will is likely to end up in court and the court may then direct you to release the information required to all parties.

CONFIDENTIALITY AND PRIVACY IN AN ELECTRONIC AGE

Texts, emails and phone calls

There are, inevitably, occasions when it will be necessary to contact patients with sensitive information and many practices now text and email patients. However, it can be hard to ensure the confidentiality of email. For example, messages may be seen by someone other than the intended recipient on a family computer. If you don’t know what the set-up is at the other end it is best not to put sensitive information in an email.

Text messages probably offer a better guarantee of privacy, as phones can be password protected and text tones silenced. But if you send a text it is up to you to make sure it can be confidentially received.

Thankfully it is unusual for anyone to pose as someone else on the phone in order to extract medical information. However, this famously happened in the case of the Duchess of Cambridge, with tragic consequences.³ With telephone communications, we should perhaps adopt the approaches used by banks and other organisations which hold our data, and ask for predetermined passwords and other identifiers before speaking to the ‘stranger on the phone.’

Health information technology

We now use a multitude of computerised systems to facilitate better communication between healthcare professionals, with the aim of improving patient care. It is, however, important to be aware of some of the unintended consequences.

The use of health information technology makes it even more important that we comply both with the Data Protection Act (Box 1) and with patients’ specific wishes around any disclosure to which they have consented. We need to clarify in advance if their data may be used for audit and management purposes and patients may withdraw consent from this if they wish.

We tend to feel that we know how to preserve a patient’s confidentiality – but this is not the same as maintaining their privacy. The disclosure of consented information to insurers, hospitals, employers, public health bodies, driving agencies and secondary care organisations, plus in anonymised form to commissioning bodies for wider audit and healthcare and budgetary management purposes, means that true privacy exists to only a relative degree in the modern world.

Full protection of privacy in an electronic age is impossible.¹ Records are often shared and there is a tendency to share the whole record rather than the part that is relevant to the problem. Moreover, records are not always 100% complete and 100% accurate. The power of computers is such that one can imagine someone could synthesise all the tiny bits of information on a single patient released to different organisations and build a near-complete health picture. It might then even be assumed to be complete when it was not.

Consider this example demonstrating the potentially serious consequences of an inaccurate computer record

Mr Brown is a 32 year old salesman. He was seen at an out of hours medical centre with a headache. The centre used SystmOne to record medical consultations in his centralised record. A locum doctor saw Mr Brown and diagnosed migraine. However, he mistakenly coded the diagnosis as TIA (transient ischaemic attack).

The following week the practice, which also used SystmOne, produced an insurance report printout of his notes that stated that the patient had had a TIA. The patient had consented to the disclosure and had not asked to see the report. Fortunately, the GP noticed the error and the report was not sent. If it had gone to the insurers the patient would almost certainly have had his premium loaded and from that point on the increased risk would have been difficult to ‘shed’.

The practice attempted to correct the entry but could not do so as they were not the organisation that entered it. They contacted the out of hours centre and the entry was removed three days later.

Data loss

Despite advanced firewalling there is a risk of mischievous hacking into our systems. Even if it isn’t technically possible now, things move on and, for very high-profile individuals, there may be those who would invest the time and effort necessary to find a route through a firewall. There have also been numerous instances of patient data being lost – on laptops, on memory sticks or through firewall failure.

There may come a time when individuals ask that their records are not placed onto a computer system at all. Indeed it is already possible to opt out of the sharing of your records with external bodies for data management purposes. The proposed summary care record caused some public consternation and some nine million people to opt out of the sharing of even this limited information on the national spine. Their main concerns were data security and confidentiality.

SUMMARY

Confidentiality is not an absolute requirement of doctors or nurses, and we breach it all the time, with and without consent. However, when we do so we need to be clear why and on what grounds we are overriding the patient’s right to privacy.

REFERENCES

1. Rothstein M A, The Hippocratic Bargain and Health Information Technology: J Law Med Ethics 2010 Spring: 38(1):7-13 http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3032388/

2. Higgins GL, The History of Confidentiality in Medicine: Can Fam Physician 1989 April: 35:914, 921-26 http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2280818/

3. Anon: BBC News 7/12/12 Duchess of Cambridge Hoax Call Nurse Found Dead, http://www.bbc.co.uk/news/uk-20645838

DISCUSSION

ACTIVITY 1

This is very difficult as privacy and confidentiality are not the same here. It may be impossible to maintain her privacy at your practice as her name will show up on internal audits of patients with depression and she may need to collect repeat medication. Moreover, other staff members may see her name on patient lists.

In reality, all you can do is suggest that she either registers elsewhere or that she accepts the professionalism of your colleagues, who are contracually bound not to look at patients' notes unless for purposes of patient care. The days when a patient to have thier paper notes locked in the GP's special drawer, and never accessed by anyone but named individuals are gone. This is perhaps a good example of the difference between confidentiality - which she can be promised - and total privacy, which in the modern NHS cannot easily be offered.

ACTIVITY 2

This is very worrying. Mrs Martin has clearly had unprotected intercourse with her husband (assuming that this is his child) and it is not clear that she is aware of his status. However before telling her anything you should attempt to persuade him to do so, and before doing this you should seek advice.

Upon taking advice you learn that the chance of a healthy individual acquiring HIV in a monogamous relationship from a single act of vaginal intercourse is very small and the average annual rate of in heterosexual married couples, where the man is infected, is about 5%. However, you also discover that this shrinks to less than 0.1% if the couple engage only in ‘safe’ sex, using condoms. You therefore conclude that while this is not an emergency, it is pressing and urgent as there is a clear risk to Mrs Martin.

Your first step is therefore to attempt to get Mr Martin to tell his wife about his HIV status and to discuss safe sex, which will protect her. He needs to be advised that she will routinely be offered HIV testing in pregnancy.

If he is prepared to tell his wife you can proceed from that point with her full knowledge. If he is not, then she and her unborn child are at risk. You will need to suggest to him that he thinks things through and talk to you again, while refraining from unprotected intercourse. You also need to advise him that if he is not prepared to tell his wife about his HIV status then it will be your duty to advise her of it. Worldwide there have been a number of prosecutions of HIV-positive individuals who had unprotected sex with, and infected, partners whom they had not informed of their status.

References

De Vincenzi I. A longitudinal study of human immunodeficiency virus transmission by heterosexual partners. The New England Journal of Medicine 1994; 331(6): 341-346. doi:10.1056/NEJM199408113310601

Wang L, Peng Z, Li L, et al. HIV and prevalence rates in heterosexual discordant couples in China: a systematic review and meta-analysis. AIDS Care. 2012;24(9):1059-70. doi: 10.1080/09540121.2012.661837. Epub 2012 Mar 28.

Criminal Transmission of HIV; Wikipediahttp://en.wikipedia.org/wiki/Criminal_transmission_of_HIV#cite_note-28