Menu Home Search

This page is used with kind permission by Wessex LMCs


Updated on Friday, 23 June 2017, 811 views

Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and laws.

The GMC has produced updated Guidance on Confidentiality with individual leaflets covering how care guidance applies in a range of situations doctors often encounter or find hard to deal with.

The legal and ethical principles of confidentiality and disclosure should only be breached if:

Data Sharing Checklist

  1. Is there a legal obligation to share this data without consent and if so have I limited it to the minimum data possible to serve the purpose?
  2. Would my patients be aware how their data may be processed?
  3. Would my patients know who is processing their data?
  4. Would my patients know why their data is being processed?
  5. Have I made a reasonable attempt to inform my patients of the ways in which their data will be held and processed?
  6. Have I provided the name of the practice's Data Protection Officer who can provide more information if they wish to know more?
  7. Have I given them an opportunity to raise any objections?
  8. Have I explained their right to access and correct the data? 
  9. Are all individuals who have access to identifiable medical data bound by a strict professional and contractual duty of confidentiality?
  10. If non-professionals have access to medical data are they bound by a strict contractual duty of confidentiality?
  11. Has the data been anonymised, or anonymised and aggregated, wherever possible?
  12. Is disclosure likely to cause serious harm to the patient's health or well-being?
  13. Am I breaching a third party confidence (excluding a medical professional caring for the patient)?
  14. Have I sought consent wherever possible?
  15. Has the patient expressed an objection to sharing this data?   (Any objection must be respected even after death.)
  16. If consent is not possible is it essential to share patient-identifiable data in the best interests of the patient's health and well being?
  17. If consent is not possible is it overwhelmingly in the public interest to share patient-identifiable data?
  18. If consent is not possible have I informed or do I intend to inform the patient as soon as possible if I have disclosed identifiable data?
  19. Have I restricted the data I intend to disclose to the minimum that would serve the intended purpose?
  20. Is the data to be disclosed for a clearly identified and limited purpose?
  21. Is the data to be disclosed to a clearly identified individual(s)
  22. Are all members of staff who handle this data aware of the need to ensure that data sharing is always checked before disclosure?
  23. Would I object to my own most personal medical data being shared in this way?
  24. Would I be prepared to defend this disclosure in a court of law or before the GMC?



Related guidance...

Disclosing patient information without consent

Disclosing patient information without consent- A precis of GMC advice You must disclose information if it is required by statute or if...

Insurance and Other Third Party Reports

Insurance Reports using the Data Protection Act Increasingly , insurance companies have taken to submitting requests for full copies...

Privacy Notice


Information sharing with Separated Parents

Some important information for you to note when you are asked by separated parents for information about their child: Parents may have...

Retention of Medical Records

It is not possible to be absolutely prescriptive on these matters but the following information should give some basic...


The December 1997 Caldicott Report identified weaknesses in the way parts of NHS handled confidential patient data. The report made...

Somerset LMC Weekly Update Friday 23rd October 2015

All Somerset GPs and Practice Managers This and previous updates are available online here Pneumococcal...

Somerset LMC Weekly Update Friday 9th November 2018

Sent to all Somerset GPs and Practice Managers This and previous updates are available here 'Risk and Responsibilities' the...

Police requests for medical notes from general practice

There is clear guidance regarding the obligations that GPs have with respect to copying and/or release of the GP record. For your...

Online Patient Services for Children

Practices may get requests from patients for online access to their records from children below the age of 16 who are classed as Fraser...