Menu Home Search

This page is used with kind permission by Wessex LMCs


Updated on Friday, 23 June 2017, 660 views

Medical confidentiality is at the bedrock of the Doctor-Patient relationship and it is enshrined in a number of codes, guidelines and laws.

The GMC has produced updated Guidance on Confidentiality with individual leaflets covering how care guidance applies in a range of situations doctors often encounter or find hard to deal with.

The legal and ethical principles of confidentiality and disclosure should only be breached if:

Data Sharing Checklist

  1. Is there a legal obligation to share this data without consent and if so have I limited it to the minimum data possible to serve the purpose?
  2. Would my patients be aware how their data may be processed?
  3. Would my patients know who is processing their data?
  4. Would my patients know why their data is being processed?
  5. Have I made a reasonable attempt to inform my patients of the ways in which their data will be held and processed?
  6. Have I provided the name of the practice's Data Protection Officer who can provide more information if they wish to know more?
  7. Have I given them an opportunity to raise any objections?
  8. Have I explained their right to access and correct the data? 
  9. Are all individuals who have access to identifiable medical data bound by a strict professional and contractual duty of confidentiality?
  10. If non-professionals have access to medical data are they bound by a strict contractual duty of confidentiality?
  11. Has the data been anonymised, or anonymised and aggregated, wherever possible?
  12. Is disclosure likely to cause serious harm to the patient's health or well-being?
  13. Am I breaching a third party confidence (excluding a medical professional caring for the patient)?
  14. Have I sought consent wherever possible?
  15. Has the patient expressed an objection to sharing this data?   (Any objection must be respected even after death.)
  16. If consent is not possible is it essential to share patient-identifiable data in the best interests of the patient's health and well being?
  17. If consent is not possible is it overwhelmingly in the public interest to share patient-identifiable data?
  18. If consent is not possible have I informed or do I intend to inform the patient as soon as possible if I have disclosed identifiable data?
  19. Have I restricted the data I intend to disclose to the minimum that would serve the intended purpose?
  20. Is the data to be disclosed for a clearly identified and limited purpose?
  21. Is the data to be disclosed to a clearly identified individual(s)
  22. Are all members of staff who handle this data aware of the need to ensure that data sharing is always checked before disclosure?
  23. Would I object to my own most personal medical data being shared in this way?
  24. Would I be prepared to defend this disclosure in a court of law or before the GMC?



Related guidance...


The December 1997 Caldicott Report identified weaknesses in the way parts of NHS handled confidential patient data. The report made...

Somerset LMC Weekly Update Friday 9th November 2018

Sent to all Somerset GPs and Practice Managers This and previous updates are available here 'Risk and Responsibilities' the...

Retention of Medical Records

It is not possible to be absolutely prescriptive on these matters but the following information should give some basic...

Insurance and Other Third Party Reports

Insurance Reports using the Data Protection Act Increasingly , insurance companies have taken to submitting requests for full copies...

Information sharing with Separated Parents

Some important information for you to note when you are asked by separated parents for information about their child: Parents may have...

Somerset LMC Weekly Update Friday 23rd October 2015

All Somerset GPs and Practice Managers This and previous updates are available online here Pneumococcal...

Privacy Notice


GPC Recommendations on Requests from DWP Officers for Patient Information

DWP Officials report that some GPs are still insisting on seeing written consent for reports for DWP purposes. The GMS Regulations...

Staff Members accessing records of their Family/Relations

We would like to remind practices of their obligation for protecting access to records by their staff members. GMC guidance from April...

GDPR- Headline Requirements with GPC and NHS Digital guidance

NHS Digital have now published a GDPR guidance note . This guidance is from the national GDPR working group and Information Governance...