Session 7 Key Concepts (2) Confidentiality

arises in particular relationships when one party has conveyed (entrusted) information on the understanding that it will not be disclosed without permission

Confidentiality Professional obligation - moral duty Hippocratic oath Geneva Declaration I WILL RESPECT the secrets which are confided in me, even after the patient has died Professional guidelines Codes of Ethics; GMC & BMA guidelines

Ethical basis deontological – autonomy patient should control information about themselves Utilitarian keeping confidences maximises ‘happiness’ (utility) Virtue ethics faithfulness, maintain trust (fidelity)

Justification for keeping confidences Privacy argument – rights-based argument Universal Declaration of Human Rights European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) Human Rights Act 1998 Art 8 Efficiency argument – public policy/public health based healthcare system requires patients to be open and honest Trust argument nature of relationship out of which confidentiality arise Autonomy argument control over personal information

Nature of legal duty General rights Article 8 European Convention on Human Rights Contract (tort) private patients implied term Contract (employment) NHS terms and conditions of service Equity (tort of breach of confidence) public policy Negligence (tort) professional standards (damage must be shown) Statute law various acts/regulations Data Protection

Article 8 European Convention on Human Rights European Convention on Human Rights in Article 8: 1. Everyone shall have the right to privacy of home, family life and correspondence 2. There shall be no interference by a public authority with this right save such as is in accordance with the law and is necessary in a democratic society in the interests of public safety, the economic well- being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others.

Confidentiality nature of legal duty duty of confidence common law/equity no right to privacy explicitly recognised in English law privacy vs protecting confidences specific equitable obligation developed by the courts “a duty of confidence arises where confidential information comes to the knowledge of a person in circumstances where he has notice, or is held to have agreed, that the I nformation is confidential with the effect that it would be just in all the circumstances that he should be precluded from disclosing the information to others.” Lord Goff AG v Guardian Newspapers (No 2) [1988]

Confidentiality Duty of confidence 3 pronged test: information confidential in nature information imparted in circumstances that impose/confer obligation on confident to respect confidentiality confider must show cause for invoking help of court (e.g. detriment or public interest reason) Coco v AN Clarke (Engineers) Ltd [1969] RPC 41 AG v Guardian Newspapers (No 2) [1988] 3 All ER 545 X v Y(1988) 2 All ER 648 R v Department of Health, ex parte Source Informatics Ltd [2000] 1 All ER 786

Duty of confidence Doctor – patient relationship recognised as one of the category of relationships protected by the equitable remedy of breach of confidence “… in common with other professional men, for instance a priest, ….the doctor is under a duty not to disclose [voluntarily], without the consent of his patient, information which he, the doctor, has gained in his professional capacity.” Boreham J Hunter v Mann [1974] QB 767 arguably extends to all healthcare professionals X v Y(1988) 2 All ER 648 R v Department of Health, ex parte Source Informatics Ltd [2000] 1 All ER 786 W v Egdell [1990]1 All ER 835

Confidentiality Duty of confidence has Statutory recognition: National Health Service (Venereal Diseases) Regulations 1974 Abortion Regulations 1991 Human Fertilisation and Embryology Act 1991

Confidentiality - breach remedies for breach of confidence equitable remedy in tort of breach of confidence injunction Damages criminal sanctions for breach of statutory provisions justifications consent public interest freedom of the press danger to the public or a third party teaching; research; clinical audit statutory requirements court proceedings

Exceptions to Obligation for Confidentiality patient threatens harm to self patient threatens harm to others when required by law communicable disease occupational diseases suspected abuse

Exceptions to duty of confidence Consent express; implied professional guidelines Public interest/public good protection of the public AG v Guardian Newspapers (No 2) [1988] 3 All ER 545 W v Egdell [1990]1 All ER 835 protection of a third party Torasoff v Regents of the University of California (1976) 131 Cal Reps 14 Palmer v Tees Health Authority [1999] PIQR P1 professional guidelines Statutory permissible exceptions

Exceptions to duty of confidence Public interest/public good protection of the public W v Egdell [1990]1 All ER 835 two competing interests: public interest in maintaining confidentiality public interest in allowing restricted disclosure of the facts Lord Goff AG v Guardian Newspapers (No 2) [1988] 3 All ER 545 “…although there is a public interest in preserving confidences which should be preserved and protected by law, nevertheless that public interest may be outweighed by some other countervailing public interest which favours disclosure”

Exceptions to duty of confidence Public interest/public good Protection of a third party (US cases) Torasoff v Regents of the University of California (1976) 131 Cal Reps 14 Garamella v New York Medical College (1998) 23 F. Supp. 2d 167 (D. Conn. 1998) Statutory permissible exceptions include: Public Health (Control of Disease) Act 1984 Abortion Act 1967 (Abortion Regulations (1991) Public Health (Control of Disease) Act 1984 Human Fertilisation and Embryology Act 1990 (amended by the Human Fertilisation and Embryology (Disclosure of Information) Act1992 National Health Service (Venereal Diseases) Regulations 1974 Human Organs Transplant Act 1989 Terrorism Act 2000 Road Traffic Act 1988 Police and Criminal Evidence Act 1984 Court Orders

Confidentiality in the NHS professional ethical codes professional guidelines NHS guidelines contract of employment Caldicott Guardians Statutes relating to patient information in health records Data Protection Act 1998 Access to Medical Reports 1988 Access to Health Records Act 1990 Access to Personal Files Act 1987

Data Protection The Data Protection Act 1998 came into force on 1 March 2000 under the Act, anyone processing personal information must comply with eight principles of good information handling The eight principles state that the data must be: fairly and lawfully processed processed for limited purposes adequate, relevant and not excessive accurate and up to date not kept longer than necessary processed in accordance with the individual's rights secure not transferred to countries outside the European Economic area, unless there is adequate protection

Confidentiality in the NHS Caldicott Committee’s Report on the Review of Patient Identifiable Information, published in December 1997, Health Service Circular (HSC 1999/012); appointment of Guardians (2002/003): an existing member of the management board of the organisation a senior health professional an individual with responsibility for promoting clinical governance HSC 2000/009: Data Protection Act 1998: protection and use of patient information The NHS Confidentiality Code of Practice Guidelines on the use and protection of patient information November 2003

Caldicott Principles Caldicott Committee recommended that every flow of patient identifiable information should be regularly justified and routinely tested against the principles developed in the Caldicott Report Principle 1: justify the purpose(s) for using confidential information Principle 2: only use it when absolutely necessary Principle 3: use the minimum that is required Principle 4: access should be on a strict need-to-know basis Principle 5: everyone must understand his or her responsibilities Principle 6: understand and comply with the law

Confidentiality in the NHS breach of confidence what counts as identification of a patient? not just name of patient possible consequences complaint to the Information Commissioner for breach of the Data Protection Act 1998 professional disciplinary proceedings (misconduct) employer disciplinary proceeding (breach of contract of employment) civil court action in tort of breach of confidence criminal court action where breach of statute

Difficulties with maintaining confidentiality in the NHS professional ‘need to know’ other doctors, nurses, allied professions, students, etc non-professional ‘need to know’ ward clerical/administrative staff, hospital staff, Trust, NHS agencies, etc communication risks verbal discussions computer/electronic health records fax/photocopy machine celebrity/newsworthy’ patients telephone/answer machine bureaucracy

Special Problems in Confidentiality children adolescents psychiatric patients incompetent patients HIV status celebrity’ patients professional colleagues genetic information

Confidentiality Duty of confidence in special cases: children with capacity – obligation of confidence without capacity – law requires ‘best interests’ approach incompetent adults law requires ‘best interests’ approach deceased persons

Summary ethical and legal duty of confidentiality respect for autonomy Implied promise not an absolute principle legal approach balancing of public interests no breach if patient consents patient cannot be identified