Confidentiality is important
Patients have the right to privacy and it is very important that they give the dentist full information on their state of health to ensure that treatment is carried out safely. A relationship of trust must be present between dentist, the staff and the patient. This relationship is founded upon the understanding that any information revealed by the patient to the dentist will not be divulged without the patient’s consent. All staff within this practice also have a right to confidentiality of their personal information being kept confidential.
If confidentiality is breached, the dentist and all other members of the dental team face investigation and possible sanction by the General Dental Council. In serious cases this could result in erasure from the GDC Register. This may also result in legal action by the patient or staff member for damages and prosecution for breach of the 1998 Data Protection Act and the GDPR (2018)
General Dental Council
4.2 Protect the confidentiality of patients’ information and only use it for the purpose for which it was given.
4.3 Only release a patient’s information without their permission in exceptional circumstances.
If confidentiality is breached, each registered dental professional involved is responsible to the Council for their individual conduct.
What is personal information?
In a dental practice context, personal information about a patient or staff member includes:
- name, current and previous addresses
- Bank account/credit card details and financial details
- Telephone number/email address
- Information that the individual is or has been a patient of the practice
- Failed attendance
- Cost of treatment, the amount owing or whether the patient owes money to the practice.
- Physical, mental or oral health or condition
- Treatment planning details that is planned or has been provided
- Family members and personal circumstances supplied including ‘nick names’
Principles of confidentiality
Personal information about a patient or staff member shall always be:
- Confidential in respect of that patient or staff member within this practice
- Only disclosed to those who would be unable to provide effective care and treatment without that information (the need-to-know concept),
- Not disclosed to third parties without the consent of the patient or staff member except in certain specific circumstances described in this policy.
When can disclosures be made to third parties?
There are few circumstances in which a dentist may decide to disclose information to a third party or may be required to disclose by law. Responsibility for disclosure rests with the patient’s dentist and under no circumstances can any other member of staff make a decision to disclose. A brief summary of the circumstances is given below.
When disclosure is in the public interest
There are certain circumstances where the wider public interest outweighs the rights of the patient to confidentiality. This might include cases where disclosure would prevent a serious future risk to the public or assist in the prevention or prosecution of serious crime.
Disclosure can be made where:
- The patient or staff member has expressly given consent to the disclosure
- Disclosure is necessary for the purpose of enabling someone else to provide health care and the patient/ staff member has consented to this sharing of information
- Disclosure is required by statute or is ordered by a court of law
- Disclosure is necessary for a dentist to pursue a bona-fide legal claim against a patient/ staff member when disclosure to a solicitor, court or debt collecting agency may be necessary.
Disclosure of information necessary to provide care under the NHS
Information may need to be disclosed to third party organisations to ensure the provision of care and the proper functioning of the NHS. In practical terms this type of disclosure means:
- Transmission of claims/information to payment authorities such as the DPD/SDPD/CSA)
- Disclosure of information to the LAT/HB
- Referral of the patient to another dentist or health care provider e.g. a hospital or specialist.
Please note that the patient must consent to this and under most circumstances receive a copy of the referral letter.
Data protection code of practice
Please see the practice Data Protection Code of Practice. This describes the required procedures to ensure that we comply with the 1998 Data Protection Act and GDPR 2018. It is a condition of engagement that everyone at the practice complies with the code of practice and GDPR.