You are here: HomePolicies → Confidentiality

Policies and Guidelines


General Medical Council (GMC)

‘Confidentiality’ (2009)

The GMC’s guidance for doctors sets out the principles of confidentiality and respect for patients’ privacy that doctors are expected to understand and follow, with the relevant legal and ethical considerations that should inform their decisions. The GMC also provides explanatory guidance (on the same web page) on the application of its guidance on confidentiality in particular contexts, for example, reporting concerns about patients to the DVLA and disclosing information about serious communicable diseases.

Note that the GMC guidance ‘Confidentiality’ (2009) pre-dates other important developments in confidentiality and information governance such as the Health and Social Care Act 2012 and the second Caldicott report of 2013.


Health and Social Care Act 2012 - confidentiality and information governance

Legal principles for handling confidential patient data originate in common law and are increasingly governed by a framework of Acts of Parliament, including the Data Protection Act 1998, the Human Rights Act 1998 and the NHS Act 2006. The Health and Social Care Act 2012 has enabled the Health and Social Care Information Centre to collect and share confidential information in medical records through the ‘’ service, for ‘secondary purposes’ such as service development and commissioning.

Guidance and further information about these initiatives is provided by NHS England in its central hub for information on information governance  and in its guidance for GPs on data and information.

Although NHS England’s information is primarily aimed at GPs, patients and commissioners, this is a useful source of information for healthcare professionals generally.


‘Caldicott 2’

‘Information: to share or not to share? The Information Governance review’ March 2013

The 1997 report of a review of the use of patient-identifiable data, chaired by Dame Fiona Caldicott, recommended six principles for the protection of people’s confidentiality, subsequently known as the ‘Caldicott principles’. The report of Caldicott’s second review was published in 2013 and aims, “to ensure that there is an appropriate balance between the protection of the patient or user’s information, and the use and sharing of such information to improve care.” Thus, among other things, the 2013 Caldicott report takes account of concerns about information governance raised during the development of the Health and Social Care Act 2012 and it explicitly recognises a need to achieve a balance between protecting the privacy of patients and service users and sharing information to improve services. To the original six Caldicott principles is added a seventh: “The duty to share information can be as important as the duty to protect patient confidentiality.”


British Medical Association (BMA)

The GMC’s guidance on ‘Confidentiality and health records’ consists of a core, sixteen-item ‘Confidentiality and disclosure of health information toolkit’ and further ‘Key guidance on confidentiality issues’.

The toolkit aims to identify for doctors the key factors that they must take into account when making decisions concerning confidentiality. In sixteen cards, the toolkit provides basic, introductory information on a range of areas of confidentiality relating to, for example, children, adults who lack capacity, the deceased and secondary uses of confidential information.

The BMA’s ‘Key guidance on confidentiality issues’ provides more detailed guidance on twelve specific topics related to confidentiality. These topics include: the ‘ service’; ‘accessing health records’; ‘taking and using visual and audio recordings of patients’; and FAQs on the Freedom of Information Act 2000.


NHS Scotland: NHS Code of Practice on Protecting Patient Confidentiality