Simon Kidd, dento-legal adviser at the Dental Defence Union (DDU) discusses the professional, legal and contractual responsibilities dental professionals have in order to protect patients' confidentiality.
Protecting patient information from improper disclosure is an essential principle of dental practice and a legal obligation - the very fact that someone is a patient at your practice is confidential. If there is an alleged breach of confidentiality, then a patient may be able to claim damages in a civil court or, if this is due to a data protection breach, fines can be brought by the Information Commissioner's Office (ICO). Your duty to respect confidentiality continues after a patient's death.
As the GDC states in its guidance Standards for the dental team, all dental professionals 'must protect the confidentiality of patients' information and only use it for the purpose for which it was given'.1 Breaching confidentiality could result in a finding of impaired fitness to practise and removal from the relevant GDC register.
Additionally, it is important that the whole practice team is aware of their responsibilities to protect patients' confidentiality. The GDC states that 'you must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times'.1
For example:
-
Do members of your dental team have an appropriate clause in their employment contract or self-employed agreement stating their obligation to respect and actively protect patient confidentiality?
-
Have you considered outlining in your practice literature the patients' right to confidentiality and the practice's duty to protect it?
-
Does your practice induction programme include the importance of patient confidentiality? Is ongoing training provided?
It is important to ensure that the management of dental records, regardless of whether they are electronic or manual, complies with the Data Protection Act 2018,2 which regulates the collection, processing and disclosure of personal data, and intends to protect against its misuse.
Other data protection legislation recognises an individual's rights to know what information is being processed about them and restrict its disclosure. For example, the Access to Medical Reports Act 1988 applies to reports about dental patients.3 It allows patients to see reports written about them, for employment or insurance purposes, by a registered dentist whom they usually see in a normal dentist/patient capacity. The patient can ask you not to send a report.
Furthermore, the Access to Health Records Act 1990 also states that, where a patient has died, an application for access to a health record, or to any part of a health record, may be made to the record holder by the patient's personal representative and anyone who may have a claim arising out of the patient's death.4
It is also vital to keep any information relating to a patient secure so remember to store all written records in locked cabinets and ensure that computer screens with patient information are not be visible to anyone other than authorised personnel.
Also, reception areas and surgeries should be planned in such a way that conversations about confidential matters cannot be overheard by a third party. This applies to telephone calls and remote consultations, as well as face-to-face conversations.
It is also important to be cautious and to consider what you post on social media. While social media can be a useful business tool for dental professionals, it is important to recognise the risks it poses as well. When using social media it is important to:
-
Remember that your duty of confidentiality to patients applies online as well as offline
-
Avoid making comments about patients online
-
Consider if your posts could be viewed negatively if a patient or their family were to see it.
Even if what you post on social media seems harmless and doesn't identify a patient by name, it is in the public domain and could amount to a breach of confidentiality - for example, if your patient was a friend of a friend and your post identified them in some way, or a patient came across one of your comments.
The GDC's guidance says, 'You must not post any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice you must be careful that the patient or patients cannot be identified'.1
To learn more about patient confidentiality visit https://www.theddu.com/.
References
General Dental Council. Focus on Standards. Principle Four. Maintain and protect patients' information. Available at: https://standards.gdc-uk.org/pages/principle4/principle4.aspx (accessed 18 October 2021).
Data Protection Act 2018. Available at: https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted (accessed 18 October 2021).
Access to Medical Reports Act 1988. Available at: https://www.legislation.gov.uk/ukpga/1988/28/contents (accessed 18 October 2021).
Access to Health Records Act 1990. Available at: https://www.legislation.gov.uk/ukpga/1990/23/section/3 (accessed 18 October 2021).
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Kidd, S. The importance of confidentiality. BDJ Team 9, 25 (2022). https://doi.org/10.1038/s41407-022-0796-z
Published:
Issue Date:
DOI: https://doi.org/10.1038/s41407-022-0796-z
