When we refer to ‘service users’ we mean patients or clients (children and adults) and other people who are directly affected by the care, treatment or other services that The Bridge provide. The key principles set out on this page also apply to when our team provide services to organisations rather than individuals.
This page cannot cover every situation where problems or challenges about confidentiality might come up. However, we keep the following principles in mind when handling service user information:
The nurses at The Bridge are all registered with the NMC (nursing and midwifery council) and the health professionals at The Bridge are all registrants of the health and care professions council (HCPC). The HCPC and NMC are regulators whose main aim is to protect the public. To do this, they keep a register of health professionals and nurses that meet their standards for training, professional skills, behaviour and health.
Confidentiality to us means protecting the personal identifiable information relating to our service users. This information might include details of a service user’s lifestyle, family, health or care needs which they want to be kept private.
Service users should expect any contact with The Bridge to be treated as confidential. Any of the team involved in the care or treatment of service users will protect their confidentiality at all times.
Our standards of conduct, performance and ethics
As a service we work inline with the NMC code of conduct. You can expect us to:
We also work inline with the HCPC standards of conduct, performance and ethics. The health professionals at The Bridge:
We have a professional and legal responsibility to respect and protect the confidentiality of service users at all times.
It is our professional and legal responsibility to protect the confidentiality of services users at all times.
The law says that as health professionals we have a duty to protect the confidentiality of the people we have a professional relationship with.
Our standards of conduct, performance and ethics says that:
We must keep records secure by protecting them from loss, damage or inappropriate access
We must treat information about service users as confidential
This means that we take all reasonable steps to protect information about our service users.
Identifiable information is disclosed for a number of reasons. It can happen when we refer a service user to another health and care professional or when a service user asks for information to be given to a third party.
It is important that we get the service user’s permission, or consent, before we share or disclose information or use it for reasons which are not related to the care or services we are providing them.
Consent, for the purposes of confidentiality, means that the service user understands and does not object to:
For consent to be valid, it must be voluntary and informed, and the person giving consent must have the capacity to make the decision.
By ‘voluntary’, we mean that the person makes the decision freely and without being persuaded or pressurised by professionals, family, friends or others.
By ‘informed’, we mean that the service user has enough information to make a decision about whether they give their permission for their information to be shared with other people. (This is sometimes called ‘informed consent’.) Service users should be fully aware of why we need to share any information about them, how we will do so, who we will be sharing the information with and how that information will be used. We should also tell them how not giving their permission is likely to affect the care, treatment or services they receive.
By ‘capacity’ we mean a service user’s ability to use and understand information to make a decision and to communicate their decision to us.
There are two types of consent for purposes of confidentiality:
This is where we are given specific permission to do something. We need to get express consent if we are using personal identifiable information for reasons which are not related to the care, treatment or other services we provide for the service user, or in a way which service users would not reasonably expect. It is also important for us to get express consent if a service user has previously objected to us sharing their information with other people. Express consent can be spoken or written.
This is where consent from the service user is not expressly spoken or written but can be taken as understood, for example because service users have agreed to receive treatment, care or other services. If we are using personal identifiable information to care for a service user or provide services to them, in most circumstances we will have their implied consent. Most service users will understand the importance of sharing information within our team.
For consent to be valid we must have we must ensure the child or adult, or their legal guardian, has the capacity to consent to our involvement.
For us capacity refers to a service user’s ability to use and understand information to make a decision, and to communicate their decision to us.
We assume that adult service users have sufficient capacity unless there is significant evidence to suggest otherwise. Examples of reasons an adult service user might lack capacity include:
We treat people aged 16-17 in the same way as we would adults and assume that they have capacity unless there is significant evidence to suggest otherwise.
For children under 16, we will nearly always need to get consent from someone with parental responsibility. This could be:
Some children under 16 can give consent if they can fully understand the information given to them. This is known as ‘Gillick competence’.
As an outpatient service we do not make decisions for children or adults that lack capacity. We would instead offer our professional opinion to the child or adult’s legal guardians as to what we considered to be in their ‘best interests’. This would involve:
We need to balance the best interests of the child or adult against other duties. If we have a legal duty to share the information, or need to share it to protect the public interest, we can share it without the consent of the child or adult or their legal guardian. The reasons for this are covered below in the sections public interest and safeguarding.
In most cases, we will need to make sure that we have consent from the service user before we disclose or share any identifiable information.
One of the most common reasons for disclosing confidential information will be when we contact other health and care practitioners. This might include discussing a case with a colleague or referring a service user to another health and care professional.
Sharing information is part of good practice. Care is rarely provided by just one health and care professional, and sharing information within our team, the wider multidisciplinary team, or with other organisations or agencies is often an important way of making sure care can be provided effectively.
Most service users will understand the importance of sharing information with others who are involved in their care or treatment and will expect us to do so, so we will normally have implied consent to do this.
However, when we share information with other colleagues, we should make sure that:
If we decide not to contact other practitioners when we might reasonably be expected to, or if a service user asks us not to, it is important that we keep clear records of this and are able to justify our decision.
If we are concerned about a request someone makes for information – for example, we think the information they have asked for is not relevant – we may contact the person who has asked for the information so they can explain their request. We may also want to get legal advice, or advice from our professional body.
It is important that we get express consent, in writing where possible, if we plan to use identifiable information for reasons which are not directly related to the service user’s care or if they would not reasonably expect their information to be used or shared in that way.
Sometimes, a third party who is not a health and care professional may ask us for information. This might be a request to send information to an insurance company, education setting, local authority, or a solicitor. We would always make sure that we have express consent of the service user prior to providing any confidential information.
There are a small number of circumstances where we might need to pass on information without consent, or when we have asked for consent but the service user has refused it. The reasons for this are covered below in the sections public interest and safeguarding.
We can disclose confidential information without consent from the service user if it is in the ‘public interest’ to do so.
This might be in circumstances where disclosing the information is necessary to prevent a serious crime or serious harm to other people. We find out whether it is in the public interest to disclose information by considering the possible risk of harm to other people if we do not pass it on, compared with the possible consequences if we do. This includes taking account of how disclosing the information could affect the care, treatment or other services we provide to the service user.
We should carefully consider whether it is in the public interest to disclose the information. If we are unsure we may want to get legal advice.
We need to be able to justify a decision to disclose information in the public interest (or a decision not to disclose information) so it is important that we keep clear records.
Even where it is considered to be in the public interest to disclose confidential information, we should still take appropriate steps to get the service user’s consent (if possible) before we do so. We should keep them informed about the situation as much as we can. However, this might not be possible or appropriate in some circumstances, such as when we disclose information to prevent or report a serious crime.
Sometimes, we may be asked for information directly under the law – for example, if a court has ordered us to disclose the information. We have a legal duty to keep to orders made by the court.
We should tell the service user if we have had to disclose information about them by law, unless there are good reasons not to – for example, if telling them would affect how serious crime is prevented or detected. We should also only provide the information we have been asked for and keep a record of this
Keep in mind that not all requests from solicitors, the police or a court are made under a legal power that means we must disclose information. If disclosure is not required by law, and cannot be justified in the public interest, we must get express consent from the service user.
Our standards of conduct, performance and ethics say that:
We must take appropriate action if we have concerns about the safety or well-being of children or vulnerable adults.
In these situations, the following apply.
We follow local policies and processes for raising a safeguarding concern. This might include informing the local council or the police. If we are concerned that someone has caused harm, or could pose a risk to vulnerable groups, we should refer the matter to the Disclosure and Barring Service, or in Scotland, Disclosure Scotland. We may also want to inform the local council or the police.
Requests from service users for access to the information we have about them
Service users have the right to see information we hold about them and it is important that we respect this. We charge a flat admin fee of £50 for any data requests. Any such requests should be made to this email address firstname.lastname@example.org
This page does not cover every situation about confidentiality. If you have any questions about confidentiality please contact us.