Website of the Department of Health

Please note that this website has a UK government access keys system.

Main menu

Page menu

Information policy

Patient confidentiality

Last modified date:

29 June 2009

Patient information is generally held under legal and ethical obligations of confidentiality. Information provided in confidence should not be used or disclosed in a form that might identify a patient without his or her consent. There are a number of important exceptions to this rule but it applies in most circumstances.

A duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence.

It is a legal obligation that is derived from case law
It is a requirement established with professional codes of conduct
It must be included within NHS employment contracts as a specific requirement linked to disciplinary procedures.

Patients entrust and allow the NHS to gather sensitive information relating to their health and personal matters as part of seeking treatment. They do so in confidence and they have the legitimate expectation that staff will respect this trust. Even if a patient is unconscious, this does not diminish the duty of confidence. It is essential, if the legal requirements are to be met and the trust of patients is to be retained, that the NHS provides, and is seen to provide, a confidential service.

NHS Caldicott Guardians

Caldicott Guardians are senior staff in the NHS and social services appointed to protect patient information. A manual and other guidance and advice for Caldicott Guardians have been produced.

NHS Caldicott Guardians

The Caldicott Report

The December 1997 Caldicott Report identified weaknesses in the way parts of the NHS handled confidential patient data. The report made several recommendations, one of which was the appointment of Caldicott Guardians, members of staff with a responsibility to ensure patient data is kept secure.