Department of Health

Website of the Department of Health

Please note that this website has a UK government access keys system.

NHS logo

Patient confidentiality

  • Last modified date:
    8 February 2007

Patient information is generally held under legal and ethical obligations of confidentiality. Information provided in confidence should not be used or disclosed in a form that might identify a patient without his or her consent. There are a number of important exceptions to this rule but it applies in most circumstances.

A duty of confidence arises when one person discloses information to another (e.g. patient to clinician) in circumstances where it is reasonable to expect that the information will be held in confidence.  It -

a) is a legal obligation that is derived from case law;

b) is a requirement established with professional codes of conduct; and

c) must be included within NHS employment contracts as a specific requirement linked to disciplinary procedures.

Patients entrust the NHS or allow it to gather sensitive information relating to their health and other matters as part of their seeking treatment.  They do so in confidence and they have the legitimate expectation that staff will respect this trust, or may be unconscious, but this does not diminish the duty of confidence.  It is essential, if the legal requirements are to be met and the trust of patients is to be retained, that the NHS provides, and is seen to provide, a confidential service.

The NHS Confidentiality Code of Practice

Guidelines on the use and protection of patient information, November 2003.  Including the Code of Practice public consultation.

NHS Caldicott Guardians

Caldicott Guardians are senior staff in the NHS and social services appointed to protect patient information. This page includes a manual and other guidance and advice for Caldicott Guardians, and will also be of interest to anyone wanting to find out more about the role.

The Caldicott Report

The December 1997 Caldicott Report identified weaknesses in the way parts of the NHS handled confidential patient data. The report made several recommendations, one of which was the appointment of Caldicott Guardians, members of staff with a responsibility to ensure patient data is kept secure.

Please note that the NHS Confidentiality Code of Practice now provides the most up-to-date guidance on patient confidentiality.

Additional links

The NHS Confidentiality Code of Practice

Guidelines on the use and protection of patient information, November 2003.

NHS Care Record Guarantee

The NHS will use records about you in ways that respect your rights and promote your health and wellbeing.

Access keys