Confidentiality: when to break it, GMC guidance and Caldicott principles
RezzyConfidentiality is one of those "bread and butter" topics for the UKMLA AKT, and honestly, it’s something you’ll use every single day on the wards. The GMC is very clear that patients have a right to expect that their personal information will be held in confidence, but that right isn't absolute.
Let's break down the "when" and "how" of navigating these ethical waters.
1. The GMC Guidance: When to Break Confidentiality
The GMC outlines specific circumstances where you can (or must) disclose personal information without a patient's consent. I like to group them into three main buckets:
- With Consent: The easiest path! Always try to get the patient's permission first if possible.
- Required by Law: You have a statutory duty to disclose.
- Notifiable diseases (e.g., TB, Measles, Meningitis).
- Court orders (a judge tells you to).
- Terrorism Act (disclosing information that might prevent an act of terrorism).
- In the Public Interest: This is the "grey area" where you have to weigh the patient's right to privacy against the risk of serious harm to others.
- Prevention of serious crime (e.g., murder, rape, kidnapping).
- Risk of serious physical harm (e.g., a patient with uncontrolled epilepsy who insists on driving).
- Safeguarding (protecting children or vulnerable adults from abuse or neglect).
2. The Caldicott Principles
While the GMC tells you when you can break confidentiality, the Caldicott Principles tell you how to handle that data safely within the NHS. There are 8 principles now (the 8th was added recently), and they are high-yield for AKT questions.
I've put together a summary table of these principles for you to keep them straight.
| Principle | Description |
|---|---|
| 1. Justify the purpose | Every single use of patient-identifiable info must be clearly defined and justified. |
| 2. Use only when necessary | Don't use personal data unless there is absolutely no alternative. |
| 3. Use the minimum necessary | Only share the specific bits of info needed for that purpose (e.g., don't send a whole file if only a DOB is needed). |
| 4. Access on a need-to-know basis | Only people who actually need the info for their job should see it. |
| 5. Everyone must understand their responsibilities | If you handle data, you need to know the rules. |
| 6. Comply with the law | Every use of info must be lawful (GDPR, Data Protection Act). |
| 7. The duty to share can be as important as the duty to protect | Don't let "confidentiality" stop you from sharing info that is vital for a patient's care. |
| 8. Inform patients about how their info is used | Transparency is key—patients should know who is seeing their data and why. |
The table above covers the "how," but for the AKT, you'll often be given a scenario and asked what the first step is. Usually, it's to discuss the situation with the patient and try to gain their consent, unless doing so would put someone at further risk (like in some safeguarding cases).
If you're ever in doubt in a real-life scenario, the answer is almost always to consult your Caldicott Guardian (the person in the hospital responsible for data protection) or your medical defense union (MDU/MPS).
To help you lock this in, I've found some relevant lessons and flashcards that cover these ethical scenarios in more detail.
📚 Confidentiality & Ethics Lessons
Those lessons will give you the full breakdown of the GMC's Confidentiality guidance. To help you memorize the specific triggers for breaking it, I've also pulled some flashcards for you to review.
🗂️ Confidentiality Flashcards
Tap to study 21 flashcards in the Oncourse app
The flashcards above will help you drill those key exceptions. One final tip for the AKT: if you're asked about a patient who has a notifiable disease (like TB), your duty is to notify the Proper Officer at the local health protection team, not just the GP or the patient's family.
If you're feeling confident with the theory, we could try a quick quiz on these ethical scenarios, or I can find a flowchart for the decision-making process if you'd like!
Setting up chat...