|
Joy Wingfield is Boots special professor of pharmacy
law and ethics at Nottingham School of Pharmacy
|
Protect, Inform, Provide choice, Improve — not the ideal choice
of terms from which to form an acronym, but nevertheless a good aide-memoire
to remind pharmacists what the NHS code of conduct on confidentiality1 is all about. The code has been several years in gestation but the final
version is now “required practice for those who work within or
under contract to NHS organisations”. In other words, it is required
for pharmacists working in NHS hospitals, in NHS primary care and in
NHS dispensing or other NHS services delivered by community pharmacists.
The code itself is just 12 pages long but there are a further 28 pages
of annexes. These are rather heavy going, but they do include useful
flow charts for taking decisions about whether or not to disclose health
care information and examples of the circumstances which may give rise
to disclosure without the patient’s consent. The code replaces
guidance from 1996 (“Protection and use of patient information”2),
builds on the requirement for “Caldicott guardians” in the
NHS3 and will be supplemented as needed with guidance from the Information
Policy Unit at the Department of Health.
Glossary, adapted from “Confidentiality:
NHS Code of Practice”
|
Patient identifiable
information
|
Key identifiable information includes:
· Patient’s name, address, full post code, date of birth
· Pictures, photographs, videos, audio-tapes or other images of patients
· NHS number and local patient identifiable codes
· Anything else that may be used to identify a patient directly or indirectly |
Anonymised information
|
This is information which does not identify
an individual directly, and which cannot reasonably be used to
determine identity |
“Pseudonymised” information
|
This is similar to anonymised
information but the holder retains a means of identifying individuals;
this will often be by attaching codes to information to allow linking
of information about individuals for research purposes |
Clinical audit
|
The evaluation of
clinical performance against standards or through comparative
analysis with the aim of informing
the management of services |
Explicit or express
consent
|
This means articulated
patient agreement; the terms are interchangeable and relate
to a clear and voluntary
indication of preference or choice, usually given orally or in
writing and freely given in circumstances where the available options
and the consequences have been made clear |
Implied consent
|
This means patient
agreement that has been signalled by behaviour of an informed
patient |
Disclosure
|
This is the divulging
or provision of access to data
|
Health care purposes
|
These include all
activities that directly contribute to the diagnosis, care
and treatment of an individual
and the audit/assurance of the quality of the health care provided;
they do not include research, teaching, financial audit or other
management activities |
Information sharing
protocols
|
Documented rules
and procedures for the disclosure and use of patient information
between two or
more organisations or agencies |
Medical purposes
|
These include preventive
medicine, medical research, financial audit and management
of health care services; the Health
and Social Care Act explicitly broadened the definition to include
social care |
Public interest
|
Exceptional circumstances
that justify overruling the right of an individual to confidentiality
in order to serve
a broader societal interest |
Social care
|
This is the support
provided for vulnerable people, whether children or adults,
including those with disabilities and
sensory impairments |
|
Definitions
The code first provides a welcome table of defined terms (see Glossary
above). Community pharmacists may take particular note of the clarification
of the position of truly anonymous data derived from patient medication
records; researchers may find the definition of “pseudonymised” data
helpful. Explana-tion of the distinctions between explicit (or express)
and implied consent will help pharmacists engaged in clinical services,
although one has to turn to Annex B, paragraph 7 onwards for a more
comprehensive account of legally valid consent and the issues of capacity
or competence to give consent. The document states plainly that “health
care records are for health care” so all pharmacists should be
familiar with the definitions of health care services and the rather
wider term used in the Data Protection Act: “medical purposes”.
Definitions are followed by guidance on the nature of confidential
patient information. Although it has been commonly assumed that patients
expect
their information to be shared among health professionals, the code makes
it clear that this may not always be the case; efforts should be made
to inform patients of any disclosures wherever possible. Disclosure for
purposes other than health care (such as medical research, health service
management, financial audit) require the patient’s explicit consent
or a “robust public interest or legal justification”. The
rule of thumb is to assume nothing and
provide information to the patient on disclosure and sharing of their
information at the outset. The confidentiality model
The code proposes a model for providing a confidential service:
· Protect — look after patients’ information
· Inform — ensure that patients are aware of how their information
is used
· Provide choice — allow patients to decide whether their information
can be disclosed or used in particular ways, and supporting all these
· Improve — always look for better ways to protect, inform and
provide choice
The remaining sections of the code expand on these four principles.
Pharmacists should look to be involved in, and be aware of, confidentiality
procedures for all staff, contractors and volunteers to follow; Annex
A1 provides suggestions on improving privacy and physical security of
records such as not gossiping in the tea room, not discussing cases where
you can be overheard, shutting and locking record cabinets, wearing identity
passes, querying the presence of strangers and complying with security
procedures for documentary and electronic records. “No surprises” is
the watchword for effective provision of information. Pharmacists can
ensure that information leaflets on patient confidentiality have been
read and understood and that patients are happy with what will happen
to their information, and explain to them how they can have access to
their own health records and see what has been written about them (subject
to certain legal restrictions4). Annex A2 gives examples of phrases that
might be used, for example, “I will tell social services about
your dietary needs to help them arrange ‘meals on wheels’ for
you” to help patients who may know little about how the NHS and
related agencies such as social services, education and local government
actually work.
Providing choice to patients requires knowledge of those circumstances
where the patient actually does not have a choice. Most pharmacists will
be familiar with these as they are listed in the profession’s Code
of Ethics (Part 2C), but the closing paragraphs of the NHS code give
an overview of the interlinked requirements of common law requirements
of confidentiality and the statutory duties imposed by the Data Protection
Act 1998, the Human Rights Act 1998 plus the requirements of administrative
law upon public authorities such as NHS and primary care trusts. Annex
B and C of the NHS code provide further detail as outlined below. The
code recognises that best practice in the NHS will not be achieved overnight
but all staff, including pharmacists, should be seeking training and
support in areas where they are uncertain about correct procedures and
should be prepared to report possible breaches or risk of breaches to
the appropriate “Caldicott Guardian” or equivalent. Finally,
the code suggests some key questions that pharmacists might ask themselves
when reaching decisions about use and disclosure of patient information.
Teaching aids
Determination may be rewarded for those readers who reach Annexes B
and C. These contain decision trees to support disclosure for health
care
purposes, for medical purposes or for purposes that fall into neither
category. These could provide useful teaching aids for training on
confidentiality, as could the models in Annex C describing situations
that would fall into these three categories. For example:
· Disclosure to parents would normally be a health care purpose where
the key criterion relates to the “competence” of the child
and his or her capacity to consent to or reject treatment
· Disclosure to NHS managers may fall within a medical purpose but anonymised
data should always be preferred for management purposes wherever this
is practicable
· Disclosure of information for non-
statutory investigations, such as inquiring Members of Parliament, is
regarded as non-medical and the patient’s consent should always
be established
The code is directed at NHS staff, and the term “staff” is
used for convenience throughout, but there is no doubt that this code
will represent the duty of care expected of all health professionals
whether engaged in NHS or private health care activities. Pharmacists
should ensure they are familiar with the requirements and that they are
embedded in their own employment conditions and working practices as
well as those of support staff who help in pharmacy health care delivery.
References
1. Confidentiality: NHS Code of Practice. Available as a PDF file
(135K). Accessed 12 March 2004. (NB: The Department of Health website,
formerly
at www.doh.gov.uk has undergone a redesign and some of the references
in the NHS Code of Confidentiality do not now take the reader directly
to the linked document, but to the new “dh” home page, www.dh.gov.uk
. Readers are advised to use the search engine on the home page to locate
the full suite of documents at any particular time.)
2. The Protection and Use of Patient Information. HSG(96)18/LASSL(96)5
. NHS Executive 1996
3. Consultation document. Part 1: the role and responsibilities of Caldicott
Guardians. Part 2: access controls for the NHS strategic tracing service.
NHS Executive 1998
4. The Data Protection (Subject Access Modification)(Health) Order 2000
SI No. 413
Further reading
· Wingfield J. The Data Protection Act 1998. The Pharmaceutical Journal
2000;265:131.
· Wingfield J, Foster C. Consent and confidentiality — legal
implications of electronic transmission of prescriptions The Pharmaceutical
Journal
2002;269:329–31 (PDF
65K)
· Wingfield J. Consent and decision making
for patients who lack capacity: what should pharmacists know? The Pharmaceutical
Journal 2003;271:463 (PDF 110K) |
The
Pharmaceutical Journal