Confidentiality Policy

Purpose of Document

The purpose of this document is to ensure all staff members at the practice are aware of their legal duty to maintain confidentiality, to inform them of the processes in place to protect personal information, and to provide guidance on disclosure obligations.

Introduction

Everyone working for the practice or elsewhere within the business is under a legally obligated to keep patients’ personal information confidential. Patients who believe their confidence has been breached may make a complaint to the practice, and they could take legal action or report it to the ICO. In the case of a registered dental professional, the patient could also make a complaint to the General Dental Council, which, in worst-case scenarios, may end in erasure from the GDC register.

This policy is concerned with protecting personal information about patients, although its content would apply equally to staff personal or business-sensitive information.

Personal information is data in any form (paper, electronic, tape, verbal, etc.) from which a living individual could be identified, including:

Name, age, address, and personal circumstances, as well as sensitive personal information like race, health, sexuality, etc.
Information regarding appointments
Information regarding medical histories
Information regarding finances, including any bad debts.

Although the Data Protection Act 2018 is only relevant to the personal information of living individuals, this code also covers information about deceased patients. This policy applies to all staff, including permanent, temporary, and locum staff members.

Confidentiality

Under the Data Protection Act 2018 and UK GDPR, dental practices must keep personal data about their patients safe and secure and ensure it is only accessed by persons who need to see it for the purposes of providing safe, effective care.

Registered dental professionals have an ethical and legal duty to keep all patient information confidential.

Dental practices are also required to ensure that they do not ‘advertise’ to other patients or the public that a particular person is a patient of the practice or that they have had appointments or have appointments due. This means that day lists, appointment cards that identify the patient and record cards must not be seen by other patients in the practice. It is also important that confidential telephone calls that name a particular patient are not held in earshot of other patients. Messages should not be left with a 3^rd party confirming or cancelling appointments.

Caldicott Principles

The Caldicott Principles are the guidelines for ensuring people's information is kept confidential and used or shared appropriately within a healthcare setting.

All NHS organisations must have an appointed Caldicott Guardian. This won't apply to most dental practices, although there should be someone within the practice who is responsible for ensuring patient information is kept confidential and shared appropriately when required.

The Caldicott Principles

Principle 1: Justify the purpose for using the confidential information.
Principle 2: Use confidential information only when it is necessary
Principle 3: Use the minimum necessary confidential information
Principle 4: Access to confidential information should be on a strict need-to-know basis
Principle 5: Everyone with access to confidential information should be aware of their responsibilities
Principle 6: Comply with the law
Principle 7: The duty to share information for individual care is as important as the duty to protect patient confidentiality
Principle 8: Inform patients and service users about how their confidential information is used.

Disclosing Patient Information

Personal information relating to a patient should only be shared with third parties where the patient has given consent or in exceptional circumstances (GDC Standards 4.3).

Examples of where information may be shared without consent include:

In safeguarding concerns, where it is not possible to gain consent, and a referral needs to be made to the local authority or to the police.
Where information has been ordered by a court or by a coroner, where a court order has requested information, only the minimum amount of information should be disclosed.

Before disclosing information to third parties where consent has not been obtained, you are advised to contact your indemnity provider.

The Importance of Confidentiality

The relationship between clinician and patient is based on the understanding that any information revealed by the patient to the clinician will not be divulged without the patient’s consent. Patients have the right to privacy, and it is vital that they give clinicians full information on their state of health to ensure that treatment is carried out safely and effectively. The intensely personal nature of health information means that many patients would be reluctant to provide the clinician with information if they felt the information would be passed on.

Care must be taken to ensure that confidentiality is never breached, even to the most minor degree, in the use of social media or websites (GDC Standards 4.2.3).

Recognise Your Obligations

A duty of confidence arises out of the common law duty of confidence, employment contracts and for registered dental professionals, it is part of their professional obligations. Breaches of confidence and inappropriate use of records or computer systems are serious matters that could result in disciplinary proceedings, dismissal ,and possibly legal prosecution.

So, make sure you do not:

Put personal information at risk of unauthorised access.
Knowingly misuse any personal information or allow others to do so.
Access records or information that you have no legitimate reason to look at. This includes records and information about your family, friends, neighbours and acquaintances.

GDC standards guidance

Dental care professionals have an ethical and legal duty to ensure they are familiar with and comply with the GDC’s standards and guidance. All practice team members must also follow this guidance and ensure patient confidentiality. Copies of this publication in full are available as PDF downloads from the GDC’s website at www.gdc-uk.org

4.2 You must protect the confidentiality of patients’ information and only use it for the purpose for which it was given.

4.2.1 Confidentiality is central to the relationship and trust between you and your patients. You must keep patient information confidential. This applies to all the information about patients that you have learnt in your professional role, including personal details, medical history, what treatment they are having and how much it costs.

4.2.2 You must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times.

4.2.3 You must not post any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice , you must be careful that the patient or patients cannot be identified.

Document Control

Title:	Confidentiality Policy
Author/s:	DCME Team

Owner:	DCME Team
Approver:	DCME Team
Date Original Approved:	25.3.23
Review Date:	July 2025
Next Review Date:	July 2026

Change History
Version	Status	Date	Author / Editor	Details of Change (Brief detailed summary of all updates/changes)
0.1	Final	25.3.23	PG	Complete re-write of policy, updated guidance.
0.2	Final	21.03.24	HD	Minor amendments. Addition of information regarding the Caldicott Principles and disclosing information to third parties.
0.3	Final	07.25	HD	Added information about a Caldicott Guardian and space to include their details if applicable.

The latest approved version of this document supersedes all other versions, upon receipt of the latest approved version all other versions should be destroyed, unless specifically stated that previous version(s) are to remain extant. If in any doubt, please contact the document Author.

Approved By:
Date Published: 18/07/2025

How to Find Us

How to Find Us

Contact