The very fact that someone is your patient is confidential.
Confidentiality is fundamental to your relationship with your patients.

Your duty of confidentiality

In its guidance 'Standards for the dental team', the GDC states that all dental professionals must protect the confidentiality of patients' information and only use it for the purpose for which it was given.

Breaching confidentiality could result in the GDC investigating your fitness to practise.
All patients have a right to confidentiality. If a patient alleges a breach of confidentiality, they may be able to claim damages in a civil court.

Health records and data protection law

Health records consist of information relating to the physical or mental health or condition of an individual, made by or on behalf of a dental professional in connection with the care of that individual.

Whether digital or manual, they comprise data which are covered by data protection law, which regulates the collection, processing and disclosure of personal data, and intends to protect against its misuse.

Personal data is defined as data relating to an individual who can be identified from that data, or from a combination of that data and other information in the possession of a data controller.
A data controller is the person who determines why and how personal data is processed.
Data protection legislation recognises an individual's rights to know what information is being processed about them and restrict its disclosure.
A breach can result in civil or criminal proceedings.
Your duty to respect confidentiality continues after a patient's death.

Access to Medical Reports Act 1988

This legislation also applies to reports about dental patients. It allows patients to see reports written about them, for employment or insurance purposes, by a registered dentist who they usually see in a 'normal' dentist/patient capacity. The patient can ask you not to send a report.

Access to Health Records Act 1990

This Act states that where a patient has died, an application for access to a health record, or to any part of it, can be made to the record holder by the patient's personal representative and anyone who might have a claim arising out of the patient's death.

DDU advice

Make sure everyone in the practice team is aware of their responsibilities to protect patients' confidentiality.

The GDC states that "you must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times".

Confidential records must only be accessed when necessary and access must be proportionate. Think about restricting access to the members of the team who need to know that specific information. Remember, you may be committing a criminal offence if you disclose confidential personal information inappropriately.

You must only release a patient's information without their permission in exceptional circumstances.

You may want to consider the following checklist.

Do members of your dental team have an appropriate clause in their employment contract stating their obligation to respect and actively protect patient confidentiality?
Have you considered outlining in your practice literature the patients' right to confidentiality and the practice's duty to protect it?
Does your practice induction programme include the importance of patient confidentiality, and is ongoing training provided?

If a member of the dental team breaches the confidentiality of an NHS patient, they might be disciplined by the primary care organisation (PCO) or hospital trust.

Keep any information relating to patients secure:

store written records in locked cabinets
computer screens with patient information should not be visible to anyone other than authorised personnel.

Reception areas and surgeries should be planned in such a way that conversations about confidential matters cannot be overheard by a third party. This applies to telephone calls as well as face-to-face conversations.

Social media

Take care also on social media. You should not post any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice, you must be careful patients cannot be identified.

If a patient has consented to you using details, including photos of them for advertising, make sure you have the appropriate consent from the patient to allow you to do this.

For more information, read our guide to using social media.

Confidentiality: your obligations

Related articles

Membership in your pocket