Confidentiality: your obligations

As a dental professional you have a professional, legal and contractual responsibility to protect your patients' confidentiality.

The fact that someone is your patient is confidential. Your duty to respect confidentiality continues after a patient's death.

Your duty of confidentiality

In its guidance 'Standards for the dental team', the GDC states that all dental professionals 'must protect the confidentiality of patients' information and only use it for the purpose for which it was given'. Breaching confidentiality could result in a finding of impaired fitness to practise and removal from the relevant GDC register.

All patients have a right to confidentiality. If a patient alleges a breach of confidentiality, they may be able to claim damages in a civil court.

Health records and data protection law

Health records are defined as any record which consists of information relating to the physical or mental health or condition of an individual, made by or on behalf of a dental professional in connection with the care of that individual.

Whether electronic or manual, they comprise data which are covered by data protection law, which regulates the collection, processing and disclosure of personal data, and intends to protect against its misuse.

  • Personal data is defined as data relating to an individual who can be identified from that data, or from a combination of that data and other information in the possession of a data controller.
  • A data controller is the person who determines the purposes for which, and the manner in which, personal data is processed.
  • Data protection legislation recognises an individual's rights to know what information is being processed about them and restrict its disclosure.
  • A breach can result in civil or criminal proceedings.

Access to Medical Reports Act 1988

This legislation also applies to reports about dental patients. It allows patients to see reports written about them, for employment or insurance purposes, by a registered dentist whom they usually see in a 'normal' dentist/patient capacity. The patient can ask you not to send a report.

Access to Health Records Act 1990

This Act states that, where a patient has died, an application for access to a health record, or to any part of a health record, may be made to the record holder by the patient's personal representative and anyone who may have a claim arising out of the patient's death.

DDU advice

Make sure everyone in the practice team is aware of their responsibilities to protect patients' confidentiality.

The GDC states that 'you must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times'.

You may want to consider the following checklist:

  • Do members of your dental team have an appropriate clause in their employment contract stating their obligation to respect and actively protect patient confidentiality?
  • Have you considered outlining in your practice literature the patients' right to confidentiality and the practice's duty to protect it?
  • Does your practice induction programme include the importance of patient confidentiality? Is ongoing training provided?

If a member of the dental team breaches the confidentiality of an NHS patient, they may be disciplined by the primary care organisation (PCO) or hospital trust.

Keep any information relating to a patient secure:

  • Store written records in locked cabinets.
  • Computer screens with patient information should not be visible to anyone other than authorised personnel.

Reception areas and surgeries should be planned in such a way that conversations about confidential matters cannot be overheard by a third party. This applies to telephone calls as well as face-to-face conversations.

Take care also on social media. The GDC's guidance says, 'You must not post any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice you must be careful that the patient or patients cannot be identified'.

This guidance was correct at publication 22/05/2018. It is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.

You may also be interested in

Case study

A witness to fact

A dentist received a request from the police to provide them with a report on a teenage girl’s dental condition. The member had seen the girl as an emergency appointment at the practice a few weeks earlier, after she had reportedly been involved in a fight after school.

Read more

Seeking patient consent to disclose records

Seeking patient consent to disclose any information about them is part of your legal and professional duty of confidentiality, and is key to your relationship of trust with your patient.

Read more

The golden rules of social media

Dental professionals need to understand the risks posed by social media.

Read more


Login to comment

Be the first to comment