The NHS Practitioner Health Programme (PHP)

The NHS Practitioner Health Programme (PHP)

Patient Confidentiality Policy

Commitment to confidentiality for practitioner patients using the PHP service.

1.  Doctors and dentists should be assured that PHP is a confidential service. This means that PHP will not disclose information to any third party without the consent of the patient, unless required by legal obligation. Medical and dental practitioners will not be subject to a more or less stringent interpretation of the law than the general population.

2.  This document sets out the commitments of the NHS Practitioner Health Programme to confidentiality and the necessary limits of confidentiality. More information is provided in the Memorandum of Understanding with the General Medical Council and the General Dental Council which are available on the PHP website, www.php.nhs.uk

Security of patient records

3.  All information (paper-based and electronic) about a PHP patient will be kept in the PHP secure clinical system and secured electronic folders. These will be accessed only by authorised staff. All paper records will be scanned into a secure electronic record and the paper version securely destroyed.

4.  Records will not be available through any record sharing arrangements such as the NHS spine.

5.  Backup data for disaster recovery purposes will be securely held and the data will be encrypted.

6.  Information will be shared between PHP and external PHP preferred providers (also known as PHP Associates) only through secure systems.

7.  Where patients have requested information be shared with a third party (such as solicitors, GMC or employer) this information will be shared through secure systems unless the patient waives this requirement.

Providing identifying information

8.  Where an individual contacts the service to seek information or advice, this will be provided regardless of whether they provide identifying information about themselves or the patient about whom they call.

9.  PHP will neither confirm nor deny to referrers whether a referred practitioner has taken up treatment without the specific consent of the patient.

10.  Where a patient needs to be seen by PHP or a PHP Associate for assessment or treatment, identifying information must be provided.

Contact with employers

11.  The PHP will seek consent from the patient on whether they wish PHP to make contact with their employer/contracting organisation to gather relevant information, or where liaison with local health services is required.

12.  There will be no requirement on the patient to disclose to their employer (or a perspective employer) that they have attended PHP unless they have been referred by the employer. In that case, PHP will seek consent to disclose relevant information.

Contact with GP’s and other healthcare professionals

13.  The PHP will request consent to liaise with other treating clinicians, including the patients registered GP.

14.  A patient’s GP or other relevant healthcare professionals will only be advised of their treatment with PHP if the patient specifically consents to this. Exemptions to this would be on the basis of serious concerns over the patient’s health regarding their own safety of the safety of their patients or the public.

PHP activity reporting

15.  PHP will be required to provide commissioners with high level, anonymised information about patterns of activity, types of cases seen, onward referral and outcomes. No information that may be attributable to named individuals will be included in any activity reporting or evaluation.

Exemptions to the duty of confidentiality

16.  PHP asks for all patients to provide an “In Case of Emergency” (ICE) contact. PHP will contact an ICE only when there is a serious concern over the safety or well-being of a patient and attempts to contact the patient have failed.

17.  There are exemptions to the duty of confidentiality that may require the use or disclosure of confidential information. PHP has seen that such exemptions are very rare and should not undermine the trust that the patient can place in the service. Potential exemptions to the duty of confidentiality are detailed below.

Public interest

18.  Rarely, disclosure in the public interest may be required. This will be in those circumstances where the patient’s health raises serious concerns about their own safety, the safety of their patients or the public. This will normally be limited to those cases where they are not complying with assessment, treatment or monitoring, or heeding advice to remain on sick leave.

19.  In these cases PHP will seek consent from the patient but where consent cannot be achieved and the public interest is paramount, disclosure may be made without consent. In such cases the patient will be informed that disclosure has occurred and the reasons for doing so. Disclosure will be kept to the minimum required for the purpose and passed on only on a “need to know” basis.

Other requirements for disclosure

20.  Other circumstances where disclosure may be required include cases where

a.  There is a legal requirement to disclose

b.  A formal referral has been made to the PHP by an employer or contracting organisation or the regulatory body

c.  Where the regulator requires reports from the PHP about a patient’s health.

21.  Again, the patient’s consent will be sought and disclosure kept to a minimum to satisfy the requirements.

22.  Where a patient has given consent to share information with third parties, PHP reserves the right to discuss this with the patient and in exceptional circumstances to over-rule this.