Confidentiality Policy & Procedures
Dental practice team members have a legal, professional and ethical duty to keep personal and sensitive information about patients confidential at all times.
Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) dental practices have a duty to keep personal data about their patients safe and secure and to ensure it is only accessed by persons who need to see it for the purposes of providing safe, effective care.
Professional and ethical duty
The General Dental Council (GDC) places a duty of confidentiality on registered dental professionals with a requirement that all patient information is always kept confidential.
At Spire Dental Practice, we maintain a strict policy in respect of patient confidentiality. All team members understand the importance of strict patient confidentiality and ensure this is maintained at all times; compliance with this policy is a condition of employment for all team members.
Our Confidentiality Policy is based on the requirements laid down in the GDC’s standards guidance ‘Standards for the Dental Team’ and we require all dental professionals to ensure they are familiar with and comply with these requirements. We also require all non-registered team members to follow this guidance and to ensure they maintain patient confidentiality at all times.
All team members at Spire Dental Practice understand that the duty of confidentiality applies to all information about patients, including but not limited to, personal details, medical history, what treatment the patient has had or is having and how much it costs. Team members understand that patients’ information must only be used for the purpose for which it was given.
Our policy is to ensure that team members never talk about patients or their treatment in places where they can be overheard by people who should not have access to the information being discussed. Any team member who is found to have done so will face disciplinary action.
We will not disclose any information about our patients to third parties without the consent of the patient except in certain specific circumstances described in our confidentiality procedures.
This Policy was implemented on 15/01/2022.
This policy and relevant procedures will be reviewed annually and are due for review on: 15/01/2023 or prior to this date in accordance with new guidance or legislative changes.
At Spire Dental Practice we are aware that our duty to keep all patient information confidential extends to all interactions we have with our patients and to all areas in which confidentiality could be compromised. We therefore have strict procedures in place that all team members are required to comply with at all times.
We take great care to ensure that patients are not placed in a position in which they are disclosing personal information in earshot of others who should not be able to overhear the conversation.
When recording personal details such as address, phone number etc we keep them secure and in a location that prevents other individuals from reading them.
When gathering information details of names, addresses, telephone numbers, attendances or financial record, treatment histories or plans, medical history or information about other family members should not be divulged.
When sending confidential information, we use a secure method such as recorded post. All data processed at this practice must remain confidential even if your employment has been terminated (it is an offence under the Data Protection Act 1998 to disclose such information).
Arrangements for collecting data during the COVID-19 pandemic
During the COVID-19 pandemic, Spire Dental Practice will change the way we gather patient information to manage infection risks and better protect staff and patients.
At Spire Dental Practice, patients will be emailed copies of their medical history forms and consent to treatment information via email prior to their visit to the practice. When sending information by email, we will ensure we have verified the email of the patient prior to sending confidential information and where possible encrypted email addresses will be used.
Disclosing personal information about patients
We take great care to ensure that we only disclose personal information about a patient when we have consent to do so. To help us achieve this we ensure that:
- We do not leave messages with a 3rd party confirming or cancelling appointments, unless we have consent to do so.
- When leaving messages on patients’ answerphones we ask only that a patient calls us back.
- We do not leave any details, including that the patient has an appointment with us unless we have the patient’s consent.
- We do not share information with anyone about the fact that a patient:
- Has an appointment.
- The date or timing of an appointment.
- The type of treatment.
- The fees due for treatment.
- In the event that a patient consents to us sharing information about their appointment with another named individual we ensure that we only share information we have consent to share.
- If a patient requires laboratory work as part of their treatment we prevent other patients being able to view it by storing in designated boxes in the staff room cupboard whilst we are waiting for it to be collected by the relevant laboratories. We ensure that all personal information about patients is stored securely and cannot be accessed by anyone without authority to see it.
- We aim to ensure patients cannot see a list of other patients who have appointments on any given day. To achieve this, we ensure that daylists are not left lying around and are confidentially shredded at the end of the day and we aim to ensure that patients cannot accidentally see a daylist on the computer screen.
Circumstances in which we may disclose information to third parties
There are certain restricted circumstances in which a clinician may decide to disclose information to a third party or may be required to disclose by law.
Responsibility for disclosure rests with the patient’s clinician and under no circumstances can any other team member make a decision to disclose information.
In any circumstance where a clinician decides to release confidential information, they should be prepared to explain and justify their decision and any action they take.
Any GDC registrant who is unsure of whether they should or should not release confidential information about a patient should obtain advice from their defence organisation.
When disclosure can be made
There are circumstances when personal information can be disclosed:
- Where the patient has given consent to the disclosure. Please see above for detailed guidance on this. Note -Patients must be given the opportunity to withhold permission and they must be given the opportunity to withdraw permission previously given.
- Where disclosure is necessary for the purpose of enabling someone else to provide health care to the patient and the patient has consented to this sharing of information
- Where the wider public interest outweighs the rights of the patient to confidentiality. This might include cases where disclosure would prevent a serious future risk to the public or assist in the prevention or prosecution of serious crime.
Where disclosure is required by statute or is ordered by a court of law, we would only release the minimum information needed to follow the order.
Changes to disclosure rules during the COVID-19 pandemic
Due to the unprecedented challenge posed by the COVID-19 pandemic, the rules on sharing patients’ information have been relaxed to allow healthcare organisations to fight the virus effectively.
Dental practices can now process and share confidential patient information with other healthcare organisations and external bodies engaged in protecting public health and monitoring and managing the COVID-19 outbreak and incidents of exposure.
Confidential storage of patients’ personal information
Our electronic patient records are password protected with restricted access. Records are backed up daily with backups stored off the premises. All team members have their own password, and this is never given to anyone else.
All Spire Dental Practice team members are bound by a confidentiality agreement as part of their conditions of engagement or terms of service. Any breach of confidentiality is viewed extremely seriously and is likely to result in disciplinary proceedings.