You are here: Home Services & Applications Information Governance (IG) Caldicott Guardians Resources for Caldicott Guardians Queries
Services & Applications
 

Queries

This section of the website aims to detail, in anonymised form, issues raised by the wider Caldicott community and discussed by the UK Council of Caldicott Guardians. The responses expressed on this page do not constitute legal advice; they are the considered opinion of the Council. If you require legal advice you should consult your organisation's legal advisors.

The Council welcome any queries that promote similar discussion, so please see this as your opportunity to raise issues, obtain a response and assist the Council to build up a body of frequently asked questions and answers and develop expertise across the Caldicott community. Please forward queries for the Council to the Secretariat.

A. Disclosure for crime and disorder purposes

1. Police request for medical background report

2. Disclosure of psychiatric opinion for prosecution decision

3. Disclosure to the police after theft

4. Ad hoc disclosures to the police

B. Disclosure of deceased patient records

1. Access to deceased patient records for identification of donors

2. Access to deceased patient records

C. Information sharing

1. Samaritans, communications and their client information

1. Police request for medical background report

A patient has been arrested and the police have asked a consultant for a 'background' report based on prior knowledge. The police will use this when preparing the papers for the Crown Prosecution Service. The consultant has not been asked to assess the patient and is not convinced that the patient would consent to the disclosure of information.

Question

Are there any ethical issues, other than the consent issue, that should be taken into account before the report is provided to the police?

The Council's response

The Council discussed the following main considerations to be taken into account before a report is provided to the police:

The type of information requested.

The seriousness of the alleged offence.

Whether disclosure would impact on the care of the patient or other users of a service.

Whether there would be a risk to any third parties if the information was not disclosed.

Whether further disclosure was likely, and if so, who else the information would be disclosed to.

The type of information requested

If the requested information is merely to confirm whether the patient is under the consultant's care and whether (in general) he is mentally capable, then it would be reasonable to disclose. If the request is for more than basic information and in the absence of consent or court order, the other considerations must be taken into account.

The seriousness of the alleged offence

Regarding the type of alleged offence, it is necessary to look at whether a public interest disclosure can be made. A serious crime is defined by the General Medical Council as "a crime that puts someone at risk of death or serious harm and would usually be crimes against the person, such as abuse of children" - GMC guidance "Confidentiality: Protecting and Providing Information paragraph 37.

Similarly the Department of Health, defines serious crime as "murder, manslaughter, rape, treason, kidnapping, child abuse or other cases where individuals have suffered serious harm... Serious harm to the security of the state or to public order and crimes that involve substantial financial gain or loss will also generally fall within this category." - DH: Confidentiality NHS Code of Practice page 35 figure 7.

These may not reflect the definition of serious crime used by the police, however if the police can satisfy the organisation that this is a serious crime by the GMC / DH definitions the information can be provided. If practicable the patient should be consulted unless there is a good reason not to, e.g. informing the patient could prejudice the investigation. If the patient is informed and declines to give consent, their views should be taken into account and weighed against the public interest.

Would disclosure impact on the care of the patient and other users?

In weighing up the public interest and the obligation of confidentiality, the Caldicott Guardian should consider whether disclosure would seriously affect the capacity to care for the patient. This might be particularly important if any of the information is obtained in an outreach setting, as it may make other users less likely to use the service.

Would third parties be at risk if the information was not disclosed?

As with other public interest considerations, if the public good that would be done by disclosing the information outweighs the obligation of confidentiality, the information should be disclosed.

Will the information be further disclosed?

The Caldicott Guardian should confirm how widely the information will be shared and ensure that it is used only for the purpose and to the extent that it is justified as a public interest disclosure. In any case it should only be disclosed to those who need to know.

It is important to stress that it is the responsibility of the police and CPS to decide whether to proceed with the prosecution of the patient. They will still have to make this decision whether or not the disclosure is made. Unless a court order is produced the organisation cannot be compelled to provide this information.

2. Disclosure of psychiatric opinion for prosecution decision

A mental health trust Security Specialist has been working with the Crown Prosecution Service (CPS) to bring prosecutions against patients who have assaulted NHS staff.

Whenever prosecution is being considered, the psychiatric consultant involved in the patient's care is asked to complete a form, which gives extensive details of the patient's medical history and indicates whether in the consultant's view the patient understood what they were doing and were responsible for their actions. The form is then forwarded to the CPS who make a decision to prosecute or not on the basis of the psychiatrist's opinion.

The Security Specialist has informed the consultants that under the National Health Service Act 2006, doctors have a duty to disclose the information required in the CPS form as it would assist in the prosecution of a serious crime, and that failure to do so leaves the consultant liable to prosecution.

Most patients refuse to give consent to the disclosure and it is feared that disclosing without consent would appear to be contrary to General Medical Council: Good Medical Practice and the Royal College of Psychiatrists: Good Psychiatric Practice - Confidentiality. Defence organisations have been contacted but conflicting advice has been received.

Questions

Is it reasonable to ask psychiatrists for a report and opinion of this kind or should it be decided by the courts?

Is it against the Royal College and GMC guidance to disclose if the patient refuses consent in these cases?

Could the consultant be prosecuted under the National Health Service Act 2006?

The Council's response

The Council agreed that all cases of violence against staff should be automatically referred for prosecution.

Is it reasonable to ask psychiatrists for a report and opinion of this kind?

The use of a report in these circumstances can be distinguished from the previous Caldicott issue, as in this case information was required regarding whether the individual should be prosecuted; the report in the previous Caldicott issue did not require this type of information.

The Council considered it to be inappropriate for a consultant to provide a decision on prosecution to the CPS. If the incident took place and it was that person who did it, the CPS must decide whether to prosecute. It is not the responsibility of the consultant to say whether or not a prosecution should take place.

However, if the person is subsequently found guilty a psychiatric report can be requested to use in the sentencing.

Is it against the Royal College and GMC guidance to disclose if the patient refuses consent?

Although the Council decided that disclosure in the circumstances set out was inappropriate, they discussed the issue of patient dissent as the question had been asked. They noted that for most purposes disclosure of confidential information required patient consent. However, there were circumstances under which a patient's refusal to give consent could be overridden, for example, if failure to disclose would put the patient or a third party at risk of death or serious harm, i.e. the public interest disclosures as discussed above.

Could the consultant be prosecuted under the National Health Service Act 2006?

Sections 195 - 198 of the Act require the disclosure of documents under the control of an NHS organisation to counter fraud and to protect and improve security for NHS staff, contractors, patients, visitors and property. The Act does not appear to require the creation of new documents. However, advice should be sought from the organisation's legal advisors regarding the application of the Act. The Council felt that it was highly improbable that the Act could be used against a consultant for failure to make and record a decision on whether a patient should be prosecuted.

The two Caldicott issues described above highlight the need to consider such situations on a case by case basis. This position reflects the advice in the guidance documents and in the Confidentiality NHS Code of Practice. Caldicott Guardians should ensure that they are consulted if a request for a report on a patient or service user is made from an external agency so that an appropriate decision can be made.

3. Disclosure to the police after theft

A single prescription was stolen from a GP surgery and was presented to a local chemist with a forgery of the GPs signature and a request for Kapake and Diazepam. The GP knows which patient took the prescription but has told the police that he/she is unable to disclose the patient's name.

Questions

Was the GP within his/her rights to withhold the information?

If not, what information can be disclosed to the police under these circumstances?

Council response

The following issues were considered:

Is informing the police of the patient's name an issue of doctor/patient confidentiality?

Is it a serious offence?

Would disclosure impact on the services provided?

Is informing the police of the patient's name an issue of doctor/patient confidentiality?

If the information that allowed identification of the patient was obtained in the course of a consultation or treatment or in the course of arranging care (including making appointments or registering), this is confidential patient information. However, if the doctor saw somebody known to them committing an offence then it could be reported even if the individual is only known to them because they are a patient and even if the offence were committed on NHS premises.

Is it a serious offence?

If the information is confidential the doctor must decide whether the offence qualifies as a "serious offence". A serious crime is defined by the General Medical Council as "a crime that puts someone at risk of death or serious harm and would usually be crimes against the person, such as abuse of children" - GMC guidance "Confidentiality: Protecting and Providing Information paragraph 37.

The Department of Health, defines serious crime as "murder, manslaughter, rape, treason, kidnapping, child abuse or other cases where individuals have suffered serious harm... Serious harm to the security of the state or to public order and crimes that involve substantial financial gain or loss will also generally fall within this category." - DH: Confidentiality NHS Code of Practice page 35 figure 7.

If the individual had stolen a small quantity of drugs for their own use then the offence does not qualify as a serious offence. However if it is part of a drug dealing ring, the offence would be likely to qualify as it may cause "serious harm to public order…or involve substantial financial gain". Therefore, the police can be informed of the individual's name.

Would disclosure impact on the services provided?

If a decision is made to report the individual, either because the information is not confidential or because a serious offence has been committed, the doctor should consider whether the service in which this occurred would be unduly affected.

If the doctor decides to disclose the individual's name to the police it will affect the doctor's relationship with that particular patient and in some outreach services other users may be less likely to use the service.

Ultimately the doctor may have no choice but to inform the police regardless of the possible impact on the service as disclosure will primarily depend on the gravity of the incident.

In this case, it was felt that given the small quantity stolen the doctor had a right to withhold the information. If information was to be provided to the police, no more than name and address of the individual should be necessary.

4. Ad hoc disclosures to the police

Background

This is an issue raised by one of the NHS Information Governance networks in England. It is generally accepted that, even without an information sharing agreement, sharing with the police is acceptable in the pursuant of a crime i.e. gun shot wounds, drug abuse etc.

Issue

Some trusts are having difficulty with Police forces who expect departments / wards to give information in respect of other situations without the patients consent.

Questions

How should such requests be handled?

Can the Council provide a formal response for circulation?

The Council's response

The Council discussed several main considerations; including the way frontline staff may be approached by some police officers, and the fact that operational staff members often do not refer such approaches to the Caldicott Guardian, (or on-call manager). Again there was a need to publicise the role of the Caldicott Guardian and provide a simple operational procedure for frontline staff. In the meantime the decision to disclose or not, must be made by the Caldicott Guardian in accordance with the guidance in the Confidentiality NHS Code of Practice. Model B3 of Confidentiality Decisions regarding disclosures to the police at page 43 states:

"Whilst the police have no general right of access to health records there are a number of statutes which require disclosure to them and some that permit disclosure. These have the effect of making disclosure a legitimate function in the circumstances they cover.

In the absence of a requirement to disclose there must be either explicit patient consent or a robust public interest justification. What is or isn't in the public interest is ultimately decided by the Courts.

Where disclosure is justified it should be limited to the minimum necessary to meet the need and patients should be informed of the disclosure unless it would defeat the purpose of the investigation, allow a potential criminal to escape or put staff or others at risk."

B. Disclosure of deceased patient records

1. Access to deceased patient records for identification of donors

Background

The medical records of all patients who die in the hospital are reviewed by an appointed specialist coordinator to assess whether the patient would be a suitable donor of eye tissue. The coordinator will have played no part in the healthcare of the patient prior to death. No information is collected if there are obvious contraindications to tissue donation, but if the deceased is consider to be a suitable donor, then their personal details are recorded and the bereaved relatives/next of kin approached to obtain consent to remove it.

The coordinator says her reason for doing it this way is to ensure bereaved relatives/next of kin are only approached where facilitation of that donation is a real possibility as opposed to offering it to all relatives/next of kin and then finding out the deceased is not a suitable donor and then having to explain the exact medical or behavioural reasons why it cannot be done causing additional distress and a possible breach of confidentiality. Apparently the identification of possible donors is a specialist skill that a doctor could not determine and refer on to the coordinator. It is estimated that only 10% of those who die are suitable donors and of those about 1 in 3 proceed to donation with agreement from the family.

Issues

There is a concern that patient information is being accessed without consent, for the long term benefit of another patient and for something which the deceased patient might have had an objection to had they been asked (there are greater sensitivities around eye tissue donation than other organs).

A member of the Trust's research ethics committee says that a doctor would not be permitted to access medical notes without consent to identify suitable candidates for a research project. It is felt the current situation is analogous to this and similarly overrides the right of individuals to refuse consent.

There is also concern that the coordinator is relying on an incorrect interpretation of the Human Tissue Act Code of Practice.

The Trust is undecided and can see both points of view, but tends to favour the sensitive approach to bereaved relatives.

Question

Is it appropriate for the Trust to permit access to deceased patient records for this purpose?

The Council's response

Accessing the information

The Council considered this to be an appropriate sharing of information. They felt that generally people would not be offended by the fact that the coordinator has looked in the notes to check whether their late relative is likely to be a suitable donor.

If consent is obtained first, it might needlessly lead to upset at being asked for permission or to a belief that organs can be donated. Further distress would result in either situation if a subsequent review of the notes revealed that donation is not possible. By using the method outlined in the query the coordinator is in fact reducing the number of approaches to bereaved relatives.

The research analogy

It was felt that the analogy with research projects was incorrect because of the particular sensitivity required in approaching the newly bereaved. Generally with research projects there will be some way of requesting permission to review the notes without causing distress.

The Human Tissue Act Code of Practice

The Council considered an extract from the Code of Practice: Donation of organs, tissue and cells for transplantation published by the Human Tissue Authority. The Code states at paragraph 70 that:

"In cases of potential deceased donation, the transplant coordinator or delegated person should be approached at an early stage and asked to determine whether the deceased person had indicated a wish to donate their organs and/or tissue after death, carried a signed organ donor card or had registered on the Organ Donor Register. This should be done before the relatives are approached."

Overall the Council could not see any difficulty with the coordinator accessing the notes in accordance with the Code of Practice, as there was a public interest justification for access. However, there must be recognition of the fact that the information is confidential and the coordinator must be properly trained to respect this, and be contractually bound to do so. There is also the wider issue of ensuring that multiple approaches about donation are not made to bereaved relatives.

Extract from: UK Transplant: United Kingdom Hospital Policy for Organ and Tissue Donation, page 4: paragraph 6 Donor assurances

The donor transplant coordinator/tissue co-ordinator will undertake a risk assessment on all potential donors to minimise the transmission of infections and disease. In order to assess the risk of transmission of certain infections, it is important to obtain as much information as possible about the potential donors (Department of Health's Advisory Committee on the Microbiological Safety of Blood and Tissues for Transplantation: Guidance on the Microbiological Safety of Human Organs, Tissues and Cells used in Transplantation 2000).

This will involve reviewing the potential donor case notes, interviewing the next of kin/significant other, examining the potential donor and contacting the general practitioner. It is the donor transplant coordinator/tissue co-ordinator's responsibility after undertaking a thorough assessment of the potential donor to discuss all relevant information with the transplant surgeons/relevant tissue banks. The decision on donor suitability is the responsibility of the transplant surgeon/relevant tissue banks. (British Transplantation Society, United Kingdom Transplant Co-ordinators' Association and United Kingdom Transplant Support Services Authority: Cadaveric Donor Assurances and Damage Reporting 1998)

Page 5: paragraph 7 Donor family

7.1 The donor transplant coordinator/tissue coordinator should be contacted to establish suitability for donation before approaching the family.

2. Access to deceased patient records

Background

This is an issue raised by one of the NHS Information Governance networks in England. The Access to Health Records Act 1990 appears to provide clear guidance to the NHS regarding disclosure of patient records after death.

Issue

However, some Trusts are disclosing all information and some are being stricter with the interpretation, causing difficulties when adjoining Trusts have differing stances. In one area this has resulted in a formal complaint.

Questions

Can the Council publish a definitive view to encourage all Trusts to act in unified way?

The Council's response

Requests for information were commonly received in both health and social care, many of which are from solicitors. In accordance with the Access to Health Records Act, there was a need to ensure that:

The person requesting access has a legitimate claim arising out of the death.

Any known wishes of the deceased are complied with.

Third party information is not supplied without consent.

The amount of information provided is relevant to the claim arising out of the death.

Extracts from the Act are provided below.

This guidance was also available in the Confidentiality NHS Code of Practice. Annex B of the Confidentiality Decisions on page 29 states:

"When an individual has died, it is unlikely that information relating to that individual remains legally confidential. However, an ethical obligation to the relatives of the deceased exists and health records of the deceased are public records and governed by the provisions of the Public Records Act 1958. This permits the use and disclosure of the information within them in only limited circumstances. The Access to Health Records Act 1990 permits access to the records of deceased by those with a claim arising out of the individual concerned's death. This right of access is negated however if the individual concerned requested that a note denying access be included within the record prior to death (this might be part of a formal advance directive)."

The Council also considered the issue of retention of records, relevant because some organisations can justify retaining particular records for longer than the minimum periods set out in the Records Management: NHS Code of Practice. This means that records available in one trust may have already been destroyed by another, which in a few cases may mean that trusts are unable to act in "a unified way".

Ultimately, the Council believed that the requirements of the Act and the Confidentiality NHS Code of Practice set out the procedure to be followed; however there might still be scope for difficult cases to be decided on their own merits.

Extracts from the Access to Health Records Act 1990

Section 3 Right of access to health records

(1) An application for access to a health record, or to any part of a health record, may be made to the holder of the record:

(f) where the patient has died, (by) the patient's personal representative and any person who may have a claim arising out of the patient's death.

Section 4 Cases where right of access may be wholly excluded

(3) Where an application is made under subsection (1)(f), access shall not be given … if the record includes a note, made at the patient's request, that he did not wish access to be given on such an application.

Section 5 Cases where right of access may be partially excluded

(1) Access shall not be given … to any part of a health record

(a) which, in the opinion of the holder of the record, would disclose:

(i) information likely to cause serious harm to the physical or mental health of any other individual; or

(ii) information relating to or provided by an individual, other than the patient, who could be identified from that information.

(3) Where an application is made under subsection (1)(f), access shall not be given … to any part of the record which, in the opinion of the holder of the record, would disclose:

(a) information provided by the patient in the expectation that it would not be disclosed to the applicant; or

(b) information obtained as a result of any examination or investigation to which the patient consented in the expectation that the information would not be so disclosed.

(4) Where an application is made under subsection (1)(f), access shall not be given … to any part of the record which, in the opinion of the holder of the record, would disclose information which is not relevant to any claim which may arise out of the patient's death.

Samaritans, communications and their client information

A council member received a query from a public health Caldicott Guardian pointing out that Samaritans has extended their traditional role of helping people with suicidal thoughts and ideations by providing outreach work in schools, prisons, and more recently GP surgeries.

A partnership has been formed between the county mental health organisation and Samaritans and the latter have been piloting work where GPs have been directly referring patients to Samaritans' helpline.

Although the results have been encouraging, Samaritans are not willing to share information with other agencies, which has raised concerns with the referring GPs. These concerns have been summarised by the following questions:

  • As recipients of GP referrals, are Samaritans subcontractors of the NHS?
  • If they are, do they need to take more serious note of the Data Protection Act, information sharing etc?
  • Should they have a data guardian or Caldicott Guardian?

A holding reply, pending discussion by the Council pointed out that all patient-identifiable information must be treated with the same respect by any agency handling it. It was also indicated that Samaritans' position over not sharing information is not unprecedented in that psychiatric and sexual health (GUM) clinical information is not available in or to the acute sector, and that Samaritans presumably have their reasons for this. The Council member did not think that Samaritans needed a Caldicott Guardian, as they were not a part of the NHS or Social Services.

The Council's response

The issue promoted a wide ranging discussion at the Council meeting, where it was apparent that this was the tip of an iceberg, with other voluntary organisations being in a similar position.

It was noted that under the Data Protection Act and the common law duty of confidence, Samaritans could share information; however they were under no obligation to do so. It was felt that Samaritans have a consistent and firm line on confidentiality and data sharing that is generally maintained and that they were entitled to operate within this stricter data-sharing framework, due to their nature as an out-reach service to vulnerable groups. Those groups may desist from using the service if they thought their information would be shared. There were also issues of fair processing and consent to consider, i.e. when referred to Samaritans, is the client informed how their information will be handled? Are clients given the opportunity to object to information sharing?

Caution was expressed in imposing a big-brother approach by the NHS, as there has been little or no formal approach to Samaritans to find out what policies they use with their volunteers, what records, if any they maintain, and whether the data subjects would approve of any data sharing. It was, however felt by some that a mechanism for feedback to the referring GP may be needed although as a voluntary organisation, Samaritans should not be pressured into this.

As their discussions raised so many related queries, the Council decided that national engagement between themselves, Samaritans and similar groups to explore the issues more fully would be highly beneficial.