Confidential Patient Information is a legal term in use across the health and care system. It is defined in section 251(10) and (11) of the National Health Service Act 2006 (see below). (Section 251 has been updated to ensure that the definitions used expressly include local authority social care, that is care provided for, or arranged by, a local authority). Broadly it is information about either a living or deceased person that meets the following 3 requirements:
- identifiable or likely identifiable e.g. from other data likely to be in the possession of the data recipient; and
- given in circumstances where the individual is owed an obligation of confidence; and
- conveys some information about the physical or mental health or condition of an individual, a diagnosis of their condition; and/or their care or treatment.
The definition of "patient" specifically includes an individual who needs or receives local authority social care or whose need for such care is being assessed by a local authority. Confidential Patient Information cannot be defined by a specific data item (e.g. name or postcode) alone, as it needs to be considered more broadly to take account the nature of the information and the circumstances of the record, including the reasonable expectations of a patient.
Prior to making a disclosure or using data for a purpose beyond individual care an assessment must be made that considers whether the information concerned is Confidential Patient Information; what the lawful basis is for the disclosure or change of purpose; and, if lawful, whether the national data opt-out needs to be applied in line with this operational policy guidance document. This guidance aims to provide information that will support this assessment and provide some illustrative scenarios that set out some of the relevant factors to consider in making this assessment.
It is important to remember that any personal data which is identifiable but is not deemed to be Confidential Patient Information (for example because it does not tell you anything about the health or care or treatment of the individual) still needs to be processed lawfully, fairly and transparently in line with wider data protection legislation.
Broadly there are 2 types of patient identifiable data held in the NHS:
- patient registration data – this is personal data provided by the patient when they register for health services. (Patient registration data is classified as personal data under GDPR/Data Protection legislation.) Most often through a GP (for example through completing a GMS 1 form and/or through other local processes). Registration data comprises demographic data (for example name, address, NHS number etc) which uniquely identifies an individual but does not include any clinical or medical information. This enables the Secretary of State to maintain a list of patients in order to fulfil his statutory duty to provide general medical services to the resident population of England. This registration data is collected and held separately to records of health, care or treatment in various clinical or care records. Registration data are used for a range of administrative purposes within the health and care system for example to facilitate transfer of medical records, to manage GP lists, enable payment of GPs, fraud prevention and to secure and allocate resources. The separation from clinical care records can be illustrated by the fact that it is possible to be registered as a patient before any clinical record is created for example through the visa application processes for overseas visitors.
- clinical/care records – this includes demographic information that identifies an individual alongside a range of information about their physical or mental health, their condition(s) and diagnoses, assessment of an individual’s needs for social care services, records of care or treatment given that are gathered in from a range of health and care settings. Any identifiable information taken from your clinical/care records is always Confidential Patient Information. An individual may have a number of clinical/care records in a number of different settings for example dental records, GP records, hospital records. Registration data may be used to populate or update a clinical/care record.
The interactions of these two types of data are illustrated below:
Figure 2: Registration dataflows
It is important that there is a complete list of patients for the NHS and care services and it is not possible to opt-out from the central patient register held on PDS. There are strict controls in place for use and access to patient registration data as this remains personal data.
It should be noted that in some circumstances clinical systems may be used to provide updates to patient registration data, for example where a patient has provided an update to their address during a clinical interaction. Such processes are for efficiency and convenience and in the future it is anticipated that patients will be provided with other mechanisms to enable them to provide such updates more directly (for example via an NHS app). The fact that the patient has provided an update to their address via a clinical interaction does not mean that the information is owed a duty of confidence. The information provided must have the necessary ‘quality’ of confidence to be confidential, i.e. more than just a name and address. Separately there has to be a context (for example, confidential relationship, e.g. doctor/ patient) set by a patient's reasonable expectations that makes the information confidential. Most often such updates are provided to a receptionist.