1 Introduction
1.1 Policy statement
The purpose of this policy is to explain and enforce the obligations of confidentiality and non-disclosure among the employees of The Village Practice. This applies to information generated, held and processed by the organisation.
This policy is to be read in conjunction with the organisation’s Data Protection Policy which is available in Practice Index Hub and in conjunction with an individual’s contract of employment where this contains a confidentiality agreement.
Refer to:
a. Confidentiality and Non-Disclosure Agreement
b. Contract of Employment
1.2 Status
The organisation aims to design and implement policies and procedures that meet the diverse needs of our service and workforce, ensuring that none are placed at a disadvantage over others, in accordance with the Equality Act 2010.
Consideration has been given to the impact this policy might have in respect to the individual protected characteristics of those to whom it applies.
This document and any procedures contained within it are non-contractual and may be modified or withdrawn at any time. For the avoidance of doubt, it does not form part of a contract of employment.
1.3 Training and support
The organisation will provide guidance and support to help those to whom it applies to understand their rights and responsibilities under this policy. Additional support will be provided to managers and supervisors to enable them to deal more effectively with matters arising from this policy.
2 Scope
2.1 Who it applies to
This document applies to all employees of the organisation, partners and other individuals performing functions or processing data on behalf of the organisation, such as agency workers, locums and contractors.
Furthermore, if this policy is being used by a PCN, this also applies to clinicians who may be working under the Additional Roles Reimbursement Scheme (ARRS)[1] including, but not exclusively, clinical pharmacists, pharmacy technicians, physician associates, first contact physiotherapists and dieticians.
2.2 Why and how it applies to them
When carrying out the work of the organisation, employees will gain and have access to information classed as objective knowledge which relates to the affairs of the organisation. This may include information regarding partners, employees, patients, contractors, business associates, suppliers, market information, contractual arrangements, dealings, transactions, policies, procedures, decisions, technology and systems.
All employees must, from the beginning of their employment with the organisation and after the termination of their employment with the organisation, observe strict confidentiality and non-disclosure in respect of any information held by the organisation, except when required or authorised to disclose such information by the organisation or by law.
The reputation and continuing ability of the organisation to work effectively in the position of trust and responsibility it holds (which is also reflected in the trust and responsibility held by those persons engaged by the organisation to work on its behalf) rely on confidential information being held as confidential. It must not be improperly disclosed and must be used only for the purpose for which such information was gathered.
Any breach of confidentiality, particularly involving data, could have major negative consequences for The Village Practice and the individual. The organisation will therefore take the appropriate disciplinary action against any employee who commits a breach of confidentiality by reporting it to the organisation’s Data Protection Officer (DPO).
If it is a serious breach, the DPO will be bound to recommend that it is reported to the Information Commissioner’s Office (ICO) who may, in turn, institute criminal proceedings against the individual and, if found to be negligent, The Village Practice itself. The individual, if found guilty, will be required to pay a fine and acquire a criminal record and the organisation may be heavily fined if found guilty.
Nothing in this policy prevents an employee or other individual making a protected disclosure under the Public Interest Disclosure Act 1998 in respect of any malpractice or unlawful conduct.
3 Definition of terms
3.1 Confidential information
“Confidential information” means any information processed by the organisation or supplied (whether supplied in writing, orally or otherwise) by the organisation or gathered by an individual in relation to the performance of his/her duties that is marked as “confidential”.
Confidential information in relation to patients is defined in NHS Digital’s operational guidance document[2] and also defined in the National Health Service Act 2006.
3.2 Protected disclosure
The protected disclosure of unlawful conduct, malpractice or wrongdoings within the organisation is commonly known as “whistleblowing”.
4 Confidentiality protocols
4.1 Confidentiality
All employees must, from the date of the commencement of employment or other form of engagement, and thereafter, observe strict confidentiality in respect of any information held by the organisation and by each individual working on behalf of the organisation. This includes dealings, transactions, procedures, policies, decisions, systems and other matters of a confidential nature concerning the organisation and its affairs.
Other than in the proper course of their duties, employees must not, either during or at any time after the termination of their employment, exploit or disclose confidential information. In addition, employees must not, through negligence, willful misconduct or inadvertence, allow the use, exploitation or disclosure of any confidential information relating to the affairs of the organisation, its patients, partners, employees, contractors, business partners or suppliers.
There must be no attempt to use any confidential information in a manner that may either directly or indirectly cause, or be calculated to cause, injury or loss to the organisation.
4.2 Non-disclosure of information
It is an obligation upon all employees during employment, or engaged under other contractual arrangements, to maintain information in confidence and not, directly or indirectly, disclose it other than for the purposes it was gathered. Any such information in the possession of an individual, either in electronic format or hard copy, shall be returned to the organisation before or at the point in time that employment ceases, however such cessation occurs.
Following the cessation of employment, or other contractual engagement with the organisation, an individual must not, directly or indirectly, use for gain, discuss or pass on to others confidential information that can be classed as objective knowledge in that it has been gained during the course of employment. This includes information relating to partners, employees, contractors, patients, business associates, suppliers, market information, contractual arrangements, dealings, transactions, policies, procedures, decisions, technology and systems or other matters of a confidential nature concerning the organisation.
4.3 Third-party requests for information
Any employee approached by a third party, including any media source, and asked to make comments or provide information relating to the organisation and its affairs (or the affairs of its patients, partners, employees, contractors or any business associate) must not, under any circumstances, respond without having sought permission and guidance from the Practice Business Manager
The manager will then discuss the request with the partners and consider asking for assistance from the press information/media officer the organisation’s ICB.
4.4 Whistleblowing or protected disclosures
In respect of any malpractice or unlawful conduct, any employee is entitled to submit a protected disclosure under the organisation’s Whistleblowing Policy.
Legislation in the UK was enacted by the Public Interest Disclosure Act 1998 to enable employees and other persons such as agency temporary workers to disclose genuine concerns, especially those which seem to involve unlawful conduct or malpractice. The legislation also protects them from any form of victimisation arising from making such a disclosure.
The organisation’s Whistleblowing Policy provides a procedure for making protected disclosures. It states that protected disclosures are normally made to The Practice Business Manager If the individual employee feels unable to report the matter internally then they are free to report it to an external organisation.
4.5 Non-disclosure agreement
All persons engaged to work for and on behalf of the organisation will be required to sign the non-disclosure agreement to be found at online.
A signed copy will be held on the individual’s personnel file.
5 Summary
It is important that all staff at The Village Practice are conversant and comply with this Confidentiality and Non-disclosure Policy. Failure to do so could have far reaching effects on the confidence that patients have in the practice staff and their relationship with health professionals.
Additionally, all staff must understand the importance of being aware of the action to be taken in the event that they receive a request for information from third parties and also the procedure to follow in the event that they wish to make a protected disclosure (whistleblowing). Signing the agreement highlights to the individual the possible outcomes and effects that failure to comply could have on the organisation and the potential of the individual to acquire a criminal record.
[1] Network Contract Directed Enhanced Service (DES) Contract specification 2020/21 – PCN Requirements and Entitlements (Annex B P67)
[2] NHS Digital’s operational guidance document A6.1: What is Confidential Patient Information?