The legislation related to confidentiality includes the Data Protection Act 1998. This act states that anyone handling personal information must comply with a number of principles. It also gives individuals rights over their personal information. The principles within the Data Protection Act 1998, provides a frame work in which data cannot be used. This is very important in the context of anti-discrimination. An example of this is that personal health information cannot be used or disclosed without the consent of the owner. This is however different under the Health and Social Care Act 2012.
The Secretary of State for Health has the power to authorise or require health service bodies to disclose patient information. This includes data of people’s care assessments and treatment needs which is needed to support NHS services. This is done in the interest of improving patients care. The Common Law of Confidentiality is a common law which has been recognised over a long period of time through the courts. This has helped with establishing that some information has a quality of confidence, meaning that the person or organisation that provides information has an expectation that the information will not be disclosed or shared with others.
The Information Commissioner Office is obliged by law to disclose confidential information where there is an overriding public interest or justification for doing so. An example is preventing or detecting crime, or protection of vulnerable children or adults. When it comes to patient confidentiality, there is Caldicott Principles which was established in 1997. This was after a review by the Chief Medical Officer prompted by increasing worries in regards of concerns over the use of patient information within the National Health Service (NHS). It regulates the transfer and use of a person’s identifiable information. The health and social care organisations have to oblige by these principles when reviewing their use of client information.
These principles ensure that information is held securely and confidentially. Records ethically shared and effectively used while complying with the law. Another charter related to the Data Protection Act 1998 is the General Data Protection Regulation (GDPR). This regulation addresses the export of personal data outside the European Union. GDPR comes into effect on May 25, 2018. It is being introduced because the digital economy is built upon the exchange and collection of personal data. The growth of the digital economy calls for public confidence in the protection of their information. This is vital especially after Facebook and Cambridge Analytica are sued lawyers for misusing data of 71million people.
The GDPR requires organisations to put in place sensible data protection measures that will protect the personal data of consumers and employees against data loss or exposure. In order for this goal to be achieved the law regulates all areas related to data management and processing, from obtaining user consent to setting up wide data protection practices and handling data breach incidents. GDPR’s most outstanding feature is encryption. This is an important technology measure to secure data. Organisations that don’t comply may face severe consequences and fines which may be a maximum of 20 million euros.
In order to comply with the Health Insurance Portability and Accountability Act (HIPAA) guidelines, confidentiality in a care setting is extremely important because it shows respect for service users. It also goes on to show the service users that they can trust you and this in turn will make them feel comfortable and safe enough to voice any concerns they may be having. There are a number of issues related to confidentiality within a care setting, one of them is the right or need to know basis. This basically means that information about a patient or service user should be shared only when it is in the best interest of that service user. An example of this is the NHS care pathway whereby health professionals share information which enables them to treat the patient. Upon analysing the need to know basis on sharing of information, the author found the diagram below
The service user or patient has the right know how his or her information will be used. Health care professionals by law have to involve the patient in everything that they do with their information. There are occasion where health professionals are obliged to share patients information without their consent, this is known as breaching confidentiality. A breach in confidentiality only happens when it is in the interest of the public. This means a doctor may share information with the police if a patient might be a risk to others. The other reason is when it is a part of a law order, in order to solve a crime.
Another thing on the need to know basis, information about a service user that is shared should be relevant and not excessive for the purpose it is intended for. This also means that once the information has served its purpose, it should not be kept longer than is necessary. Service user information should be kept in a secure place for example locked cabinets. If information is stored electronically it should be password protected, this avoids it being in the eyes of people who do not have a need to know it.
The client choice in regards to confidentiality can also be defined as freedom of choice. This is very important as it promotes a feeling of independence and control of their care. If a patient is of sound mind and have an understanding about their treatment and medication. They have the right to refuse treatment or consent for the sharing of their information, but if there is concerns regarding capability of a patient to make decisions, a mental capacity assessment is carried out. Mental Capacity Act 2005 aims to empower patients to make decisions and at the same time it protects those lacking capacity by providing a flexible framework placing individuals at the heart of decision-making processes
Once a client is deemed to lack capacity, Deprivation of Liberty is then put in place, the purpose of this policy is to provide adequate care to patients who lack mental capacity to make decisions about their care and treatment. An advocate will then be put in place to act on behalf of the patient. This person will have to act in the best interest of the patient as well as ensuring confidentiality is maintained in doing so.
Discrimination is an action that gives less favourable treatment towards an individual based on their skin colour or nationality. An example of this can be an employee being refused opportunities offered to other colleagues because they are from a minority ethnic community. The Equality Act 2010 brought a wide range laws which were passed since the 1970s into one, therefore making things fairer for everyone. This Act protects people with ‘protected characteristics’ from unfair treatment. Protected characteristics include age, religion, belief, race, sexual orientation, gender, disability and marital status. It also sets out the personal characteristics that are protected by law and the behaviour that is unlawful.
The Equality Act 2010 protects people from different forms of discrimination, victimisation and harassment in the wider society and in the workplace. The Mental Capacity Act 2005 makes it unlawful to discriminate against anyone lacking mental capacity, or the ability to give informed consent. An example of this is a person with dementia, learning disabilities. The Act avoids discrimination by not making assumptions regarding a person interests based on the individual’s age, condition or behaviour. This is done in order to protect the individual’s personal welfare.