Patients in the public eye

Patients in the public eye

Confidentiality can easily be breached if your patient is a celebrity and the media are hungry for juicy details. Dr Sally Old, MDU medico-legal adviser, reveals all.

Imagine you are on duty with the trauma team at your hospital in the early hours of the morning when a well-known television personality is brought in to A&E with major injuries following a car accident. His identity has been spotted by bystanders at the scene who have already uploaded videos of the aftermath of the crash on to the internet. Within an hour of the patient reaching your department the media are camped outside the hospital, greedy for any news.
If you were faced with this situation what would you do? If journalists were to ask you for a comment on your way out of the hospital at the end of your shift, would you be tempted to say anything? Would you say anything about the case to your friends and family when you got home?
During your career as a doctor you may be involved in treating well-known people who become your patients for one reason or another. It goes without saying that such high profile patients deserve the same level of confidentiality as anyone else, but it can be more difficult to ensure that level of protection of their personal and medical information when the media are clamouring for a story.  

Speaking to journalists 

The GMC advises doctors that "You must not put information you have learned in confidence about a patient in the public domain without that patient's express consent." Journalists know that doctors have a duty of confidentiality to their patients and, if you stand firmly by the line that you cannot comment for this reason, then generally journalists will not continue to question you. If you realise that a particular case is likely to generate a lot of media interest, speak to your trust press office or seek advice from the MDU press office.

Enquiries about patients

Be aware of the possibility that people trying to get information about a patient might pose as legitimate enquirers such as a family member. An extreme example of this was the prank call made to the private hospital where the Duchess of Cambridge was hospitalised early in her pregnancy. The Australian DJs involved posed as the Queen and Prince Charles and were given an update on the Duchess' condition.  

If you are passed a call from someone who says they are a close relative of a patient, what steps can you take to assure yourself that the caller is the person they claim to be? Your trust may well have a policy about this which you should follow. Such a policy might suggest that you ask the caller some questions to reassure you that they are who they say they are. For example you could ask them to tell you the patient's full name (including middle names) address, date of birth and postcode. Similar enquiries can be made when professionals call asking for information, for example when taking a call from a GP you might check that they know the patient's NHS number.  

A further safeguard would be to take the caller's number and ring them back. For instance if a GP surgery or police officer is asking you for information, you can check that the telephone number is valid by returning the call, before disclosing any details about your patient.  

None of these systems are completely secure however, and if you are ever in doubt, or if you are being asked to disclose particularly sensitive information, you may prefer to do that via a more secure medium than over the telephone, such as in writing  or email.  

Once you have established the identity of any third party seeking information about your patient then you will need to take account of the patient's wishes. If possible, find out from your patient who information can be shared with and in what circumstances. The GMC reminds us that "early discussion of this nature can help to avoid disclosures that patients would object to. They can also help to avoid misunderstandings with, or causing offence to, anyone the patient would want information to be shared with."

If possible, find out from your patient who information can be shared with and in what circumstances.

If you are asked to disclose information without a patient's consent then you will need to consider this request carefully. Although there are situations where information may be provided in the public interest, these are rare and such disclosures need to be considered carefully, taking into account all the circumstances. Seek advice from a senior colleague, your Caldicott Guardian or the MDU.

Security of medical records

There is also the risk that third parties might try and obtain medical information without even asking first. We all know that medical records, whether in paper form or electronic, need to be kept securely. However, it has been said that the biggest threat to NHS security is its staff

The security of any medical records system relies on staff abiding by their duty of confidentiality and in the integrity of the systems used to restrict access to information. Do not share your computer passwords or smartcards with anyone.  

If you are logged in at a computer terminal and have to leave it for any reason then remember to log out. If you leave a patient's notes up on the screen they could be read by anyone. And anyone walking past could use the computer to look up the records of other patients, such as any well-known individual being treated at your hospital. Bear in mind that if anyone inappropriately looks up a patient's medical records on the computer while you are logged in, it is going to be traced back to you via the audit trail rather than the person who has obtained the information illicitly. 

The GMC advises "You should not share passwords or leave patients' records, either on paper or on screen, unattended or where they can be seen by other patients, unauthorised healthcare staff, or the public."

Speaking to your colleagues, friends and family

The GMC reminds us that "many improper disclosures are unintentional". If you need to discuss a case with your colleagues then make sure you do that in a place where you cannot be overheard. The patient's bedside, the nurses' station, in the corridor, lift or staff canteen may all be places where unauthorised healthcare staff or the public might be able to hear.

When you leave work you should not discuss confidential information with your friends or family.  It might be tempting to share some juicy details with your close friends, but this itself is a breach of the patient's trust in you. Can you trust your friends not to pass that information on further, given that you have already been tempted to discuss it yourself despite your professional duty?

Also be wary of commenting on identifiable cases via social media such as internet chat forums. Once information is online it can be difficult to remove as others may distribute or comment on it. Even seemingly superficial details about patients could be identifiable. For example, researchers looking at 84 threads detailing clinical incidents posted on the anaesthetic forum could identify the hospital involved in 38 cases after a Google search on the poster's name. Five descriptions of cases included the hospital, date, age, sex and further identifying details of the patient.  

With the rapid increase in doctors using social media, the GMC has now included advice about this in its guidance. Essentially the same standards are expected of doctors when communicating through social media as when face to face with patients. Good Medical Practice (2013) advises "When communicating publicly, including speaking to or writing in the media, you must maintain patient confidentiality. You should remember when using social media that communications intended for friends or family may become more widely available."

Learning points

  • All patients deserve the same degree of confidentiality for their medical records.
  • If the media enquire about a patient under your care, explain that you cannot comment because of your duty of confidentiality.
  • Ask patients who they would be happy for you to share information with.
  • Don't release information to third parties unless you have consent or you can justify doing so, for example in the public interest. You will need to assure yourself they are bona fide.
  • Take steps to prevent unauthorised access to patient records.
  • Beware of inadvertent confidentiality breaches, e.g. from discussing patients in a place where you can be overheard.
  • Tempting though it may be, do not share confidential information about patients with your friends or family, either in person or via social networking.
Previous article Next article

This page was correct at publication on . Any guidance is intended as general guidance for members only. If you are a member and need specific advice relating to your own circumstances, please contact one of our advisers.