photo of woman with toothache

Confidentiality policy

Confidentiality policy and procedures

Dental practice team members have a legal, professional and ethical duty to keep personal and sensitive information about patients confidential at all times.

Legal obligation

Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) dental practices have a duty to keep personal data about their patients safe and secure and to ensure it is only accessed by persons who need to see it for the purposes of providing safe, effective care.

Professional and ethical duty

The General Dental Council (GDC) places a duty of confidentiality on registered dental professionals with a requirement that all patient information is always kept confidential.

Confidentiality Policy

At our practice we maintain a strict policy in respect of patient confidentiality.  All team members understand the importance of strict patient confidentiality and ensure this is maintained at all times; compliance with this policy is a condition of employment for all team members.

Our Confidentiality Policy is based on the requirements laid down in the GDC’s standards guidance ‘Standards for the Dental Team’ and we require all dental professionals to ensure they are familiar with and comply with these requirements. We also require all non-registered team members to follow this guidance and to ensure they always maintain patient confidentiality.

All team members at our practice understand that the duty of confidentiality applies to all information about patients, including but not limited to, personal details, medical history, what treatment the patient has had or is having and how much it costs.  Team members understand that patients’ information must only be used for the purpose for which it was given.

Our policy is to ensure that team members never talk about patients or their treatment in places where they can be overheard by people who should not have access to the information being discussed.   Any team member who is found to have done so will face disciplinary action.

We will not disclose any information about our patients to third parties without the consent of the patient except in certain specific circumstances described in our confidentiality procedures.

Confidentiality Procedures

At Dental Partners we are aware that our duty to keep all patient information confidential extends to all interactions we have with our patients and to all areas in which confidentiality could be compromised. We therefore have strict procedures in place that all team members are required to comply with at all times.

General confidentiality

We take great care to ensure that patients are not placed in a position in which they are disclosing personal information in earshot of others who should not be able to overhear the conversation.

Arrangements for collecting data during the COVID-19 pandemic

During the COVID-19 pandemic, Dental Partners will change the way we gather patient information to manage infection risks and better protect staff and patients.

At Dental Partners patients will be emailed copies of their medical history forms and consent to treatment information via email prior to their visit to the practice. When sending information by email, we will ensure we have verified the email of the patient prior to sending confidential information and where possible encrypted email addresses will be used.

Disclosing personal information about patients

We take great care to ensure that we only disclose personal information about a patient when we have consent to do so. To help us achieve this we ensure that:

  • We do not leave messages with a 3rd party confirming or cancelling appointments, unless we have consent to do so.
  • When leaving messages on patients’ answerphones we ask only that a patient calls us back.
  • We do not leave any details, including that the patient has an appointment with us unless we have the patient’s consent.
  • We do not share information with anyone about the fact that a patient:
    • Has an appointment.
    • The date or timing of an appointment.
    • The type of treatment.
    • The fees due for treatment.
  • In the event that a patient consents to us sharing information about their appointment with another named individual we ensure that we only share information we have consent to share.
  • We ensure that all personal information about patients is stored securely and cannot be accessed by anyone without authority to see it.
  • We aim to ensure patients cannot see a list of other patients who have appointments on any given day.  To achieve this, we ensure that daylists are not left lying around and are confidentially shredded at the end of the day and we aim to ensure that patients cannot accidentally see a daylist on the computer screen.

Circumstances in which we may disclose information to third parties

There are certain restricted circumstances in which a clinician may decide to disclose information to a third party or may be required to disclose by law.

Responsibility for disclosure rests with the patient’s clinician and under no circumstances can any other team member make a decision to disclose information.

In any circumstance where a clinician decides to release confidential information, they should be prepared to explain and justify their decision and any action they take.

Any GDC registrant who is unsure of whether they should or should not release confidential information about a patient should obtain advice from their defence organisation.

When disclosure can be made

There are circumstances when personal information can be disclosed:

  • Where the patient has given consent to the disclosure. Please see above for detailed guidance on this. Note -Patients must be given the opportunity to withhold permission and they must be given the opportunity to withdraw permission previously given.
  • Where disclosure is necessary for the purpose of enabling someone else to provide health care to the patient and the patient has consented to this sharing of information
  • Where the wider public interest outweighs the rights of the patient to confidentiality. This might include cases where disclosure would prevent a serious future risk to the public or assist in the prevention or prosecution of serious crime.

Where disclosure is required by statute or is ordered by a court of law, we would only release the minimum information needed to follow the order.

Changes to disclosure rules during the COVID-19 pandemic

Due to the unprecedented challenge posed by the COVID-19 pandemic, the rules on sharing patients’ information have been relaxed to allow healthcare organisations to fight the virus effectively.

Dental practices can now process and share confidential patient information with other healthcare organisations and external bodies engaged in protecting public health and monitoring and managing the COVID-19 outbreak and incidents of exposure.

Dental Partners has updated our privacy policy to reflect the information we will process and the reasons for processing this information.

Confidential storage of patients’ personal information

Paper records

Our paper records are stored in lockable, fire-proof filing cabinets that are locked overnight and when the practice is unattended.

Electronic records

Our electronic patient records are password protected with restricted access. Records are backed up daily with backups stored off the premises. All team members have their own password, and this is never given to anyone else.

Confidentiality agreements

All Dental Partners team members are bound by a confidentiality agreement as part of their conditions of engagement or terms of service. Any breach of confidentiality is viewed extremely seriously and is likely to result in disciplinary proceedings.

More information

For more information on this topic, speak with the practice owner or practice manager.

Useful organisations:
General Dental Council
Information Commissioner