Confidentiality

New data protection legislation came into force in the UK on 1 March 2000¹ introducing safeguards for the processing of information relating to individuals, including obtaining, holding, using and disclosing that information. The law represents a substantial departure from previous data protection legislation as it applies not only to computerised and electronic information, but also to paper records held in certain filing systems. It covers virtually all structured information about identifiable, living people. Patients' statutory rights of access to their health records are enshrined in this act, which abolishes the cut-off point before which there was previously no right of access to manual health records (1 November 1991, and 30 May 1994 in Northern Ireland). This means that UK patients have a new right to see their complete health records. Older records were not written in the knowledge that patients might see them and there is concern about the nature and tone of some of these. When complying with their statutory obligations, doctors will have to discuss these matters sensitively with their patients where an aspect of a record could cause offence.

General issues of access to health information are also the subject of debate in the UK. The main issue of contention is the legitimacy of implied consent. The Department of Health (DH) advises that people imply their consent to the use of information for “National Health Service (NHS) purposes” when they seek or accept NHS care. Professional and regulatory bodies, however, contest the validity of implied consent unless patients are aware of the potential uses of their information and given a genuine right to refuse. The British Medical Association's (BMA) guidance on confidentiality goes into considerable detail about the responsibilities of doctors not to release information without consent.² It offers practical suggestions for informing patients of …