Staff Confidentiality Policy




In the course of your employment or associated work with the Practice, you may have access to, see or hear, confidential information concerning the medical or personal affairs of patients, staff or associated healthcare professionals. Unless acting on the instructions of an authorised officer within the practice, on no account should such information be divulged or discussed except in the performance of your normal duties. Breach of confidence, including the improper passing of registered computer data, will result in disciplinary action, which may lead to your dismissal.

The Gender Recognition Act 2004 makes it a criminal offence to disclose an individual with a Gender Recognition Certificate's transgender history to a third party without their consent. Disclosure of their transgender history may be made to a health professional, for medical purposes, and with the consent of the individual. A trans patient's consent should be sought before sharing details of their social or medical transition, also called gender reassignment, with other services or individuals. This includes information such as whether a patient is currently taking hormones or whether they have had genital surgery, as well as information about previous names or the gender they were assigned at birth. Consent should be obtained before information relating to the patient being trans is shared in referrals. This information should only be shared where it is clinically relevant, e.g. it would be appropriate when referring a trans man for a pelvic ultrasound but not when referring him to audiology.

You should also be aware that regardless of any action taken by the Practice, a breach of confidence could result in a civil action against you for damages.

You must ensure that all records, including VDU screens and computer printouts of registered data, are never left in such a manner that unauthorised persons can obtain access to them. VDU screens must always be cleared when left unattended and you must ensure you log out of computer systems, removing your password. All computer passwords must be kept confidential.

You must process personal data (whether relating to the practice’s prospective, current or future employees at any time, clients or customers or any persons) in line with the three principles of data security (confidentiality, integrity and availability).

You will comply at all times with your personal obligation and the practice’s obligations under relevant legislation, in particular the Data Protection Act 2018.

Unauthorised use of the internet or email is not allowed.

Personal telephone calls are allowed only in the case of emergency and with the prior permission of the practice manager.

Under recent legislation, we are entitled to monitor and record your telephone calls, E-mails and use of the Internet at work. These systems belong to the Practice and are connected to the outside telecommunications system.

We intend to monitor and record in some cases, telephone calls (including voice mail boxes), E-mails in and out and your use of the Internet to ensure that all such systems are being used for legitimate business purposes and in order to monitor the quality of service being given to clients and the effectiveness of training.

We may also check voice mailboxes in an employee’s absence.

We also reserve the right to carry out such monitoring and recording where we have reasonable grounds to believe that criminal offences or breaches of Practice rules and policies may be taking place.

This notice informs all staff that we intend to carry out such activities.

All inbound and outbound calls will be recorded by the practice and will be retained for a period of 6 months. These recordings will only be used for the purposes specified above.

In order to maintain a high quality service and to protect both the public and staff we need to record all telephone calls received and retain them for a limited period of time.

All inbound and outbound calls will be recorded. Under normal circumstances a call will not be retrieved or monitored unless:

  • It is necessary to investigate a complaint;
  • There is a threat to the health and safety of staff;
  • It is necessary to check compliance with regulatory procedures; or
  • It will aid standards in call handling through use in training and coaching our staff. However, this will only be permitted if the recording is edited so that the caller remains anonymous and the member of staff who was party to the call agrees to its being used in this way.

Calls may be released to third parties but only under circumstances where there is a threat to the health and safety of patients and staff as well as for compliance and security purposes.

Information concerning patients or staff is strictly confidential and must not be disclosed to unauthorised persons. This obligation shall continue in perpetuity.

Disclosures of confidential information or disclosures of any data of a personal nature can result in prosecution for an offence under the Data Protection Act 1998 or an action for civil damages under the same Act in addition to any disciplinary action taken by Practice.