Confidentiality of Personal Health Information

Key Messages

1.    The confidentiality policy exists to ensure that all patient information is treated with complete confidentiality and MUST NOT be divulged to anyone who does not have right to access that information.

2.    Access to information on patients is restricted to those that have been given permission by the patient, except in circumstances outlined in this policy.

3.    This policy applies to all information where the patient can be identified, and applies to all types of media where patient identifiable data is processed.

4.    This policy applies to all staff employed by NHS Lothian, including agency and bank staff, all students, volunteers and agency and contractors working on behalf of NHS Lothian.

Minimum Implementation Standards

All staff must sign a confidentiality statement in their contract of employment prior to commencing work for NHS Lothian.

Confidentiality training will be provided as part of the mandatory induction program for new NHS Lothian employees.

All staff must complete the eLearning mandatory module updates every 24 months. Included in this is an information governance module which ALL staff must complete.

All line managers of should have local dissemination and implementation plans in place to ensure all staff are familiar and adhere to all aspects of this policy.

This includes non clinical areas and non clinical staff at all locations within NHS Lothian.

Unauthorised breaches of confidentiality will be taken very seriously and will result in an investigation into the alleged breach, and may result in disciplinary action in accordance with Management of Employee Conduct – Disciplinary.