How to Maintain Confidentiality in Health and Social Care

April 12, 2023
Clock Icon 4 min read

Everybody deserves to have their privacy and personal details respected. This is our right and it’s important that all environments and institutions act accordingly, including schools, businesses, and health and social care sectors.

If you work in health and social care, it’s important that you understand your duty of confidentiality. You must abide by this duty and ensure that you respect your patients’ and clients’ legal right to privacy. In some rare cases, it may be necessary to override your duty of confidentiality, particularly if people are at risk of harm. Read on to find out more.

What is Confidentiality in Healthcare?

The definition of confidentiality in health and social care is keeping sensitive information private and respecting someone’s wishes. It means that professionals shouldn’t share personal details about someone with others, unless that person has said they can or it’s absolutely necessary. ‘Professionals’ in this context includes people like doctors, nurses, social workers, support workers, and employers.

In a health and social care setting, confidentiality means that the practitioner should keep a confidence between themselves and the patient, as part of good care practice. This means that the practitioner shouldn’t tell anyone what a patient has said and their details, other than those who need to know. This also includes not showing anyone – again, other than those who need to know – an individual’s personal notes or computer records.

expert icon

Want to Learn More?

Our Information Governance Training is designed to help those who work in health & social care, giving you the tools to understand your obligations around data protection. See how else we might be able to support you with our full range of Safeguarding Courses.

Why is Confidentiality Important in Health and Social Care?

Confidentiality in health and social care is important for building relationships with service users. Keeping the necessary information private and respecting an individual’s wishes regarding sensitive information will help build trust. If a service user knows that their private information is going to be kept confidential, they will feel confident in sharing information to get the help and support they need.

It is also important to maintain confidentiality in health and social care as it is your legal duty. There are many different pieces of legislation and different policies in place to ensure that you maintain confidentiality.

How to Maintain Confidentiality in Healthcare

There are many ways that you can maintain confidentiality in health and social care, including:

  • Reporting any breaches of confidentiality to the appropriate person.
  • Remaining vigilant to whether the information you share is confidential.
  • Following your organisation’s policies and procedures relating to confidentiality.
  • Seeking guidance from the appropriate person when you are unsure about confidentiality.
  • Communicating with service users to build trust.
Healthcare professionals in discussion

How to Maintain Principles of Confidentiality in Childcare

It may also be the case that you frequently handle confidential information about children. The same principles of confidentiality apply in this situation: you should maintain confidentiality but override it if you think the child is at risk. Always be vigilant to recognising the signs or abuse and neglect and tell somebody if you think the child is at risk.

You should view confidentiality on a need to know basis, which means that you only share information when it’s necessary and with people who need to know. Relationships between professionals and children are built on trust, so it’s essential that you uphold a child’s confidentiality unless they are at risk. If you need to share a child’s information, ask for their consent unless there is a compelling reason not to do so. This is important for transparency, trust, and building a relationship.

Confidentiality Policy in Health and Social Care

There are many legislative requirements surrounding confidentiality in health and social care. If you work with patients and their records, then it’s important that you’re aware of patient confidentiality law and the following legislation.

The Common Law of Confidentiality

The principle of confidentiality is broadly taken from common law, which is why it’s called a common law duty of confidentiality. Confidentiality is important for encouraging people to come forward with issues and concerns.

However, there are certain offences and provisions where the duty of confidentiality is overridden. For example, if a girl has been a victim to Female Genital Mutilation (FGM), then this is a criminal offence and the appropriate authorities need to know. Additionally, if there is a serious safeguarding concern and somebody is at risk, then you have a duty to share this information to keep people safe.

The Human Rights Act 1998

The Human Rights Act gives every individual the right to respect for their private and family life. This includes having any personal information held in confidence. This right, however, is not absolute and can be overridden if necessary, such as for a safeguarding concern.

The Care Act 2014

This Act encourages caregivers to take a person-centred approach when safeguarding adults at risk. It also sets out a new way of thinking in relation to adult social care by explaining the importance of sharing information at early stages so that people stay safe.

Healthcare scenario with health and social care providers in discussion

The Health and Social Care (Safety and Quality) Act 2015

This Act sets out a number of provisions relating to the health and social care services in England. It covers the integration of information relating to users of health and social services. It also explains the sharing of information for individuals who use health and social care services.

The Data Protection Act 2018 and the GDPR

The Data Protection Act and the GDPR both have provisions that explain the way organisations, charities, and businesses must handle information. This includes care settings and provisions relating to clients, patients, and employees. Under Data Protection and the GDPR, personal information must be:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit and legitimate purposes.
  • Adequate, relevant, and limited to what’s necessary for the purposes of why it was collected.
  • Accurate and up to date.
  • Not be kept for longer than is necessary.
  • Processed in a manner with appropriate security, including protection against accidental loss.
Healthcare provider and patient walking through care home with positive relationship

Examples of Confidentiality in Health and Social Care

Some examples of information that should be kept confidential include the following:

Relationship concerns – if a service user shares with you information about their relationships or family and asks you not to share the information, you have a duty to keep that information private. For example, if they have begun a romantic relationship with someone. However, if the relationship is a cause for concern, such as a child beginning a relationship with someone much older, you will have to break confidentiality.

Details of health – if a service user discusses their health or condition with you but doesn’t want other service users to know, you have a duty to keep that information confidential. For example, if a service user asks you about another service user’s health, you should inform them that you cannot discuss other service user’s conditions.

Personal details – information regarding a service user’s name, address, age, bank details and more, should be kept confidential. This information should only be shared with individuals that need to know, for example, the service user’s doctor.

When Can You Break Confidentiality in Health and Social Care?

There are many uncertainties surrounding confidentiality in health and social care. Common questions express concerns like ‘when shall I disclose confidential information?’ and ‘will I be breaching confidentiality in expressing my concerns?’.

To provide a simple answer: you may, in certain circumstances, override your duty of confidentiality to patients and clients if it’s done to protect their best interests or the interests of the public. This means you may override your duty if:

  • You have information that suggests a patient or client is at risk of harm.
  • You have information to suggest that a patient or client is posing a risk of harm to someone else.

In these instances, you should always report your concerns to your manager or supervisor. You should also help and contribute to any further actions that are taken to reduce the risk of harm.

However, sometimes things are not this simple and it can be easy to misread and misunderstand the signs. If you have any concerns about someone, or a confidentiality issue arises, you should always ask your manager or supervisor for advice.

health care staff member offering meal to a patient, increasing their positive relationship

Consider the following scenario, which explains why over-riding confidentiality is sometimes necessary.


You are a care worker and you have gone to assist an elderly male at his home. You don’t usually assist this man, but his usual care worker has gone away for the week.

When you are helping him to get dressed, you notice several bruises on his back. When you enquire about these, he explains that his usual nurse attacked him last week and caused the bruises. He believes that he said something silly because the care worker started calling him names and then hitting him.

You are very concerned about this man’s safety when his normal care worker returns. He tells you that he doesn’t want you to tell anybody because the care worker is usually nice and it was just him making a silly comment that caused this to happen. He has become upset and he doesn’t want to get the care worker into trouble.


There is a clear conflict in this situation. You believe that you should inform your manager immediately and report the other member of staff. However, the gentleman has begged you not to do this and has told you in confidence, so you don’t want to breach his confidentiality.


In this situation, it is acceptable to override your duty of confidentiality. This is necessary to protect the man from further harm.

You should explain to him that you understand why he is upset and doesn’t want to speak out. However, explain that he has experienced a form of abuse that he has a right to be protected from and how you can help him.

Here, you are acting on behalf of the man’s best interests and within the Public Interest Disclosure Act. This means you can override your duty to protect his confidentiality and speak to your manager about what you have found.

You have a duty to protect patient confidentiality in health and social care. However, when a patient or client is at risk of harm or posing a risk to someone else, you may, in certain circumstances, override this duty if it’s done to protect their best interests or the interests of the public.