Confidentiality Policy & Procedures

Dental practice team members have a legal, professional and ethical duty to keep personal and sensitive information about patients confidential at all times.

Legal obligation

In line with the requirements of the Data Protection Act 2018 which is the UK’s implementation of the General Data Protection Regulation (UK GDPR), dental practices have a duty to keep personal data about their patients safe and secure and to ensure it is only accessed by persons who need to see it for the purposes of providing safe, effective care.

Professional and ethical duty

The General Dental Council (GDC) places a duty of confidentiality on registered dental professionals with a requirement that all patient information is always kept confidential.

Confidentiality Policy

At Headless Cross Dental Practice, we maintain a strict policy in respect of patient confidentiality. All team members understand the importance of strict patient confidentiality and ensure this is maintained at all times; compliance with this policy is a condition of employment for all team members.

Our Confidentiality Policy is based on the requirements laid down in the GDC’s standards guidance ‘Standards for the Dental Team’ and we require all dental professionals to ensure they are familiar with and comply with these requirements. We also require all non-registered team members to follow this guidance and to ensure they maintain patient confidentiality at all times.

All team members at Headless Cross Dental Practice understand that the duty of confidentiality applies to all information about patients, including but not limited to, personal details, medical history, what treatment the patient has had or is having and how much it costs. Team members understand that patients’ information must only be used for the purpose for which it was given.

Our policy is to ensure that team members never talk about patients or their treatment in places where they can be overheard by people who should not have access to the information being discussed. Any team member who is found to have done so will face disciplinary action.

We will not disclose any information about our patients to third parties without the consent of the patient except in certain specific circumstances described in our confidentiality procedures.

This policy was implemented on 23.3.23.

This policy and relevant procedures will be reviewed annually and are due for review on 27.3.24 or prior to this date in accordance with new guidance or legislative changes.


Confidentiality Procedures

At Headless Cross Dental Practice we are aware that our duty to keep all patient information confidential extends to all interactions we have with our patients and to all areas in which confidentiality could be compromised. We therefore have strict procedures in place that all team members are required to comply with at all times.

General confidentiality

We take great care to ensure that patients are not placed in a position in which they are disclosing personal information in earshot of others who should not be able to overhear the conversation.

When recording personal details such as address, phone number etc we ask patients to complete this on our electronic Clini Pad which when saved goes directly into their computer records. Our Clin Pads are portable so patients can take a seat and complete privately.

When gathering information such as medical histories we ask patients to complete this on our electronic Clini Pad which when saved goes directly into their computer records. . Our Clini Pads are portable so patients can take a seat and complete privately.

When calling patients in from the waiting room our Dentist/Nurses will collect patients and greet them for their appointment.

When sending confidential information, we use a secure method. When sending or storing confidential information electronically, we ensure that it is encrypted.

Arrangements for collecting data remotely

At Headless Cross Dental Practice, patients can be emailed copies of their medical history forms and consent to treatment information via email prior to their visit to the practice. When sending information by email, we will ensure we have verified the email of the patient prior to sending confidential information and where possible encrypted email addresses will be used.

Disclosing personal information about patients

We take great care to ensure that we only disclose personal information about a patient when we have consent to do so.  To help us achieve this we ensure that:

  • We do not leave messages with a 3rd party confirming or cancelling appointments, unless we have consent to do so.

  • When leaving messages on patients’ answerphones we ask only that a patient calls us back.

  • We do not leave any details, including that the patient has an appointment with us unless we have the patient’s consent.

  • We do not share information with anyone about the fact that a patient:

  • Has an appointment.

  • The date or timing of an appointment.

  • The type of treatment.

  • The fees due for treatment.

  • In the event that a patient consents to us sharing information about their appointment with another named individual we ensure that we only share information we have consent to share.

  • If a patient requires laboratory work as part of their treatment we patients reference codes.

  • We ensure that all personal information about patients is stored securely and cannot be accessed by anyone without authority to see it.

  • We aim to ensure patients cannot see a list of other patients who have appointments on any given day.  To achieve this, we ensure that daylists are not left lying around and are confidentially shredded at the end of the day and we aim to ensure that patients cannot accidentally see a daylist on the computer screen.

Circumstances in which we may disclose information to third parties

There are certain restricted circumstances in which a clinician may decide to disclose information to a third party or may be required to disclose by law.

Responsibility for disclosure rests with the patient’s clinician and under no circumstances can any other team member make a decision to disclose information.

In any circumstance where a clinician decides to release confidential information, they should be prepared to explain and justify their decision and any action they take.

Any GDC registrant who is unsure of whether they should or should not release confidential information about a patient should obtain advice from their defence organisation.

When disclosure can be made

There are circumstances when personal information can be disclosed:

• Where the patient has given consent to the disclosure. Please see above for detailed guidance on this. Note -Patients must be given the opportunity to withhold permission and they must be given the opportunity to withdraw permission previously given.

• Where disclosure is necessary for the purpose of enabling someone else to provide health care to the patient and the patient has consented to this sharing of information.

• Where the wider public interest outweighs the rights of the patient to confidentiality. This might include cases where disclosure would prevent a serious future risk to the public or assist in the prevention or prosecution of serious crime.

Where disclosure is required by statute or is ordered by a court of law, we would only release the minimum information needed to follow the order.

Confidential storage of patients’ personal information

Paper records

Our paper records are stored in our lockable, fireproof cabinets behind reception.

Electronic record

Our electronic patient records are password protected with restricted access. Records are backed up daily with backups stored off the premises. All team members have their own password, and this is never given to anyone else.

Confidentiality agreement

All team members are bound by a confidentiality agreement as part of their conditions of engagement or terms of service. Any breach of confidentiality is viewed extremely seriously and is likely to result in disciplinary proceedings.