Confidentialty and Medical Records

Case Study:

Mr S, an elderly gentleman, has been attending his GP, Dr K, for more than 10 years and has a very good relationship with him. For many years, Mr S has disclosed information to Dr K about his personal and family life, particularly when experiencing stress. Dr K has made notes on these disclosures, detailing names and dates of incidents.

It transpires that Mr S has been a victim of elder abuse for some time and has had money extorted from him. With support from family members, he decides to seek help from the authorities. Legal proceedings commence and solicitors for Mr S contact Dr K to ask for copies of his patient notes because they contain the details of various incidents reported by him over many years.

Dr K wants to help Mr S and his legal team, but is unsure whether to redact the information identifying third parties. Without this third party information, the notes will lose their value as evidence.

Dr K has a dilemma. Should he release the notes without redacting the third party information?

What guidance does the Medical Council provide to doctors that could help Dr K in this situation?

If we consult the Ethical Guide, we can find guidance that Dr K should follow. With regard to confidentiality, paragraph 29 of a Guide to Professional Conduct and Ethics for Registered Medical Practitioners (8th edition) states:

29.1  Confidentiality is central to the trust between you and your patients and a core element of the doctor/patient relationship.  However, sharing information, in appropriate circumstances, is also important, both for patient care and for the safety of the patient and others.

29.2  You should protect your patients’ privacy by keeping records and other information about patients securely. You should guard against accidental disclosures.

29.3  Before sharing or disclosing any identifiable information about patients, you must take into account the Freedom of Information (FOI) principles [see Appendix A on page 46 of the Guide]. You must be clear about the purpose of the disclosure and that you have the patient’s consent or other legal basis for disclosing information.  You must also be satisfied that:

  • you have considered using anonymised information (information that does not identify the patient), and you are certain that it is necessary to use identifiable information;
  • you are disclosing the minimum information to the minimum number of people necessary;
  • the person or people to whom you are disclosing the information know that it is confidential and that they have their own duty of confidentiality.

When disclosing information, doctors must comply with Data Protection and other legislation:

33.4  You must comply with Data Protection and other legislation relating to storage, disposal and access to records. You should understand the eight rules of data protection. (See Appendix B [on page 48 of the Guide]).

How can Dr K agree to the request from his patient’s solicitor, while ensuring that he fulfils his professional obligations in this situation?

If you are under a legal obligation to disclose personal data, then this obligation takes precedence over the Data Protection Act's prohibition on disclosure. The individual's right to privacy can be set aside where personal data must be disclosed in order to save someone's life or protect someone's health, or to prevent property from being destroyed. This provision does not authorise disclosures of personal information for general health research purposes, or for other medical purposes where there is no immediate or urgent risk to someone's life or health.

If Dr K is satisfied that the legal team will treat the records confidentially, Dr K can release a copy of Mr S’ medical records to the solicitors. However, it is essential that Dr K only releases information that is relevant to Mr S’ case, in order to comply with data protection legislation. Legal teams will often seek an ‘order of discovery’ in these cases which will compel GPs to release medical records to them.

If a Garda investigation takes place, the GP is permitted to release the medical records to An Garda Síochána with the patient’s consent or on foot of a Court Order and may be asked to act as a witness for the legal proceedings.

Further Resources:

If you suspect a patient or anyone else is the victim of elder abuse, you can make a Protected Disclosure. GPs are encouraged to contact the authorities if they suspect elder abuse is occurring. The links below can be used for guidance:

NOTE: This case study does not form part of the Guide to Ethics and Professionalism for Registered Medical Practitioners, nor does it constitute clinical or legal advice. It is intended as a helpful illustration of a potential scenario.


The Medical Council would like to thank the Office of the Data Protection Commissioner for their help and advice in drafting this case study.