Information provided by complainants to the ICAS advocate is provided in complete confidence and must be treated as such so long as it can identify the individual it relates to.

Patient information is generally held under legal and ethical obligations of confidentiality. Information provided in confidence should not be used or disclosed in a form that might identify a patient without his or her consent.

There are a number of important exceptions to this rule but it applies in most circumstances.

Confidentiality is

• a legal obligation that is derived from case law
• a requirement established with professional codes of conduct
• included within NHS employment contracts as a specific requirement linked to disciplinary procedures.

The duty of confidentiality arises when one person discloses information to another in circumstances where it is reasonable to expect that the information will be held in confidence.

Patients entrust the NHS with sensitive information relating to their health and other matters as part of their seeking treatment. They do so in confidence and have the legitimate expectation that staff will respect this trust.

The NHS Confidentiality Code of Practice

The NHS Confidentiality Code of Practice (external link) is a guide to required practice for those who work within or under contract to NHS organisations concerning confidentiality and patients' consent to use their health records.

Confidentiality is only broken when a service user threatens to harm themselves, others, illegal activity is disclosed or there is cause for concern that an imminent threat exists to public safety.

The ICAS advocates code of practice link says that they must

• adhere to the organisation’s confidentiality policy
• not disclose information about a client to others without consent
• not sign anything that allows them to know information about a client which they cannot disclose to that client.

Next: Access to records and patient information