Managing Disclosures
Sometimes information sharing is both necessary and lawful; the aim is to share the minimum needed with the right person for a clear and limited purpose, and to record the legal basis so the decision is transparent if reviewed later. [1][4][5]
With consent
Explicit consent is most useful when sharing beyond direct care or where common law requires it, and it is strengthened by checking understanding, voluntariness and scope so the person knows what will be shared and with whom; a brief note of the discussion and any limits—for example, “okay to share with my GP, not employer”—keeps intentions clear. [2]
Safeguarding and serious harm
Sharing without consent is justified when there is a risk of serious harm to a child or an adult at risk. [3]
In these situations, good practice is to disclose only what is needed to protect the person, to inform the patient if it is safe and appropriate to do so, and to record both your rationale and any advice you sought so the pathway is auditable. [3][6]
- Other lawful disclosures: these include responding to court orders, statutory notifications (for example, public health), police requests with proper authority, and sharing in the public interest to prevent or detect serious crime. [1][6]
- Checks before disclosure: sensible steps are to verify the requester’s identity and authority, confirm the purpose for sharing, and use a secure route with receipt confirmed. [7]
Minimum necessary principle
In many cases a concise summary meets the need, so forwarding full records is unnecessary; unrelated details can be redacted, and it is worth remembering that metadata such as file names and email subject lines can reveal identifiers. [4][5][2]
Communicating decisions
Taking a moment to explain—where feasible—why sharing is needed and what will be shared can support trust; a short note of what was shared and to whom adds transparency, and offering routes to raise concerns or request corrections keeps the dialogue open. [6][1]
Documentation
A concise entry typically covers the legal basis (including any consent or justification), the data items shared, the recipient and method, and the safeguards applied; it also helps to record any advice taken from Caldicott leads or information-governance teams. [4][1][4]
References (numbered in text)
- 14. Maintain confidentiality and respect your patients’ privacy — General Optical Council Find (opens in a new tab)
- Consent — Information Commissioner's Office (ICO) Find (opens in a new tab)
- Information sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers — Department for Education Find (opens in a new tab)
- The Caldicott Principles — National Data Guardian Find (opens in a new tab)
- Principle (c): Data minimisation — Information Commissioner's Office (ICO) Find (opens in a new tab)
- Confidentiality: good practice in handling patient information — General Medical Council (GMC) Find (opens in a new tab)
- Guidance for sending secure email (including to patients) — NHS England Digital Find (opens in a new tab)
References are included to demonstrate that all the content in this course is rigorously evidence-based, and has been prepared using trusted and authoritative sources.
They also serve as starting points for further reading and deeper exploration at your own pace.
Ask Dr. Aiden
Rate this page
Sign up now for a free account
Course tools & details
