Reading List

This Reading List supports learning from the course and focuses on UK law, regulation and practical guidance for confidentiality in optical practice.

Core legal and regulatory framework

• UK GDPR guidance and resources ICO overview of lawful bases, special category health data and accountability duties relevant to eye care providers.
• Data Protection Act 2018 Primary legislation underpinning UK data protection, including conditions for processing health data.
• Human Rights Act 1998 Article 8 Right to respect for private and family life which frames proportional decisions about disclosures.
• Access to Health Records Act 1990 Statutory route for access to a deceased person's records and limits on disclosure.
• Consent and confidential patient information NHS England explanation of the common law duty of confidentiality and when consent or another legal basis is required.

Optical professional standards

• GOC Standard 14: Maintain confidentiality and respect your patients' privacy Core professional duty for registrants, including team responsibilities.
• GOC guidance: Disclosing confidential information Practical expectations on when and how to disclose, document and justify.
• GOC guidance on consent How to obtain and record valid consent, including capacity and withdrawal.
• College of Optometrists: Confidentiality Applied guidance on keeping patient information confidential in everyday practice.
• College of Optometrists: Patient records What to record, why, and how records support continuity, audit and accountability.

NHS information governance and Caldicott

• The Caldicott Principles Seven principles for using confidential information appropriately in health and care (Dec 2020).
• A Guide to Confidentiality in Health and Social Care NHS guide to sharing safely while protecting confidentiality.
• Data Security and Protection Toolkit Mandatory self-assessment against the National Data Guardian's data security standards (Jan 2025).
• Records Management Code of Practice Retention and records handling standards, with searchable schedule (Dec 2023 update).

Digital communication and security

• The secure email standard DCB1596 Requirements to ensure email meets NHS secure standards for sensitive information.
• Guidance for sending secure email (including to patients) How to use NHSmail and encryption when contacting non-secure addresses.
• Using mobile messaging software in health and care settings Practical rules for safe use of instant messaging within care teams (Dec 2022).
• NCSC bring your own device guidance UK government advice for enabling and securing personal devices used for work.

Disclosures and safeguarding

• Information sharing advice for safeguarding practitioners Non-statutory DfE advice on sharing to protect children, aligned to Working Together (May 2024).
• Sharing information with the police NHS England guidance on lawful, necessary and proportionate disclosures to law enforcement (Jun 2025).

Domiciliary and community eyecare

• The domiciliary eye examination College guidance on consent, privacy and set-up considerations for home and care settings.

Email, transfer and secure handling tools

• Transfer data securely NHS secure file transfer options for sensitive information exchange.
• DSPT guide: Effective audit logging Expectations for access controls, audit trails and monitoring to deter inappropriate access.