Confidentiality Do’s and Don’ts

Hints and tips on how to maintain confidentiality.


  • Safeguard the confidentiality of all person-identifiable or confidential information that you come into contact with. This is a statutory obligation on everyone working on or behalf of NHSCFA
  • Clear your desk at the end of each day, keeping all non-digital records containing person-identifiable or confidential information in recognised filing and storage places that are locked at times when access is not directly controlled or supervised.
  • Switch off computers with access to person-identifiable or business confidential information, or put them into a password protected mode, if you leave your desk.
  • Ensure that you cannot be overheard when discussing confidential matters.
  • Challenge and verify where necessary the identity of any person who is making a request for person-identifiable or confidential information and ensure they have a need to know.
  • Share only the minimum information necessary to achieve the purpose.
  • Transfer person-identifiable or confidential information securely when necessary i.e. use an email account to send confidential information to another email account or to a secure government domain e.g.
  • Seek advice if you need to share patient/person-identifiable information without the consent of the patient/identifiable person’s consent and record the decision and any action taken.
  • Report any actual or suspected breaches of confidentiality through Service Desk (, Ext: 0207 895 4545, Int: 514 4545) where it will be appropriately triaged.
  • Participate in induction, e-learning and awareness raising sessions on confidentiality issues.


  • Don’t share passwords or leave them lying around for others to see.
  • Don’t share information without the consent of the person to which the information relates, unless there are statutory or common law grounds to do so.
  • Don’t use person-identifiable information unless absolutely necessary, anonymise the information wherever possible.
  • Don’t collect, hold or process more information than you need, and do not keep it for longer than necessary.

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!