Confidentiality Do’s and Don’ts

Hints and tips on how to maintain confidentiality.


  • Safeguard the confidentiality of all person-identifiable or confidential information that you come into contact with. This is a statutory obligation on everyone working on or behalf of NHSCFA
  • Clear your desk at the end of each day, keeping all non-digital records containing person-identifiable or confidential information in recognised filing and storage places that are locked at times when access is not directly controlled or supervised.
  • Switch off computers with access to person-identifiable or business confidential information, or put them into a password protected mode, if you leave your desk.
  • Ensure that you cannot be overheard when discussing confidential matters.
  • Challenge and verify where necessary the identity of any person who is making a request for person-identifiable or confidential information and ensure they have a need to know.
  • Share only the minimum information necessary to achieve the purpose.
  • Transfer person-identifiable or confidential information securely when necessary i.e. use an email account to send confidential information to another email account or to a secure government domain e.g.
  • Seek advice if you need to share patient/person-identifiable information without the consent of the patient/identifiable person’s consent and record the decision and any action taken.
  • Report any actual or suspected breaches of confidentiality through Service Desk (, Ext: 0207 895 4545, Int: 514 4545) where it will be appropriately triaged.
  • Participate in induction, e-learning and awareness raising sessions on confidentiality issues.


  • Don’t share passwords or leave them lying around for others to see.
  • Don’t share information without the consent of the person to which the information relates, unless there are statutory or common law grounds to do so.
  • Don’t use person-identifiable information unless absolutely necessary, anonymise the information wherever possible.
  • Don’t collect, hold or process more information than you need, and do not keep it for longer than necessary.