Peter Bates > Garden Shed > When must confidentiality be overridden?

When must confidentiality be overridden?

In reading the confidentiality policies of advocacy organisations, I have noticed a range of answers to the question of what must be disclosed. We all know that there is a point at which the advocate’s duties to the advocacy partner or the community at large trump their right to confidentiality. But where does the line fall?

We expect that advocates will always answer inquiries from the Police or the Courts truthfully and freely, but when should they proactively volunteer information? We could just run to that splendid portmanteau word ‘safeguarding’ and hide there, but what lies beneath? To what extent is the advocate a responsible citizen, a representative of the interests of the State or one who upholds the rights of the individual to privacy, choice and control?

The Criminal Law Act 1967 makes it clear that a criminal offence has not usually been committed if someone fails to pass on knowledge of a crime, but there are qualifications to this general principle – it is a crime to: withhold information about criminal activity from the authorities in exchange for a reward; assist a criminal, or would-be criminal; share in the proceeds of a criminal act; or deliberately mislead the police.

In contrast, many organisations set a much higher bar for staff working in the health and social care sector. For example, one local authority adult stafeguarding policy that has been adopted by the advocacy provider requires health and social care staff to report to the Police any criminal offence that has occurred or is likely to occur. The notion of a crime which is ‘likely to occur’ is captured by others as ‘intent to commit a crime’, thereby opening up questions about the person’s executive function – for this person, does a spoken intention usually result in the action? Another advocacy provider qualifies this position by requiring its staff to report to the Police any information relating to an offence which there is reason to believe has not previously been disclosed.

Then there is legislation which defines specific circumstances in which citizens must proactively report information to avert the specific crimes of:

  • Terrorism – The Prevention of Terrorism Act 1984 places a legal duty on all citizens to divulge to official bodies any information relating to acts of terrorism. This is reinforced in the Terrorism Act 2000 and the Anti-Terrorism, Crime and Security Act 2001, which requires all citizens to divulge anything that would help the authorities prevent an act of terrorism.
  • Drug trafficking – The Drug Trafficking Act 1994 makes it a criminal offence not to report a suspicion or knowledge of drug money laundering.

The law also protects people who breach the right of confidentiality to so report. Schedule 11 of the Data Protection Act 2018 sets aside the usual requirements and allows data to be disclosed and processed for the purpose of preventing or detecting crime. This means that someone who did so would escape prosecution for breach of confidentiality, but this is different from being required to disclose.

Some organisations write additional items into their policies, generally assuming that the reasons to do so are self-evident and offering no graduated scale of severity. I have seen the following examples, which seem to me to be driven by wildly divergent agendas. Individual advocacy organisations assert that they will breach confidentiality if they discover that there is:

  • An attempt to radicalise a child, young person or vulnerable adult 
  • An intent to break the security rules of a forensic or penal setting 
  • A risk of violence to self or others. This is sometimes framed as ‘intent to harm self or others, including danger to life.’ It is unclear if the harm is confined to physical self-harm, such as cutting, or might include dangerous levels of alcohol consumption, for example. The severity of the risk is also unclear, so that it may be that minor cuts should be ignored, while significant danger to life should trigger a breach of confidentiality.  
  • information regarding child abuse or the protection of vulnerable adults. Whilst it is easy to think of egregious examples where there is no doubt that abuse has occurred and confidentiality must overridden, the statement ‘information regarding the protection of vulnerable adults’ is potentially all-encompassing and it is not straightforward to decide what information should be held confidential and what can be shared.
  • a situation where advocates believe that it is in the person’s best interests or in the best interests of other people using the service, especially when the person lacks capacity
  • A chance that the organisation might become the subject of  a prosecution or receive a Court Order requiring the disclosure of the information
  • A matter which is likely to have a detrimental effect upon the organisation’s good name or reputation.  This is despite the explicit prohibition of this practice in Guidance to the Care Act 2014, paragraph 14:190.

It is not unusual for health and social care staff to override the person’s preference out of a conviction that they know best what is right for the person or for the community. For example, while it is clear that drivers in the UK have an obligation to tell the Driver and Vehicle Licensing Authority about anything that seriously impairs their ability to drive, the General Medical Council has advised doctors that they have a duty to override the patient’s wishes and notify the DVLA if in their professional judgement the patient’s refusal to stop driving is a danger to others.

What is interesting is that advocacy organisations, that so often push back to secure a space within which the person can exercise their own freedom of choice, have such varied approaches to these matters. Advocacy partners have a qualified right to privacy; could some zealous advocacy organisations, over-eager to report, be guilty of a ‘lack of respect for privacy’, which SCIE has dubbed a feature of institutional abuse? Or might organisations go the other way and abandon their legal obligations in their determination to uphold the partner’s wish for privacy?