30. Confidentiality and privacy
Refer to principles 2, 5, 6 and 10
Regulatory principles that apply to licensed centres
have proper respect for the privacy, confidentiality, dignity, comfort and well being of patients and donors;
provide prospective and current patients and donors with sufficient, accessible and up-to-date information in order to allow them to make informed decisions;
ensure that patients and donors have provided all relevant consents, before any licensed activity is undertaken;
maintain proper and accurate records and information about all licensed activities;
On this page:
- Breach of confidentiality
- Access to medical records
- Requests under the Data Protection Act 1998
- Disclosing non-identifying information: general
- Disclosure authorised by statute
- Disclosing information to gamete and embryo donors
- Disclosing information to recipients of donated gametes and embryos
- Consent to disclose identifying information
- Section includes interpretations of mandatory requirements
- Download this guidance note (316kb)
Please note: As of 1 October 2014 the downloadable Code of Practice is generated directly from online content, therefore the formatting may appear different to previous versions.
- Download the full code (5149kb)
- Download all the directions
Search the Code
Human Fertilisation and Embryology (HFE) Act 1990 (as amended)
31 Register information
The Authority shall keep a register which is to contain any information which falls within subsection (2) and which—
(a) immediately before the coming into force of section 24 of the Human Fertilisation and Embryology Act 2008, was contained in the register kept under this section by the Authority, or
(b) is obtained by the Authority.
Subject to subsection (3), information falls within this subsection if it relates to—
(a) the provision for any identifiable individual of treatment services other than basic partner treatment services,
(b) the procurement or distribution of any sperm, other than sperm which is partner-donated sperm and has not been stored, in the course of providing non-medical fertility services for any identifiable individual,
(c) the keeping of the gametes of any identifiable individual or of an embryo taken from any identifiable woman,
(d) the use of the gametes of any identifiable individual other than their use for the purpose of basic partner treatment services, or
(e) the use of an embryo taken from any identifiable woman, or if it shows that any identifiable individual is a relevant individual.
Information does not fall within subsection (2) if it is provided to the Authority for the purposes of any voluntary contact register as defined by section 31ZF(1).
In this section “relevant individual” means an individual who was or may have been born in consequence of—
(a) treatment services, other than basic partner treatment services, or
(b) the procurement or distribution of any sperm (other than partner donated sperm which has not been stored) in the course of providing non-medical fertility services.
33A Disclosure of information
No person shall disclose any information falling within section 31(2) which the person obtained (whether before or after the coming into force of section 24 of the Human Fertilisation and Embryology Act 2008) in the person’s capacity as -
(a) a member or employee of the Authority,
(b) any person exercising functions of the Authority by virtue of section 8B or 8C of this Act (including a person exercising such functions by virtue of either of those sections as a member of staff or as an employee),
(c) any person engaged by the Authority to provide services to the Authority,
(d) any person employed by, or engaged to provide services to, a person mentioned in paragraph (c),
(e) a person to whom a licence applies,
(f) a person to whom a third party agreement applies, or
(g) a person to whom Directions have been given.
Subsection (1) does not apply where -
(a) the disclosure is made to a person as a member or employee of the Authority or as a person exercising functions of the Authority as mentioned in subsection (1)(b),
(b) the disclosure is made to or by a person falling within subsection (1)(c) for the purpose of the provision of services which that person is engaged to provide to the Authority,
(c) the disclosure is made by a person mentioned in subsection (1)(d) for the purpose of enabling a person falling within subsection (1)(c) to provide services which that person is engaged to provide to the Authority,
(d) the disclosure is made to a person to whom a licence applies for the purpose of that person’s functions as such,
(e) the disclosure is made to a person to whom a third party agreement applies for the purpose of that person’s functions under that agreement,
(f) the disclosure is made in pursuance of Directions given by virtue of section 24,
(g) the disclosure is made so that no individual can be identified from the information,
(h) the disclosure is of information other than identifying donor information and is made with the consent required by section 33B,
(i) the disclosure-
(i) is made by a person who is satisfied that it is necessary to make the disclosure to avert an imminent danger to the health of an individual (‘‘P’’),
(ii) is of information falling within section 31(2)(a) which could be disclosed by virtue of paragraph (h) with P’s consent or could be disclosed to P by virtue of subsection (5), and
(iii) is made in circumstances where it is not reasonably practicable to obtain P’s consent.
(j) the disclosure is of information which has been lawfully made available to the public before the disclosure is made,
(k) the disclosure is made in accordance with sections 31ZA to 31ZE,
(l) the disclosure is required or authorised to be made –
(i) under regulations made under section 33D, or
(ii) in relation to any time before the coming into force of the first regulations under that section, under regulations made under section 251 of the National Health Service Act 2006,
(m) the disclosure is made by a person acting in the capacity mentioned in subsection (1)(a) or (b) for the purpose of carrying out the Authority’s duties under section 8A,
(n) the disclosure is made by a person acting in the capacity mentioned in subsection (1)(a) or (b) in pursuance of an order of a court under section 34 or 35,
(o) the disclosure is made by a person acting in the capacity mentioned in subsection (1)(a) or (b) to the Registrar General in pursuance of a request under section 32,
(p) the disclosure is made by a person acting in the capacity mentioned in subsection (1)(a) or (b) to any body or person discharging a regulatory function for the purpose of assisting that body or person to carry out that function,
(q) the disclosure is made for the purpose of establishing in any proceedings relating to an application for an order under subsection (1) of section 54 of the Human Fertilisation and Embryology Act 2008 whether the condition specified in paragraph (a) or (b) of that subsection is met,
(r) the disclosure is made under section 3 of the Access to Health Records Act 1990,
(s) the disclosure is made under Article 5 of the Access to Health Records (Northern Ireland) Order 1993, or
(t) the disclosure is made necessarily for -
(i) the purpose of the investigation of any offence (or suspected offence), or
(ii) any purpose preliminary to proceedings, or for the purposes of, or in connection with, any proceedings.
Subsection (1) does not apply to the disclosure of information in so far as -
(a) the information identifies a person who, but for sections 27 to 29 of this Act or sections 33 to 47 of the Human Fertilisation and Embryology Act 2008, would or might be a parent of a person who instituted proceedings under section 1A of the Congenital Disabilities (Civil Liability) Act 1976, and
(b) the disclosure is made for the purpose of defending such proceedings, or instituting connected proceedings for compensation against that parent.
Paragraph (t) of subsection (2), so far as relating to disclosure for the purpose of the investigation of an offence or suspected offence, or for any purpose preliminary to, or in connection with proceedings, does not apply—
(a) to disclosure of identifying donor information, or
(b) to disclosure, in circumstances in which subsection (1) of section 34 of this Act applies, of information relevant to the determination of the question mentioned in that subsection, made by any person acting in a capacity mentioned in any of paragraphs (c) to (g) of subsection (1).
Subsection (1) does not apply to the disclosure to any individual of information which—
(a) falls within subsection (2) of section 31 of this Act by virtue of any of paragraphs (a) to (e) of that subsection, and
(b) relates only to that individual or, in the case of an individual who is treated together with, or gives a notice under section 37 or 44 of the Human Fertilisation and Embryology Act 2008 in respect of, another, only to that individual and that other.
In subsection (2)—
(i) in paragraph (p) “regulatory function” has the same meaning as in section 32 of the Legislative and Regulatory Reform Act 2006, and
(ii) in paragraph (t) references to “proceedings” include any formal procedure for dealing with a complaint.
In this section ‘‘identifying donor information’’ means information enabling a person to be identified as a person whose gametes were used in accordance with consent given under paragraph 5 of Schedule 3 for the purposes of treatment services or non-medical fertility services in consequence of which an identifiable individual was, or may have been, born.
33C Power to provide for additional exceptions from section 33A(1)
Power to provide for additional exceptions from section 33A(1)
No exception may be made under this section for -
(a) disclosure of a kind mentioned in paragraph (a) or (b) of subsection (4) of section 33A, or
(b) disclosure in circumstances in which section 32 of this Act applies of information having the tendency mentioned in subsection (2) of that section, made by any person acting in a capacity mentioned in any of paragraphs (c) to (g) of subsection (1) of section 33A.
34 Disclosure in interests of justice
Where in any proceedings before a court the question whether a person is or is not the parent of a child by virtue of sections 27 to 29 of this Act or sections 33 to 47 of the Human Fertilisation and Embryology Act 2008 falls to be determined, the court may on the application of any party to the proceedings make an order requiring the Authority—
(a) to disclose whether or not any information relevant to that question is contained in the register kept in pursuance of section 31 of this Act, and
(b) if it is, to disclose so much of it as is specified in the order,
but such an order may not require the Authority to disclose any information falling within section 31(2) (c) to (e) of this Act.
The court must not make an order under subsection (1) above unless it is satisfied that the interests of justice require it to do so, taking into account—
(a) any representations made by any individual who may be affected by the disclosure, and
(b) the welfare of the child, if under 18 years old, and of any other person under that age who may be affected by the disclosure.
If the proceedings before the court are civil proceedings, it—
(a) may direct that the whole or any part of the proceedings on the application for an order under subsection (2) above shall be heard in camera, and
(b) if it makes such an order, may then or later direct that the whole or any part of any later stage of the proceedings shall be heard in camera.
An application for a direction under subsection (3) above shall be heard in camera unless the court otherwise directs.
35 Disclosure in interests of justice: congenital disabilities, etc
Where for the purpose of instituting proceedings under section 1 of the Congenital Disabilities (Civil Liability) Act 1976 (civil liability to child born disabled) it is necessary to identify a person who would or might be the parent of a child but for the relevant statutory provisions, the court may, on the application of the child, make an order requiring the Authority to disclose any information contained in the register kept in pursuance of section 31 of this Act identifying that person.
Where, for the purposes of any action for damages in Scotland (including any such action which is likely to be brought) in which the damages claimed consist of or include damages or solatium in respect of personal injury (including any disease and any impairment of physical or mental condition), it is necessary to identify a person who would or might be the parent of a child but for the relevant statutory provisions, the court may, on the application of any party to the action or, if the proceedings have not been commenced, the prospective pursuer, make an order requiring the Authority to disclose any information contained in the register kept in pursuance of section 31 of this Act identifying that person.
In subsections (1) and (2) “the relevant statutory provisions” means –
(a) sections 27 to 29 of this Act, and
(b) sections 33 to 47 of the Human Fertilisation and Embryology Act 2008.
Subsections (2) to (4) of section 34 of this Act apply for the purposes of this section as they apply for the purposes of that.
After section 4(4) of the Congenital Disabilities (Civil Liability) Act 1976 there is inserted—
"(4A) In any case where a child carried by a woman as the result of the placing in her of an embryo or of sperm and eggs or her artificial insemination is born disabled, any reference in section 1 of this Act to a parent includes a reference to a person who would be a parent but for sections 27 to 29 of the Human Fertilisation and Embryology Act 1990."
A person who discloses any information in contravention of section 33A of this Act is guilty of an offence and liable –
(a) on conviction on indictment, to imprisonment for a term not exceeding two years or a fine or both, and
(b) on summary conviction, to imprisonment for a term not exceeding six months or a fine not exceeding the statutory maximum or both.
The centre must ensure that all information is kept confidential and only disclosed in circumstances
permitted by law.
The centre must have processes in place to ensure that access to a centre’s health data and records
is secure at all times; conforms with legislative requirements; and is only available to persons named
on a centre’s licence or authorised by the Person Responsible. Such processes shall include:
a. establishing and maintaining data security measures and safeguards against any
unauthorised data additions, deletions or modifications to patient/donor files or records, and
the transfer of information
b. establishing and maintaining procedures to resolve all data discrepancies
c. preventing unauthorised disclosure of information whilst guaranteeing the traceability of
gamete, embryo or tissue (cell) donations
d. considering and responding to applications for access to confidential records and correctly
identifying applicants, and
e. receiving, checking and arranging authorised access to confidential data and records.
Access to registers and data must be restricted to persons authorised by the PR and to the Authority for the purpose of inspection and control measures.
The centre should ensure that information provided in confidence, including all information relating to donors, patients and children born as a result of treatment, is kept confidential and disclosed only in the circumstances permitted by law. The centre should ensure that patients, their partners, and donors do not have access to any other person’s records without first getting that person’s consent.
If the centre is in doubt about whether a proposed disclosure is lawful, it should seek independent legal advice.
Breach of confidentiality
If confidentiality is breached, the centre should investigate, deal with the breach, and submit a full explanation to the HFEA. If it appears that a criminal offence has been committed, the centre should inform the police.
Access to medical records
For the purposes of this Code of Practice, a record is defined as information created, received and maintained as evidence by a centre or person, in meeting legal obligations or in transacting business. Records can be in any form or medium provided they are readily accessible, legible and indelible.
The centre must establish a documented procedure for controlling access to medical records. This should ensure that arrangements are in place for:
a) properly identifying applicants
b) promptly considering and responding to applications for access to confidential records
c) a designated individual in the centre being responsible for receiving, checking and arranging authorised access to confidential records
d) notifying the Information Commissioner in line with the Data Protection Act 1998
e) giving all individual donors and recipients who provide information about themselves access to their own individual records of that information and an opportunity to correct it
f) ensuring proper procedures are in place to maintain confidentiality when records are stored off site, and
g) ensuring that individuals are aware of their rights under the Data Protection Act 1998 to access their own medical records.
NOTE: When the centre is part of a larger organisation, the appropriate department of the parent organisation may do some of these procedures, where relevant.
The centre should have clear security procedures to prevent unauthorised access to records, and take particular care if records are kept outside the licensed premises (eg, when counselling takes place outside the centre). The security procedures should be appropriate to the record keeping system, whether paper-based, electronic or in any other format. Extra scrutiny is recommended if the centre has laboratory equipment that stores patient-identifying information electronically.
To mitigate the risks of unauthorised people inadvertently gaining access to patient-identifying information through electronic records, the centre should:
a) ensure that such information cannot be transferred to portable media-storage devices
b) ensure that when hardware is removed from the premises, identifying information has been removed
c) consider making it a policy that no data is stored on any third-party device unless there is a process for anonymising or deleting the data
d) record and audit potential access to identifying information
e) have systems in place to reduce the risks of malicious access to data; these systems should include anti-virus software, firewalls, and network segmentation (including user-/network-level usernames and passwords)
f) know what software is installed on centre systems and what it allows
g) ensure agreements/contracts with the relevant providers set out expectations.
If the centre’s service providers require access to identifying information to do their job, then the centre must take steps to ensure that any person accessing data is suitable.
A person whose medical records are held by the centre is normally entitled to receive a copy of their own medical records, so long as they ask in writing (including by electronic means) and pay any fee required. The source of the information and an explanation of any unusual or technical terms should be given.
Requests under the Data Protection Act 1998
The centre should comply promptly with ‘subject access requests’ made under the Data Protection Act 1998. Usually, such requests will be for copies of medical records. The centre must check the identity of the person making the request and may also request written consent and proof of identity from the partners of applicants if the medical record contains information relating to them. The centre may also levy a fee of between £10 and £50 for copying medical records.
When proof of identity and payment has been received, the centre has 40 calendar days to respond to the request. The centre should be aware that some requests for information may fall under different information access regimes; they must ensure that they comply within the appropriate timeframes (eg, 20 working days under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004).
The centre should take into account any other exceptions and modifications to the Data Protection Act 1998 before giving access.
Disclosing non-identifying information: general
The centre may disclose information that does not identify or could not reasonably be expected to lead to the identification of a person owed a duty of confidentiality. If the centre is unsure whether information it proposes to disclose could identify the person, it should seek independent legal advice.
Disclosure authorised by statute
30AInterpretation of mandatory requirements
A centre may hold information that could lead to the identification of:
a) an individual donor or recipient of gametes or embryos
b) an individual or couple seeking or receiving treatment services (other than basic partner services), or
c) an individual who may have been born as a result of such services or as a result of donated sperm.
The centre may disclose this information only in the specific circumstances set out in the HFE Act 1990 (as amended). The information may, for example, be disclosed:
a) to anyone, provided that it is disclosed in such a way that no individual can be identified from it
b) to the Authority
c) to another licensed centre to enable that centre to carry out its functions under its licence
d) to the person to whom the information relates, and to their partner (if they are being treated together, or their partner has served notice of consent to be treated as the legal parent of any resulting child)
e) with the consent of each person who could be identified from the information (although disclosure in this case is limited to information other than that from which a donor of gametes could be identified)
f) in connection with specific proceedings, including, for example, in relation to the formal complaints procedure, or
g) in an emergency, if disclosure is necessary to avert imminent danger to the health of the person to whom the information relates, and it is not reasonably practicable to obtain their consent to disclosure.
If the centre is in doubt about whether a proposed disclosure is lawful, it should seek independent legal advice.
If the centre refers a person seeking treatment to another licensed centre, it should provide relevant information in line with good clinical practice. The centre must always supply information relevant to the welfare of the child.
Disclosing information to gamete and embryo donors
30BInterpretation of mandatory requirements
A donor may request information from a centre about the number, sex and birth year of any children born using their gametes or embryos. If the centre holds that information, it must provide it unless the person responsible considers that special circumstances exist that increase the likelihood of the donor being able to identify any of those children.
Once a person conceived using donor gametes reaches the age of 16, they may ask the Authority to give them certain identifying information about the donor and the number, sex and year of birth of any donor-conceived siblings.
The HFEA will seek to inform donors of gametes and embryos that it has received an application by a donor-conceived person for identifying information about them. The HFEA will not give the donor any information about the person making the application.
Disclosing information to recipients of donated gametes and embryos
The centre may give non-identifying information about the donor to those who receive donor-assisted conception treatment and those who have received such treatment in the past.
The HFEA may also disclose the information that centres may disclose in these circumstances, if that information is contained on its Register.
The centre should:
a) reassure donors and potential donors that they may ask at any time how many children have resulted from their donation
b) reassure identifiable donors that attempts will be made to contact them before their identity is disclosed to a donor-conceived person
c) encourage identifiable donors to provide up-to-date contact details to help this, and
d) respond as fully as possible to patients' requests for non-identifying information about the
donor(s) used in their treatment.
Consent to disclose identifying information
30CInterpretation of mandatory requirements
Patients have the right to decide what identifying information should be disclosed and to whom. Centres should obtain a patient’s written consent before disclosing information relating to their treatment (or providing gametes for a partner’s treatment),or storage of their gametes or embryos.
In addition, consent is needed from any person who could be identified through disclosure of information about a person’s treatment or storage. For example, if a patient’s partner could be incidentally identified through disclosure of information about a patient’s treatment.
If a child born as a result of treatment could be identified, consent must be obtained from the parent(s), unless identification is necessarily incidental to the disclosure of information about the patient’s treatment. Once a child born as a result of treatment is considered competent to consent, then their consent (if given) will override the consent of the parent(s).
Before obtaining consent to disclose information, the centre should give the person enough information for them to make a properly informed decision, including:
a) precisely what information is to be disclosed
b) the terms on which it is disclosed
c) the reasons for disclosure (eg, to keep the person’s GP informed about the fertility treatment)
d) the implications of disclosure, in particular the fact that, once it is disclosed, the information will be subject no longer to the special provisions of the HFE Act 1990 (as amended) but only to the general law of confidentiality, and
e) the categories of people to whom the information is to be disclosed.
The centre should seek consent to disclosure to the following categories of people:
a) the patient’s GP or the patient’s partner’s GP
b) other healthcare professionals outside the centre (to enable them to provide the patient or the patient’s partner with the best possible medical care)
c) auditors or administrative staff outside of the centre (to enable them to perform functions designated to them in connection with the centre’s licensable activities), and
d) medical or other researchers (so they can contact the patient about specific research projects or carry out non-contact research).
The centre should renew consent to disclosure if the nature of the treatment changes after initial consent has been given (eg, if during treatment, it is proposed that donor gametes are used instead of the patient’s own, or if the patient moves from unlicensed to licensed fertility treatment).
The centre should ensure that people to whom they disclose identifying information know that the information remains protected by the existing common law on confidentiality. Those receiving information should also be told:
a) the precise terms upon which it was disclosed and for which consent has been given, and
b) that if they disclose the information they have received, a child might learn in an inappropriate way that they were born as a result of fertility treatment.
Other legislation, professional guidelines and information
- Human Rights Act 1998
- European Convention for the Protection of Human Rights and Fundamental Freedoms
- Data Protection Act 1998
- The Data Protection (Subject Access Modification) (Health) Order 2000
- Access to Health Records Act 1990
- Access to Health Records (Northern Ireland) Order 1993
- Care Quality Commission - Code of Practice on confidential personal information (2010)
- Confidentiality: NHS Code of Practice (2003)
- Records Management: NHS Code of Practice (2006)
- General Medical Council – Confidentiality guidance: Protecting information (2004)
- Guidance from the Information Commissioner
Code of Practice edition: 8