Confidentiality describes a set of principles observed to maintain private information shared by a patient with their doctor during the course of their medical care.
- Done with the intent of protecting the patient’s intimacy and privacy
- Underlying principles:
- Do no harm
- Respect for autonomy
- Protected health information (PHI): information generated while providing medical care that can be used to identify a patient
- PHI may only be communicated with 3rd parties after patients provide express consent.
- Many countries protect the confidentiality of medical information by law.
- In the United States, protection of medical information is required by the Health Insurance Portability and Accountability Act (HIPAA): All medical staff should be familiarized with the local legislation regarding the handling of medical information and the institutional protocols for compliance.
- Security rule: protection of electronically stored PHI (ePHI) via adequate administrative, physical, and technical safeguards
- Physicians must use discretion to communicate with patients when using electronic communication and/or social media while remaining compliant with the HIPAA.
Breaches of confidentiality
- Violations must be self-reported to the competent government body (Department of Health and Human Services (HHS) in the United States).
- Penalties depend on the jurisdiction and local penal code but can be as high as $1.5 million in the US for willful neglect.
Limits of Confidentiality
There are situations when confidentiality may be breached. While there is no legal obligation to inform patients of the limits of confidentiality, some argue that there is an ethical duty to do so.
Discussion of PHI for clinical purposes is covered under HIPAA, including:
- Discussion with other clinicians
- Contextual information to demonstrate pertinence for diagnostic imaging modalities, laboratory tests, and/or pathology
- Referral to other institutions
Inability to give consent
The clinician must use the information to act according to the patient’s best interests if a situation arises where the patient is unable to provide consent of disclosure:
- The patient is determined to be incapable.
- Medical emergencies (e.g., MI, life-threatening trauma)
- Inability to express consent due to the current diagnosis (e.g., coma)
Exceptions due to requests from public health bodies or law enforcement
- Threat to public health
- Investigations of child or elder abuse
- Investigations of fraud
- Imminent threat to self or identifiable 3rd parties
- Threat to national security
- Tariq, R.A., Hackert, P.B. (2021). Patient confidentiality. StatPearls. Treasure Island (FL): StatPearls Publishing. http://www.ncbi.nlm.nih.gov/books/NBK519540/
- Darby, W.C., Weinstock, R. (2018). The Limits of Confidentiality: Informed Consent and Psychotherapy. Focus (American Psychiatric Publishing), 16(4), 395–401. https://doi.org/10.1176/appi.focus.20180020