Achieve Mastery of Medical Concepts

Study for medical school and boards with Lecturio

Patient-Doctor Confidentiality

Confidentiality describes the “privileged and private nature of information” shared by a patient with a physician. In general, this information should only be disclosed to a 3rd party with the patient’s express consent.  In the U.S., confidentiality is regulated by the Health Insurance Portability and Accountability Act (HIPAA). According to HIPAA, protected health information (PHI) may only be disclosed to assist in treatment, payment, and healthcare operations. While there are some specific situations where patient-doctor confidentiality may be broken (e.g., when the patient is at risk for self-harm), these situations are considered exceptions and clinicians ought to make sure that confidentiality is not unnecessarily jeopardized.

Last updated: May 6, 2022

Editorial responsibility: Stanley Oiseth, Lindsay Jones, Evelin Maza

Overview

Definition

Protected healthinformation (PHI)

  • Protected health information (PHI): information generated while providing medical care Medical care Conflict of Interest that can be used to identify a patient:
    • Demographic information
    • Medical history and diagnoses, including mental health conditions
    • Types of healthcare utilized by an individual (includes which doctors a patient sees)
    • Test and laboratory results
    • Insurance and healthcare payment information
  • PHI may only be communicated with 3rd parties after patients Patients Individuals participating in the health care system for the purpose of receiving therapeutic, diagnostic, or preventive procedures. Clinician–Patient Relationship provide express consent.

The Health Insurance Portability and Accountability Act (HIPAA)

What HIPAA is

  • Many countries protect the confidentiality of medical information by law.
  • HIPAA:
    • A federal statute in the U.S. that imposes a number of requirements on the disclosure of PHI
    • Protects patient privacy in clinical care and research Research Critical and exhaustive investigation or experimentation, having for its aim the discovery of new facts and their correct interpretation, the revision of accepted conclusions, theories, or laws in the light of newly discovered facts, or the practical application of such new or revised conclusions, theories, or laws. Conflict of Interest 
  • All medical staff should be familiar with local legislation regarding the handling of medical information and the institutional protocols for compliance Compliance Distensibility measure of a chamber such as the lungs (lung compliance) or bladder. Compliance is expressed as a change in volume per unit change in pressure. Veins: Histology.
  • Includes a “Privacy Rule” and a “Security Rule”

HIPAA privacy rule

  • Describes how PHI can and cannot be used (known as authorized and unauthorized disclosures Disclosures Revealing of information, by oral or written communication. Conflict of Interest of PHI, respectively)
  • Authorized disclosures Disclosures Revealing of information, by oral or written communication. Conflict of Interest of PHI:
    • Directly to the individual (disclosure is required when the information is requested by the individual)
    • For treatment/ coordination Coordination Cerebellar Disorders of care
    • For payment
    • For general healthcare operations
    • Specific situations which benefit the public interest, including:
      • As required by law (e.g., by court order, as part of health oversight activities)
      • For public health activities (e.g., individuals exposed to communicable diseases who should undergo contact tracing)
      • Victims of abuse or neglect Neglect Child Abuse
      • Serious threats to the health or safety of an individual or the public (e.g., a single mother brought to the hospital by ambulance has a young child at home → PHI must be disclosed to help coordinate care for the child)
      • To facilitate organ donation Organ Donation Brain Death of a recently deceased individual
  • All other uses of an individual’s PHI must be authorized in writing by the individual
  • Examples of appropriate use of PHI under the Privacy Rule:
    • Discussing a patient’s case with other clinicians involved in the patient’s care
    • Contextual information in orders for diagnostic imaging, laboratory tests, and/or pathology
    • Referral to other institutions
    • Use of PHI by a healthcare provider to obtain payment for services
    • Use of PHI as part of a provider or health plan performance evaluation
    • Institutional or governmental investigations of fraud
  • Disclosures Disclosures Revealing of information, by oral or written communication. Conflict of Interest of PHI should be limited to the minimum necessary required to accomplish a given task.
  • All patient-physician communication Communication The exchange or transmission of ideas, attitudes, or beliefs between individuals or groups. Decision-making Capacity and Legal Competence to the patient needs to be HIPAA compliant:
    • Best to use HIPAA-compliant software (often build into electronic medical record systems)
    • Avoid communicating with patients Patients Individuals participating in the health care system for the purpose of receiving therapeutic, diagnostic, or preventive procedures. Clinician–Patient Relationship over text message and social media → not compliant with the HIPAA security rule
  • Note: There are no restrictions on using or disclosing deidentified information (information that cannot be used to identify a specific individual).

HIPAA Security rule 

  • PHI must be protected during storage, use, and transmission via adequate administrative, physical, and technical safeguards.
  • Includes all forms of PHI: both “hard copies” and information stored electronically
  • Access to PHI must be limited to authorized users who require the information to do their jobs.
  • Authorized users must be authenticated and monitored when using PHI.
  • Electronically transmitted PHI must be encrypted.

Breaches of Confidentiality

  • Breaches of confidentiality are referred to as unauthorized disclosures Disclosures Revealing of information, by oral or written communication. Conflict of Interest.
  • Examples: 
    • Sharing an image on social media with patient information visible on a whiteboard in the background
    • Discussing a patient’s case with another clinician Clinician A physician, nurse practitioner, physician assistant, or another health professional who is directly involved in patient care and has a professional relationship with patients. Clinician–Patient Relationship in a public elevator, which is overheard by others
    • Sending a patient STI STI Sexually transmitted infections (STIs) are infections that spread either by vaginal intercourse, anal sex, or oral sex. Symptoms and signs may include vaginal discharge, penile discharge, dysuria, skin lesions (e.g., warts, ulcers) on or around the genitals, and pelvic pain. Some infections can lead to infertility and chronic debilitating disease. Sexually Transmitted Infections (STIs) results over personal text message, which was inadvertently seen 1st by the patient’s sexual partner
  • Violations must be self-reported to the relevant government body (Department of Health and Human Services ( HHS HHS Diabetic ketoacidosis (DKA) and hyperosmolar hyperglycemic state (HHS) are serious, acute complications of diabetes mellitus. Hyperosmolar hyperglycemic state occurs due to a relative deficiency of insulin or insulin resistance, leading to severe hyperglycemia and elevated serum osmolality. Hyperglycemic Crises) in the United States).
  • Penalties depend on the jurisdiction and local penal code but can be as high as $1.5 million in the US for willful neglect Neglect Child Abuse.

Limits of Confidentiality with Minors

Confidentiality is broken/PHI is shared under specific circumstances outlined by HIPAA (e.g., cases of suspected abuse; threats to public health or safety).

  • Confidentiality can be especially complicated in the care of minors, especially when their desires conflict with those of their legal guardians
  • Laws vary from state to state
  • Examples include:
    • The age of legal consensual sexual activity varies, and may or may not be reportable as child abuse Child abuse Child abuse is an act or failure to act that results in harm to a child’s health or development. The abuse encompasses neglect as well as physical, sexual, and emotional harm. Seen in all subsets of society, child abuse is a cause of significant morbidity and mortality in the pediatric population. Child Abuse
    • If/when parental notification is required for certain health services (e.g., abortion Abortion Expulsion of the product of fertilization before completing the term of gestation and without deliberate interference. Spontaneous Abortion)
  • Care should be taken to avoid inadvertent disclosure of information Disclosure of information Disclosure of information is the process through which physicians explain clinical information to their patient (or surrogate decision-maker) in a way that the patient or surrogate can understand. This process is crucial for patients to understand their clinical situation and make informed decisions about their care. Disclosure of Information the minor wants kept private (note: parents/guardians may see PHI when they request medical records or when they get a bill for services provided)
  • In the case of minors, experts recommend discussing “conditional” confidentiality with their patients Patients Individuals participating in the health care system for the purpose of receiving therapeutic, diagnostic, or preventive procedures. Clinician–Patient Relationship:
    • Explicitly state when confidentiality needs to be broken (e.g., abuse, suicidal ideations, reporting certain STIs STIs Sexually transmitted infections (STIs) or sexually transmitted diseases (STDs) are infections that spread either by vaginal intercourse, anal sex, or oral sex. Symptoms and signs may include vaginal discharge, penile discharge, dysuria, skin lesions (e.g., warts, ulcers) on or around the genitals, and pelvic pain. Some infections can lead to infertility and chronic debilitating disease. Sexually Transmitted Infections (STIs) to public health departments)
    • Help the teen understand that confidentiality will be maintained for all “routine” health issues that can be managed entirely by the physician (which includes things like basic STI STI Sexually transmitted infections (STIs) are infections that spread either by vaginal intercourse, anal sex, or oral sex. Symptoms and signs may include vaginal discharge, penile discharge, dysuria, skin lesions (e.g., warts, ulcers) on or around the genitals, and pelvic pain. Some infections can lead to infertility and chronic debilitating disease. Sexually Transmitted Infections (STIs) treatment)

References

  1. Tariq, R.A., Hackert, P.B. (2021). Patient confidentiality. StatPearls. Treasure Island (FL): StatPearls Publishing. http://www.ncbi.nlm.nih.gov/books/NBK519540/
  2. Darby, W.C., Weinstock, R. (2018). The Limits of Confidentiality: Informed Consent and Psychotherapy. Focus (American Psychiatric Publishing), 16(4), 395–401. https://doi.org/10.1176/appi.focus.20180020

USMLE™ is a joint program of the Federation of State Medical Boards (FSMB®) and National Board of Medical Examiners (NBME®). MCAT is a registered trademark of the Association of American Medical Colleges (AAMC). NCLEX®, NCLEX-RN®, and NCLEX-PN® are registered trademarks of the National Council of State Boards of Nursing, Inc (NCSBN®). None of the trademark holders are endorsed by nor affiliated with Lecturio.

Study on the Go

Lecturio Medical complements your studies with evidence-based learning strategies, video lectures, quiz questions, and more – all combined in one easy-to-use resource.

Learn even more with Lecturio:

Complement your med school studies with Lecturio’s all-in-one study companion, delivered with evidence-based learning strategies.

User Reviews

¡Hola!

Esta página está disponible en Español.

Details