Breach of Patient Confidentiality and Privacy

by Mark Hughes, MD, MA

My Notes
  • Required.
Save Cancel
    Learning Material 2
    • PDF
      Slides Breach of Patient Confidentiality Privacy.pdf
    • PDF
      Download Lecture Overview
    Report mistake

    00:00 We've talked about times when it's necessary to disclose information learned in confidence for patient care or for billing or for other clinical reasons.

    00:13 There are also going to be times when it may be necessary to breach confidentiality for the interest of other people.

    00:19 And we'll talk a little bit about that.

    00:21 So the default physician should always be to protect the patient's privacy, but there are going to be exceptions to the rule.

    00:30 So, one is going to be by law or statute or court order.

    00:35 There is a requirement to release that private information.

    00:39 So, often for infectious diseases, the health department will require reporting of that infectious disease so that there can be contact tracing to anybody that might have been exposed to the patient with the infectious disease.

    00:54 There may be requirements when it's issues of harm to a child or to an adult in the community where there are issues of abuse or neglect required by law to report that.

    01:09 There, you're going to be able to breach the confidentiality of the patient.

    01:14 So it could either be for the individual patient's care that you're needing to do it or the needs of others.

    01:21 When might it be necessary for the individual patient? Well, let's say it's an emergency situation and you need more information in order to assist in making treatment decisions.

    01:33 There, you might need to, you know, one of my patients is in an emergency room in another state and they're contacting me to figure out, you know, what medications they're on, what diagnoses they have that's going to have implications for how they manage the patient in that other site.

    01:52 There, the breach is for the patient's benefit.

    01:55 I can't get a signed, you know, form from the patient agreeing to this disclosure but it's in their interest that I disclose this information.

    02:08 There may be ancillary staff needing access for the process of care.

    02:11 We've talked about how big the healthcare team can be, all the people that may be involved in providing care to the patient.

    02:18 There, that might be necessary especially if it has implications for that staff member if they might be exposed to infectious disease, for instance.

    02:30 Providing information to a surrogate decision-maker to make clinical decisions on behalf of the patient.

    02:35 So we talked a little bit about patients who have limited capacity while the default is generally going to be once you've found an authorized decision-maker for the patient, there needs to be disclosure to that surrogate if it's information that will be relevant to making treatment decisions on behalf of the patient.

    02:54 There can be tricky situations of, you know, a judgment call on the part of the clinician of how relevant is the information to making this current decision, you know, so a past history of HIV, the patient has an established diagnosis of human immunodeficiency virus syndrome and the question is, you know, is that relevant to managing their heart attack now and the surrogate is needed to make decisions for their care.

    03:23 You have to make a judgment as to "Is this relevant to the informed consent process?" There may be times when there are breaches in the needs of others and that's also going to happen, you know, in the public health arena so I've talked a fair amount about contagious diseases.

    03:41 So, when it's necessary for quarantining, when it's necessary to track or even prevent the transmission of sexually transmitted diseases or other infectious diseases, whether it's for cancer registry.

    03:56 So, knowing, you know, what cancer the patient had, how they were treated, what their outcomes of treatment were, a lot of municipalities will have tumor registries where this data is collected and then on a population level you can know how we're managing cancer treatments.

    04:17 So, not a sake with patient permission but in the needs of the public interest.

    04:25 When there are concerns about the patient posing a risk to the general public.

    04:30 So it's a patient that likes to drive cars, but you're concerned about their safety on the road whether they have a disease process like a seizure disorder, if they have visual impairment, or they have, you know, diabetes and might be prone to hypoglycemia.

    04:47 You're worried that they might pose a risk to others if they're on the road.

    04:54 Again, a judgment call is to whether or not you would need to report that in some jurisdictions, either give discretion to the clinician to make that judgment call or may actually require the reporting to the department of motor vehicles.

    05:10 And then lastly, there might be times when it's, you know, really serious.

    05:14 A bioterrorism attack, a mass casualty threat, you know, the patient has shared with you that they are, you know, going to cause serious harm to a community.

    05:25 There again you can break confidentiality in the interest of the public.

    05:33 The biggest category where this generally comes up for clinicians is when it's an identifiable 3rd party.

    05:39 It's not the public at large, but it's an actual person that you know their identity and you have to make a judgment of is it sufficiently important to break confidentiality of my patient in order to protect this individual, this other 3rd party.

    06:01 So, again, we're always thinking with privacy about the liberty rights of the patient, but can they be forsaken in the interest of this other person? The famous case where this came up is something called the Therasoft decision.

    06:17 So this was a young man who is dating a woman. They were both in college.

    06:22 They broke up. He was distraught about the break-up.

    06:28 He sought the assistance of a mental health counselor at the university, described that he was so upset by this that he was going to kill his ex-girlfriend.

    06:40 The counselor tried to detain him, tried to call security, and you know, make sure that he did not get access to this ex-girlfriend.

    06:51 They detained him for a period of time, but he didn't seem to be a threat anymore.

    06:55 They released him out into the community. He then went and killed his ex-girlfriend.

    07:01 So, her parents sued the university, saying that they should have done more to protect her and warn her of this threat.

    07:10 No one directly warned her that he had made these threats about killing her.

    07:16 So this was the opinion in the Therasoft decision, this court case that happened.

    07:21 When the therapist determines or pursuant to the standards of his profession should determine that this patient presents a serious danger of violence to another.

    07:31 He incurs an obligation to use reasonable care to protect the intended victim against such danger.

    07:38 The discharge of this duty may require the therapist to take on one or more various steps.

    07:44 Thus, it may call for him to warn the intended victim, to notify the police, or to take whatever steps are reasonably necessary under the circumstances.

    07:54 So this duty to warn when there is a threat to the well-being of a 3rd party became known as the Therasoft rule.

    08:06 And this is where we get to when it's permissible for clinicians to breach privacy or confidentiality.

    08:15 And there are going to be certain requirements that had to be fulfilled in order to, you know, this important principle of protecting privacy when you can break it.

    08:26 So the first is that it has to be identifiable 3rd party.

    08:28 So, a person that can be, you know their identity, not just random person out in the world but somebody you can identify and potentially directly warn.

    08:41 It has to be something that is of serious harm that could happen to them if you did not warn them.

    08:47 So a serious disease, a threat to their physical well-being thru violence, any of these things that would count as a serious harm.

    08:58 If you did not disclose, if you did not break confidentiality, there's a high probability that the harm will occur.

    09:05 So, you know, they're even more push to make sure that there is disclosure.

    09:13 And it's taught that the disclosure will actually prevent the harm so maybe you've tried to convince the patient, you know, who's disclosed this information to you, try to convince them well.

    09:24 We need to, other you don't need to, you know commit violence for sure but we need to warn this other person that there's a harm that could occur to them.

    09:36 All of those measures have failed. You can't convince the patient. You've tried other means of warning.

    09:42 The only way that you can accomplish preventing the harm to the 3rd party is breaching confidentiality.

    09:48 So, if you've got all of these criteria fulfilled, these requirements fulfilled, then it is permissible to breach confidentiality.

    10:00 Some examples besides, you know, the violent patient example might be something like a sexually transmitted disease.

    10:07 You learned the patient's diagnosis, you try to convince them while you should notify your sexual partner that they may be at risk of having acquired the sexually transmitted disease, the patient is unwilling to do so.

    10:23 One, you might need to report it to the health department as we've talked about for public health reasons but if you directly know the identity of the person it may be permissible for you to do it if you think that this sexually transmitted disease could be a serious harm to the patient.

    10:38 There's one that's a little more controversial with genetic disorders.

    10:41 So, you're doing genetic testing for a patient.

    10:44 You learn that they have a particular condition that is inheritable and now maybe another family member is at risk of getting that condition and maybe a high probability of getting that condition.

    10:57 One, you might start with trying to convince the patient why you should tell your family member of their genetic predisposition, but failing that it may be permissible for the clinician to disclose that to other family member.

    11:11 Some of this is going to be dependent on the jurisdiction where you practice.

    11:14 So it's important that you know what the rules in your jurisdiction are, whether it's mandatory that you have to report it or whether it might be permissible and then you have to make a judgment as to whether or not all of these criteria are met and it's important enough that you breach the confidentiality.

    11:33 So that's the wrap up of privacy and confidentiality. First and foremost, protect it.

    11:40 You know, make sure the personal information you learned from a patient that you learned in confidence is respected and protected.

    11:47 There are going to be some instances where there's a need to disclose that information whether it's for the patient's interest or others' interest and some of this is going to be discussing with the patient, working it out with them, and some rare instances that you need to breach confidentiality for the interest of other people.

    12:08 Hope that was informative. Thank you very much.

    About the Lecture

    The lecture Breach of Patient Confidentiality and Privacy by Mark Hughes, MD, MA is from the course Patient Confidentiality and Privacy.

    Included Quiz Questions

    1. Court order
    2. Personal gain
    3. Financial gain
    4. Fame
    5. Elective clinical situation
    1. Providing information to a relative
    2. Court order
    3. Emergency situation
    4. Providing information to a surrogate decision-maker
    5. Statute
    1. Patient posing a risk to themself
    2. Quarantining
    3. Preventing transmission
    4. Cancer registry
    5. Patient posing risk to the general public
    1. Response to mass casualty threat
    2. Response to domestic abuse
    3. Upper respiratory illness
    4. Response to a patient with apnea
    5. Response to a patient with a sudden change in mental status
    1. Duty to warn
    2. Duty to detain
    3. Duty to abstain
    4. Duty to write
    5. Duty to work
    1. Disclosure may prevent harm.
    2. There is potential for minimal harm.
    3. There is a mild probability of harm.
    4. There is an identifiable second party.
    5. There is an identifiable first party.

    Author of lecture Breach of Patient Confidentiality and Privacy

     Mark Hughes, MD, MA

    Mark Hughes, MD, MA

    Customer reviews

    5,0 of 5 stars
    5 Stars
    4 Stars
    3 Stars
    2 Stars
    1  Star