Chapter 5: Confidentiality



Patients reveal to physicians sensitive personal information about their medical and emotional problems, alcohol and drug use, and sexual activities. The presumption is that physicians should keep patient information confidential unless the patient gives permission to disclose it; however, exceptions to confidentiality might be warranted to prevent serious harm to third parties or to the patient (Table 5-1).

The HIV epidemic, the development of computerized medical records, and the explosion of genetic information have sharpened controversies over confidentiality. In 2003, the federal government issued health privacy regulations, commonly known as HIPAA regulations, because the Health Insurance Portability and Accountability Act mandated them.

The terms privacy, confidentiality, and security should be distinguished [1]. Privacy refers to patients’ interest in controlling information about themselves, access to their bodies, and freedom to make decisions about their health care. In particular, patients may choose what information about themselves they disclose to their physicians. They may regard some information as too intimate or sensitive to disclose or simply not relevant to the issue at hand.

Privacy may also refer to whether information collected for one purpose may be used for another purpose, for example whether information collected for patient care may be used for research or quality improvement. There is no single concept of privacy that is universally accepted; instead, privacy may be viewed as a bundle of overlapping and related interests, which are also related to other interests such as liberty and autonomy.

Table 5-1.Exceptions to Confidentiality

Exceptions to Protect Third Parties
Reporting to public officials

  • Infectious diseases
  • Impaired drivers
Injuries caused by weapons or crimes
Partner notification by public health officials
Warnings by physicians to persons at risk
Violence by psychiatric patients
Infectious diseases
Exceptions to Protect Patients
Child abuse
Elder abuse
Domestic violence

Confidentiality refers to the further disclosure of information that the patient has provided to the physician. For example, after a patient has disclosed information to a physician, may that information be disclosed to the patient’s family, insurance company, or to public health officials? The focus of confidentiality is on what the physician may reveal to third parties, rather than what the patient chooses to disclose to the physician. In everyday conversation, the distinction between privacy and confidentiality is blurred.

Security refers to the procedural and technical measures to prevent inappropriate access, use, and disclosure of personal information in health records. In this era of electronic health records, increased security is an important means to prevent breaches of confidentiality that may affect thousands of patients. Current security standards include training of physicians and staff regarding privacy and confidentiality, basing access to a patient’s health record on need to know, logins, passwords, time-outs, audit trails, and encryption of personal health information transmitted to remote computers and mobile devices.

The Importance of Confidentiality in Medicine

Reasons for Confidentiality

Keeping medical information confidential shows respect for patients [2], who expect physicians to maintain confidentiality. Maintaining confidentiality also has beneficial consequences for patients and for the doctor–patient relationship. It encourages people to seek medical care and discuss sensitive issues candidly. In turn, treatment for these conditions benefits both the individual patient and public health. Furthermore, confidentiality prevents harmful consequences to patients, such as stigmatization and discrimination. Patients might fear that employers will gain access to their health information and discriminate against them.

Respect for confidentiality is a strong tradition in medicine, dating back to the Hippocratic Oath. The legal system may also hold physicians liable for unwarranted disclosure of medical information.

Difficulties Maintaining Confidentiality

Maintaining confidentiality is increasingly difficult in modern medicine. Many people have access to medical records, including the attending physician, house staff, students, consultants, nurses, social workers, pharmacists, billing staff, medical records personnel, insurance company employees, and quality-of-care reviewers.

Computerized medical records, which improve access to medical information, also allow more serious breaches of confidentiality. Confidentiality can be violated at any computer station, making available extensive data on many patients. Fax and e-mail also present opportunities for confidentiality to be broken.

Many breaches of confidentiality, however, result from health care workers’ indiscretions. Caregivers might discuss patients by name in hospital elevators or cafeterias [3]. Although many physicians take such discussions for granted, patients object to such breaches of confidentiality.

Waivers of Confidentiality

Patients commonly authorize disclosure of information about their condition, for example, to other physicians, insurers, employers, or benefits programs such as disability or workers’ compensation [4]. Patients might not appreciate that signing a general release allows the insurance company to further disseminate the information without restriction. Insurance companies generally place patients’ diagnoses in a computerized database that is accessible to other insurance companies or to employers without further permission from the patient.

Countervailing Ethical Guidelines

Although confidentiality is important, it is not an absolute value. In some situations, overriding confidentiality might be justified in order to provide important benefits to patients or to prevent serious harm to third parties. Access to information might be needed to improve the quality of care or protect the public health. These exceptions require careful justification, because not every instance of benefit to patients or prevention of harm to others warrants the disclosure of identifiable medical information without the patient’s permission.

Federal Health Privacy Regulations

The privacy regulations require health care providers—both individual health care workers and institutions—to obtain patient authorization to use or disclose individually identifiable health information, with certain broad exceptions [5]. Providers must make reasonable efforts to use and disclose only the minimum identifiable information that is needed to accomplish the intended purpose. In addition, health care providers must take reasonable safeguards against prohibited or incidental use or disclosure of personal health information and maintain “reasonable and appropriate” safeguards to prevent violations of the privacy regulations.

Patients must receive written notice of their privacy rights and the organization’s privacy practices. They may inspect and copy their medical records and request that corrections be made. They may request to receive information by alternative means and locations (such as not leaving messages on an answering machine) and to obtain a list of disclosures of their information. Health care providers must develop privacy policies and procedures and train all staff about the privacy regulations.

The regulations also address how individually identifiable health information may be used or disclosed for research and marketing and by business associates of the health care provider. The HIPAA regulations apply to virtually all health care providers. Because the regulations set criminal penalties for intentional violations, many risk managers interpret them conservatively. These federal regulations establish a minimum level of protection; state laws and organizational policies may be stricter.

HIPAA regulations are not intended to impede access to individual patient information needed for high quality and efficient patient care. No patient authorization is needed to use or disclose identifiable information for treatment, payment, and operations, including quality improvement, quality assurance, and education. Furthermore, HIPAA permits required disclosures of identifiable information to public health officials, health oversight agencies, and as required by law or a court. The “minimum necessary” restriction does not apply to treatment or to disclosures required by law.

Good patient care requires communication among various health care providers. In the course of care, incidental disclosure of information and breaches of confidentiality might occur. Physicians should take reasonable precautions to prevent inappropriate disclosures, but should not forego communications that might be essential in patient care [6].

For example, physicians may communicate with other providers by e-mail or fax without explicit patient authorization, but should take such precautions as using secure e-mail systems and keeping fax machines in areas where other patients cannot access them. Furthermore, physicians may discuss patients at the nursing station, provided that they keep their voices down and pause when someone such as a patient or visitor approaches.

Disclosing the Patient’s Condition to Others

Disclosing patient information to family members, friends, or the press might raise ethical issues.

Disclosure to Relatives and Friends

Relatives and friends often ask about the patient’s condition. Generally patients want the physician to talk to their family, and usually physicians do not even ask the patient’s permission to do so. In some cases, however, the patient might not want the information disclosed.

Case 5.1. Estrangement from relatives

Ms. D, a 32-year-old woman, is admitted to the hospital after a serious automobile accident. She is disoriented and confused. Her sister requests that Ms. D’s husband not be given any information. Ms. D has previously told the physician about her hostile divorce proceedings, and this is well documented in the electronic health record at the hospital. The husband learns that she is hospitalized and inquires about her condition.

If the inpatient physician knows about the contentious divorce proceedings between Ms. D and her husband, he should regard them as estranged and not give the husband information about Ms. D’s condition, instead referring him to her sister. In a hospitalist system, such social history may not be transmitted to the covering physician or nursing staff. How much should physicians who do not know the patient question the presumption that they may tell family members about the patient’s condition?

It would be reasonable to expect the admitting physician to review information in the electronic record. However, screening family members to ask if they are estranged would be disrespectful for the vast majority of family members who care about the patient and might lead to mistrust between them and the medical team.

The HIPAA privacy regulations establish a reasonable approach to this issue. Health care providers need to notify patients that relatives will be informed unless the patient requests that they not be. In ethical terms, the physician can presume that patients would want their relatives notified. The reasons are that generally the patient would want them told, that they might provide valuable information, that they have the patient’s best interests in mind, and that their assistance might be needed with decision making or discharge planning.

However, this presumption can be reversed in Cases like 5.1. Physicians may provide information about a patient’s condition and treatment to family members and other people involved in the patient’s care, provided that the patient does not object. Often, such communication is needed to help monitor the patient’s condition, administer medications, or arrange follow-up care.

Information about Public Figures

The press might seek information about patients who are public figures or celebrities. The public and the news media might have legitimate reasons to know medical information about a public figure. For instance, a political candidate’s health is an important concern to voters [7]. However, famous people have a right to confidentiality, like all patients. The physician and hospital should ask the patient or appropriate surrogate what information, if any, should be released.

Omitting Sensitive Information from Medical Records

Patients who are concerned about breaches of confidentiality sometimes ask physicians to omit sensitive information from their medical records.

Case 5.2. Omission of information from the medical record

Mr. N, “a 41-year-old nurse,” is in excellent health, has a routine checkup at the hospital where he works. He asks his physician not to write in the medical record that was severely depressed several years ago. Mr. N knows that many people in the hospital might see his record, and he does not want colleagues to know his psychiatric history. He also fears that he will have difficulty changing jobs if his history is known.

Mr. N’s concerns are understandable because depression might be considered stigmatizing. Many electronic health records allow patients to limit access to some information only to persons providing direct care. The Americans with Disabilities Act restricts access by potential employers to a worker’s health records and basing hiring and promotion decisions on medical conditions that do not affect job performance.

Mr. N’s physician should explain how the prior history can be useful to other doctors providing care. If Mr. N persists in his request, the physician should try to accommodate it, preferably with a note in the medical record alerting other treating physicians to contact her for additional history not in the record. However, electronic ordering of medications cannot be omitted from an electronic medical record.

Physicians might fear that omitting medical information from patient records might compromise the quality of care. Important clinical information might not be available in an emergency. In addition, documentation of the patient’s current condition and treatment might be required for insurance payment or authorization for services. Furthermore, it might not be feasible to exclude information from an electronic medical record. Even if a diagnosis is omitted from the record, it might be inferred from the patient’s laboratory tests or medications.

The purpose of the medical record is to enhance patient well-being and quality of care. Generally, patients are the best judge of their best interests. Some patients might regard breaches of confidentiality as more threatening than the risk of suboptimal care resulting from incomplete medical records. Thus, a patient’s informed preferences to exclude sensitive information from the medical record should be respected if feasible. Many psychiatrists, for example, keep their detailed psychotherapy notes separate from the rest of the patient’s medical record.