Confidentiality is one of the core tenets of medical practice. Yet daily physicians face challenges to this long-standing obligation to keep all information between physician and patient private.
Where does the duty of confidentiality come from?
Patients share personal information with physicians. You have a duty as a physician to respect the patient's trust and keep this information private. This requires the physician to respect the patient's privacy by restricting access of others to that information. Furthermore, creating a trusting environment by respecting patient privacy can encourage the patient to be as honest as possible during the course of the visit. (See also Physician-Patient Relationship.)
What does the duty of confidentiality require?
The obligation of confidentiality both prohibits the physician from disclosing information about the patient's case to other interested parties and encourages the physician to take precautions with the information to ensure that only authorized access occurs. Yet the context of medical practice does constrain the physician's obligation to protect patient confidentiality. In the course of caring for patients, you will find yourself exchanging information about your patients with other physicians. These discussions are often critical for patient care and are an integral part of the learning experience in a teaching hospital. As such, they are justifiable so long as precautions are taken to limit the ability of others to hear or see confidential information. Computerized patient records pose new and unique challenges to confidentiality. You should follow prescribed procedures for computer access and security as an added measure to protect patient information.
What kinds of disclosure are inappropriate?
Inappropriate disclosure of information can occur in clinical settings. When pressed for time, the temptation to discuss a case in the elevator may be great, but in that setting it is very difficult to keep others from hearing the information exchanges. Similarly, extra copies of handouts from teaching conferences that contain identifiable patients should be removed at the conclusion of the session. The patient's right to privacy is not being respected in these sorts of cases.
When can confidentiality be breached?
Confidentiality is not an absolute obligation. Situations arise where the harm in maintaining confidentiality is greater than the harm brought about by disclosing confidential information. In general, two such situations that may give rise to exceptions exist. In each situation, you should ask - will lack of this specific information about this patient put a specific person you can identify at high risk of serious harm? Legal regulations exist that both protect and limit your patient's right to privacy, noting specific exceptions to that right. These exceptions follow.
Concern for the safety of other specific persons
On the one hand, the 1974 Federal Privacy Act restricts access to medical information and records. On the other, clinicians have a duty to protect identifiable individuals from any serious threat of harm if they have information that could prevent the harm. As mentioned above, the determining factor in justifying breaking confidentiality is whether there is good reason to believe specific individuals (or groups) are placed in serious danger depending on the medical information at hand. The most famous case of this sort of exception is that of homicidal ideation, when the patient shares a specific plan with a physician or psychotherapist to harm a particular individual. The court has required that traditional patient confidentiality be breached in these sorts of cases.
Concern for public welfare
In the most clear cut cases of limited confidentiality, you are required by state law to report certain communicable/infectious diseases to the public health authorities. In these cases, the duty to protect public health outweighs the duty to maintain a patient's confidence. From a legal perspective, the State has an interest in protecting public health that outweighs individual liberties in certain cases.
In particular, reportable diseases in Washington State include (but are not limited to): AIDS and Class IV HIV, hepatitis A and B, measles, rabies, tetanus, and tuberculosis. Suspected cases of child, dependent adult, and elder abuse are reportable, as are gunshot wounds. Local municipal code and institutional policies can vary regarding what is reportable and standards of evidence required. It is best to clarify institutional policy when arriving at a new site.
What if a family member asks how the patient is doing?
While there may be cases where the physician feels compelled to share information regarding the patient's health and prognosis with, for instance, the patient's inquiring spouse, without explicit permission from the patient it is generally unjustifiable to do so. Except in cases where the spouse is at specific risk of harm directly related to the diagnosis, it remains the patient's, rather than the physician's, obligation to inform the spouse.