Confidentiality

NOTE: The UW Dept. of Bioethics & Humanities is in the process of updating all Ethics in Medicine articles for attentiveness to the issues of equity, diversity, and inclusion.  Please check back soon for updates!

Authors:

Jessica De Bord, DDS, MSD, MA 

Wylie Burke, MD, PhD, Emeritus Professor, UW Dept. of Bioethics & Humanities

Denise M. Dudzinski, PhD, MTS, Professor and Chair, UW Dept. of Bioethics & Humanities
 

Core Clerkships: Internal Medicine I Psychiatry I Urology

Related Topics:  Physician-Patient Relationship I Clinical Ethics and Law 

Topics addressed:

• Why is confidentiality important?
• What does the duty of confidentiality require?
• What if a family member asks how the patient is doing?
• What other kinds of disclosures are inappropriate?
• When can confidentiality be breached?
• A Test for Breach of Confidentiality
• What are the confidentiality standards regarding adolescents?

Confidentiality is one of the core duties of medical practice. It requires health care providers to keep a patient’s personal health information private unless consent to release the information is provided by the patient.

Why is confidentiality important?

Patients routinely share personal information with health care providers. If the confidentiality of this information were not protected, trust in the physician-patient relationship would be diminished. Patients would be less likely to share sensitive information, which could negatively impact their care. Why is confidentiality important?

Creating a trusting environment by respecting patient privacy encourages the patient to seek care and to be as honest as possible during the course of a health care visit. (See also Physician-Patient Relationship.) It may also increase the patient’s willingness to seek care. For conditions that might be stigmatizing, such as reproductive, sexual, public health, and psychiatric health concerns, confidentiality assures that private information will not be disclosed to family or employers without their consent.

What does the duty of confidentiality require?

The obligation of confidentiality prohibits the health care provider from disclosing information about the patient's case to others without permission and encourages the providers and health care systems to take precautions to ensure that only authorized access occurs. Appropriate care often requires that information about patients be discussed among members of a health care team; all team members have authorized access to confidential information about the patients they care for and assume the duty of protecting that information from others who do not have access. Electronic medical records can pose challenges to confidentiality. In accordance with the Health Information Portability and Accountability Act of 1997 (HIPAA), institutions are required to have policies to protect the privacy of patients’ electronic information, including procedures for computer access and security.

What if a family member asks how the patient is doing?

While there may be cases where the physician feels naturally inclined to share information, such as responding to an inquiring spouse, the requirements for making an exception to confidentiality may not be met. If there is not explicit permission from the patient to share information with family member, it is generally not ethically justifiable to do so. Except in cases where the spouse is at specific risk of harm directly related to the diagnosis, it remains the patient's (and sometimes local public health officers’), rather than the physician's, obligation to inform the spouse.

What other kinds of disclosures are inappropriate?

Unintended disclosures may occur in a variety of ways. For example, when pressed for time, providers may be tempted to discuss a patient in the elevator or other public place, but maintaining privacy may not be possible in these circumstances. Similarly, extra copies of handouts from teaching conferences that contain identifiable patient information should be removed at the conclusion of the session in order to protect patient privacy. And identifiable patient information should either be encrypted or should not be removed from the security of the health care institution. The patient's right to privacy is violated when lapses of this kind occur.

When can confidentiality be breached?

Overriding concerns can lead to the need to breach confidentiality in certain circumstances.

Exception 1: Concern for the safety of other specific persons

Access to medical information and records by third parties is legally restricted. Yet, at the same time, clinicians have a duty to protect identifiable individuals from any serious, credible threat of harm if they have information that could prevent the harm. The determining factor is whether there is good reason to believe specific individuals (or groups) are placed in serious danger depending on the medical information at hand. An example is homicidal ideation, when the patient shares a specific plan with a physician or psychotherapist to harm a particular individual.

The California Tarasoff case exemplifies the challenges providers face in protecting confidentiality. In that case a graduate student, Prosinjit Podder, disclosed to a counselor affiliated with Berkeley University that he intended to obtain a gun and shoot Tatiana Tarasoff. Dr. Moore, the psychologist, found Podder’s threat credible. Dr. Moore then faced dual obligations: protect Tatiana Tarasoff from harm and protect Mr. Podder’s confidentiality. Dr. Moore sent a letter to campus police about the threat. They spoke to Mr. Podder, told him to stay away from Tatiana, but determined he was not a danger to her. He later stalked, stabbed and killed Tatiana. Tatiana’s parents sued campus police and the university’s health service for failure to warn Tatiana. The lower court refused to hear the case, claiming that Dr. Moore had an obligation to protect Podder’s confidentiality. Tarasoff’s parents appealed and the California Supreme Court ruled that, “the discharge of this duty may require the therapist to take one or more of various steps. Thus, it may call for him to warn the intended victim, to notify the police, or to take whatever steps are reasonably necessary under the circumstances.” (Ref. Tarasoff case).

The implication of this ruling is that a duty to warn third parties of imminent threats trumps a duty to protect patient confidentiality, however, it is usually difficult for a therapist or health care provider to accurately ascertain the seriousness and imminence of a threat. Tarasoff has subsequently been interpreted to endorse the provider’s duty to warn when a patient threatens an identifiable victim. Ethically, most would agree that a duty to warn an innocent victim of imminent harm overrides a duty to confidentiality, but these cases are rare and judgment calls of this sort are highly subjective. Hence, the duty to maintain confidentiality is critical, but may be overridden in rare and specific circumstances.

Exception 2: Legal requirements to report certain conditions or circumstances

State law requires the report of certain communicable/infectious diseases to the public health authorities. In these cases, the duty to protect public health outweighs the duty to maintain a patient's confidence. From a legal perspective, the State has an interest in protecting public health that outweighs individual liberties in certain cases. For example, reportable diseases in Washington State include (but are not limited to): measles, rabies, anthrax, botulism, sexually transmitted diseases, and tuberculosis. Suspected cases of child, dependent adult, and elder abuse are reportable, as are gunshot wounds. Local municipal code and institutional policies can vary regarding what is reportable and standards of evidence required. Stay informed about your state and local policies, as well as institutional policies, governing exceptions of patient confidentiality.

A Test for Breach of Confidentiality

In situations where you believe an ethical or legal exception to confidentiality exists, ask yourself the following question: will lack of this specific patient information put another person or group you can identify at high risk of serious harm? If the answer to this question is no, it is unlikely that an exception to confidentiality is ethically (or legally) warranted. The permissibility of breaching confidentiality depends on the details of each case. If a breach is being contemplated, it is advisable to seek legal advice before disclosure.

What are the confidentiality standards regarding adolescents?

In many states adolescents may seek treatment without the permission of their parents for certain conditions, such as treatment for pregnancy, sexually transmitted infections, mental health concerns, and substance abuse. Familiarize yourself with state and local laws, as well as institutional policies, regarding adolescents and healthcare.