Patient Confidentiality

Definition

Patient confidentiality is a cornerstone of medical professionalism. It is an ethical duty explicitly addressed by the various versions of the Hippocratic Oath, in which the duty to maintain confidentiality is not confined to mere health matters, but also encompasses “whatever, in the course of my practice I may see or hear (even when not invited), whatever I may happen to obtain knowledge of.” In other words, the physician’s duty to keep patient confidences includes anything the physician might learn in the course of patient care. Despite this foundational duty, however, physicians are often unaware of what constitutes a breach of confidentiality. In a study of over 500 Swiss physicians who were presented seven scenarios demonstrating “important” or “severe” breaches of patient confidentiality, many had difficulty recognizing instances in which such breaches occurred. Physicians were more likely to correctly identify such violations if they had been in practice longer than 20 years, had experienced some ethics education, and were of female gender. In another study, 71% of physicians felt they should disclose a patient’s positive HIV status to surgical colleagues, even if the patient had asked them not to.

Confidentiality is vital to the maintenance of trust in the physician-patient relationship. That relationship necessarily involves the disclosure of sensitive information that might, if publicly disclosed, harm the patient through stigmatization, loss of community and employment, harm to primary relationships, and loss of other societal benefits. The willingness of patients to seek medical help and to be forthright in disclosing social and other information vital to the diagnosis and treatment of disease relies on the patient’s trust that the physician will protect such disclosures completely. Three professions are often given common law protections with regard to confidentiality—attorneys, clergy, and physicians—due to special “social contracts” such professions hold and the critical nature of confidentiality in performing their duties.

The duty to keep secrets prohibits the physician from disclosing patient health care information to others without the patient’s authorization, and it also more broadly encompasses a general respect for patient privacy. Ethical principles and law both require health care providers to actively take precautions to protect unauthorized access to such information. A provider must not leave patient records lying around in public places, or leave electronic records open and available on a public computer, for example. Even though health care information is often freely shared among all of the members of the patient’s health care team, it is the duty of all team members to protect the information from others who do not have a legitimate reason for access. Furthermore, physicians do not have a right to access health information regarding persons with whom they do not have an established doctor-patient relationship except under very special circumstances.

In general, if the patient has not given explicit permission to disclose information, even to a spouse or other family member, the physician is not allowed to do so and it remains at the patient’s discretion to disclose. There are a few exceptions to this rule.