Select header/footer to go to
Table of Contents
Think
Assess
Patient: Autonomy
Practitioner: Beneficence & Nonmaleficence
Public Policy: Justice
Conclude
1x Speed
2x Speed
8. Confidentiality
Select Button
As a member of the medical profession, I will respect the secrets that are confided in me, even after the patient has died.
~ Declaration of Geneva
Hushed Secrets
A Breach of Confidentiality
It was a typical day at the hospital, and Dr. Smith was working in the emergency department. Suddenly, a man was brought in by ambulance with severe injuries from a car accident. The patient was unconscious, and Dr. Smith rushed to assess his injuries and begin treatment.
As Dr. Smith worked, he overheard two nurses talking about the patient’s condition. They were discussing his injuries and speculating about his identity. Dr. Smith quickly reminded them that confidentiality is of utmost importance, and any discussion of a patient’s information outside of the medical team could have serious consequences.
Days later, Dr. Smith received a letter from the hospital’s legal department. The patient’s family had filed a complaint, alleging that their loved one’s medical information had been shared with unauthorized individuals. The investigation revealed that the patient’s information had been discussed by the two nurses in the emergency department, who had overheard the information from Dr. Smith.
Dr. Smith was shocked and devastated by the accusation. He had always been meticulous about patient confidentiality, and this was the first time in his career that such an incident had occurred. He knew that he could lose his medical license and reputation if the allegations were proven true.
The hospital conducted an extensive investigation, interviewing all staff members who had been present in the emergency department during the patient’s treatment. Eventually, it was discovered that one of the nurses had leaked the patient’s information to her friend, who was not involved in the patient’s care.
The nurse was fired, and the hospital apologized to the patient’s family for the breach of confidentiality. Dr. Smith learned a valuable lesson from the incident and made a renewed commitment to protecting patient information. He reminded all staff members about the importance of confidentiality and the serious consequences that can result from a breach.
The incident was a stark reminder that confidentiality is not just an ethical principle, but a legal requirement as well. Healthcare providers must be vigilant in safeguarding patient information, and any breach can have far-reaching consequences for both the patient and the healthcare provider.
Abstract
Confidentiality is a central principle of the medical profession, grounded in the ethical principles of autonomy, beneficence, nonmaleficence, and justice. The Hippocratic Oath requires practitioners to keep patient information private. Patients need to trust that their medical information will be kept confidential in order to be willing to seek care and communicate with their practitioner. This information, known as privileged communication and protected health information, should only be disclosed with the patient’s or proxy’s explicit consent or as required by law. The principle of beneficence is exemplified through confidentiality, as it allows for better care. The principle of nonmaleficence is also exemplified, as failing to keep confidentiality could result in harm to the patient and the medical profession. The principle of justice is demonstrated through laws such as HIPAA that protect privacy and medical record confidentiality. There are exceptions to confidentiality, such as when it would cause harm or is required by law, but in general, patient information should not be discussed in public or revealed to those not involved in their care. If presenting a patient’s case for educational or advisory purposes, patient identifiers must be removed.
**
Think
[8:1] Confidentiality is a core precept of the medical profession and is manifested in the practical application of the bioethical principles of autonomy (informed consent), beneficence (do good), nonmaleficence (do no harm), and justice (be fair).
[8:2] The Hippocratic Oath states:
Whatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.
Assess
Patient: 1) Autonomy
[8:3] Patients need to trust that the practitioner and other medical professionals who are providing care will keep all medical information in confidence. These confidential assurances are essential so that the patient will be willing to seek medical care and candidly communicate with their practitioner, both being the necessary conditions for attaining proper medical care. Patient medical information, also known as privileged communications, and patient’s protected health information (PHI) should, under normal circumstances, never be disclosed to any other person outside of the patient’s treatment team without the patient’s or proxy’s explicit consent to do so.
[8.4] This means that all patient medical information must be kept in confidence, even from family and friends, unless the patient or proxy has first given their autonomous permission as to what medical information is permissible to share with others, or forced by law.
Practitioner: 2) Beneficence & 3) Nonmaleficence
[8:5] The principle of beneficence (do good) is exemplified with the precept of confidentiality as it results in the patient’s willingness to trust the practitioner enough to disclose privileged communication so that the practitioner can be empowered to provide the appropriate kind and amount of care necessary for the professional goal of maximizing the patient’s best interests.
[8:6] The principle of nonmaleficence (do no harm) is exemplified with the precept of confidentiality, as failing to keep confidentiality would result in:
- 1. the irreparable harm to the reputation of the medical profession,
- 2. less patient willingness to seek care,
- 3. less willingness to provide truthful and honest information to the practitioner,
- 4. an increase in ineffective and harmful treatments, and
- 5. an increase in personal and interpersonal social harms to the patient.
Public Policy: 4) Justice
[8:7] The principle of justice (be fair) is also exemplified with the precept of confidentiality in that patients have the legal right to choose who should have access to their medical information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides rules for protecting:
- 1. privacy,
- 2. medical record confidentiality, and
- 3. patient protected health information (PHI).
[8:8] The Privacy Rule and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) extends the privacy and security provisions of HIPAA. Society has prohibited the violation of medical confidentiality based on the public policy principle of justice (be fair).
[8:9] The Health Insurance Portability and Accountability Act (HIPAA) is a federal statute with fines of up to $250,000 and a jail term of up to 5 years.
[8:10] Exceptions to the patient’s right of being provided with their medical information occurs when such disclosure would:
- 1. induce the patient to harm themselves—violating the principle of nonmaleficence (do no harm), or
- 2. if the patient rationally chooses not to be informed—the principle of autonomy (informed consent).
[8:11] Exception to the right of the patient to have full confidentiality and privacy of their medical information would be justified if the revealing of the patient’s information is:
- 1. required by law, such as in response to a court order that subpoenas the medical information—the principle of justice (be fair), or
- 2. because the patient would inflict serious physical harm to an identifiable individual or group—principles of beneficence (do good) by preventing harm to others, and as a matter of justice (be fair) regarding the distribution of benefits and burdens.
Conclude
[8:12] It is never permissible to talk about a patient in public areas where confidentiality of the patient could be compromised, and it is never permissible to reveal information about a particular patient to those who are not directly involved in the patient’s care. If the practitioner presents the patient’s case for educational or advisory purposes, then due diligence must be exercised to ensure that all patient identifiers have been removed and not revealed.
[8:13] In summary, maintaining confidentiality is essential to the practice of medicine. Patient information should never be discussed in public or revealed to those not involved in the patient’s care. In cases where a patient’s case is presented for educational or advisory purposes, patient identifiers must be removed to protect their privacy. Upholding confidentiality strengthens patient trust, ensures compliance with ethical principles, and contributes to the overall integrity of the medical profession.
(See also: 31. Medical Records)
**
8. Review Questions
1. Like the principle of autonomy, the medical profession’s conception of confidentiality is also a relatively new concept.
2. Patient’s protected health information (PHI) should, under normal circumstances, never be disclosed to any other person outside of the patient’s treatment team without the patient’s or proxy’s explicit consent to do so.
3. Because the family is considered a familial relationship, the practitioner is legally, professionally, and ethically permitted to share patient medical information without the patient’s or proxy’s explicit consent.
4. Under which conditions is it permissible to deny the patient’s right to be provided their medical information or share it with others without the patient’s informed consent.
**
CORRECT! 🙂
[8:2] The Hippocratic Oath states:
[W]hatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.
Wrong 😕
[8:2] The Hippocratic Oath states:
[W]hatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.
CORRECT! 🙂
[8:3] Patients need to trust that the practitioner and other medical professionals who are providing care will keep all medical information in confidence. These confidential assurances are essential so that the patient will be willing to seek medical care and candidly communicate with their practitioner, both being the necessary conditions for attaining proper medical care. As a result, patient medical information, also known as privileged communications, and patient’s protected health information (PHI) should, under normal circumstances, never be disclosed to any other person outside of the patient’s treatment team without the patient’s or proxy’s explicit consent to do so.
Wrong 😕
[8:3] Patients need to trust that the practitioner and other medical professionals who are providing care will keep all medical information in confidence. These confidential assurances are essential so that the patient will be willing to seek medical care and candidly communicate with their practitioner, both being the necessary conditions for attaining proper medical care. As a result, patient medical information, also known as privileged communications, and patient’s protected health information (PHI) should, under normal circumstances, never be disclosed to any other person outside of the patient’s treatment team without the patient’s or proxy’s explicit consent to do so.
CORRECT! 🙂
[8:4] This means that all patient medical information must be kept in confidence, even from family and friends, unless the patient or proxy has first given their autonomous permission as to what medical information is permissible to share with others.
Wrong 😕
[8:4] This means that all patient medical information must be kept in confidence, even from family and friends, unless the patient or proxy has first given their autonomous permission as to what medical information is permissible to share with others.
CORRECT! 🙂
[8:10] Exceptions to the patient’s right of being provided with their medical information occurs when such disclosure would:
1. induce the patient to harm themselves—violating the principle of nonmaleficence (do no harm), or
2. if the patient rationally chooses not to be informed—the principle of autonomy (informed consent).
[8:11] Exception to the right of the patient to have full confidentiality and privacy of their medical information would be justified if the revealing of the patient’s information is:
1. required by law, such as in response to a court order that subpoenas the medical information—the principle of justice (be fair), or
2. because the patient would inflict serious physical harm to an identifiable individual or group—principles of beneficence (do good) by preventing harm to others, and as a matter of justice (be fair) regarding the distribution of benefits and burdens.
Wrong 😕
[8:10] Exceptions to the patient’s right of being provided with their medical information occurs when such disclosure would:
1. induce the patient to harm themselves—violating the principle of nonmaleficence (do no harm), or
2. if the patient rationally chooses not to be informed—the principle of autonomy (informed consent).
[8:11] Exception to the right of the patient to have full confidentiality and privacy of their medical information would be justified if the revealing of the patient’s information is:
1. required by law, such as in response to a court order that subpoenas the medical information—the principle of justice (be fair), or
2. because the patient would inflict serious physical harm to an identifiable individual or group—principles of beneficence (do good) by preventing harm to others, and as a matter of justice (be fair) regarding the distribution of benefits and burdens.
8. Clinical Vignettes
1. Ms. Eleanor Zhang, a 44-year-old teacher visits a clinic for medical attention and shares personal and sensitive information with their practitioner. The practitioner understands the importance of trust in the patient-practitioner relationship that dates back to at least the Hippocratic Oath. The Oath states that the practitioner should keep secret and not disclose any information they hear or see in their practice, considering it private. What principle is being referred to?
2. Ms. Caroline Phillips, a 26-year-old speech therapist is seeking medical care and has shared sensitive information with their practitioner. It is important for the patient to trust that their medical information will be kept confidential. What is the appropriate action for the practitioner to take with the patient's sensitive medical information?
3. Mr. Grant Johnson, a 43-year-old police officer has shared sensitive medical information with their practitioner. According to the patient's rights, what should be done with this information?
4. Mr. Curtis Roberts, a 67-year-old retiree presents to the clinic with symptoms of severe abdominal pain. The patient is clearly in distress, but they inform the practitioner that they do not wish to be informed of their diagnosis or any further details about their medical condition. They would like to undergo the necessary treatments but do not want to be informed of any information that could cause undue stress or harm. What is the most appropriate action for the practitioner to take in this situation?
5. Ms. Vanessa Wilson, a 34-year-old chemical engineer is seen at a primary care clinic for the first time. During the initial assessment, the patient reports a history of domestic violence, substance abuse, and a recent suicide attempt. The primary care practitioner explains the importance of privacy and confidentiality but also informs the patient that there may be circumstances where the practitioner is required by law to disclose information about the patient. In which circumstances is the primary care practitioner permitted to break patient confidentiality and disclose their medical information?
CORRECT! 🙂
Explanation: Confidentiality is the principle of keeping personal and sensitive information about a patient private and not disclosing it to anyone without the patient's explicit consent. In the given scenario, the patient shares personal and sensitive information with her practitioner, who understands the importance of trust in the patient-practitioner relationship, which dates back to the Hippocratic Oath [8:1]. The Oath states that the practitioner should keep secret and not disclose any information they hear or see in their practice, considering it private [8:2]. Therefore, the principle being referred to in this scenario is confidentiality.
Wrong 😕
Explanation: Confidentiality is the principle of keeping personal and sensitive information about a patient private and not disclosing it to anyone without the patient's explicit consent. In the given scenario, the patient shares personal and sensitive information with her practitioner, who understands the importance of trust in the patient-practitioner relationship, which dates back to the Hippocratic Oath [8:1]. The Oath states that the practitioner should keep secret and not disclose any information they hear or see in their practice, considering it private [8:2]. Therefore, the principle being referred to in this scenario is confidentiality.
CORRECT! 🙂
Explanation: The appropriate action for the practitioner to take with the patient’s sensitive medical information is to keep the information confidential and only share it with others involved in the patient's treatment unless the patient has given explicit consent to do otherwise [8:3]. Confidentiality is an essential principle in the patient-practitioner relationship, and it is crucial for patients to trust that their medical information will be kept private [8:1]. Sharing the information with friends and family without the patient's consent, as described would be a breach of confidentiality and violate the patient's trust [8:4]. Disclosing the information to other medical professionals without the patient's consent, may also be a violation of confidentiality unless it is necessary for the patient's treatment, and the patient has not explicitly objected to the disclosure [8:5]. Therefore, the appropriate action is to keep the information confidential and only share it with others involved in the patient's treatment unless the patient has given explicit consent to do otherwise [8:3].
Wrong 😕
Explanation: The appropriate action for the practitioner to take with the patient’s sensitive medical information is to keep the information confidential and only share it with others involved in the patient's treatment unless the patient has given explicit consent to do otherwise [8:3]. Confidentiality is an essential principle in the patient-practitioner relationship, and it is crucial for patients to trust that their medical information will be kept private [8:1]. Sharing the information with friends and family without the patient's consent, as described would be a breach of confidentiality and violate the patient's trust [8:4]. Disclosing the information to other medical professionals without the patient's consent, may also be a violation of confidentiality unless it is necessary for the patient's treatment, and the patient has not explicitly objected to the disclosure [8:5]. Therefore, the appropriate action is to keep the information confidential and only share it with others involved in the patient's treatment unless the patient has given explicit consent to do otherwise [8:3].
Wrong 😕
Explanation: The patient, in this case, has shared sensitive medical information with their medical practitioner, and it is essential to respect their privacy rights. Medical practitioners are bound by strict confidentiality laws and ethical standards, and as such, the patient's right to privacy is of utmost importance [8:1]. The medical practitioner must keep the patient's medical information confidential and only share it with other members of the treatment team when necessary, or if the patient has given explicit consent for specific individuals or groups to receive the information [8:3]. In some cases, medical practitioners may also be required by law to disclose the information to authorized personnel, but such disclosures should be limited to what is necessary and legal [8:9]. The other options are incorrect as they violate the patient's right to privacy, or are incorrect by misrepresenting the right to confidentiality for public servants.
CORRECT! 🙂
Explanation: The patient, in this case, has shared sensitive medical information with their medical practitioner, and it is essential to respect their privacy rights. Medical practitioners are bound by strict confidentiality laws and ethical standards, and as such, the patient's right to privacy is of utmost importance [8:1]. The medical practitioner must keep the patient's medical information confidential and only share it with other members of the treatment team when necessary, or if the patient has given explicit consent for specific individuals or groups to receive the information [8:3]. In some cases, medical practitioners may also be required by law to disclose the information to authorized personnel, but such disclosures should be limited to what is necessary and legal [8:9]. The other options are incorrect as they violate the patient's right to privacy, or are incorrect by misrepresenting the right to confidentiality for public servants.
CORRECT! 🙂
Explanation: The most appropriate action for the practitioner to take in this situation is to respect the patient's wishes and not provide them with any information about their medical condition, in accordance with the principle of autonomy (informed consent) [8:1]. Autonomy is a fundamental principle of medical ethics, and it states that patients have the right to make their own decisions about their medical care, including the right to refuse information or treatments [8:3]. In this scenario, the patient has informed the practitioner that he does not want to be informed of his diagnosis or any further details about his medical condition. It is essential for the practitioner to respect the patient's autonomy and not provide them with any information they do not wish to receive [8:1]. However, the practitioner should provide the patient with the necessary information for their treatment, including the risks and benefits of any procedures, medications, or other interventions, so that the patient can make informed decisions about their care [8:1].
Wrong 😕
Explanation: The most appropriate action for the practitioner to take in this situation is to respect the patient's wishes and not provide them with any information about their medical condition, in accordance with the principle of autonomy (informed consent) [8:1]. Autonomy is a fundamental principle of medical ethics, and it states that patients have the right to make their own decisions about their medical care, including the right to refuse information or treatments [8:3]. In this scenario, the patient has informed the practitioner that he does not want to be informed of his diagnosis or any further details about his medical condition. It is essential for the practitioner to respect the patient's autonomy and not provide them with any information they do not wish to receive [8:1]. However, the practitioner should provide the patient with the necessary information for their treatment, including the risks and benefits of any procedures, medications, or other interventions, so that the patient can make informed decisions about their care [8:1].
CORRECT! 🙂
Explanation: The primary care practitioner is permitted to break patient confidentiality and disclose their medical information if it is required by law, or the patient would inflict serious physical harm to an identifiable individual or group [8:11]. Confidentiality is an essential principle in the patient-practitioner relationship, and patients have the right to expect that their personal and sensitive information will be kept private [8:3]. However, there are specific circumstances where the practitioner may be legally required to disclose patient information [8:10]. For example, if the patient poses an imminent threat to themselves or others, the practitioner may have a duty to warn or protect the potential victim. Similarly, if the law requires mandatory reporting of certain diseases, such as sexually transmitted infections, the practitioner must disclose the information [8:10]. The other options are not appropriate circumstances for the primary care practitioner to break patient confidentiality and disclose their medical information. The patient's family does not have an automatic right to be fully informed of the patient's medical condition, and the patient's employer does not have the right to access their medical records without the patient's explicit consent. Additionally, disclosing the patient's medical information to the media for political reasons would be a violation of the patient's privacy and confidentiality [8:3][8:7].
Wrong 😕
Explanation: The primary care practitioner is permitted to break patient confidentiality and disclose their medical information if it is required by law, or the patient would inflict serious physical harm to an identifiable individual or group [8:11]. Confidentiality is an essential principle in the patient-practitioner relationship, and patients have the right to expect that their personal and sensitive information will be kept private [8:3]. However, there are specific circumstances where the practitioner may be legally required to disclose patient information [8:10]. For example, if the patient poses an imminent threat to themselves or others, the practitioner may have a duty to warn or protect the potential victim. Similarly, if the law requires mandatory reporting of certain diseases, such as sexually transmitted infections, the practitioner must disclose the information [8:10]. The other options are not appropriate circumstances for the primary care practitioner to break patient confidentiality and disclose their medical information. The patient's family does not have an automatic right to be fully informed of the patient's medical condition, and the patient's employer does not have the right to access their medical records without the patient's explicit consent. Additionally, disclosing the patient's medical information to the media for political reasons would be a violation of the patient's privacy and confidentiality [8:3][8:7].
**
8. Reflection Vignettes
1. Ms. Emily Nguyen, a 58-year-old retired librarian, is currently under the care of a practitioner for an undisclosed medical condition. Ms. Nguyen’s family members are very concerned about her condition and would like to provide as much assistance as possible to help in her recovery. However, Ms. Nguyen has not given any explicit permission to disclose her medical information to her family members.
Think
Assess
Patient: Autonomy
Practitioner: Beneficence & Nonmaleficence
Public Policy: Justice
Conclude
2. Mr. David Kim, a 45-year-old software engineer, has a unique medical condition that would make for an interesting Grand Rounds presentation. The practitioner is excited about the potential to share this case with colleagues to further the medical knowledge and understanding of the condition. However, Mr. Kim has not given explicit permission for the practitioner to make such a presentation.
Think
Assess
Patient: Autonomy
Practitioner: Beneficence & Nonmaleficence
Public Policy: Justice
Conclude
***
8c*
A patient who only speaks Chinese but with decisional capacity is admitted into the hospital with nonproductive coughing. Medical communication has been conducted through the use of a medical interpreter. An MRI was conducted. Before the test results came back, family members requested that any negative information be withheld from the patient, as informing the patient of negative test results would not help the patient but would only emotionally harm the patient. The interpreter communicates this conversation with the patient, and the patient agrees with not being informed. The MRI showed a peripheral lung tumor with a diagnosis of probable adenocarcinoma. What would be the most appropriate response to the family members?
- A. I’m sorry, but the patient must always be provided their test reports.
- B. I will not inform the patient, but if I cannot inform the patient, then I cannot inform family members either.
- C. Call for an ethics consultation to resolve this issue.
- D. The patient has the right to have the family informed of the test results, but not themselves.
- E. It is morally unaccepted for the patient not to be engaged in their decision-making, and therefore I cannot do what you are requesting.
- F. Therapeutic privilege gives the practitioner the authority not to reveal the test reports.
Think
Assess
Patient: Autonomy
Practitioner: Beneficence & Nonmaleficence
Public Policy: Justice
Conclude
***
