CONFIDENTIALITY AND PRIVACY OF PATIENTS IN MEDICAL LAW
Every patient would want all communication between them and their doctors to be kept private. Usually they may withhold some information when describing their ailments if they are not assured of confidentiality. Patients would only reveal freely with the expectation that anything done or revealed will be kept private.
Confidentiality is defined by Churchill’s Medical Dictionary as the right of a subject to control the disposition of information disclosed during the course of professional relationship and the reciprocal obligation of the professional to ensure that no harm will befall the subject as a result of disclosures of such information. The conditions under which the obligation may or must be breached are usually determined by laws which vary from one jurisdiction to another.
Medical doctors have a duty to keep their patients confidences. This duty of confidentiality means that a doctor may not disclose any medical information irrespective of whether it was provided directly by the patient; or learned through an examination/test or through treatment; or learned indirectly through medical documentation or in any other manner. The purpose of a doctor’s duty to maintain patient confidentiality is to allow the patient to feel free to disclose fully any information to the doctor with the knowledge that the doctor will keep it confidential. Full disclosure enables the doctor to diagnose conditions properly and to treat the patient appropriately. In essence, the protection of confidential information is essential to the trusting relationship between health care providers and patients. Some sensitive medical information which patients usually want to protect include conditions such as substance abuse, sexually transmitted disease (STD), domestic violence, birth control, contraception, abortion, infertility, eating disorder, bulimia, anorexia, HIV/AIDS, alcohol abuse, rehabilitation, mental health, psychiatry, genetic testing etc. It has been discovered that many who withheld their diagnosis from doctors did so because they did not trust the medical practitioner to be able to keep the information confidential, or they feared refusal of treatment or discrimination from the medical practitioner. The medical doctor should therefore not disclose confidential communication or information without the patient’s express consent unless required to disclose the information by law or where a patient threatens bodily harm to him or herself or to another person.
A breach of confidentiality is a disclosure of private information that a medical doctor has learned to a third party without the patient’s consent or a court order. Such disclosure can be oral or written, by telephone or any electronic means of communicating. It must however be noted that confidentiality in a hospital setting is not practicable to some extent. There may be a large number of people who may have access to information contained in a patient’s file, all of whom will have valid reasons for requiring that access. They may include doctors, nurses, other treating practitioners and administrative staff. The entire staff should in that light, promise to uphold entire secrecy. In most teaching hospitals, the records of patients are exposed to medical students who are still under training and are not yet bound by oath. They have access to patient information and though it is expected that they must keep this information confidential, it is not easily enforceable.
The duty of confidentiality is not unlimited, there are some exceptions. Confidential information can be disclosed without a patient’s consent if it is required by law or if disclosure is in the public’s interest. Such circumstances may include situations where disclosure is necessary to avert a risk of danger of death or serious harm to others or for the prevention or detection of serious crime. In the case of W v. Edgell  1 ALL ER 835, the Court of Appeal held that a breach of confidentiality is justified in the public interest on grounds of protection of the public from dangerous criminal acts. However the risk must be real, immediate and serious. See also the renowned case of Tarasoff v. Regents of the University of California  where it was established that:
When a doctor determines, or should determine that a warning is essential to avert danger arising from the medical or psychological condition of his patient, he incurs a legal obligation to give that warning.
Civil and criminal courts have powers to make orders requiring a doctor or holder of health records to disclose confidential information for the purposes of litigation. No sanctions would follow for any breach of confidence in compliance with such an order.
Under the regulations of the medical laws of most jurisdictions, it is an act of professional misconduct for a physician to give information concerning the condition of a patient or any services rendered to a patient to a person other than the patient or his or her authorized representative except with the consent of the patient or his or her authorized representative or as required by law. Generally the authority to release medical information is granted to:
- The patient (if he is a competent adult or emancipated minor)
- A legal guardian or patient (if the patient is incompetent or a minor)
- The administrator or executor of the patient’s estate (if the patient is deceased).
In Nigeria, access to proper health services is inadequate and this is of more concern than the issue of protection of patient confidentiality. Although Tort law provides relief with respect to negligent actions that lead to harm and that medical personnel can be held liable in such actions, it is silent on issues such as patients’ rights or confidentiality. The Medical Dental Council of Nigeria’s Code of Medical Ethics requires medical doctors among other things to preserve life whenever possible, to hold in confidence communication with patients, to be honest with patients, to put professionalism above profit making and so on.
In some public hospitals, there are no proper consulting rooms so the patients are hardly interviewed behind closed doors and there might be other patients or medical persons close by. By having a third party in the room, the patient’s privacy is already compromised. Medical confidentiality despite its diminished state remains important to doctors and patients. Effective treatment requires accurate information and patients are most likely to provide this information when they are not worried about public exposure.
In South Africa, the healthcare legislation and codes of conduct emphasises the protection of confidentiality of medical records. Even though the right to privacy is not absolute and may be disclosed under certain restrictive circumstances, personal health information contained in medical records are protected in the South African healthcare legislation and the Constitution. The Health Professions Act (HPA) imposes guidelines and prescribes standards of competence on health care providers including the mandatory guidelines imposed by the Health Professions Council of South Africa (HPCSA) in terms of which medical practitioners may only disclose patient information with the express consent of a patient or when required in terms of statutory provisions, at the instruction of a court or where justified in the public interest.
In the United States, a medical doctor’s legal obligations are defined by the Constitution, by federal and state laws and regulations and by the courts. The courts generally allow a cause of action for a breach of confidentiality against a medical doctor who divulges confidential medical information without proper authorization from the patient. Most State statutes in the US state that medical records are confidential and cannot be disclosed except in specifically provided circumstances. The federal and state laws and regulations protecting privacy and confidentiality of patients include the following:
- The Medicine Act 1991
- The Health Information Portability and Accountability Act of 1996 (HIPAA). It contains national standards to protect the privacy and confidentiality of personal health information.
- The Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA). This Act ensures that information provided to statistical agencies for statistical purposes under a pledge of confidentiality can be used only for statistical purposes and that individuals’ or organisations’ confidential data should be kept confidential.
- The Personal Health Information Protection Act (PHIPA) 2004.
- The Patient Safety and Quality Improvement Act of 2005 (PQIA). It has confidentiality protections in place to encourage the reporting and analysis of medical errors.
In conclusion, it is recommended that medical doctors should implement confidentiality and security policies and maintain good security controls over sensitive patient information. They should also be familiar with laws involving the duty to maintain confidentiality and act in accordance with all of their professional and legal obligations. Any breach of confidentiality can result in mistrust and possibly a law suit. Medical doctors should inform patients of the limits of confidentiality protections and allow the patients to decide whether treatment outweighs the risk of the disclosure of sensitive information. Maintaining confidentiality is fundamental to providing the highest standard of patient care. Patients who understand that their information will remain confidential are more likely to provide the doctor with complete and accurate health information which in turn leads to better treatment and advice from the medical practitioner.