Confidentiality is the right of an individual patient to have personal, identifiable medical information kept private; such information should be available only to the physician of record and other health care and insurance personnel as necessary.
Patient confidentiality means that personal and/or medical information given to a health care provider will not be disclosed to others unless the patient has given informed consent. This is becoming extremely difficult to ensure in an age of electronic medical records and third-party insurance payers.
Because the disclosure of personal information could cause professional or personal problems, patients rely on physicians to keep their medical information private. It is rare for medical records to remain completely sealed, however. The most benign breach of confidentiality takes place when clinicians share medical information as case studies. When this data is published in professional journals the identity of the patient is never divulged, and all identifying data is either eliminated or changed. If this confidentiality is breached in any way, patients may have the right to sue.
The greatest threat to medical privacy, however, occurs because most medical bills are paid by some form of health insurance, either private or public. This makes it difficult, if not impossible, to keep information truly confidential. Health records are routinely viewed not only by physicians and their staffs, but by insurance companies, medical laboratories, public health departments, researchers, and many others. If health insurance is provided by an employer, they also may have access to their employees' files.
The American Medical Association (AMA) encourages doctors to guard their patients' privacy despite the widespread use electronic health records. The organization advises its members to get patient consent for any and all releases of medical information, and recommends that all office personnel and consultants be aware of the paramount importance of maintaining confidentiality. Such policies must be in place, especially in care institutions, in order to maintain Joint Commission on Accreditation of Healthcare Organizations (JCAHO) accreditation. Most confidentiality releases identify the types of information that can be released, the people and/or groups that have been permitted access to the information, and limit the length of time for which the release is valid.
Despite these safeguards, unfortunately, patient confidentiality has eroded with the almost-complete dominance of health-maintenance organizations and other types of third-party payers. In light of this, the medical profession must remain constantly vigilant that their patients' right to privacy is upheld. Confidentiality is essential for a good relationship between patient and practitioner, whose duty to keep information private dates from the Hippocratic Oath. If personal information is disseminated without the patient's permission, it can erode confidence in the medical profession and expose health care professionals to legal action.
Physicians are increasingly being sued by patients whose information has been released without their permission, as the following legal cases show. Even though the plaintiffs do not always prevail, the costs of legal action are burdensome to both sides:
Estate of Behringer v. Princeton Medical Center, 592 A.2d 1251 (N.J. Super. Ct. Law Div. 1991). The late Behringer, a surgeon who worked at Princeton Medical Center, was diagnosed with and treated for AIDS at the same hospital. Behringer's chart, which included several references to his diagnosis, was kept at the nurses' station on his floor with no special protection. His condition became widely known as a result, and the hospital began requiring his patients to sign a form acknowledging the risk to their health. Ultimately, the doctor's surgical privileges were suspended. Behringer's estate sued the hospital for its failure to take reasonable steps to protect his privacy. The hospital was found to have breached confidentiality by leaving the chart out in the open, but the court said they did not discriminate against Dr. Behringer by requiring his patients' informed consent.
Velazquez v. St. Clare's Hospital, (Kings County Supreme Court, New York, 1994). Nydia Velazquez was admitted to St. Clare's Hospital in 1991 after attempting suicide. In 1992, while she was running for election to U.S. House of Representatives, copies of her medical records were faxed anonymously to several newspapers, which ran them in front-page stories. It was never determined whether hospital personnel were responsible for the disclosure. Regardless, Velazquez sued the hospital for breach of contractual and fiduciary duties of confidentiality, for wrongful disclosure, and for negligence in maintenance of the security of her medical records. She won both the seat in Congress and the lawsuit.
Doe v. Methodist Hospital, 690 N.E.2d 681 (26 Med. L. Rptr. 1289 (1997)), Hancock County Superior Court, Indiana. According to the filed complaint, Doe, a postal worker who was HIV positive, disclosed his HIV status to paramedics when he was taken to the hospital after a heart attack. The paramedics noted his status on their report, which became part of Doe's medical file. Several coworkers eventually learned of his condition and discussed his HIV status. They were sued, along with the hospital and some of its employees, for invasion of privacy and other wrongful conduct. The court found that Doe's privacy had not been invaded, nor had he been slandered or libeled.
Each state, and the federal government, has enacted laws to protect the confidentiality of health care information generally, with particular attention paid to information about communicable diseases and mental health. For example, through the 1960s substance and alcohol abuse were treated as mental illnesses, with patient confidentiality determined by the laws in each state, since at the time the state was responsible for mental health care and treatment.
In the early 1970s, however, the rising numbers of those needing substance abuse treatment came to the attention of the federal government, because drug-related activity, including the treatment for substance abuse, could be the basis for criminal prosecution on a federal level. Congress concluded that this might stop many who needed treatment from seeking it. They enacted a strict confidentiality law to limit disclosure of information that could reveal a patient's identity.
Confusion ensued when practitioners who were treating substance abusers were required to follow two practices for patient confidentiality-one mandated by the state, the other dictated by the federal government. With the varying degrees of protection provided by state mental health laws, the confusion grew further still. While all states specify exceptions to confidentiality, few have spelled out the necessary elements of valid consent for disclosure of mental health information. Some states allow disclosure of the following types of mental health information without client consent:
disclosures to other treatment providers
disclosures to health care services payers or other sources of financial assistance to the patient
disclosures to third parties that the mental health professional feels might be endangered by the patient
disclosures to researchers
disclosures to agencies charged with oversight of the health care system or the system's practitioners
disclosures to families under certain circumstances
disclosures to law enforcement officials under certain circumstances
disclosures to public health officials
Providers are increasingly concerned that these exceptions are not addressed uniformly, particularly when providers and payers do business across state lines. This results in open-ended disclosures that specify neither the parties to whom disclosure is to be made nor the specific information allowed to be revealed.
The critical nature of confidentiality
Both the ethical and the legal principles of confidentiality are rooted in a set of values regarding the relationship between caregiver and patient. It is essential that a patient trust a caregiver so that a warm and accepting relationship may develop; this is particularly true in a mental health treatment.
Joint Commission on Accreditation of Healthcare Organizations (JCAHO)
The accrediting organization that evaluates nearly 20,000 U.S. health care organizations and programs. Accreditation is maintained with onsite surveys every three years; laboratories are surveyed every two years.