Many people are familiar with the idea of confidentiality as an integral part of the professional code of ethics in the legal, medical, and mental health fields. What you tell your doctor, lawyer, or psychologist is supposedly protected information that cannot be shared with others, no matter how intimate, gory, or revealing it may be.
Whether or not to disclose personal medical information is often said to be a balancing act between the benefits of keeping confidentiality and the benefits of waiving it.
In the medical field, confidentiality even dates back to the Hippocratic Oath, but there are many updated versions of confidentiality, defined by various medical associations around the word. Recent years have muddied our understanding of medical confidentiality. Developments in technology have challenged our traditional understanding of "personal" information and privacy. As a result, officials have tried to develop privacy protections that apply to different settings and circumstances.
Whether or not to disclose personal medical information is often said to be a balancing act between the benefits of keeping confidentiality and the benefits of waiving it. The U.S. Supreme Court has stated that "disclosures of private medical information to doctors, to hospital personnel, to insurance companies, and to public health agencies are often an essential part of modern medical practice." It’s just a matter of figuring out under what circumstances disclosures should occur.
So there are a couple of questions that are up for debate. The first is how to define confidentiality, since there are many different types, with different objectives at heart. The second issue, which stems from the first, is under what circumstances confidentiality should be broken. How do we weigh the pros and cons of sharing personal health information with others in the medical community and with the government? This article will explore how confidentiality should be conceived and if and when it should be broken.
Consequentialist theory suggests that without assurances of confidentiality, patients are less likely to disclose important medical information to their doctors.
On the other hand, in contrast to other definitions, the AMA immediately recognizes a number of exceptions to confidentiality, which include reporting of threats to inflict serious bodily harm on others, certain communicable diseases, and gunshot wounds or knife wounds.
Ethical theories provide many different ways to view confidentiality laws. For example, according to the medical ethics scholars Tom Beauchamp and James Childress, confidentiality protections can be justified using three types of arguments:
- Consequentialist theory suggests that without assurances of confidentiality, patients are less likely to disclose important medical information to their doctors.
- Rights-based theory states that patients have a right to control how their medical information is used.
- Fidelity-based confidentiality suggests that physicians have an obligation not to disclosure information shared with them in their medical role.
Interestingly, none of these philosophical arguments suggests that confidentiality should not be breached under certain circumstances. Again, it is a matter of weighing the pros and cons between keeping and breaching confidentiality.
For example, if the physician’s primary role is to prolong life, confidentiality should be breached when the disclosure would serve to prolong life, or the failure to disclose would shorten life. But what if a patient threatens suicide? Disclosing this information would prolong his or her life, but it might also prolong suffering. These are the kinds of questions that are important to consider, and difficult to answer using legal theories of confidentiality.
The problem is that personal information (which is what’s at stake with medical confidentiality) is not protected at law in the same way one’s home or bodily integrity is protected. In fact, quite a lot of personal information is not protected at all. For example, it is much easier to obtain a person’s credit history (even legally) than it is to gain access to his/her medical history, even though both may be considered highly personal and private information.
The problem is that personal information (which is what’s at stake with medical confidentiality) is not protected at law in the same way one’s home or bodily integrity is protected. In fact, quite a lot of personal information is not protected at all.
The bottom line is that not all information, even medical information, is automatically granted legal protection from disclosure: only information that is particularly sensitive is protected (and even sensitive information may be disclosed under certain circumstances). Legal protections for confidentiality are the result of our society’s interest in privacy, but they can still be outweighed in cases where other society values (such as public health and safety) outweigh them.
State confidentiality protections vary widely. Only a few states have comprehensive confidentiality laws, and many states control disclosure of health information through a combination of statutes addressing everything from particular disease information to autopsy records.
One of the biggest problems in confidentiality protections is the lack of clarity about when patient confidentiality can be breached. Another problem, however, is what to do regarding the patient who has discovered a breach of confidentiality. The obvious solution is to go to court, but this means making public the information they did not want anyone to know in the first place! Therefore, it is important to develop "front-end" safeguards that prevent unauthorized breaches from occurring. But these safeguards must be designed to achieve a balance between protecting confidentiality and the need to share information in order to need to treat patients, assure quality health care, and conduct research that will lead to health advances.
One of the biggest problems in confidentiality protections is the lack of clarity about when patient confidentiality can be breached. Another problem, however is what to do regarding the patient who has discovered a breach of confidentiality.
State laws typically either address the type of information (usually based on disease or illness) or the entity holding the information (such as government agencies), or both. Thirty-seven states require physicians to maintain confidentiality of medical records — almost all states have placed some restrictions on the use of information contained in medical records that are held by state agencies. In the next section, we will look at the circumstances under which confidentiality may be broken.
All of the different ways of conceptualizing confidentiality include exceptions, allowing disclosure under certain circumstances or to particular agencies. All states allow disclosure to third party payers (insurance companies), although in most cases the patient will provide consent to this practice at the time of treatment (generally in a section of most hospital or physician office intake forms) or when one signs the initial coverage contract.
The most obvious examples of public health concerns outweighing individual rights to confidentiality are from contagious disease cases.
This section outlines the mandatory reporting situations (those that require disclosure to specific authorities) as well as the permissive exceptions (those that allow a physician to use his or her own discretion in deciding whether to disclose a patient’s information). In the latter situation, the laws usually provide protections against liability for disclosure. In the former situation, liability may be imposed for failing to disclose.
The statutes and case law governing exceptions can be separated into a number of different areas, including public health, public safety, protection of vulnerable persons, and research. The first three categories are circumstances in which physicians’ obligations to maintain health (usually of the public, or sometimes of a particular individual) outweigh the need to maintain patient confidentiality. The final category, waiving confidentiality for research purposes is a little bit different, but even here the goal is linked to health — specifically advancing general knowledge so as to achieve future health benefits.
At least one court has held that a physician may have a duty to disclose genetic information about a patient to immediate family members.
Disclosing genetic information is another issue in public health. Although many genetic traits may be passed on to one’s children, they clearly are not transmissible in the same way as contagious diseases and thus do not exactly fit under a discussion of public health concerns. But genetic information does have implications for the health of blood relatives. Should a doctor disclose to a patient’s family members the fact that the patient carries a gene for cancer or Alzheimer’s disease? Given the health concerns, at least one court has held that a physician may have a duty to disclose genetic information about a patient to immediate family members. Similar issues apply to postmortem disclosure. Genetic information is likely to be regarded as extremely useful to family members for predicting their own health care needs (possibly even more so than other types of medical information), and thus there may be a strong argument in favor of disclosure after a patient has died.
In Tarasoff, a patient informed his therapist of his intention to kill a young woman. After her murder, the family sued, claiming that the physician should have warned the victim.
A number of states have adopted this principle, and some have extended it to all physicians or mental health professionals. Duty to warn cases focus on (1) the seriousness of the threat of harm and (2) the identifiability of the victim (whether there is a specific individual at risk). Therefore, a doctor is not under any obligation to reveal threats of minor harm, threats that the doctor does not believe are serious, or general threats where there is no identifiable individual at risk. Given these parameters, duty to warn cases are not without controversy, and some people believe that they place the physician in the undesirable role of law enforcer, rather than healer. It is unclear how this issue affects confidentiality, and, many states have been hesitant to extend such a duty to health professionals.
With respect to children under 18, however, these protections are generally thought to be appropriate, particularly in cases when a physician may suspect a child's injury he or she has been called upon to treat may be the result of child abuse.
Almost all states have child abuse reporting statutes. Missouri specifically requires physicians to report drug dependent minors to the health department, and New Jersey expands the requirement to all drug dependent patients. In addition, some states have statutes that require reporting of abuse of hospital patients or long-term care patients, elder abuse, spousal abuse, and domestic abuse.
Some states have statutes that require reporting of abuse of hospital patients or long-term care patients, elder abuse, spousal abuse, and domestic abuse.
These registries are usually kept confidential, and in many cases the information is kept separately from any individually identifying information. Recently, however, there have been some concerns raised about such databases, especially when the information can be linked to individuals (in other words, it is not completely anonymous) or it is stored electronically without adequate security.
Sharing medical information for research purposes is more controversial. In some research protocols, identifiers remain so that data can still be traced to particular individuals. While it is generally accepted that patients must consent before being entered into a research study, some state laws explicitly carve out an exception to confidentiality restrictions, allowing access to medical records for research purposes.
Because research allows better treatments to be developed and in this way serves the general public, it seems reasonable that disclosure should be permissible under certain circumstances, provided that individuals have the option of remaining anonymous.
We are a society strangely obsessed both with privacy and obtaining information. There are many aspects of our lives that are available for anyone to access, and yet most people are either unaware of these possibilities, or unconcerned with this loss of confidentiality.
Knowing what confidentiality laws in your area cover can help you make informed decisions about how your information is shared.
The sharing of medical information is one of the most complicated areas, and most patients are not even aware of the extent to which information about their care is shared within a hospital setting. Still, they are horrified by the potential that their insurance company may need access for reimbursement purposes.
There are many ways to define confidentiality, and how we conceptualize it affects how it functions in our everyday lives. Confidentiality laws regarding medical information are currently undergoing changes at both the state and federal levels. Although much attention is currently focused on the federal privacy rule (HIPAA), there are a number of state confidentiality protections. It is important not only for health professionals to be aware of the many considerations of confidentiality laws, but it is also important for the individual.
Knowing what confidentiality laws in your area cover can help you make informed decisions about how your information is shared. As citizens become more aware of the many issues involved in medical confidentiality, they can help shape the discussion and make their voices heard as lawmakers address the issues.