Medical Confidentiality and Exceptions
Jessica Wilen Berg, J.D., MPH
Jessica Wilen Berg is Professor of Law and Bioethics, Case Western Reserve University School of Law and Case Western Reserve School of Medicine Department of Bioethics, Cleveland, OH.
Within the past 12 months, Ms. Berg reports no commercial conflicts of interest.
Albert Einstein College of Medicine, CCME staff, and interMDnet staff have nothing to disclose.
Release Date: 07/12/2011
Termination Date: 07/12/2014
Estimated time to complete: 1 hour(s).
Albert Einstein College of Medicine – Montefiore Medical Center designates this enduring material activity for a maximum of 1.0 AMA PRA Category 1 Credit(s)™. Physicians should claim only the credit commensurate with the extent of their participation in the activity.
In support of improving patient care, this activity has been planned and implemented by Albert Einstein College of Medicine-Montefiore Medical Center and InterMDnet. Albert Einstein College of Medicine – Montefiore Medical Center is jointly accredited by the Accreditation Council for Continuing Medical Education (ACCME), the Accreditation Council for Pharmacy Education (ACPE), and the American Nurses Credentialing Center (ANCC), to provide continuing education for the healthcare team.
Learning ObjectivesUpon completion of this Cyberounds®, you should be able to:
The legal and ethical protections regarding confidentiality of medical information have undergone significant scrutiny in the past few years, and a variety of new legislation and changes to current legislation have recently been promulgated at both the federal and state levels. Developments in electronic media as well as advances in genetic medicine have challenged our traditional understanding of "personal" information and privacy. As a result, there have been various attempts to craft privacy protections in different settings. This Cyberounds® provides an overview of the current ethical and legal frameworks for confidentiality. Its focus is on general state level protections and disclosure obligations. Federal privacy laws, such as HIPAA, are addressed elsewhere.
Despite the overt general acceptance of confidentiality within the medical community, it has never functioned as an absolute bar to disclosure.(1) First, the legal and ethical protections may be waived.(2) No breach occurs when a patient has authorized disclosure.(3) For example, a patient might request that a physician share information on health care matters with the patient’s spouse or a close friend. Second, when the patient is incompetent, certain individuals may be legally authorized to receive information that would otherwise be confidential. Thus surrogates or health care guardians have a right to their ward’s medical information, and parents generally have a right to their children’s medical information.(4) Third, although there are a number of different bases for confidentiality, no theory provides complete protection from disclosure, and each allows for exceptions based on a balancing of the interests promoted by confidentiality versus the interests promoted by disclosure. As the United States Supreme Court stated in the case of Whalen v. Roe, disclosure of confidential information is often necessary, and is not
… meaningfully distinguishable from a host of other unpleasant invasions of privacy that are associated with many facets of health care. Unquestionably, some individuals’ concern for their own privacy may lead them to avoid or to postpone needed medical attention. Nevertheless, disclosures of private medical information to doctors, to hospital personnel, to insurance companies, and to public health agencies are often an essential part of modern medical practice…(5)
Ethical Basis for Confidentiality
The physician’s duty to keep information confidential dates back at least to the earliest codes of medical ethics. The Hippocratic Oath, for example, requires the physician to promise that "What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself holding such things shameful to be spoken about."(6)
More recent ethical codes also include statements on confidentiality. The World Medical Organization’s Declaration of Geneva and the International Code of Medical Ethics both admonish the physician to maintain confidentiality, even after the patient’s death.(7) The American Medical Association’s Code of Medical Ethics states that "[t]he information disclosed to the physician during the course of the relationship between the physician and patient is confidential to the greatest possible degree."(8) But unlike the early codes, the AMA immediately recognizes a number of exceptions to confidentiality "justified by overriding [social] considerations."(9) These include reporting of threats to inflict serious bodily harm on others, certain communicable diseases, and gunshot wounds or knife wounds.
Ethical theories provide numerous bases that can be used to understand confidentiality protections.(10) For example, confidentiality can be explained in terms of the personal and social consequences of the practice, the necessary role of trust in fiduciary relationships, the intrinsic value of privacy as a human good and the interpersonal demands of human dignity and autonomy. Although different philosophers and philosophical traditions emphasize some of these arguments over others, in practice scholars of professional medical ethics, like Tom Beauchamp and James Childress, combine them as mutually supporting, complementary reasons to endorse the profession’s tradition of secret-keeping. For example, according to Beauchamp and Childress, confidentiality protections can be justified using three types of arguments: consequentialist (without assurances of confidentiality, patients are less likely to disclose information pertinent to their medical care), rights-based autonomy (patients have a right to control how their medical information is used) and fidelity-based (physicians have an obligation not to disclosure information shared with them in their medical role).(11) But none of these philosophical arguments, individually or collectively, justify absolute prohibitions against breaching confidentiality — each must be balanced against the goals sought to be achieved.
Confidentiality is also based in law.
Legal Basis for Confidentiality
Although clearly grounded in professional ethical norms, confidentiality is also based in law. As noted above, the ethical theories do not posit absolute protections for confidentiality. Similarly, the legal theories are designed to provide certain protections of privacy and confidentiality, but these are subject to various exceptions.
Confidentiality Based on Contract Law
There are a number of different legal bases for imposing or evaluating medical confidentiality requirements.(12) One is derived from contract law. This theory is premised on the notion that there exists an implied promise in all physician-patient treatment relationships not to reveal information gained as part of that relationship.(13) Although there is certainly some expectation of confidentiality on the part of the patient, how far this confidentiality extends and whether it is sufficient to give rise to a legally enforceable contractual duty is unclear. Moreover, implied contract is a rather undesirable basis for grounding confidentiality protections since it must be proven in each case; implied contracts do not automatically give rise to general duties. As a result, patients are not necessarily guaranteed confidentiality. Furthermore, it is unclear how exceptions are negotiated — explicitly identified up front, or assumed as part of the hypothetical implied contract? Breach of contract actions for disclosure of confidential information are rare,(14) and such cases may be hard to win except possibly where the confidentiality expectations have been made explicitly in writing. Yet explicit promises of confidentiality are uncommon.
Confidentiality Based on Fiduciary Law
Rather than rely on contract theory, a more promising basis may be fiduciary theory. Fiduciaries are charged with certain obligations — here, one would include an obligation to keep information confidential. Instead of requiring a patient to demonstrate an implied contract in each case, the physician would have to challenge the presumption of confidentiality by showing the absence of a fiduciary (e.g., physician-patient) relationship. Fiduciary theory arose out of contractual relationships in which one party was particularly vulnerable and unable to protect itself against a breach.(15) The traditional cases of agent-principle and trustee-beneficiary have been expanded in recent years to include the physician-patient relationship. In some ways, the fiduciary model fits well — the patient is clearly a vulnerable party. By applying traditional fiduciary principles, the physician is held responsible for maintaining confidentiality of all information entrusted to him or her by the patient.(16) But physicians do not fit perfectly into the fiduciary model,(17) and fiduciary theory is not easily applied to determine the scope of confidentiality.
Confidentiality in the traditional fiduciary relationship would not be defined as a ban on disclosing information, but rather a duty to use confidential information for the vulnerable party’s benefit (here, the patient). How benefit is interpreted depends on the fiduciary’s role. A fiduciary must have a defined role — in the classic agency case, it is to promote profit.(18) It is not as easy to ascribe a single responsibility to a physician. Should the focus be on prolonging life? Minimizing suffering? Curing disease? The requirement of confidentiality would only apply if its application furthered the primary obligation of the fiduciary. For example, if the physician’s primary role is to prolong life, confidentiality should be breached when the disclosure would serve to prolong life, or the failure to disclose would shorten life. Thus a patient’s threat of suicide should be disclosed in order to prevent harm to self. On the other hand, if the primary goal is to minimize suffering, then it is less clear whether a rational and competent threat of suicide should be disclosed.
Privacy rights are not absolute and must be balanced against other fundamental rights of both the individual and of other people.
Confidentiality Based on Privacy Rights
Since neither contract nor fiduciary theory provide clear guidance in defining the scope of confidentiality protections, one might look to general privacy protections found in the federal or state constitutions, or in common law, in order to draw general conclusion about legal confidentiality protections. Privacy is often thought of as a "fundamental" right, and there are a variety of legal protections that may fall into this category. These include protections of an individual’s home,(19) body,(20) and personal information. (21) But privacy rights are not absolute and must be balanced against other fundamental rights of both the individual and of other people.(22)
Although there are constitutional privacy protections, most issues of informational privacy (and thus confidentiality) are addressed by tort law.(23) There are several types of lawsuits for invasion of privacy, including unreasonable: a) intrusions upon seclusion, b) appropriation of name/likeness, c) publicity of private life, and d) placing someone in a false light.(24) But personal information (what is at issue in medical confidentiality) is not protected at law in the same way one’s home or bodily integrity is protected. In fact, quite a bit of personal information is not protected at all. For example, it is fairly simple to obtain a person’s credit history (even legally) in contrast to his/her medical history despite the fact that both may be considered highly personal, and thus private, information. One author argues that privacy protections are basically a means to protect other interests, such as reputation, avoidance of embarrassment or shame, or discrimination, and do not necessarily support the notion that certain information is inherently private.(25)
In fact, the common law right of action for "public disclosure of a private fact" explicitly states that the information in question must be "highly offensive to a reasonable person."(26) This standard appears to be quite fact specific and certainly does not, by itself, create a basis for confidentiality of all medical information. Moreover, its application is balanced against legitimate interests of the public in knowing particular information (and thus there are fewer protections for public figures). Likewise, suits for defamation(27) require proof of a number of factors; most problematic in the context of breaches of medical confidentiality is that the statement in question must be false.(28) Even for false statements, there are absolute and qualified privileges that may serve as a defense to a defamation suit. In particular, health care providers may fit within the contours of a qualified privilege, which permits disclosure based on the importance of the interest served.(29) Courts have ruled that seeking compensation, various legitimate business interests, and public health needs all count as "important" interests,(30) which may serve as a defense to a claim of defamation.
Not all information (even medical information) is automatically granted legal protection from disclosure.
The result is that not all information (even medical information) is automatically granted legal protection from disclosure, but only information that is particularly sensitive. And even sensitive information may be disclosed under certain circumstances. Thus, protections for confidentiality appear to function only to the extent that the underlying goal(s) of the protections are met. Legal protections for confidentiality are evidence of the value our society accords to privacy, but they may be outweighed in cases where other society values (such as public health and safety) take precedence. Ethical protections function to promote both privacy (or autonomy) and health, but may be overcome to the extent that disclosure better serves one or the other of these values.
State Confidentiality Laws
State confidentiality protections vary considerably. Few states have comprehensive confidentiality laws, and many states control disclosure of health information through an amalgam of statutes addressing everything from particular disease information to autopsy records. In fact, some states eschew the notion of a general confidentiality statute and simply legislate specific exceptions on the assumption that the common law protections for health information will suffice. Most problematic about confidentiality protections has been the lack of sanctions for breaches as well as the undesirability of the legal remedy — the solution for the patient who has discovered a breach of confidentiality is to go to court and tell people just the information they did not want anyone to know in the first place! Thus, it becomes extremely important to craft front-end safeguards that prevent unauthorized breaches from occurring, while at the same time achieving a balance with needs for information to: treat patients, assure quality health care, and conduct research to achieve health advances.
State laws either address the type of information (usually based on disease or illness) or the entity holding the information (such as government agencies), or both. Thirty-seven states place a duty on physicians to maintain confidentiality of medical records, and almost all states have placed some restrictions on the use of information contained in medical records that are held by state agencies.(31) Thirty-three states have legislation restricting disclosure of medical information from hospitals and health care facilities.(32) Some of these states also include homeopathic practitioners(33) and other alternative medical providers, dentists,(34) pharmacists,(35) and mental health professionals,(36) either in their definition of "health care provider" or under separate legislation. At least four states specifically regulate the use of such information by insurance companies.(37) A few states combine these two under the heading of "third party administrators."
Exceptions to Confidentiality
All of the statutes referred to above contain exceptions, allowing disclosure under certain circumstances or to particular entities. All states allow disclosure to third party payers, although in most cases the patient will provide consent to this practice at the time of treatment (generally included as a section of most hospital or physician office intake forms) or when they sign the initial coverage contract.(38) This section outlines the mandatory reporting statutes (those that require disclosure to appropriate authorities) as well as the permissive exception statutes (those that allow a physician to use discretion in deciding whether to disclose information). In the latter situation, the statute in question usually provides protections against liability for disclosure. In the former situation, liability may be imposed for failing to disclose.
The statutes and case law governing exceptions can be separated into a number of areas, including reporting for public health, public safety, protection of vulnerable persons and research. The first three categories will be dealt with under the general heading of public health and safety. These are circumstances in which physicians’ obligations to maintain health (of the public, or sometimes a particular individual) outweigh obligations to maintain patient confidentiality. The final category, disclosure for research purposes (including statistical disease registries and quality assurance), will be dealt with separately. But even here the goal is linked to health — specifically advancing general knowledge so as to achieve future health benefits. There is a final group of situations where confidentiality may be compromised, which include cases where the physician in question performs an examination for an insurance company, employer or court. These situations are best looked at not as exceptions to confidentiality, but as cases where the scope of the physician’s duty to disclose information to a third party is established as part of the initial agreement between the patient and physician.
Physicians have an ethical responsibility to society as well as to individual patients.
Public Health and Safety
Physicians have an ethical responsibility to society as well as to individual patients.(39) This is generally interpreted to mean that physicians have a duty to protect the public health. The extent of this duty is not fully defined, at least with respect to the circumstances under which it outweighs the physician’s responsibility to the individual patient. However, there are some clearly articulated limits. For example, a physician cannot experiment on a patient in the hopes of benefiting society without the patient’s consent. In such a case, the obligation to the patient outweighs the obligation to society. But this example highlights the limits of the physician’s duty to promote public health. It is less clear how to deal with the physician’s responsibility to prevent harm to the public. In particular, may a physician breach confidentiality when public health or safety is threatened?
The most common examples where public health concerns outweigh individual rights of confidentiality are from the contagious disease cases.(40) A number of states have legislation requiring disclosure of specific diseases, such as sexually transmitted diseases (STDs), HIV/AIDS, or general communicable diseases like tuberculosis(41) and syphilis.(42) Reporting statutes usually mandate disclosure to appropriate public health agencies. But these statutes may also include provisions allowing for disclosure to specific at-risk individuals. As a result, disclosure may be to public health authorities, other medical care providers,(43) partners, family(44) or even needle sharers.(45)
While there have long been reporting statutes for communicable diseases, more recently there has been discussion of a physician’s duty to disclose genetic information to specific at-risk individuals.(46) Despite the fact that genetic information may be useful to third parties, this is true of many other types of medical information. Thus, it is not clear that this information should be treated differently from medical information in general, which is usually kept confidential during the individual’s lifetime, except to the extent that it has serious health implications for other people (e.g. contagious diseases).(47)
Although genetic traits may be passed on to offspring, they clearly are not transmissible in the same way as contagious diseases and thus do not exactly fit under a discussion of public health concerns. But genetic information does have implications for the health of blood relatives. At least one court has held that a physician may have a duty to disclose genetic information about a patient to immediate family members, based on these health concerns.(48)
Although the broader issues of the uses of genetic information are beyond the scope of this article, the specific issue of disclosure of genetic information to family members is particularly important in the postmortem context. In fact, genetic information is likely to be regarded as extremely useful to family members for predicting their own health care needs (possibly even more so than other types of medical information), and thus there may be a strong argument in favor of disclosure.
On the other hand, it is clear that genetic information poses significant potential for misuse and may result in discrimination against the individual tested. Therefore, special confidentiality protections may be appropriate. Achieving a balance between confidentiality and protection of health with respect to genetic information is a particularly thorny issue and has garnered a great deal of attention. In general, disclosure under these circumstances should depend on the same factors as would govern any other request for information needed for its health benefits.
In addition to concerns about public health, there are also a number of situations in which physicians must disclose information in order to safeguard public safety. It is less clear whether physicians have the same ethical responsibility to protect public safety as they do public health. As a result, mandatory reporting statutes in this context may be more problematic from an ethical standpoint. On the other hand, because "health" is such an expansive concept, it often is difficult to distinguish between concerns about public health and public safety. Many states have reporting statutes for injuries from criminal behavior, injuries from alcohol, motor vehicle impairments and burns. Ohio, for example, has a statute mandating the reporting of drug abuse when the individual in question is a public transportation employee,(49) and New Jersey requires physicians to report cases of epilepsy to the Division of Motor Vehicles.(50)
Duty to Warn
Disclosure in these cases is usually to law enforcement authorities. In some situations, however, the physician might be obligated to disclose information to a particular individual or group of individuals. The classic case is the psychotherapist’s duty to warn. The concept of a duty to warn in this context originated in a California case, Tarasoff v. Regents of California.(51) In Tarasoff, a patient informed his therapist of his intention to kill a young woman.(52) After her murder, the family sued, claiming that the physician should have warned the victim. The court held that a therapist might be required to reveal information gathered during counseling if the patient’s statements indicate that he is likely to seriously injure an identifiable third party.(53)
A number of states have adopted this doctrine, and some have extended it to all physicians or mental health professionals. Duty to warn cases focus on (1) the seriousness of the threat of harm and (2) the identifiability of the victim. Thus a physician is not under an obligation to reveal threats of minor harm, threats that the physician does not believe are serious, or general threats where there is no identifiable third party. Duty to warn cases are not without controversy, and some people believe that positing such a duty places the physician in the undesirable role of law enforcer, rather than healer. It is unclear whether the conflict between such roles forces physicians into an untenable position with respect to confidentiality, and thus undermines generally the protections of medical information. Nonetheless, many states have been hesitant to extend such a duty to health professionals.
Protection of Vulnerable Persons
Less controversial than public safety cases are those involving protection of vulnerable persons. Although physicians (along with other professionals) have at least some responsibility to safeguard vulnerable persons, it is not clear whether this duty extends to the general public, or whether it should outweigh individual confidentiality protections. With respect to minors, however, these protections are generally thought to be appropriate. Almost all states have child abuse reporting statutes. Missouri specifically requires physicians to report drug dependent minors to the health department.(54) New Jersey expands the requirement to all drug dependent patients.(55) In addition, some states have statutes that require reporting of abuse of hospital patients or long-term care patients, elder abuse, spousal abuse, and domestic abuse.
Besides reporting for health and safety, there are also disclosure statutes that address reporting for informational or research purposes. Informational disclosure is usually the least controversial since the information is provided to state or federal agencies and not disclosed to the public. The data gathered is incorporated into registries that allow officials to keep various health care statistics.(56) These may be found in conjunction with public health reporting requirements, e.g., HIV/AIDS registries.(57) Another example is cancer registries.(58) In addition, Indiana keeps track of children with developmental disabilities,(59) and Montana requires reporting of occupational diseases.(60) These registries are usually kept confidential, and in many cases the data is maintained without identifiers.
Recently, however, there have been a number of concerns raised about such databases, especially when the stored information can be linked to identifiers or is stored electronically without adequate security.(61) Genetic or other sensitive information databases raise additional concerns, particularly if law enforcement officials may access the information.(62) Attention in this area presently is focused less on state registries per se, than on the need to develop better security mechanisms in order to ensure the continued confidentiality of medical information in the age of computerization.(63)
Disclosure (or access to confidential information) for research purposes is more controversial.
Disclosure (or access to confidential information) for research purposes is more controversial. In some research protocols, identifiers remain and thus information about particular patients may be garnered from the data gathered. In addition, it is generally accepted that patients must consent before being entered into a research study, and this may be thought to include consent to the use of personal information gathered during treatment. Nonetheless, some state laws explicitly carve out an exception to confidentiality restrictions, allowing access to medical records for research purposes.(64)
Like disclosure for individual health purposes, it is undeniable that research serves health needs and that disclosure should be permissible under certain circumstances. It is through research that better treatments are developed, benefiting patients. Although society’s general need for information in this context does not automatically outweigh the individual’s interest in maintaining confidentiality, to the extent the identifiers may be removed from the information, leaving it anonymous, it may be disclosed.
Confidentiality protections, while appropriate in the research context, do not apply where the issue does not involve disclosure of information linked to a particular patient. This highlights the difference between confidentiality and privacy. Privacy concerns the individual’s ability to keep certain information about him or herself from ever being known. Confidentiality is the individual’s ability to keep information that has been disclosed from being shared with other people. The protection is not with respect to the information itself, but its link to the individual. Thus it does not make sense to talk about the confidentiality of anonymous information, except to the extent that there are security concerns relating to whether or not the information can be linked back to the individuals in question.
We are a society strangely obsessed both with privacy and obtaining information. There are numerous aspects of our lives that are available for anyone to access, and yet most people remain either unaware of these possibilities, or unconcerned with the potential trespass. Medical information is one of the most contradictory areas. Most patients are not even aware of the extent to which information about their care is shared within a hospital setting, but are horrified by the potential that an insurer may need access for reimbursement purposes.
Confidentiality protections for medical information are currently undergoing scrutiny at both the federal and state level. Although much attention is currently focused on the federal privacy rule (HIPAA), there are a number of state confidentiality protections. Health professionals should be aware of the legal and ethical bases for confidentiality and the range of disclosure obligations.
This Cyberounds® is based, in part, on the chapter "Berg J, "When if ever should confidentiality be set aside?" in Ethical Dilemmas in Neurology, W.B. Saunders (2000). I would like to thank my research assistant, Hope Lu, for her invaluable help.