The relationship between a doctor and a patient is one of trust. Patients often disclose sensitive personal information about themselves to medical personnel with the understanding that it will not be disclosed to a third party without their consent. This ensures that patients can comfortably talk about their medical conditions without fear and reveal other information (such as finances) to healthcare professionals such as physicians, nurses, and therapists. The underlying objective is to ensure that the doctor gets all the relevant information needed to make a correct diagnosis and provide the best care to the patient.
HIPAA and Confidentiality
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule protects every individual’s identifiable health information. This “protected health information” can be in any form — verbal, on paper, or electronic. By law, all of the patient’s medical records, including pre-existing conditions, lab reports, and X-rays, all communication between the patient and healthcare staff, and all financial and insurance information from the past, present, and future must remain confidential.
The Five Cs of Exceptions to Confidentiality
Doctors rely on the principles of medical ethics to safeguard a patient’s privacy while also remaining within the constraints of the law. The legal definition of confidentiality can vary by jurisdiction or setting (for example, the military may have different rules). Nonetheless, broadly speaking, patients should understand that the following exceptions apply to a physician’s duty of confidentiality:
- Consent: A physician can release confidential information after obtaining express consent from a patient.
- Court Order: A physician can release confidential information by order of a court of law.
- Continued Treatment: A physician can release confidential information if it is necessary for the patient’s continued treatment.
- Compliance: A physician can release confidential information in compliance with mandatory regulations and statutes and for purposes of law enforcement (for example, reporting child abuse or unlawful activities).
- Communication: A physician can release confidential information under the Tarasoff exception to communicate a threat of violence and protect others from a patient.
Breach of Physician-Patient Confidentiality: Is it Reason to Sue?
If a patient’s private health information is disclosed to a third party and none of the above exceptions are applicable, it constitutes a breach. If this breach results in some harm to the patient, then this is a cause of action against the medical professional. A physician’s duty to a patient to maintain confidentiality is not limited by time and continues even if the patient is no longer receiving treatment. In fact, this duty even extends beyond a patient’s death, and the doctor must continue to protect the person’s confidentiality.
Confidentiality and Other Healthcare Personnel
In the healthcare setting, besides physicians, many other medical personnel take care of patients, such as nurses, physician assistants, and technologists. In the fast-paced environment of a hospital, communication errors can occur. These healthcare professionals are not exempt from legal action for breach of confidentiality. For example, patients can file a claim due to a nurse’s mistake. In recent years, a man diagnosed with a sexually transmitted disease sued a New York clinic when one of the nurses who worked there informed his girlfriend (who was her sister-in-law) of the patient’s medical condition.