Confidentiality and privacy
Why it's important
Confidentiality is a cornerstone of medical ethics and an important aspect of patient safety. It is also a legal requirement throughout Canada.
Patients sometimes have to share sensitive or intimate details with their doctors. Physicians, in turn, have an obligation to keep that information confidential.
Confidentiality encourages the patient to provide the doctor with all relevant information. This helps the physician to determine the diagnosis and treatment, and reduces the possibility of harm for the patient.
Physicians are responsible for their own actions and those of their staff regarding patient information, and for establishing suitable privacy policies in their office or clinic. The articles "How do you protect privacy?" and "Patient confidentiality — Do you know what your staff members are talking about?" illustrate how privacy breaches can occur and some of the potential consequences.
The concept of "circle of care" may help physicians to comply with privacy legislation. It also may aid physicians to understand whether a patient's consent allowing a doctor to share health information with others can be implied or should be expressed. See "Consent and the circle of care." Physicians who treat extended families must be careful not to reveal any information obtained outside the immediate doctor-patient relationship to a third party . See "Protecting privacy when treating extended families."
Privacy should also be considered when disposing of confidential documents such as laboratory test results. ("Keep privacy in mind when disposing of test reports")
As noted in "Using social or professional networking websites can breach confidentiality," physicians should take care to avoid breaching patient confidentiality when participating on social networking websites.
Physicians who use electronic medical records should review their policies and procedures on the safe storage and disposal of patient health information that is stored on computers. Strategies to help minimize the risk of loss and unauthorized access include password protection, encryption, backing up data, and erasing and appropriately disposing of storage devices (hard disks). For more detail about encryption, see "Encryption just makes sense" and "Protecting sensitive electronic health information — think encryption."
Physicians may occasionally encounter situations in which they are obliged to disclose confidential patient health information. Such situations include the following:
When a third party who is not a member of the surgical care team requests to be present in the operating room while surgery is being performed, the physician should consider first obtaining the patient's consent. ("Third parties in the operating room")
Learn more and earn CME credits
Complete the CMPA's eLearning activity on "Privacy and confidentiality" and earn CME credits.