Advanced search

Confidentiality and privacy
This page is your starting point to CMPA's articles on confidentiality and privacy.

Why it's important

Confidentiality is a cornerstone of medical ethics and an important aspect of patient safety. It is also a legal requirement throughout Canada.

Patients sometimes have to share sensitive or intimate details with their doctors. Physicians, in turn, have an obligation to keep that information confidential.

Confidentiality encourages the patient to provide the doctor with all relevant information. This helps the physician to determine the diagnosis and treatment, and reduces the possibility of harm for the patient.

Basic principles

Physicians are responsible for their own actions and those of their staff regarding patient information, and for establishing suitable privacy policies in their office or clinic. The articles "How do you protect privacy?" and "Patient confidentiality — Do you know what your staff members are talking about?" illustrate how privacy breaches can occur and some of the potential consequences.

Guidance on how to comply with privacy legislation is given in the "Office privacy compliance" articles, part 1, part 2, and part 3.

The concept of "circle of care" may help physicians to comply with privacy legislation. It also may aid physicians to understand whether a patient's consent allowing a doctor to share health information with others can be implied or should be expressed. See "Consent and the circle of care." Physicians who treat extended families must be careful not to reveal any information obtained outside the immediate doctor-patient relationship to a third party . See "Protecting privacy when treating extended families."

Privacy should also be considered when disposing of confidential documents such as laboratory test results. ("Keep privacy in mind when disposing of test reports")

As noted in "Using social or professional networking websites can breach confidentiality," physicians should take care to avoid breaching patient confidentiality when participating on social networking websites.

Electronic information

Physicians who use electronic medical records should review their policies and procedures on the safe storage and disposal of patient health information that is stored on computers. Strategies to help minimize the risk of loss and unauthorized access include password protection, encryption, backing up data, and erasing and appropriately disposing of storage devices (hard disks). For more detail about encryption, see "Encryption just makes sense" and "Protecting sensitive electronic health information — think encryption."

Special situations

Physicians may occasionally encounter situations in which they are obliged to disclose confidential patient health information. Such situations include the following:

• if there are reasonable grounds to believe that a child is in need of protection, such as in situations of suspected sexual abuse ("Age of consent for sexual activity and duty to report")
• when served with a search warrant ("Physician interactions with police")
• when treating patients with gunshot and stab wounds ("Reporting of gunshot and stab wounds")

When a third party who is not a member of the surgical care team requests to be present in the operating room while surgery is being performed, the physician should consider first obtaining the patient's consent. ("Third parties in the operating room")

Learn more and earn CME credits

Complete the CMPA's eLearning activity on "Privacy and confidentiality" and earn CME credits.