Health professionals have a duty to take reasonable steps to preserve the confidentiality of personal health information, in accordance with the preferences of the individual concerned. For example, conversations between doctor and patient usually need to take place in private, and a patient may prefer their doctor to call them on their mobile phone rather than their home landline. Even well-meaning family members are not necessarily entitled to receive information about a loved one’s medical situation. (See also Introduction to Ethical and Legal Issues in Health Care .)
Every person has recognized the right to confidentiality unless they authorize the disclosure of the information. In some countries, this situation is regulated by specific legislation (known as “Privacy Regulation”, HIPAA, Health Insurance Portability and Accountability Act, Health Infor5mation Privacy in the United States) on confidentiality, access, and disclosure of individually identifiable medical information, known as protected health information, which applies to most health professionals. For example, in the United States the law that regulates these aspects is the Health Insurance Portability and Accountability Act (HIPAA, Health Information Privacy), which specifies the following:
-
Everyone should be able to see and get copies of their medical records and ask that any errors in their records be corrected.
-
Any person legally authorized to make health care decisions on behalf of another person who lacks the capacity to do so, has the same right of access to private health information as the person in question.
-
Health professionals should regularly disclose how they ensure the confidentiality of medical information.
-
Health professionals may share an individual’s medical information, but only among themselves and to the extent necessary to provide necessary care or manage payment for treatment.
-
Personal health information may not be disclosed for commercial purposes.
-
Health professionals must take the necessary precautions to guarantee the confidentiality of their communications with the patient.
-
Individuals can make complaints about the privacy practices of health professionals (directly to the health professional or to the appropriate government agency, in the case of the United States at the Department of Health and Human Services, Office for Civil Rights; see How To File a Complaint with the Office for Civil Rights ).
The HIPAA Privacy Rule should not be constructed in such a way as to create barriers to normal communications with other healthcare professionals caring for a patient or with their family or friends. The regulations allow physicians and other health professionals to share information that is directly relevant to the involvement of a spouse or family, friends, or others designated by a patient. If the patient has the ability to make health care decisions, the physician may discuss this information with the family or others present as long as the patient agrees or, given the opportunity, does not object. Even when the patient is not present or it is not feasible or practical to ask permission because of urgency or incapacity,
Health professionals are sometimes required by law to disclose certain information, usually if the disease may pose a danger to others. For example, certain infectious diseases, such as those caused by the COVID-19 virus, human immunodeficiency (HIV), syphilis and tuberculosis, are usually notifiable to the competent government or health agencies. Health professionals who detect signs of mistreatment, abuse or neglect in children, adults, or the elderly should systematically notify protective services. In some countries, even diseases or disorders, such as dementia or recent seizures, can seriously affect a person’s ability to drive a vehicle and must be declared.