Patient confidentiality





Definition

Confidentiality is the right of an individual to have personal, identifiable medical information kept private. Such information should be available only to the physician of record and other health care and insurance personnel as necessary. As of 2003, patient confidentiality was protected by federal statute.


Purpose

The passage of federal regulations (the Health Insurance Portability and Accountability Act of 1996) was prompted by the need to ensure privacy and protection of personal records and data in an environment of electronic medical records and third-party insurance payers.


Description

Patient confidentiality means that personal and medical information given to a health care provider will not be disclosed to others unless the individual has given specific permission for such release.

Because the disclosure of personal information could cause professional or personal problems, patients rely on physicians to keep their medical information private. It is rare for medical records to remain completely sealed, however. The most benign breach of confidentiality takes place when clinicians share medical information as case studies. When this data is published in professional journals the identity of the patient is never divulged, and all identifying data is either eliminated or changed. If this confidentiality is breached in any way, patients may have the right to sue.

The greatest threat to medical privacy, however, occurs because most medical bills are paid by some form of health insurance, either private or public. This makes it difficult, if not impossible, to keep information truly confidential. Health records are routinely viewed not only by physicians and their staffs, but by the employees of insurance companies, medical laboratories, public health departments, researchers, and many others. If an employer provides health insurance, the employer and designated employees may have access to employee files.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires all professionals and organizations to guard the privacy of their patients and customers. Individuals must provide written consent for any and all releases of medical or health-related information. Employees at all levels are required to maintain confidentiality. Similar policies have been in place for some time. This was a requirement of the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) to maintain accreditation. All confidentiality releases must identify the types of information that can be released, the people or groups that have been permitted access to the information, and limit the length of time for which the release is valid.

Before the enactment of HIPAA, despite having voluntary safeguards, patient confidentiality had eroded with the almost-complete dominance of health-maintenance organizations and other types of third-party payers. Confidentiality is essential for a good relationship between patient and practitioner, whose duty to keep information private stems from the Hippocratic Oath. If personal information is disseminated without the patient's permission, it can erode confidence in the medical profession and expose health care professionals to legal action.

Physicians are increasingly being sued by patients whose information has been released without their permission. Even though the plaintiffs do not always prevail, the costs of legal action are burdensome to both sides.

Each state and the federal government have enacted laws to protect the confidentiality of health care information generally, with particular attention paid to information about communicable diseases and mental health. For example, through the 1960s substance and alcohol abuse were treated as mental illnesses, with patient confidentiality determined by the laws in each state, since at the time the state was responsible for mental health care and treatment.

In the early 1970s, however, the rising numbers of those needing substance abuse treatment came to the attention of the federal government, because drug-related activity, including the treatment for substance abuse, could be the basis for criminal prosecution on a federal level. Congress concluded that this might stop individuals needing treatment from seeking it. HIPAA was enacted to provide a strict confidentiality law and limit disclosure of information that could reveal a patient's identity.

Confusion ensued when practitioners who were treating substance abusers were required to follow two practices for patient confidentiality. One set of requirements was mandated by the state. The federal government dictated the other. With the varying degrees of protection provided by state mental health laws, the confusion increased. While all states specify exceptions to confidentiality, few have spelled out the necessary elements of valid consent for disclosure of mental health information. Some states presently allow disclosure of the following types of mental health information without patient consent:

  • to other treatment providers
  • to health care services payers or other sources of financial assistance to the patient
  • to third parties that the mental health professional feels might be endangered by the patient
  • to researchers
  • to agencies charged with oversight of the health care system or the system's practitioners
  • to families under certain circumstances
  • to law enforcement officials under certain circumstances
  • to public health officials

Prior to 2003, providers had become increasingly concerned that these exceptions are not addressed uniformly, particularly when providers and payers conducted business across state lines. This resulted in open-ended disclosures that specify neither the parties to whom disclosure is to be made nor the specific information allowed to be revealed.

Both the ethical and the legal principles of confidentiality are rooted in a set of values regarding the relationship between caregiver and patient. It is essential that a patient trust a caregiver so that a warm and accepting relationship may develop. This is particularly true in a mental health treatment.

Normal results

The Health Insurance Portability and Accountability Act of 1996 was enacted to address the issue of patient confidentiality. Full implementation of HIPAA regulations began in April 2003. If individuals and organizations having patient data adhere to the requirements of HIPAA, patient confidentiality will be enhanced.

HIPAA provides a uniform set of guidelines that apply to all providers and organizations. HIPAA requirements are not affected by state boundaries.

See also Informed consent ; Patient rights .


Resources

BOOKS

Carter P. I. HIPAA Compliance Handbook 2003. Gaithersburg, Maryland: Aspen, 2002.

Hubbard, M. W., K. E. Glover, and C. P. Hartley. HIPAA Policies and Procedures Desk Reference. Chicago: American Medical Association, 2003.

Pabrai, U. A. Getting Started with HIPAA Boston: Premier Press, 2003.

Radford, Roger. Informed Consent. Booklocker.com , 2002.


PERIODICALS

Cole A. and K. Oxtoby. "Patient power." Nursing Times 98 (2002: 22–25.

Landrum, S. E. "Patients' rights and responsibilities." Journal of the Arkansas Medical Society 99 (2003): 222–223.

Rosenbaum, S. "Managed care and patients' rights." Journal of the American Medical Association 289 (2003): 906–907.

Sugarman, J. "Missing the informed in consent." Anesthesia and Analgesia 96 (2003): 319–320.


ORGANIZATIONS

American Academy of Family Physicians. 11400 Tomahawk Creek Parkway, Leawood, KS 66211-2672. (913) 906-6000. http://www.aafp.org . http://fp@aafp.org.

American College of Physicians. 190 N Independence Mall West, Philadelphia, PA 19106-1572. (800) 523-1546, ext. 2600. (215) 351-2600. http://www.acponline.org .

American Medical Association. 515 N. State Street, Chicago, IL 60610. (312) 464-5000. http://www.ama-assn.org .

National Patient Advocate Foundation. 753 Thimble Shoals Blvd, Suite A, Newport News, VA 23606. (800) 532-5274. http://www.npaf.org . http://action@npaf.org.


OTHER

American Psychological Association. [cited March 21, 2003] http://www.apa.org/practice/senate_compromises.html .

HIPAA website. [cited March 24, 2003]. http://www.hipaa.org .

National Academy of Sciences. [cited March 21, 2003]. http://www.nap.edu/readingroom/books/for/index.html

Persons United Limiting Substandards and Errors in Health Care (P.U.L.S.E.). [cited March 21, 2003]. http://www.pulseamerica.org .

Stanford University. [cited March 21, 2003]. <http://www.stanford.edu/class/siw198q/websites/HearingMar01/bill html> .

U.S. House or Representatives, Democratic Staff or the Energy and Commerce Committee. [cited March 21, 2003]. <http://www.house.gov/commerce_democrats/pbor/107pborsummary.htm& x003E; .


L. Fleming Fallon, Jr., MD, DrPH

User Contributions:

thomas wasielewski
Report this comment as inappropriate
Jan 16, 2008 @ 5:17 pm
hello, where do i call or email a complaint on a person, dr's office that broke the hippa law, patient confidentiality? thanks thomas williamsville, new york
eileen wilson
Report this comment as inappropriate
Jan 11, 2010 @ 3:15 pm
Does violating pt. confidentiality include using a pt.'s name...e.g. calling you by your full name in a Dr.s office or hospital waiting room? Or does it only apply to your medical information? Thanks
Report this comment as inappropriate
Aug 30, 2010 @ 3:15 pm
In your own words what is the purpose of the code of conduct in the medical profession?
Report this comment as inappropriate
Sep 14, 2010 @ 8:20 pm
If you were set up with a Drug Charge, your husband's daughter's X-husband and have already been 2 court and your probation officer called all your doctors just 2 make sure the mecations U were on, You actually had 2 B on them. Of course she also told them about your Drug Charge. If one of your doctors works with one doctors office where he is your new family doctor and also he works at the hospital. Is it leagal or not 4 him 2 go back and tell the emergency room at the hospital, and the hospital not 2 give me any narcotics if I come in there with a emergency for pain or anything. He knew nothing about my case, and did not ask me. I have Osteoarthritis in my back, OA in both my knees, nothing left there to do but total knee replacements. OA in my right hand and now my shoulder.It is frequently called degenerative joint disease or "wear and tear" arthritis. I also have bone spurs in feet. COPD, High Blood Pressure & High Cholesterol, Major Depression,Anxiety & bad nerves. With all this kind of pain. He told me if I had 2 go 2 the hospital 4 anything, even sergery, they would give me the lowest amount of pain medicine, just enough 2 maybe get by with. Please tell me what I can do , if anything. I hurt every day of my life.
Report this comment as inappropriate
Oct 2, 2010 @ 2:02 am
How does the law apply in england when a secretary at my local surgery takes my prescription to a pharmacy of her choice without consulting me. The prescription was of a very personal nature and it was taken to my local pharmacy where everyone knows me. It is also a pharmacy that I have had problems with in the past and would not use it if it was the last one on earth.
Grace Nee
Report this comment as inappropriate
Jan 13, 2011 @ 6:18 pm
Some states presently allow disclosure of the following types of mental health information without patient consent:
to families under certain circumstances.

in what circumstance, medical practioners are allowed to disclosure the information that patient required to be confidential to his or her familly member?
could you tell me is any specific resource I can access to related to above question?
Report this comment as inappropriate
Jan 25, 2011 @ 6:18 pm
I had a meeting with my superintendent, principal, and doctor regarding my physical and emotional ability to return to work. I have a team of professionals which doesn't include the pain specialist that I have been seeing. I have signed letters of release only to the team. In the course of the meeting the superintendent disclosed that the pain specialist called him and said that I hadn't made appointments (the doctor is 70 miles from my small town and it is the middle of winter when travel can be treacherous). The superintendent them mentioned that the pain doctor told him that I was self-medicating. There was never a release signed to allow that conversation and it made me upset and impacted whether I could keep my job. Can I sue for breach of confidentiality?
Report this comment as inappropriate
Feb 26, 2011 @ 10:22 pm
Would you please e-mail me asap the specific answer to the question: "Principles of Confidentiality under the mental health." This is in Australian (SA) context, Thanks.
Report this comment as inappropriate
Apr 10, 2011 @ 7:19 pm
My doctors offic staff sometime checks my husband blood pressure in the waiting room as it saves time. And space.
Is it avainst hippa ruled
Report this comment as inappropriate
Jul 28, 2011 @ 4:04 am
can a healthcare employee take patients personal information to use for their own personal use for a relationship with that patient
Report this comment as inappropriate
Aug 31, 2011 @ 1:13 pm
I have been treated for the past 6 years for chronic pain in addition to other health conditions. About a year ago the physician which I had been with since the onset of my symptoms retired and I continued with another doctor in the same facility who I have not liked fromt he beginning. He will not respond in any manner when I try to discuss the underlying conditions causing the chronic pain (spinal stenosis, arthritis, degenerative disc disease, bone spurs) and sent me to a so-called "pain specialist" for my narcotic medications which is no more than a legalized drug dealer. Does not know or care what he is prescribing for, or that the medications are not sufficient for me to conduct daily activities, only that I have cash and can pass a drug test which he is always falsely claiming I have failed. I tried another doctor yesterday, wanting someone who will treat all of me and not farm me out to others while he collects his fee. Apparently while I was at this facility someone contacted the dr I have been seeing for the past year, told him I was there trying to get narcotics, that I was unsatisfied with him and transferring my business there, all without my knowledge or consent. I never told them I wanted them to get my records and when I left it was clear that I would not be using this facility. I later received a phone call from my prior doctor chewing me out and stating that I could no longer be treated there. What are my rights in this situation?
Report this comment as inappropriate
Oct 21, 2011 @ 10:10 am
my wife had a neurosurgical procedure done on her back some months ago, and every time she goes to the doctor to get a check up the girls at the front desk will say "you know you have an oustanding bill with us". my wife pays her bill every month , and when she tells them she has paid her bill for the month, the front desk will say "we don't have that information here, we just know you have an outstanding bill". This is very embarrasing because every patient in the waiting room can hear this, she talked to her doctor about this and the doctor agreed, abd said she would handle it. yesterday she went to her appointment and was asked the same thing in front of everybody. she was so upset she left the dr's office. what can be done!
Lou
Report this comment as inappropriate
Nov 8, 2011 @ 6:06 am
Hello,
I have a question in regards to E.R. general consent obtained or not obtained at time of visit. Registration Manager lied to Arbitrator and
said that by law you can not ask patient to sign a general consent after they have been treated.

I have been told in the past you can do an addendum to complete the file as long as you do not back date it.
It must be the exact date you obtained the signature from patient to
complete the file. Example 1/5/2011 and under that date you must indicate
reason for late entry and write for services on 1/1/2011. Generally it is unlikly for you to get general consent once the patient leaves. But in some cases the patient returns to sign general consent and you are able to complete the record.

This Manager has told Arbitrator that you can not by law bill a patient without general consent forms signed at time of vist, She has said it is illegal to have a patient return to sign a general consent. Claiming it is a smoking gun and can open the hospital up for an audit.
If this is true there needs to be an audit on this hospial, I have worked there for 8 years and general consents go unsigned quite frequently and the patients who did not sign general consent while seen in the ER are being billed. And insurance is being filed from both medicare and medicaid
and payment is being accepted.

I thought HIPPA replaced mandatory rules on general consent and replaced it with voluntary consent provision, that permits healtcare providers to obtain consent for treatment,billing,payment,and healthcare operations so it does not delay or disrupt needed treatment.

The Arbitrator ruled you can obtaing a signature after a patient leaves, if done correctly as an addendum, you must not back date or present that you obtained signature at time of visit, it must be explained and correctly dated. As mentioned above.
I hope you can help direct my concerns. Or let me knowwho I can contact.

Thank you
Lou
Report this comment as inappropriate
Nov 8, 2011 @ 7:07 am
Hello,
I have a question in regards to E.R. general consent obtained or not obtained at time of visit. Registration Manager lied to Arbitrator and
said that by law you can not ask patient to sign a general consent after they have been treated.

I have been told in the past you can do an addendum to complete the file as long as you do not back date it.
It must be the exact date you obtained the signature from patient to
complete the file. Example 1/5/2011 and under that date you must indicate
reason for late entry and write for services on 1/1/2011. Generally it is unlikly for you to get general consent once the patient leaves. But in some cases the patient returns to sign general consent and you are able to complete the record.

This Manager has told Arbitrator that you can not by law bill a patient without general consent forms signed at time of vist, She has said it is illegal to have a patient return to sign a general consent. Claiming it is a smoking gun and can open the hospital up for an audit.
If this is true there needs to be an audit on this hospial, I have worked there for 8 years and general consents go unsigned quite frequently and the patients who did not sign general consent while seen in the ER are being billed. And insurance is being filed from both medicare and medicaid
and payment is being accepted.

I thought HIPPA replaced mandatory rules on general consent and replaced it with voluntary consent provision, that permits healtcare providers to obtain consent for treatment,billing,payment,and healthcare operations so it does not delay or disrupt needed treatment.

The Arbitrator ruled you can obtaing a signature after a patient leaves, if done correctly as an addendum, you must not back date or present that you obtained signature at time of visit, it must be explained and correctly dated. As mentioned above.
I hope you can help direct my concerns. Or let me knowwho I can contact.

Thank you
Report this comment as inappropriate
Nov 19, 2011 @ 3:15 pm
I have a question regarding phone call confidentiality. I went for a couple tests around a week ago and went to work yesterday only to miss a phone call from the doctors office, my wife saw the number on the call display and called to see what the call was about. What are the MOA's able to tell her? can they tell her anything at all since i never gave consent for this information to be released? Can they even tell her that the reason they were calling was to talk to me?
thank you
Archie
Report this comment as inappropriate
Nov 28, 2011 @ 10:22 pm
Is there a Philippine Law on Health Secrecy, I am diagnosed with disease when i applied work but the Board of Panel announced to all my co-applicant and his employees that i have the illness. I am not hired because of the medical results they found. Now, can I sued him in his act? I am so affected that the know about my ill socially, and personally.
michelle spore
Report this comment as inappropriate
Dec 10, 2011 @ 5:17 pm
I work for a school and my superior advised another co-woker of my mental health condition. To my understanding in the state of Texas this broke a HIPPA law. Is this correct and what can happen to my superior.
Patti Jones
Report this comment as inappropriate
Jan 11, 2012 @ 5:17 pm
I also would like to know who to contact when a health care worker at a clinic tells others about patients she has treated, and or about others that have come to the clinic with their test results. Just in case some one there maybe knows that person.
Thank you for any and all help you can provide. this is in the state of Oregon.
dedra
Report this comment as inappropriate
Jan 21, 2012 @ 6:18 pm
How do You sue the tha person who broke the confidentality?
Sherry
Report this comment as inappropriate
Jan 24, 2012 @ 2:14 pm
Is it against the law for a doctors office to get your insurance number to treat your daughter without your permission? She is in her grandparents custody and they did not seek insurance at court. Then they are sending us the bill. Every time we go, we have to have a copy of the card and pay the co-pay. They did not have a copy of our ins and went into our files for the number. Now the doctor's office is giving our number out to the hospital, radiologist and who knows else.
Terri
Report this comment as inappropriate
Feb 13, 2012 @ 11:11 am
If former physc. in-patient reveals the identity of other former in-patients what could the repercussions?
wondering
Report this comment as inappropriate
Feb 16, 2012 @ 10:10 am
what if your wife is on felony probation and bipolar and sichzophrenic and tries to blame all her troubles to court and probation officer on me. so i sent her medical papers that she left in trash to prosecuter to explain her problems and illness to clear my good name. did i violate her rights.
Mrs. O Wilson
Report this comment as inappropriate
Mar 4, 2012 @ 11:11 am
Hello! Could you answer me a.s.a.p, please to this question? Is the receptionist from my local Medical Surgery open my and my husband's medical records without our or our Dr.'s permission, just for her "curiosity"? Thank you!
judy striegel
Report this comment as inappropriate
Mar 4, 2012 @ 11:11 am
I had full POA rights on my husband.He REC'd bedsore in hospital Dr.cleaned up the sore an then told me let him die.I went to nurses staion I did not wanr that Dr. back in his room.That DR went in at least 5 times in 6 months while in an out of hosp an did surgry with out my knowledge can I sue hosp? My husband died from this bed sore in this hospital 6 mos later..thanks judy
Report this comment as inappropriate
Mar 4, 2012 @ 11:23 pm
I have been discriminated against due to my disability by a federal agency - I have extensive proof. I do not have money to sue, I hear you cannot really sue the government of it's agencies, I looked for advocates to help me, but I'm in Wisconsin, and due to the nature the ones I talked with wan't to sue and sue on a class action.
ANYWAYS, I am afraid if I sue, contact the OIG or whatever I won't be able to be successful obtaining my government benefits - they'd hold it against me. What should I do? All I need are my benefits, but I they used the original discrimination against me in my first application processes. I didn't call it discrimination, I just said that it was wrong that they did x and blamed it on my disability.
what should I do.
Mrs. Monica
Report this comment as inappropriate
Jan 3, 2013 @ 10:22 pm
My husband called my doctor and during this phone call the medications which I take were discussed. My husband asked that no narcotics be prescribed to me anymore. Next thing I know, I have been discharged as a patient of over 7 years. FROM A PHONE CALL W MY HUSBAND. Were my confidentiality rights violated when the dr discussed my medications w my husband over the phone wo any consent from me?
Paige O'Bar
Report this comment as inappropriate
Jan 30, 2013 @ 4:16 pm
what were patient confidentiality like in the 1850's?
S. Ramchuran
Report this comment as inappropriate
Apr 20, 2013 @ 12:12 pm
Hi, I need advice concerning EMS personnel taking photos of patients at accident scenes and placing these photos on Facebook and Youtube. What can I do and how do I approach the department without being victimized?
Monty
Report this comment as inappropriate
Jun 18, 2013 @ 1:13 pm
This may not be PHI, but can the hospital video me or my procedures without my knowledge or consent? I had a surgery and found out that the OR has closed circuit cameras in order to monitor the surgeries to help through-put. There are no signs anywhere that tell patients that they would be under this type of surveillane. The monitors are very clear (Hi-Def) and show every detail of what's going on in a particular OR. It this legal and how can I protect myself and more importantly, my daughters?
Report this comment as inappropriate
Jul 2, 2014 @ 11:23 pm
Please anwser if anybody knows. I am be treated with suboxne and I take a urine test every month but the nurse calls my pharmacy and tells them urine testing shows im not taking my medicine and the nurse refuses to sent paperwork to insurance company so the pre aurthoation will cover it. I have never had this issue with this office in the 6 months I have been going there. Is this illegal? Please help.

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA


Patient Confidentiality forum