html xmlns=”http://www.w3.org/1999/xhtml” xmlns:mml=”http://www.w3.org/1998/Math/MathML” xmlns:epub=”http://www.idpf.org/2007/ops”>
Case example
Dr. Adams is an emergency physician on duty during the early morning hours this Sunday in the Emergency Department (ED) of a community hospital in a small Midwestern city. The ED receptionist informs Dr. Adams that a woman is on the telephone anxiously inquiring whether her 20-year-old daughter Alice, an undergraduate student at the local university, is a patient in the ED. The woman reports that her daughter’s roommate has informed her that Alice has not returned to her room as expected; the roommate does not know where Alice is or what has happened to her. The caller adds that she has attempted to contact Alice by cell phone, but her calls have not been answered.
Alice was, in fact, transported to the ED several hours earlier by friends after she fell at a party and could not get up. When Dr. Adams first saw her, she was tearful and unsteady. When he asked what happened, she said, “I drank way too much and took some pills. I am so ashamed; please don’t tell anyone about this, especially my mom!” Shortly thereafter she lost consciousness, and she is now receiving initial evaluation and treatment for acute alcohol poisoning or a drug overdose. The receptionist asks Dr. Adams to speak with the caller. Should he do so? If he does speak with her, what, if anything, should he tell her about Alice?
Ancient origins, contemporary significance
Protection of patient confidentiality is among the most ancient of the moral responsibilities embraced by health care professionals. The famous medical oath attributed to Hippocrates, for example, includes this pledge: “What I may see or hear in the course of treatment or even outside of treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.”1 Unlike several of the other injunctions contained in the Hippocratic Oath, however, this commitment to protect patient confidentiality is not just a matter of historical interest. Rather, it remains a staple of contemporary medical oaths and codes of ethics of health care professional associations world wide. To cite just two examples, the ICN Code of Ethics for Nurses, most recently revised by the International Council of Nurses in 2012, includes this statement: “The nurse holds in confidence personal information and uses judgment in sharing this information.”2 The current version of the AMA’s “Principles of Medical Ethics,” a document described as “the essentials of honorable behavior for the physician,” contains the following principle: “A physician shall respect the rights of patients, colleagues, and other health care professionals, and shall safeguard patient confidences and privacy within the constraints of the law.”3
These statements are representative examples of the consensus view that respect for patient confidentiality is a fundamental professional responsibility in health care. They also raise important conceptual and moral questions. For example, the AMA “Principles of Medical Ethics” statement makes reference to both “confidences” and “privacy,” prompting the question whether these terms are synonymous or refer to different concepts. Both of the above confidentiality statements indicate that personal health information can sometimes be disclosed, prompting questions about the proper scope and limits of respect for patient confidentiality. This chapter will examine the concepts, moral foundations, and limits of respect for patient privacy and confidentiality.
Key concepts
To show proper respect for patient privacy and confidentiality, health care professionals must have a clear understanding of the meanings of these concepts. Although privacy and confidentiality have overlapping meanings, there are also important differences between them. Both terms can be used to describe matters of fact (e.g., “a private room,” “a confidential report”), but our interest in this context is in their normative uses in the assertion of values, rights, and obligations.
Privacy
The term ‘privacy’ has three important, and different, uses in health care contexts, sometimes called physical privacy, informational privacy, and decisional privacy.4 Physical privacy refers to important personal interests in freedom from unwanted contact with others or exposure of one’s body to others. Privacy in this sense is unavoidably limited in health care, since accurate diagnosis and effective treatment of medical conditions often require physical examination and physical contact with or manipulation of the body of the patient. Patients accept this loss of physical privacy in order to obtain the benefits of health care, but they expect health care professionals to limit physical contact and exposure to what is necessary for effective diagnosis and treatment.
Informational privacy refers to important personal interests in preventing disclosure to others of information about oneself, especially sensitive or embarrassing personal information. Informational privacy is also unavoidably limited in health care, since health care professionals must obtain multiple kinds of health-related information from their patients in order to understand their health conditions and provide effective treatment. Once again, patients are generally willing to disclose personal health information in order to receive appropriate treatment, but they expect health care professionals to protect this information from any unnecessary further disclosure.
Decisional privacy refers to important personal interests in making and carrying out decisions about one’s own life without interference from others. US courts have appealed to a right to privacy in this sense to protect patient access to contraception5 and abortion,6 and to uphold patient refusal of life-sustaining treatment.7 Because rights to decisional privacy protect patient control over health care choices, they are closely linked to rights to informed consent to treatment and to participation in biomedical research. Informed consent is examined in Chapters 8 and 19; the remainder of this chapter will focus on issues of physical and informational privacy.
Confidentiality
Like informational privacy, the term ‘confidentiality’ refers to the protection of sensitive information. In health care settings, professionals accept a duty of confidentiality when they pledge to protect the personal health information of their patients. Health care providers respect confidentiality by refraining from disclosing personal health information to others who have no right to the information and by refraining from accessing patient information without authorization. Providers can violate this duty both intentionally and inadvertently. An unscrupulous physician might, for example, intentionally violate confidentiality by selling information about a celebrity patient to a journalist. A nurse might inadvertently violate confidentiality by discussing a patient’s condition with a co-worker in a public area of a hospital, where it is overheard by visitors and other patients.8
Moral foundations
Moral grounds for affirming a professional duty to respect patient privacy and confidentiality can be found in several of the foundational principles of bioethics articulated by Beauchamp and Childress, including respect for autonomy, beneficence, and nonmaleficence.9 The principle of respect for autonomy affirms the special status of persons as moral agents able to make morally significant choices and carry them out. Consider, for a moment, how a person’s freedom of choice and action would be compromised if one had little or no control over others’ access to one’s person or access to sensitive information about oneself. Without at least some degree of privacy and confidentiality, one would be constantly subject to the intrusions of others, and one’s freedom of choice and action would be severely constrained. Thus, a reasonable degree of physical and informational privacy is a necessary condition for effective personal autonomy.
The principle of beneficence expresses a central professional commitment to act for the benefit of one’s patients. Health care’s ability to benefit patients relies heavily on an effective therapeutic relationship between patients and professionals, and the effectiveness of that relationship relies in turn on mutual trust. If patients are confident that their health care providers will protect their physical privacy and their personal information, they will be more likely to seek care and to communicate health-related information openly and accurately. Communication of this information is often essential to making a correct diagnosis of the patient’s illness and to providing effective treatment. Patients who trust their health care providers are also more likely to accept and adhere to the treatment plan those providers recommend. In all of these ways, respect for privacy and confidentiality contributes to the goal of benefiting patients.
Closely related to the affirmative professional duty to act for the benefit of patients is a negative duty, to refrain from actions that harm patients, or at least to refrain from actions whose potential harms exceed their potential benefits. This duty is expressed by the principle of nonmaleficence. Professional respect for patient privacy and confidentiality plays a significant role in preventing potential harms. Failure to protect physical privacy violates patients’ interests in modesty and subjects patients to unwelcome invasion of their personal space. Failure to protect personal health information may result in a variety of harms. Public disclosure that a patient is a victim of a sexual assault, for example, may subject that person to acute embarrassment or shame. Disclosure that a person has AIDS may result in ostracism, stigmatization, and discrimination. The principle of nonmaleficence thus provides an important additional reason for protecting patient privacy and confidentiality.
Evidence for the significance of patient privacy and confidentiality may also be found in a variety of federal and state laws and regulations enacted to protect these values. Most prominent among these in the United States is a set of federal regulations implemented under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).10 Though the impetus for these regulations was a perceived threat to patient confidentiality posed by electronic transmission of medical records, the HIPAA privacy regulations require health care providers to protect the confidentiality of personal health information (PHI) recorded or transmitted in any form, including electronic, written, and oral communication. Under these regulations, providers must obtain the patient’s written authorization to use or disclose PHI. There are, however, notable exceptions to this requirement; providers may use and disclose PHI without patient authorization for “treatment, payment, and health care operations” activities, and for twelve “national priority purposes,” including public health and abuse and neglect reporting requirements, law enforcement purposes, and organ, eye, and tissue donation activities. Depending on their severity, violations of HIPAA privacy regulations may subject health care providers to civil and criminal penalties.
Stay updated, free articles. Join our Telegram channel
Full access? Get Clinical Tree
