Abstract
Privacy and confidentiality are essential to ensuring the first bioethics principle – autonomy. These terms refer to protection against violation of one’s person in any way they might perceive violation and unauthorized access to a patient’s information.
Once a patient enters the world of being a surgical patient, the opportunities for violation of privacy and confidentiality are ever present in time and space. Members of the healthcare team are often not vigilant enough about preventing such occurrences. These breaches may be as banal as a conversation about a patient in a public place to the situation in which a patient’s genetic information is shared inadvertently. Besides clinical settings and research databases contain extremely sensitive patient information which must be protected.
This chapter exposes some common everyday examples of breaches of privacy and confidentiality, both simple and complex, and also examines these issues in the setting of minors and the mentally ill. Tips for avoiding them are offered.
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
1 Introduction
Whatever, in connection with my professional service, or not in connection with it, I see or hear, in the life of men, which ought not to be spoken of abroad, I will not divulge, as reckoning that all such should be kept secret. (Hippocrates)
A patient’s right to privacy and confidentiality is a well-known medical concept, already incorporated in the Hippocratic Oath, as well as in numerous medical professional codes (Higgins 1989; Patient’s Bill of Rights; Thompson 1979; Umansky et al. 2011). As easy at it seems to protect a patient’s privacy and confidentiality, in reality, there are many situations in clinical daily life where both aspects are at risk, and we healthcare providers are not always fully aware of it. Clearly, patients expect their privacy to be protected (Akyüz and Erdemir 2013), and this is central to value-based medicine.
In certain well-studied cases, the known facts a doctor has about a patient concern a physical threat to other people (Stone 1976). In these cases, a conflict arises – who (the patient) or what (the principle of justice) should we protect? Less egregious and less visible but more common examples of privacy breaches include everyday conversations between colleagues in public places and the way patients’ files are kept (Howe and Bernstein 2014).
Furthermore, privacy and confidentiality are ever-changing concepts, subject to technological advances, culture, society, legislation, and, last but not least, autonomy of a patient, which has actually increased over time, thanks to the law and patients’ easier access to medical information (Ammar 1997; Higgins 1989; Thompson 1979). Examples of new issues which have evolved include the acquisition and securing of molecular information in surgical patients (Bernstein et al. 2004). In order to ensure a patients’ autonomy, they must be certain that privacy and confidentiality of their information is safeguarded.
Pearl
A patient’s right to privacy and confidentiality is an ever-changing concept, based on culture, society, and legislation, but it derives directly from a patient’s right to autonomy. The awareness in daily clinical practice about protecting a patient’s privacy and confidentiality is not yet optimal.
2 Illustrative Cases
Case 1 (Speaking About a Patient in a Public Place)
Two colleagues talk jokingly about an upcoming procedure on a patient in an elevator. The daughter of the patient is standing behind them in the elevator. She finds out that these colleagues are the surgeons of her father and she files a complaint. How to avoid these situations?
Case 2 (Family’s Request to Withhold Information from Another Doctor)
A mother asks you not to reveal any information concerning her son’s condition or planned procedures to the previous surgeon, because she is dissatisfied with that first surgeons’ treatment. The first surgeon calls you to inquire about the wellbeing of his former patient. How do you proceed?
Case 3 (Family’s Request to Withhold Information from the Patient)
A mother does not want her son, a 12-year-old bright good athlete without neurological deficits, to know that his cerebellar astrocytoma has only been partially removed (Figs. 6.1 and 6.2). She thinks that knowing this fact would place her son in emotional jeopardy, because a second procedure could diminish his sporting abilities. Over time, the follow-up MRI showed a slow but clear progress of the tumor requiring further treatment (Fig. 6.3). What are the issues and how does one solve this dilemma?
The preoperative MRI
The postoperative MRI at 7 months
The postoperative MRI at 12 months
Case 4 (Patient Shares Criminal Intent with the Psychiatrist)
A paranoid patient tells his psychiatrist he is going to murder his wife. The psychiatrist deems the threat idle and does not take action (i.e., informing the police or forcing a hospital admission of the patient). The patient actually tries to kill his wife and harms her severely. What would have been the wisest thing to do?
Case 5 (Lack of Privacy in the Surgeon’s Waiting Room)
A man accompanies his wife for a consultation with the neurosurgeon about spinal stenosis. In the waiting room, he hears the secretary call out, “Mr. Bob Smith, Dr. Cushing will see you now.” He looks over to see that the man is the same Bob Smith who works under him at the office and is currently up for a promotion. He also recognizes Dr. Cushing’s name as a leading malignant brain tumor surgeon and wonders whether Smith’s recent promotion at work should perhaps be reconsidered.
3 Approach to the Cases
The first case is an example of a breach in privacy of the patient with no benefit to anyone but just harm, an egregious violation of the patient’s autonomy.
In the second case, confidentiality is demanded from the physician, which brings him into an awkward situation concerning his colleague. If he violates the family’s request and speaks to the first surgeon, there are no disadvantages to the patient so the violation might be justifiable.
In the third case, there is a conflict between the patient’s universal, ethical right to autonomy, the legal local law, and the physician’s personal decision, which derives from beneficence. To withhold the information from the boy and consequently limit his autonomy holds a great risk of maleficence. The son has the right to autonomy, being a bright young boy with the capacity to understand his situation and the consequences. Due to the legislation in his country, his mother has parental responsibility as well as the parental right to determine the course of treatment, although most Western societies recognize that there is no definitive age cutoff for determining competence and a mature 12-year-old might be deemed competent by the surgeon. The surgeon knows the tumor will require repeat surgery and/or radiation, so by following the mother’s will, harm will be done to the boy.
In the fourth case, the patient’s confidentiality is respected, but harm was done to a third party, which could have been prevented if dealt with differently. This case illustrates a clash between utilitarian ethics (do what produces the best outcome for the most people) and Kantian deontology (do what is deemed right irrespective of the consequences).
In the fifth case, imperfect systems have led to the disclosure of information about a patient to someone who can use this information in a way which may hurt the patient. The case highlights how much improvement is needed in everyday systems in our hospitals.
4 Discussion
4.1 Definition of Privacy and Confidentiality
The distinction between patient’s privacy and a patient’s confidentiality can be murky (Higgins 1989; Kleinman et al. 1997; Thompson 1979). In law, privacy has been described as “the right to be left alone.” A broad but fitting description of the difference between both is that privacy relates to a person and confidentiality relates to the information and data about an individual. The distinction is not that important as practically speaking, there is a great overlap between privacy and confidentiality.
In medical practice, privacy is probably best described as the right of the patient to have his/her person and information kept confidential, as well as the right to transfer this information in confidential surroundings. For example, physical examinations are conducted in a closed room. During rounds on the ward, family members and friends are requested to leave temporarily. Results of medical examinations and treatment plans are discussed in a private area.
A patient’s confidentiality is the right of the patient to nondisclosure of his/her information and data. This concerns verbally transferred information of the patient, as well as the security of the documented information, written or, nowadays ever more often, digital files. Exceptions are made when information is required by law, in the public interest. Clinical everyday examples are computers which are encrypted and have multiple password protection of patient files, and the storage of hard copies of patient files in separate, lockable spaces, not in open sight on counters or desks.
Pearl
Privacy is the right of the patient to transfer his/her personal information in a confidential surrounding, and confidentiality is the right of the patient to nondisclosure of his/her documentary information.
4.2 Privacy in Daily Clinical Life
The privacy of patients applies to many situations and is essentially an ever-present concern to the patient and to healthcare providers. The lack of privacy starts in the neurosurgery clinic waiting room. If ten patients are waiting in a common waiting room at any given time of the day, it is entirely possible that privacy could be lost by one patient recognizing another or one patient or family member recognizing a public figure or someone in their work life. Some corrective measures can be taken. Most psychiatrists have offices with separate entrance and exit doors so no two patients ever come face to face. Medical history-taking and physical examination should always take place in a private room with a door, although in many parts of the word, especially resource-poor settings, two or three patients often share one examining room. The patients’ hard copy files should be kept in a separate room where only limited people have access and should even be stored in a space, which can be locked, to ensure the utmost possible privacy. To follow these guidelines is unfortunately not always possible, due to the ever more limited time we have for the growing workload and logistic issues like limitations of space.
Modern systems provide the possibility to have a digital patient file. Even without a patient file, many patients’ data are accessible online in a hospital. The digitizing of the patients’ data facilitates our work and under the contemporary progressive strain in healthcare it saves time. At the same time, it is a liability concerning the patient’s privacy, because all digital data can be accessed both inadvertently and maliciously (i.e., hacking).
Conversations about patients between colleagues are often held in the hallway or elevators and can easily be overheard unnoticed – these behaviors should be avoided.
Pearl
Patient data should be kept confined in a safe space as much as possible. Conversations about patients should be held behind closed doors. Healthcare providers must always be aware of the public place they are in.
4.3 Confidentiality in Daily Clinical Life
Not to disclose the patient’s information seems a straightforward rule, even when one takes into account the exceptions, when disclosure is demanded for the public good or by law. Still, breaching confidentiality occurs more often than we think. Most of the time, we do not talk to the patient openly about whom we may disclose his/her medical information to, but it is understood that whenever we talk of a patient’s condition, consent is implicit (e.g., speaking to the patient’s spouse) or we must obtain verbal or written consent to do so. Confidentiality of patient data has become more complex and problematic as the medical profession progresses closer toward electronic records, which are subject to many abuses, both accidental and intentional (Graves 2013).
A very common example is when a neurosurgeon is called on the phone or e-mailed by a distressed, unknown family member of a recently operated patient inquiring about the condition of the patient (Weiss 2004). Most clinicians are trusting empathetic people, and we generally trust that the person is who they say they are and we provide some general information without checking the identity of the caller. If we do this, which is strictly speaking ill-advised, we should at minimum inform the patient as soon as possible of the conversation. Sometimes, sharing information can be very problematic in, for example, a situation where there is marital discord and a girlfriend presents herself as the person to communicate with, as opposed to the patient’s legal wife. In these situations, the surgeon must be extremely careful not only to protect the patient but also to protect himself/herself. As long as no harm is done to the patient, his/her confidentiality must be categorically and unconditionally respected.
Pearl
Clinicians should get consent upfront as to whom medical information may be disclosed. A patients’ confidentiality is to be completely respected, as long as no harm is done to the patient or anyone else.
4.4 Confidentiality and Minors
Parental responsibility and right, according to local law, can turn already intricate matters of privacy and confidentiality into even more complex situations, as in the third case above. The age at which a minor receives legal autonomy differs, according to different local legislation; often it is not measured by numerical age but whether it is deemed that the child is mature enough to be considered competent. When parents request information to be kept from their children, it may be legally the right thing to do, but at the same time, the universal, ethical right of the child to autonomy is compromised (Baskin 1974; Bennett 1976; Fan 2011; Friedrichsen vs Niemotka 1962; Gillon 1994; Goldstein 1997; Wheeler 2006). Therefore, a careful assessment of the following aspects is obligatory: (1) the ability of the minor to fully understand the situation and to anticipate and evaluate future consequences. The capability of a child or adolescent to comprehend the situation depends largely on the maturity and intelligence of a child, which makes a clear cutoff age for all individuals impossible to define (Baskin 1974; Bennett 1976; Fan 2011; Friedrichsen vs Niemotka 1962; Gillon 1994; Goldstein 1997; Wheeler 2006). (2) Is the parental surrogate decision-making in the best interest of the child or does it obstruct beneficence? After assessment of these aspects, it is the duty of the physician to form a personal opinion (with help from ombudsmen or other authoritative persons or bodies, as needed), based on the concept of beneficence, and to try to act accordingly to work with the parents to take the right course of action.
Pearl
Confidentiality and privacy derived from parental responsibility and right or parental surrogate decision-making should not compromise the ethical right of a minor to autonomy. Careful assessment of the competence of the minor to fully understand the situation and the consequences of his/her decisions is obligatory.
4.5 Confidentiality and the Mentally Ill
Confidentiality and especially the “allowed” breaches of it concerning the mentally ill are a much discussed and challenging subject especially when a patient is assessed violent or suicidal (Higgins 1989; Thompson 1979). Assessing the violent nature of a patient differs from predicting the risk of a violent act. A patient’s violence toward others has shown low specificity over time (Simon and Shuman 2009). Acting on the announcement of planned violence by warning the third party, the police or forced hospitalization of the patient can lead to victimizing the patient, due to psychological stress, or discontinuation of the physician-patient relationship, which is often already tenuous, leaving the patient uncared for. It can also cause aggression toward the physician, coming from the patient, or even the warned third party (Simon and Shuman 2009). Additionally, it could lead to unnecessary hospitalization, due to the rarity of an actual violent act (Simon and Shuman 2009; Stone 1976).
Different advice has been given how to handle such situations. One approach is to warn the third party in the presence of the patient as a form of informed consent. This could be dangerous for the physician. Another approach includes more frequent follow-up to monitor the patient.
Overall, there is no gold standard under these circumstances. Important is an assessment according to reasonable degree of skill, knowledge, and reasonable care with complementing careful documentation. In the fourth case above, the psychiatrist can be held not liable if his documentation shows reasonable care, skill, and knowledge, as well as continued frequent follow-up of the patient (Simon and Shuman 2009; Stone 1976).
4.6 Confidentiality and Clinical Research
Special issues of privacy and confidentiality of patient data are raised when one considers clinical research. Patient data bases are inherent to every type of clinical research – randomized phase III trials, phase I and II studies, qualitative research, and others, as patient identification is required, for example, to relate demographic data to outcomes (Gilkes et al. 2003). Often, patients are assigned numbers on the paperwork and e-files but ultimately any patient’s identity is traceable. Similarly, more and more molecular information is being secured on patients for diagnostic, therapeutic, and research purposes, and these data could compromise patients if it were discovered by the wrong people (Bernstein et al. 2004; Lunshof et al. 2008).
5 Conclusion
Medical ethical conduct concerning patient’s privacy and confidentiality is a substantial and ever-present part of daily clinical life. We should make ourselves aware of it, notwithstanding the increasing time pressure we are all under. It is important to find a workable balance between protecting privacy and confidentiality and an efficient daily routine. Patients’ information and files should be kept in separate spaces as much as possible, away from public pathways. Conversations about patients should be kept behind closed doors. Digitalization of patient’s data will streamline our work, but it creates an extra liability, taking into account the risk of inadvertent sharing this information or malicious hacking. Computers should be locked when left unattended. Common sense is required so that we always act in a way that we would want our privacy and confidentiality protected. We should also help create systems which will help safeguard patients’ privacy and confidentiality.
In conflict situations, it is sometimes difficult to find the right course of action. In the end, justice is our main goal and our actions should be based on the patient’s right to autonomy, beneficence, and nonmaleficence.
References
Akyüz E, Erdemir F (2013) Surgical patients’ and nurses’ opinions and expectations about privacy in care. Nurs Ethics 20(6):660–671
Ammar A (1997) The influence of different cultures on neurosurgical practice. Childs Nerv Syst 13:91–94
Baskin SJ (1974) State intrusion into family affairs: justifications and limitations. Stanf Law Rev 26:1383–1409
Bennett R (1976) Allocation of child medical care decision-making authority: a suggested interest analysis. Virginia Law Rev 62(2):285–330
Bernstein M, Bampoe J, Daar AS (2004) Ethical issues in molecular medicine of relevance to surgeons. Can J Surg 47:414–421
Fan R (2011) The Confucian bioethics of surrogate decision making: its communitarian roots. Theor Med Bioeth 32(5):301–313
Friedrichsen v. Niemotka (1962) 71N.J. Super. 398, 177 A.2d 58. Accessible at http://www.leagle.com/decision/196246971NJSuper398_1423
Gilkes CE, Casimiro M, McEvoy AW et al (2003) Clinical databases and data protection: are they compatible? Br J Neurosurg 17(5):426–431
Gillon R (1994) Medical ethics: four principles plus attention to scope. BMJ 309:184–188
Goldstein J (1997) Medical care for the child at risk: on state supervention of parental autonomy. Yale Law J 86:645–670
Graves S (2013) Confidentiality, electronic health records, and the clinician. Perspect Biol Med 56(1):105–125
Higgins GL (1989) The history of confidentiality in medicine: the physician-patient relationship. Can Fam Physician 35:921–926
Howe K, Bernstein (2014) Privacy concerns in the surgical environment. J Clin Res Bioeth 4:3
Kleinman I, Baylis F, Rodgers S et al (1997) Bioethics for clinicians: 8. Confidentiality. CMAJ 156:521–524
Lunshof JE, Chadwick R, Vorhaus DB et al (2008) From genetic privacy to open consent. Nat Rev Genet 9(5):406–411
Patient’s bill of rights, Public Health Law (PHL)2803 (1)(g) Patient’s Rights, 10NYCRR, 405.7,405.7(a)(1),405.7(c). Accessible at http://www.health.ny.gov/publications/1449/section_2.htm
Simon IR, Shuman DW (2009) Therapeutic risk management of clinical-legal dilemmas: should it be a core competency? J Am Acad Psychiatry Law 37(2):155–161
Stone AA (1976) The Tarasoff decisions: suing psychotherapists to safeguard society. Harv Law Rev 90:358–378
Thompson IE (1979) The nature of confidentiality. J Med Ethics 5:57–64
Umansky F, Black PL, DiRocco C et al (2011) Statement of ethics in neurosurgery of the World Federation of Neurosurgical Societies. World Neurosurg 76(3–4):239–247
Weiss N (2004) E-mail consultation: clinical, financial, legal, and ethical implications. Surg Neurol 61:455–459
Wheeler R (2006) Gillick or Fraser? A plea for consistency over competence in children. BMJ 332:807
Acknowledgment
We would like to thank Professor Norbert Paul of the Medical Ethics Department of the Johannes Gutenberg University of Mainz for his patience and help.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Tan, TC., Ammar, A. (2014). Privacy and Confidentiality. In: Ammar, A., Bernstein, M. (eds) Neurosurgical Ethics in Practice: Value-based Medicine. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54980-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-54980-9_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54979-3
Online ISBN: 978-3-642-54980-9
eBook Packages: MedicineMedicine (R0)