Patients have a right to expect that their private medical information will be kept confidential. In this interaction, a physician was ultimately responsible for a confidentiality breach — an ethically and legally inappropriate action.
Breach in the physician’s duty to protect patient confidentiality
Four Basic Principles of Medical Ethics3
- Beneficence — acting for the patient’s good
- Nonmaleficence — doing no harm
- Autonomy — recognizing the patient’s values and choices
- Justice — treating patients fairly
A 21-year-old female patient requested examination by an FP after her boyfriend was treated for venereal warts. The patient sought medical attention on two separate occasions. On the first visit, a Pap smear was performed, which was negative for human papillomavirus (HPV). On the second visit, the Pap smear was repeated, also with negative results.
A medical assistant in the FP’s office was acquainted with the patient. The medical assistant revealed information about the patient’s complaint and testing to some of her friends, all of whom knew the patient. The patient found out that her medical information had been disclosed. She was eventually able to identify the source of the leak, and she subsequently brought a lawsuit against the FP as the employer of the medical assistant. She also filed a complaint about a privacy violation with the Office of Civil Rights of the U.S. Department of Health and Human Services. In the lawsuit, she claimed that rumors that she had a sexually transmitted disease (STD) were passed around at the daycare where she worked as an aide, causing her so much distress and anxiety that she sought counseling and needed to take an antidepressant medication. After expert reviewers assessed evidence and deposition reports in this case, they determined that the involved medical assistant had violated the patient’s confidentiality. They believed that the physician was vicariously liable for his employee’s actions. The case was therefore closed with a settlement made on behalf of the physician and his practice.
More Information About Medical Ethics and Physician-Patient Encounters
- Closed Claim Case Study: Patient Demand for Unconventional Care Presents an Ethical Dilemma for Physicians
- Closed Claim Case Study: When Patients Refuse Treatment: Medical Ethics Issues for Physicians
- Closed Claim Case Study: Personal Relationship With a Patient Leads to Below Standard Care
- Closed Claim Case Study: Cultural Bias in Health Care Delivery Causes Communication Problems and Poor Outcome
- Closed Claim Case Study: Medical Ethics Issues with Shared Decision-Making in Patient Encounters
- Closed Claim Case Study: Improper Informed Consent Leads to Allegation of Negligent Supervision
- Closed Claim Case Study: Ethical Dilemmas with Disclosing Medical Errors
The key ethical principles involved in this case are justice and nonmaleficence. Justice calls for all patients to be treated fairly and to be able to expect that their private medical information will be held in confidence. A breach of patient confidentiality goes against a physician’s pledge in the Hippocratic Oath that “what I may see or hear in the course of treatment or even outside of treatment in regard to the life of patients, which on no account must be spread abroad, I will keep to myself, holding such things as reprehensible to speak about.”1 In order to be treated, patients tell physicians intimate things about their bodies and their lives. To establish and sustain the trust that allows patients to impart these intimacies, physicians must “take extreme care to protect that information from discovery by third parties.”2 When confidentiality is violated, the patient is harmed (maleficence) as is the physician-patient relationship.
Under the legal concept of vicarious liability, the physician employer can be held responsible for the acts of an employee that are committed in the course of employment. Thus, even though in this case it was the medical assistant who gossiped about the patient’s evaluation for an STD, both the medical assistant and the physician were liable. In this case, the patient’s private information was disclosed in conversation, but physicians must also protect documented patient information whether contained in paper charts or electronic health records. National and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), are legal mandates that correlate with the ethical duty of confidentiality.
The medical assistant in this case deliberately revealed the fact that the patient had been tested for an STD. However, sometimes confidential medical information is leaked inadvertently when physicians or other healthcare providers carelessly discuss clinical matters in public places such as on elevators or in hospital snack bars. Unless given permission to talk about or release personal patient information, physicians and staff members should protect patients’ confidentiality by keeping such information private.
Risk Management Recommendations — Protecting the Confidentiality of Patient Interactions
- Follow federal and state laws about maintaining confidentiality and privacy of patients’ information.
- Do not discuss patients and cases or other patient health-related information with others in public areas.
- Consider having staff members undergo yearly confidentiality training and asking them to sign a confidentiality agreement each time they complete the training.
1. Jonsen AR, Siegler M, Winslade WJ. Clinical Ethics: A Practical Approach to Ethical Decisions in Clinical Medicine. 7th ed. New York, NY: McGraw Hill; 2010:174.
2. Rubin EB. Professional conduct and misconduct. Handbook of Clinical Neurology. 2013;118:91-105.
3. Beauchamp TL, Childress JF. Part II: moral principles. Principles of Biomedical Ethics. 7th ed. New York, NY: Oxford University Press;2012:99-288.