Principles of Confidentiality: Difference between revisions

Introduction

Privacy, autonomy and confidentiality are interrelated concepts that are crucial to rehabilitation practice.  Privacy refers to an individual’s right to control access to their personal information. Autonomy conveys an individual’s right to make decisions about their treatment and care.  Both privacy and autonomy are closely related as they involve and individual’s control over their own information and choices. Confidentiality signifies the obligation to keep personal information private and secure in accordance with legal and ethical principles. Jason

Confidentiality encompass keeping information private but also taking steps to ensure the information is secure and protected from unauthorised access.  There are a number of ways healthcare providers can prevent breeches in confidentiality:

• Electronic Records:
  • password protected
  • stored securely
  • protocols in place to prevent unauthorised access
  • using encryption
  • maintain regular backups
  • secure deletion of records when no longer required
  • Periodic audits to make sure they are being accessed appropriately and detect any authothrized accees
• Mobile Devices:
  • password protected
  • remote wipe capabilities in the situation where they are lost or stolen Jason

Healthcare professionals are ethically and legally obligated to maintain patient’s privacy and protect their autonomy.2, 1  Keeping patient informaiton confidential is not just an ethical issues, but also a legal one in many countries.  Maintaining confidentiality protects patient’s from negative outcomes such as ruining personal relationships, employment discrimination and insurance coverage issues. Respecting patients’ rights builds trust and demonstrates the providers commitment to their well-being. Jason

Respecting confidentiality breeds trust allowing the patient to disclose sensitive information to their provider.  Confiding this information generates a positive provider-patient relationship.1,5  If patients did not trust their provider and withheld relevant information, the quality of care offered can decrease.1

There are a few exceptions to maintaining patient confidentiality:

1. Risk of harm to themselves or others
2. Exceptional situations that may cause major harm to another
   • partner notification in HIV disease
   • epidemics of infectious diseases
   • relative notification of certain genetic risks
3. Legally required reporting of:
   • gunshot wounds
   • sexually transmitted diseases.3, Jason

Breach

Breaches of confidentiality can occur by accidental, intentional or systemic causes.  Accidental breaches may occur from technical malufuctions, human error, inadequate training or lack of awareness about the importance of confidentiality.  Intentional breaches are acts performed by individuals seeking personal gain by accessing confidential information. They can be committed by insiders, hackers or unauthorised individuals. Insiders can be motivated by personal reasons or financial gain while outsiders may be driven by political reasons, financial gain or other reasons.  Lastly. systemic breaches refer to inadequate security measures or insufficient protocols for managing confidential information. Jason

The most common occurrences of confidential breech are the following:

• Discussing patient information in public areas
• Discussing patient information with providers family members
• Leaving electronic or paper health records unattended
• Incorrectly disposing of patient records
• Providing care with open doors
• Disclosing patient data to third parties 2,3,4

Consequences of Breach

Breeches in confidentiality can have negative consequences on the provider-patient relationship.  When confidential information is leaked, the patient loses trust in their provider.  As the relationship detiorates, the patient may be hesistant to seek help, attend follow-up visits or disclose information necessary to establish an efficient treatment plan and may lead to negative outcomes.1,2, jason

Confidential breaches can have negative consequences for healthcare providers.  Healthcare professiopnals can be held liable for breaches in the form of fines, lawsuits and even criminal charges.  If the breach becomes public knowledge, the providers’ reputation along with the organisation can be damaged.  This can lead to loss of business and difficulty in finding a job in the future.Jason

**If a breach does occur, it's important to report it immediately and take steps to mitigate any potential harm.Jason

Confidentiality refers to the restriction of access to personal information from unauthorized persons and processes at authorized times and in an authorized manner [1, 2]. When we say patients have the right to confidentiality, it refers to keeping privileged communication secret and cannot be disclosed without the patient’s authorization ^[1]

Health professionals have a legal obligation to handle patients' information privately and securely [5]. As a result, patients and professionals develop trust and a positive relationship. If such highly sensitive data is improperly disclosed, it could threaten patients' safety [6]. Hence confidentiality needs to be respected to protect patients’ well-being and maintain society’s trust in the physician–patient relationship. ^[1]

Confidentiality is the basis of the legal elements of health records and an ethical cornerstone of excellent care [11]. More importantly, the quality of information shared with healthcare experts is determined by their capacity to keep it private. Otherwise, the patient may withhold important information, lowering the quality of care offered.^[1]

Although information sharing is essential in an interdisciplinary health team, each professional should limit information disclosure to an unauthorized health professional to plan and carry out procedures in the patient's best interests [12]. The exchange of patient medical records and data with an unauthorized person continues to be a common occurrence in a variety of clinical settings [5]. Breaches of confidentiality in clinical practice due to negligence, indiscretion, or sometimes even maliciously jeopardize a duty inherent in the physician–patient relationship [8]. Breaches of confidentiality and sharing data with unauthorized parties may have the potential to harm the patients’ health [13]. Health care quality declines due to a loss of confidence in the professional-patient relationship [14]. Patients become hesitant to seek care and attend follow-up appointments due to their mistrust of health providers ^[1]

Physicians are obligated not to disclose confidential information given by a patient to another party without the patient’s authorization. An obvious exception (with implied patient authorization) is the sharing necessary of medical information for the care of the patient from the primary physician to consultants and other health-care teams. In the present-day modern hospitals with multiple points of tests and consultants, and the use of electronic medical records, there has been an erosion of confidentiality. However, individual physicians must exercise discipline in not discussing patient specifics with their family members or in social gatherings [24] and social media. There are some noteworthy exceptions to patient confidentiality. These include, among others, legally required reporting of gunshot wounds and sexually transmitted diseases and exceptional situations that may cause major harm to another (e.g., epidemics of infectious diseases, partner notification in HIV disease, relative notification of certain genetic risks, etc.).^[2]

Barriers

Therefore, physicians are ethically and legally obliged to maintain their patients’ data privacy and protect their autonomy.^[3]

4 However, sharing patients data with unauthorized people still frequently occur in different clinical settings and departments and, unfortunately, involve most healthcare personnel.^[3]

6 These breaches include disclosing patient data to third parties, discussing patient information in public areas, incorrectly disposing of patient records, leaving electronic or paper health records unattended, and providing care with open doors.^[3]

Concerns about sharing patients data with unauthorized people by physicians may have undesirable effects on patients’ health. Breaches of confidentiality may lead to foregone healthcare, making healthcare seekers more likely to engage in dangerous behaviors or report psychological problems.^[3]

9 Likewise, as these concerns may diminish patient’s trust in their physicians, patients may hesitate to seek help, attend follow-up appointments, or even disclose essential information for the establishment of an efficient healthcare plan.^[3]

These confidentiality concerns have been acknowledged as being global concerns. Therefore, various internationally agreed recommendations and guidelines that appl^[3]

ortunately, this confidentiality is frequently breached in different ways (Beltran-Aroca, Girela-Lopez, Collazo-Chao, Montero-Perez-Barquero and Munoz-Villanueva, 2016; Hartigan, Cussen, Meaney and O'Donoghue, 2018; Kerr, Lu and McKinlay, 2014; Koivula-Tynnila, Axelin and Leino-Kilpi, 2018), for example due to indiscretion or carelessness when speaking about a patient on the phone or in a public area (Beltran-Aroca, Girela-Lopez, Collazo-Chao, Montero-Perez-Barquero and Munoz-Villanueva, 2016). The physical hospital environment has also been identified as an issue that may compromise patient confidentiality as it can be difficult to ensure confidentiality during rounds in multi-patient rooms (Kerr, Lu and McKinlay, 2014). The consequences of such breaches of confidentiality include patients withholding information about themselves or being embarrassed when they hear things about others (Koivula-Tynnila, Axelin and Leino-Kilpi, 2018). Furthermore, avoiding such breaches can be particu^[4]

Many of the problems that make patients go to see a doctor are delicate ones. They involve confiding potentially embarrassing pieces of information to a professional who might be a complete stranger. Geissler (2013) and Jones (2014) have argued that what counts as sensitive information differs between individuals and varies between societies. Surveys among European populations suggest that issues related to sexuality, substance abuse, and mental health are typically considered particularly sensitive (Larsen et al. 2019). To confide such information to others not only presupposes a particular form of relationship—it generates it. To reveal intimate information involves an intricate social dynamic between people (Fainzang 2002). Simmel summarized this in his seminal analysis of secrets:^[5]

the trust we receive contains an almost compulsory power, and to betray it requires thoroughly positive meanness. By contrast, confidence is ‘given’; it cannot be requested in the same manner in which we are requested to honour it, once we are its recipients (Simmel 1950a, p. 348).^[5]

The handling of patient information matters to—and works upon—those who need to confide in health professionals, as well as those professionals who come to act as guardians of other people’s secrets. ‘Secrecy’ refers to a social expectation of unconditional withholding of information in a relationship between people. ‘Confidentiality’ also pertains to a relationship between people, but the withholding of information is not unconditional. Rather, confidentiality refers to a regulated flow of information: information is conveyed to others only according to an agreement, or to predefined rules. These rules can be compared to what Nissenbaum has described as tacit and “context-relative informational norms” relating to actors (who receives information), attributes (types of information), and transmission principles (constraints on flows) (Nissenbaum 2010, pp.140–147). As long as these rules correspond to patient expectations, a transfer of information—e.g. among health professionals—is not privacy infringement.^[5]

2 Confidentiality implies that the health professional in whom the patient confides curates the information, which is to be passed on. Curation, in this sense, refers to a “discriminate selection” of information in order to control what is shared with whom (Davis 2017, p. 773). Johansen and Andrews (2016) have suggested that without such curation, patients might not feel confident to entrust professionals the information that is needed to identify the correct diagnosis and commence adequate treatment.^[5]

The ability of health professionals to control the flow of patient information has changed over time. Nearly fifty years ago—at a time when doctors were mostly men and technological options for information sharing were more limited—Grossman (1977) pointed to how the political ambition of mitigating societal risks interacted with legal requirements, and prompted doctors to consider how to balance a concern for confidentiality with the duties of reporting:^[5]

For his (sic) patients’ sake and increasingly for his own as well, the physician would be well advised to learn the narrow but tortuous path between the edict ‘reveal not your patients’ data’ and growing demands that he do just that (Grossman 1977, p. 43).^[5]

Since then, information generation, storage and exchange has changed radically along with the ever more pervasive digitalization and the changing political and legal frameworks. It is through these changes in the political, legal and technological conditions for information storage and exchange that we identify the ‘life a^[5]