Principles of Confidentiality

Introduction[edit | edit source]

Privacy, autonomy and confidentiality are interrelated concepts that are crucial to rehabilitation practice. Privacy refers to an individual’s right to control access to their personal information. Autonomy conveys an individual’s right to make decisions about their treatment and care. Both privacy and autonomy are closely related as they involve an individual’s control over their own information and choices. Confidentiality signifies the obligation to keep personal information private and secure in accordance with legal and ethical principles.^[1]

Maintaining Confidentiality[edit | edit source]

Confidentiality is not only about keeping information private. It also involves taking steps to ensure that information is secure and protected from unauthorised users. There are a number of ways healthcare providers can prevent electronic breaches in confidentiality:

• Electronic records:
  • use password protection
  • store securely
  • have protocols in place to prevent unauthorised access
  • use encryption
  • maintain regular backups
  • secure deletion of records when they are no longer required
  • have periodic audits to make sure records are being accessed appropriately and to detect any unauthorised users
• Mobile devices:
  • use password protection
  • remote wipe capabilities in a situation where mobile devices are lost or stolen^[1]

Healthcare professionals are ethically obligated to maintain a patient’s privacy and protect their autonomy.^{[2] [3]} Within all communication including written, verbal, electronic or virtual the highest standards should be maintained with regards to informed consent and confidentiality.^[4] Keeping patient information confidential is not just an ethical issue but also a legal one in many countries. Maintaining confidentiality protects patients from negative outcomes such as ruining personal relationships, employment discrimination and insurance coverage issues.^[1]

Respecting confidentiality demonstrates the provider's commitment to the patient's well-being. In addition, it builds trust, permitting the patient to disclose sensitive information to their provider.^[2][3] If patients do not trust their provider and withhold relevant information, the quality of care and outcomes will decrease.^[2]

There are a few situations where maintaining patient confidentiality is not possible, including:

1. When there is a risk of harm to the patient or others
2. Exceptional situations that may cause major harm to others, including
   • partner notification in HIV disease
   • epidemics of infectious diseases
   • relative notification of certain genetic risks
3. When a health worker is legally required to report information, such as:
   • gunshot wounds
   • sexually transmitted diseases^[1][5]

Breaches of Confidentiality[edit | edit source]

Breaches of confidentiality can be accidental, intentional or have systemic causes. Accidental breaches may occur from technical malfunctions, human error, inadequate training or lack of awareness about the importance of confidentiality. Intentional breaches are acts performed by individuals seeking personal gain. They can be committed by insiders, hackers or unauthorised individuals. Insiders can be motivated by personal reasons or financial gain, while outsiders may be driven by political reasons, financial gain or other factors. Finally, systemic breaches can occur when there are inadequate security measures or insufficient protocols for managing confidential information.^[1]

Confidential breaches commonly occur in the following ways:

• Healthcare professionals discussing patient information in public areas
• Healthcare professionals discussing patient information with their family
• Leaving electronic or paper health records unattended
• Incorrectly disposing of patient records
• Providing care with open doors
• Disclosing patient data to third parties^[3][6]

Consequences of Breaches of Confidentiality[edit | edit source]

Breaches in confidentiality can have negative consequences on the provider-patient relationship. When confidential information is leaked, the patient loses trust in their provider. As the relationship deteriorates, the patient may be hesitant to seek help, attend follow-up visits or disclose information necessary to establish an efficient treatment plan, which may lead to negative outcomes.^{[2][1] [3]}

Confidential breaches can also have negative consequences for healthcare providers. Healthcare professionals can be held liable for breaches in the form of fines, lawsuits and criminal charges. If the breach becomes public knowledge, the provider's, and their organisation's, reputation can be damaged. This can lead to loss of business and difficulty in finding a job in the future.^[1] The healthcare professional can also be investigated and fined/suspended by their country or state professional board.

**If a breach does occur, it is important to report it immediately and take steps to mitigate any potential harm.^[1]

Resources[edit | edit source]

• Informed Consent
• Informed Consent With People Who Have Dementia
• Section 8: Informed consent and medico-legal framework

References[edit | edit source]