Breach Of Confidentiality

Breach Of Confidentiality Average ratng: 5,0/5 7534 votes

Breach of confidentiality definition is - failure to respect a person's privacy by telling another person private information. How to use breach of confidentiality in a sentence. Breach of confidentiality could be covered under the privacy laws, the meaning of the word confidentiality and privacy are somewhat synonymous. In the legal parlance the issue of confidentiality comes up where an obligation of confidence arises between a data collector and a data subject.

.Confidentiality is central to the preservation of trust between doctors and their patients.Patient confidentiality is not absolute.Legitimate exceptions are disclosures with patient consent, when required by law and where there is a public interest.When breaching patient confidentiality and patient consent cannot be obtained, seek advice from senior colleagues or a medical defence union and document your reasons clearly.Confidentiality is central to the preservation of trust between doctors and their patients. The moral basis is consequentialist, in that it is to improve patient welfare. There is a wider communitarian public interest in the protection of confidences; thus, preservation of confidentiality is necessary to secure public health. Failure to maintain this venerable obligation may result in suboptimal treatment ( X v Y 1992 3 BMR 1). For centuries, doctors have upheld this ethical principle underpinned by the Hippocratic Oath that has been updated by the international community assenting to the Declaration of Geneva. The practice of doctors in the UK is subject to the regulatory authority of the General Medical Council (GMC) who strongly uphold this professional duty.

Accidental

The British Medical Association (BMA) advises doctors to consider the benefits of breaching patient confidentiality against the harmful consequences of damaging the professional relationship and risking public trust in a confidential service.However, medical confidentiality is not absolute in modern medicine. There are occasions when there is a need to breach this idealism. The legitimate exceptions are specified by the GMC's professional code of conduct:.- disclosures with consent;.- disclosures required by law;.- disclosures in the public interest.Characteristics of confidential informationThe general principles of what is considered confidential have been outlined in common law. A duty of confidence arises when one person discloses information to another (e.g. A patient to a doctor) in circumstances where it is reasonable to expect that the information be held in confidence.

To represent a breach, confidential information must:Enforcement of a legal duty in the UK has to date been relatively weak. Both the GMC and Department of Health provide ethical guidance for professionals that would nonetheless be given considerable weighting by the courts or independently lead to professional disciplinary action. More recently, a review of information governance by Dame Fiona Caldicott was commissioned by the government in 2012 to look at the need to balance the protection and sharing of patient information in order to improve patient care in a modern world. Breaching patient confidentialityInadvertent breaches are potentially commonplace on wards if medical notes are left visible or patient consultations and preoperative assessments are conducted in an open environment. The increased use of computerized documentation results in faster and wider distribution of information with an increased risk of unauthorized access.Unintentional breaches of patient information may occur when e-mailing colleagues. Data encryption e-mail services must be used by both the sender and recipient if patient details are communicated in this manner to prevent unauthorized interception of messages. NHSmail is the only NHS e-mail service provider that securely transmits messages and is endorsed by the government and BMA.

Confidential patient information maintained on personal computers must also be encrypted since password protection can be easily bypassed.Confidential patient documents, including theatre lists, should be discarded by paper shredding, while electronic data shredding should be used when disposing of computer hardware. Photography and video forming part of patient records must be subject to strict control using only hospital trust equipment, obtaining consent for the recording and minimizing identification where possible. Images of internal organs, pathology slides, or radiographic images can be taken under the proviso of implicit consent for the investigation or treatment. Put simply, any information, written or electronic, which can identify a patient directly or indirectly, is subject to the duty of confidence.The Data Protection Act has outlined the principles (Table ), but several incidences of public authorities ‘losing’ personal data show how poor information governance can be.

Significant financial penalties have been imposed by the Information Commissioner for such breaches, and as such, systems must be in place to secure personal data within the healthcare setting. In a recent survey of trainees of all specialities, anaesthetists were among the least aware of guidelines to protect confidential information. In one Trust known to the authors, anaesthetists have been subject to investigation by the Caldicott guardian when a theatre list was found in a car park.

This could have resulted in referral to the GMC. Health professionals must be vigilant to the potential risks of inadvertent breaches when using social networking sites such as Facebook ®, Internet forums, and blogs to communicate either personally or professionally. Not only does the duty to protect patient confidentiality extend to the Internet, but libel laws can also apply to inappropriate comments made on these websites.

When using social networking sites to discuss clinical events, users must be particularly mindful to not disclose any identifying information such as the date and location of the event and also patient-specific details.The circumstances permitting deliberate disclosures will now be discussed further. The three general principles underlying disclosures are those with patient consent, those regarding a statutory obligation, and those for which the public interest outweighs the preservation of confidence.

Making a disclosure with the patient's consentThis is the most common reason for revealing confidential details. If the patient expressly consents to disclosure, a doctor is relieved from the duty of confidence. Consent may be explicit or implied. Explicit consent requires active agreement but may be written or oral. It is the preferred form as there is no doubt as to what has been agreed and is usually required for sharing more sensitive data. The patient must have the necessary capacity to consent, that is, understand, retain, and balance the information, and also communicate their decision.

This can be challenging in the critical care setting when patients are often sedated or suffering disease processes affecting their conscious level.Disclosures made with the patient's consent are in theory not breaches providing the consent is fully informed and freely given. Patients should ideally disclose information voluntarily or be informed of the disclosure beforehand, and where practicable consent obtained.Other disclosures may be justified on the presumption of implied consent, when obtaining consent is undesirable or not possible, for example, a sedated patient on intensive care unit (ICU). This may extend to Independent Mental Capacity Advocates, Lasting Powers of Attorney, or deputies appointed by the courts for decision-making on matters of healthcare.

Any decision made on behalf of an individual lacking capacity to disclose should be done so proportionately and in their best interests. Multi-disciplinary teamsFrequently, disclosures of personal information take place between members of a healthcare team.

Most patients accept that information needs to be shared within the healthcare team to provide optimal patient care or learning opportunities. Alternatively, it could be argued that non-disclosure may result in negligence on behalf of the doctor for omitting important facts relevant to care. Disclosures should always be limited to reveal only the relevant and appropriate information.Student doctors and nurses have access to patient records as part of their training. They are not subject to discipline by GMC but by their undergraduate medical or nursing school. It is expected that they maintain professional standards with regard to patient confidentiality.

Audit and secondary uses of confidential informationThe public is not likely to be aware of the degree to which their information is transferred. Medical research requires express consent to be sought. Audit is often undertaken under the presumption of implied consent and is therefore acceptable if data are sufficiently anonymized. Educational publications require signed consent except in exceptional circumstances when a subject cannot be traced. Ideally, it is important for doctors to maintain professional integrity by making efforts to gain express consent where applicable. ChildrenChildren may wish to withhold sensitive information from their parents. The mature minor's right to confidentiality is permitted when it is deemed in their best interests ( Gillick v Norfolk and Wisbech Area HA 1986 AC 112).

There does remain a duty on the doctor to persuade the child to inform their parent or to allow the doctor to do so. If the doctor suspects the child is at risk, they are required to report their concerns to the relevant authorities. This applies to anaesthetists who may only be caring for the child during a short visit for surgery. The duty to disclose is a fine balance whereby a missed case of child abuse can result in ongoing neglect and potentially recrimination of the healthcare professionals involved, but conversely, an ill-founded accusation may cause substantial distress to the accused. Disclosures to relatives, friends, or third partiesIn a critical care setting, it may seem unreasonable to refuse to provide information to a next-of-kin when a patient is seriously ill as this may be in the patient's overall best interests.

There is no legal definition of next-of-kin, although, under Section 26 of the Mental Health Act 1983, the patient's husband or wife, including civil partner, takes precedence for taking responsibility for the patient in the context of mental illness. In this context, if separated, the partner remains the legal next-of-kin until they are divorced unless an alternative person is nominated. Channelling information through one next-of-kin places some limits on the extent of disclosure.Information is accessible to third parties when requested by employers, insurance companies, and lawyers. Doctors are required to maintain an honest statement, not give opinion, and use substantiated evidence. Complaints procedures may also require access to personal data. This must be made with the explicit consent of the parties, although the GMC and Audit Commission are permitted access to records via statutory legislation.

Statutory disclosures and judicial proceedingsIf information is required by law, this will not amount to a penalty for a breach. This area can be confusing. It is important for clinicians to be aware that the police do not have automatic powers to demand disclosure nor has a lawyer rights to demand medical information. A court order is required for this purpose. However, a judge can penalize a doctor for contempt of court for failure to assist with the provision of necessary information. In addition, incorrect or misleading information must not be given to the police in their investigation.If a patient is admitted to the ICU intubated and ventilated after an accident and a police officer requests a blood alcohol sample for forensic investigation, do you take the sample? In this situation, the patient is unable to consent to the test being performed.

If the sample is necessary to direct clinical management, this should not be delayed. The sample is lawful, and furthermore, the result can remain confidential. It cannot be used by the courts, unless requested by law, or the treating doctor is satisfied there is an overriding public interest to disclose this information. More often, a request is made to a forensic practitioner. They may be permitted, or assisted, to take a sample provided you as the treating doctor feel that this does not interrupt treatment or compromise your duty of care.

It is the corresponding author's practice to require the police officer requesting a sample to make a written request to be filed in the patient's medical notes confirming the rationale. However, by refusing a sample to be taken on the grounds there is no consent, you may be hindering the police investigation or guilty of an offence. The BMA have provided comprehensive guidance on taking blood tests on drivers unable to give valid consent. Prevention or detection of crimeThe Police and Criminal Evidence Act 1984 considers a ‘serious offence’ a crime giving risk to national security, interfering with justice, and causing death or serious injury. The Act provides police with powers to access materials normally classified as excluded such as medical records, providing a warrant has been obtained by a circuit judge.Disclosure is demanded when national security is at risk, as defined by the Prevention of Terrorism Act 2005 where there is a duty to report suspicion of terrorist activity.

Likewise, the Terrorism Act 2006 requests healthcare professionals to inform police of any information that may help prevent an act of terrorism, or assist in apprehending or prosecuting a terrorist.The Road Traffic Act 1991 requests medical practitioners to give patient details to the police when a driver is alleged to have committed an offence. Doctors may face prosecution for failure to disclose such relevant information ( Hunter v Mann 1974 2 All ER 414).Disclosures may be made for statistical purposes via secondary legislation, for example, Abortion Regulations 1991, or for the protection of individuals, for example, Misuse of Drugs (Supply of Addicts) Regulations 2001.Coroners have authority to investigate the circumstances of certain deaths under the Coroners and Justice Act 2009. This applies if the coroner suspects the deceased died a violent or unnatural death, the cause of death is unknown, or if the deceased died while in custody. Coroners are entitled to request medical details relevant and necessary to their enquires; therefore, pertinent clinical information must be disclosed upon request. Disclosures in the public interestPublic interest ranges from public health to prevention or detection of serious crime. This justification is more subjective and in contentious cases, the courts may be required to decide. There is a distinction between ‘in the public interest and what the public are interested in’.

Consider a scenario where a patient admits to a crime while under the influence of your sedative medication. What should you do with the information? The confession could easily be dismissed as delusional but could also be considered meaningful as sometimes people do make truthful comments when inebriated. Your actions will be governed by your professional judgement and depend partly on what crime has been admitted to. A breach in confidentiality would be difficult to justify for a minor offence such as a parking infringement compared with that involving gun or knife crime where there is a statutory requirement to disclose the information to assist with the investigation of a serious crime.

Public safetyAs already mentioned, in the UK, there are now several statutory obligations placed on doctors to disclose information based on the threat of harm. In the USA, there is a prima facie duty to breach confidentiality and warn an identifiable victim where there is a risk of harm from a patient ( Tarassoff v The Regents of the University of California 1976 17 Cal 3d 358). In the UK, greater evidence is likely to be required, but doctors may be found negligent for failure to disclose confidential information when others are at potential serious risk ( W v Edgell 1990 1 All ER 835). On the whole, providing the doctor acts reasonably, does not ignore the risk to others, and balances their duty to the patient with that of society, they are less likely to be found negligent. The duty to protect the public relies on sufficient legal proximity of those parties involved ( Palmer v Tees HA 1999 EWCA 1533). So unless there is a clearly identified individual at risk, there is unlikely to be a duty to warn and thus disclosure depends on professional judgement. Furthermore, when the ‘need to know’ basis is exceeded, disciplinary proceedings may arise ( Duncan v Medical Practitioners Disciplinary Committee 1986 1 NZLR 513) or patients may seek damages for inappropriate breaches ( Cornelius v Taranto 2001 68 BMLR 62).

Public healthPublic health is the overarching aim of healthcare and there are circumstances where disclosure outweighs the benefits of individual privacy. Historically, doctors have been required to provide epidemiological information by compulsory reporting of specific communicable diseases or industrially related disease, governed by the Public Health (Control of Disease) Act 1982.HIV notably, although indisputably infectious and associated with criminal prosecutions for reckless transmission, remains a controversial area for disclosure, partly because of perceived stigmatization. The AIDS (Control) Act 1987 states that the disease is not notifiable and so limits requirements to prevalence statistics only. Shadows of the damned steam. Two other pieces of legislation provide additional guidance but interpretation varies. HIV represents a serious communicable disease but to date, there has not been liability for failing to disclose to a third party.Up to 40% of patients with HIV are not aware of their diagnosis on admission to intensive care. Dealing with a newly diagnosed patient, when they do not have the necessary capacity to permit disclosure of the information to at-risk partners or contact tracing is legally and ethically challenging. The local HIV team should preferably be involved in such circumstances.

Disclosure of a patient's HIV status to a third party may be justified in exceptional circumstances with compelling reasons, for example, partner pregnancy or unprotected sexual contact. If at all possible, the patient must be given the opportunity to consent to the disclosure first.Ideally, the ethical duty of confidence persists after a patient's death. For public health reasons, personal data are available to the public audience in the form of death certification. Inclusion of HIV/AIDS on certification may therefore be provocative. Doctors are required to be honest and full in their disclosure. If a serious communicable disease has contributed to a patient's death, this must be recorded on the death certificate. Information relating to serious communicable disease should be passed on to the relevant authorities, while preferably maintaining anonymity to improve control and maintain surveillance.

This includes HIV, tuberculosis, and hepatitis B and C. Under the Coroners and Justice Act 2009, while the cause of death must still be recorded, a shortened version of the death certificate which is intended to protect the deceased patient's medical history will be available from 2013 and can be used by the family for administrative purposes. Access to medical recordsThere are various legislative procedures permitting access to medical records. The Data Protection Act 1998 provides a framework to govern the processing of information that identifies living individuals, including health records. This enshrines the legal ownership of personal data and sets minimum standards for its privileged use. The duty of confidentiality is extended beyond doctors as individuals to an organizational level and applies to both public and private health records. Data controllers, including NHS organizations, are required to comply with the eight data protection principles as summarized in Table.

Fines may be imposed under the Act if personal information is disclosed unlawfully.This has implications for anaesthetists when maintaining a logbook. For trainees, it is compulsory to maintain a logbook and sufficient information must be recorded to enable their educational supervisor to verify the information is accurate.

This requires the recording of patient identifying details. The RCoA/AAGBI Joint Informatics Committee recommends recording the patient's hospital number and age to enable verification by educational supervisors while arguably providing sufficient data protection. Anaesthetists who maintain a logbook should, however, consider registering themselves as a data controller under the DPA.Limited information may be disclosed to solicitors or persons entitled to claims upon death under the Access to Health Records Act 1990. The Medical Reports Act 1988 permits individuals access to personal medical reports for employment or insurance purposes. The Freedom of Information Act 2000 provides for disclosure of information held by public authorities and is not intended to allow people to gain access to their personal information. Public authorities are defined under the Act and includes any organization treating NHS patients.The Human Rights Act 1998 has been used by the courts to provide some legal redress to a breach of confidentiality. NHS hospitals are public bodies and are required to comply with the Act.

Article 8 asserts a fundamental right to privacy but deviation from this right includes:National security, public safety, or the economic well-being of the country, for the prevention of disorder or crime, protection of health or morals, or for the protection of rights and freedoms of others. Disclosures and the mediaPublic curiosity is not a justification to breach confidentiality and is generally considered unacceptable. The Public Interest Disclosure Act 1998 authorizes such breaches in confidence, referred to as ‘qualifying disclosures’, and offers protection to ‘whistleblowers’ who report wrongful or illegal activity.

Such disclosures are permitted if the employee reasonably believes that there is criminal activity, a failure to comply with a legal obligation, a miscarriage of justice, or a risk of health or safety to an individual. Injustice may be considered a suitable cause for breach. However, great care must be taken when using the media to highlight concerns over patient welfare when breaches may cause distress to patients or their relatives and result in disciplinary proceedings.To summarize, anaesthetists must be vigilant to the duty of confidentiality and the legitimate exemptions. This applies when caring for patients, communicating with colleagues, and maintaining records. When a disclosure is contemplated, each case must be considered on its own merits.

In such cases, it is advisable to consult with senior colleagues, your hospital legal representative or local Caldicott guardian, or medical defence union. Declaration of interestNone declared. DisclaimerThis article summarizes the main medico-legal issues involving patient confidentiality. The authors advise readers to seek formal legal advice if clarification is required.

Part of the common law series
Tort law
Intentional torts
Property torts
  • Trespass
Defenses
Negligence
  • Duty of / standard of care
  • Malpractice
Liability torts
Nuisance
Dignitary torts
Economic torts
Liability and remedies
Duty to visitors
Other common law areas
  • Wills, trusts, and estates

The tort of breach of confidence is, in United States law, a common law tort that protects private information that is conveyed in confidence.[1] A claim for breach of confidence typically requires the information to be of a confidential nature, which was communicated in confidence and was disclosed to the detriment of the claimant.

Establishing a breach of confidentiality depends on proving the existence and breach of a duty of confidentiality. Courts in the US look at the nature of the relationship between the parties. Most commonly, breach of confidentiality applies to the patient-physician relationship but it can also apply to relationships involving banks, hospitals, and insurance companies and many others.[citation needed]

There is no tort of breach of confidence in other common law jurisdictions such as the United Kingdom or Australia, however, there is an equitable doctrine of breach of confidence.

See also[edit]

References[edit]

  1. ^'Breach of confidence'.

External links[edit]

  • Privacy's Other Path: Recovering The Law Of Confidentiality, Neil M Richards, Washington University School of Law; Daniel J. Solove, George Washington University Law School
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Breach_of_confidence&oldid=921028683'