Public Health SC081: Confidentiality Flashcards
Confidentiality
Definition:
- Ensuring that information is accessible only to those authorized to have an access
WHO Principles of Patient’s Rights:
Everyone has the right to:
1. To respect his / her privacy
2. Be respected as a human being
3. To self-determination, and moral, cultural and religious values
4. To physical and mental integrity and security
5. To health protection, disease prevention and health care
Confidentiality
Definition:
- Ensuring that information is accessible only to those authorized to have an access
WHO Principles of Patient’s Rights:
Everyone has the right:
1. To respect his / her privacy
2. Be respected as a human being
3. To self-determination, and moral, cultural and religious values
4. To physical and mental integrity and security
5. To health protection, disease prevention and health care
WHO Declaration of Geneva, Sydney 1968
- All information must be kept confidential, even after death
- Information can only be disclosed if the patient gives explicit consent or if the law specifically provides
- Consent may be presumed where disclosure is to other health care providers involved in that patient’s treatment
- All identifiable patient data must be protected
- Patients have the right of access to their medical files and have the right to require the correction, deletion and clarification of personal data which are inaccurate, incomplete / not relevant to the purpose of their illness
Confidentiality in Research
- The Nuremburg Code
- Declaration of Helsinki
- Personal Data (Privacy) Ordinance
- IRB
- LKS Faculty of Medicine Research Ethics
Main ethical issues in human subject research:
- Obtain informed consent (writing / oral) – an ongoing not singular process (if any changes occur —> need to obtain consent again)
- Enumerate how to manage privacy and confidentiality
- Data reporting, handling and disposal
Personal Data (Privacy) Ordinance (PDPO)
Main implications for doctors:
- Health records
- If a patient (or person authorised to apply on patient’s behalf, the person with parental responsibility, the person lawfully appointed for incompetent person, the personal representative of deceased person) asks for a copy their records, a doctor is required to do so unless it would be likely to harm the patient or another person. Patients can ask to correct inaccuracies. - History taking
- Informed consent is necessary. - Confidentiality
- Disclosure of information must follow informed consent, and be used only for the stated purpose. - Data protection
- Electronically stored information - Access to health records, medical reports
- Insurance / Employment
Electronic Health Record Sharing System
Expansion of PPPs (Public-Private Partnership Programme)
Legal framework: 1. Ordinances: - eHRSSO (Cap 625) - PDPO (Cap 486) —> Criminal consequence
- Code of Practice for Health Care professionals using eHRSS (COP)
—> No criminal consequence - Code of Professional Conduct
—> No criminal consequence
- Privacy Commissioner has a wide power to carry an investigations when receiving a complaint concerning use of personal data
- Dual scrutiny of the Privacy Commissioner and the eHR Commissioner who both have a power to refer the complaint of any breach of the eHRSSO and PDPO to the police for criminal investigation
What you will be armed with when you qualify as a doctor
- The International Code of Medical Ethics
- A doctor shall preserve absolute confidentiality except
where others are endangered on all he knows about his patient even after the patient has died. - Professional Misconduct
- If a medical professional has done something which will be reasonably regarded as disgraceful, unethical or dishonourable by his professional colleagues of good repute, than it is open to the Medical Council of Hong Kong to say that he has been guilty of professional misconduct. - Patient’s Privacy, Medical Records and Confidentiality
- Keep good records; Keep records secure
- Understand PDPO
- Make sure to have informed consent before disclosing information to a third party
- Obey guidelines for handling records
- In exceptional circumstances, you may disclose information to a third party without consent if failure to do so may result in risk of death or serious harm, or when required by law to do so
Confidentiality is not absolute
Code of Professional Conduct HK Medical Council:
In exceptional circumstances, medical information may be disclosed to a third party without the patient’s consent
Examples:
1. Where disclosure in necessary to prevent serious harm to the patient or other person (e.g. STD, infectious diseases)
2. When disclosure is required by law
Statutory Control of Confidential Information
Statutory measures:
1. Duty at law to disclosure certain confidential information
2. Confirm the strict nature of the duty of confidentiality
3. Empower modifications to the duty of confidentiality in a given set of circumstances
- Abortion regulation
- Notifiable disease
- Veneral Disease
- Tackle crime: Criminal investigation
- etc.
Modifying the duty in the Public Interest
- Maintaining Confidentiality is the key
- List of exceptions to the obligation of confidence
—> Disclosure should be limited to those regarded as vitally in need of the information (to only those in need)
—> The risk must be real rather than fanciful
—> This real threat needs to be rather of physical harm, as opposed to some other form of harm
Can the doctor who decides not to inform the third party of the risk be found liable as a matter of law or professional discipline?
Dilemmas:
- Legal duty: action of negligence?
- Danger of death or serious injury is foreseeable?
- Deter the patient from seeking help
- The loss of some patients’ privilege (driving licence, insurance)
Common pitfalls in preserving confidentiality in everyday medical practice
- Failure to ensure a secure environment for discussing confidential matters
- Failure to appreciate lack of privacy in an open reception area
- Disclosure of sensitive information while talking loudly on a mobile phone
- Mentioning names
- Failure to ensure confidentiality while discussing a patient with a colleague
- Indirectly divulging the nature of the patient’s condition
- Wrongly assuming information may be shared with patient’s family members
- Openly criticising a colleague
Examples:
- Careless telephone manner
- Careless telephone introduction
- Careless chat
- Agreeing to dispense a prescription to a third party without consent
- Disclosing sensitive information to a third party
- Disclosing sensitive information to other patients in reading out the dosage instructions
- Leaving information unattended where it can be seen by members of the public
- Not log off
- Leaving a patient with access to information
- Careless disposal of confidential material
It’s impossible to care effectively for patients and preserve absolute confidentiality
Healthcare is a team process:
- need to seek advice
- need to refer patients
- admin staff handle records
Protective measures in electronic system:
- Keep software up-to-date and install all security patches offered by the vendor
- Avoid instant messengers programmes
- Restrict the kinds of Websites that employees can visit
- Billing software: Data encryption
- Securing mobile devices
Summary
Any disclosures of information should be
- With the consent of patients whenever possible
- Kept to a minimum
- Kept anonymous where this will suffice
- Record any decisions made to disclose information, together with the reasons for disclosure
- Witness
- If in doubt, ask supervisor / seek advice from medical defence organisation
Confidentiality: Central to the practice of Medicine and research on humans
- Balancing private and public interests
- Essential for the high-quality health care delivery
- Competence of doctor
- Confidence and trust of patients
- Uphold patient’s dignity
- One of the foundation of contemporary medical ethics
- Respect privacy
- Common medico-legal issue eHRSSO, PDPO
- Code of Professional conduct
