confidentiality case study health and social care

opens in a new window

The Nursing Voice December 2015 issue is now available.

Case Analysis: Breaching Patient Confidentiality and Privacy

This article appears on page 0 of

The Nursing Voice December 2015

Amy Amarathithada, BSN, RN

Loyola University

Introduction

Advancement of technology has changed the way people communicate. Paper charting or hand written communication has become extinct in healthcare. Healthcare professionals can easily document and access patient information through the electronic health record (EHR) system. Patients are encouraged through many healthcare organizations in utilizing their website to access their medical records. In addition, patients can now email their providers with any medical questions they have any time. With this new implementation, healthcare professionals need to be more cautious with patient information. As providers, it is our role to keep patient information private and confidential according to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Social media such as Facebook, Twitter, and Instagram has made it challenging for people to keep information private. People all over the world share their personal information through pictures and videos. Most people tend to forget that once something is shared over the internet, it is no longer private. The purpose of this paper is to present a case study analysis on breaching patient confidentiality. Next, the issue of breaching patient confidentiality through the use of EHR and social media will be discussed. In addition, the effects of EHR used in the healthcare profession and implementation of bioethics decision-making method will be presented.

The use of digital communication such as EHR, email, social media, or the internet has become the norm in healthcare (Lo, 2013). However, the use of digital communication poses risks of breaching patient privacy and confidentiality. The following case study illustrates inappropriate use of digital communication: Trista was a new graduate nurse who landed her first job in the emergency department (ED). She was very excited to work in the ED and was eager to learn. On every shift, she would access and view patient information using the EHR system for her own learning experience even though some of the patients was not assigned to her. Her co-workers Nina and Darline noticed that she would access unassigned patient EHR on multiple occasions. Both co-workers ignored the issue each time they saw Trista inappropriately viewing patients’ medical records. During lunch, Trista would talk about some of the patients she looked up in the EHR system. One of the comments she said to Nina was, “I can’t believe how many drug seeking patients on record I found in the ED. Some of them I didn’t even take care of. They take pain meds like it is candy.”

Trista always carried her mobile device with her and would update her Facebook frequently about her workplace. At times, Trista would take photos in the ED. She posted pictures of herself at the nurse’s station and when she used the electrocardiogram machine for the first time. Trista was very friendly and wanted to become friends with her co-workers on her Facebook account. She became friends with Nina and Darline as well as other co-workers on the social networking website. Nina and Darline both noticed that Trista posted multiple comments and photos about their workplace and patients in the ED. However, neither has said anything to their manager.

One evening, Trista was assigned to a 17 year old female patient in the ED. The patient was diagnosed with a urinary tract infection and sexually transmitted disease. She took a picture of herself by the patient’s room and posted the picture on her Facebook page. Trista wrote the following caption in the photo, “typical night, UTI and STDS.” The posted photo included the hospital name and room number. The background of the photo revealed the patient’s face partially shown through the hospital curtain. Her fellow co-worker Nina saw the photo Trista posted about her 17 year old patient on Facebook.

Summarized Data

The use of EHR in healthcare is encouraged by the United States government. Digital technologies such as EHR present the promise of higher quality and more efficient healthcare (Lo, 2013). EHR are digital versions of paper charts that contain patient information documented by clinicians in provider offices, clinics, and hospitals. The use of EHR is very beneficial because it enables clinicians to track data over time, identify patients for screenings, monitor patient’s illnesses, and improve the quality of care provided (Ardito, 2014). In addition, the use of digital technology assists patients to become more involved in their own care. Patients can email medical questions to their providers, request for medication refills, book appointments, and access their own medical records with just a click of a button. However, the advancement of digital health information also brings burden and challenges for many healthcare organizations in protecting patient privacy. Healthcare professionals’ risk of breaching patient privacy and confidentiality has increased due to the implementation of EHR. All healthcare professionals should be aware and understand the law of HIPAA in order to avoid ethical privacy violations. HIPAA was mandated to protect patient’s rights for privacy of health information transmitted orally, on paper, or electronically (Lachman, 2013). Healthcare professionals should only access patient information through EHR when the clinician is caring for the patient. Inappropriate access of unassigned patient EHR for personal interests is considered breaching patient confidentiality.

The rise in the use of social media has also made its way in the healthcare industry. Healthcare organizations are encouraged to advertise about healthcare services through the use of social media such as Facebook and Instagram. According to Lachman (2013), social networking websites such as Facebook is the world’s largest professional network. Facebook currently has 750 million active users and 30 billion pieces of content is shared through its network monthly (Griffith & Tengnah, 2011). Like the general population, healthcare professionals post information on social media at similar rates. However, some materials posted by healthcare professionals can be problematic. According to Lo (2013), postings that contain sufficient detail to identify a patient breaches confidentiality. Once something is posted over the internet, it is no longer private and can become permanent. Healthcare professionals should expect that some patients will Google them and possibly forward information found via internet to others (Lo, 2013).

Impaction of Breaching Patient Confidentiality

The United States encourage healthcare organizations to convert from paper charting to EHR. In February 2009, the federal government set aside 30 billion dollars to assist hospitals, clinics, and provider office-based in transitioning to electronic records (Ardito, 2011). Although the implementation of EHR will assist the healthcare profession in providing better care to the public, there are also disadvantages. The use of EHR and digital communication has made protecting patient privacy challenging despite congress passing the HIPPA act. The ethical issue of healthcare professional breaching patient confidentiality is on the rise and is impacting the healthcare profession in many ways.

Inappropriately accessing patient EHR or posting patient information through social media can harm a healthcare organization’s reputation (Lachman, 2013). Healthcare organizations such as hospitals or outpatient clinics face the consequences due to their healthcare professional’s poor judgement. Patients and their families will not want to go seek health services from an organization with a bad reputation. Like the general public, patients can see what healthcare professionals post on social media. Patients and their families can view any comments, photos, or videos that healthcare professionals post inappropriately. It is the role of healthcare professionals to safeguard patient’s right to privacy (Lachman, 2013). In addition, healthcare professionals such as nurses frequently fail to realize how quickly information is spread through the internet (Griffith & Tengnah, 2011).

The trusting relationship between patients and providers is affected by the issue of breaching patient confidentiality. The use of social media has impacted the way patients view their provider’s trust and medical judgement. Providers might use social media to express their feelings regarding a patient incident that occurred in the workplace. People can simply search the web and find postings on a provider’s personal blog. Healthcare professionals need to keep in mind that once something is posted, it may become permanent. Patients, their families, and potential patients who view inappropriate material regarding patient information may question the integrity, judgement, or trustworthiness of the provider (Lo, 2013).

Violating patient privacy has affected the healthcare profession in protecting the well-being and safety of patients. According to the Code of Ethics for Nurses, the patient’s well-being could be jeopardized and the patient-nurse relationship could be destroyed due to the unnecessary access to patient data or by the inappropriate disclosure of patient information (Lachman, 2013). In addition, the well-being and safety of patient should be the priority when receiving or conveying confidential information about the patient whether in oral, written, or electronic form (Lachman, 2013). Healthcare professionals can put patients at risk when posting information about patients on the internet or inappropriately accessing patient’s electronic records. Patients may not want their families to know that they were in the hospital. In addition, patients can be at risk with unwanted visitors who found out their information because a careless healthcare professional posted information with the hospital name and room number. Healthcare professionals can also put patients such as adolescents at risk for their well-being and safety. Adolescents tend to not seek care because they don’t want their parents to find out. If healthcare professionals breach patient privacy by posting comments in social media, adolescents will not seek care because they will be afraid their parents may find out about their care.

Systematic Process for Bioethics Decision-Making

The presented case study shows an example of a healthcare professional breaching patient confidentiality on multiple occasions. It is necessary to utilize the bioethical decision-making method to help analyze and clarify the ethical issue arise in this case study. Bioethical decision-making model is a systematic approach to help distinguish situations where right and wrong are not defined clearly (Gilliland, 2010).

In the case study, Nurse Nina believes that violating patient privacy is a serious issue. However, is it Nina’s responsibility to report Trista or should Nina ignore the issue because there was no harm done on the patients? Gathering additional information will help Nina analyze the ethical components of the situation. The bioethical decision-making model will be utilized as a guideline for Nina and other healthcare professionals regarding an ethical situation.

The first step in the bioethics model is to the review the situation (Gilliland, 2010). Nina must determine the cause for the breaching of patient confidentiality. According to the case study, the cause is due to Trista taking advantage of utilizing the EHR system to access patient information and posting inappropriate material on social media. Nina may conclude that this ongoing behavior is a result of other fellow co-workers ignoring the issue of patient privacy violation.

The second step of the bioethics model is to gather additional information. Nina will need to ensure that she understands what Trista has discussed with her about patient information and what she saw on Trista’s Facebook. In addition, Nina must determine if she needs to gather additional information. Based on the case study, Nina can conclude that Trista provided many evidence that she is breaching patient privacy. Trista continuously access patient information on EHR and carelessly talks about patients during lunch. Trista also posted inappropriate material regarding her workplace and patient information on her social networking page.

The next step is to identify ethical issues in the situation (Gilliland, 2010). The ethical issue identified in this case study is breaching patient confidentiality on multiple occasions. Trista breached patient privacy due to the following:

• Inappropriately accessing patient electronic medical records on multiple occasions

• Made inappropriate comments about unassigned patients in the lunch room

• Using mobile device while working with patients

• Posting comments and photos regarding patients and workplace on social media

Step four of the bioethics model includes identification of personal and professional values (Gilliland, 2010). Nina believes that breaching patient confidentiality is wrong. She believes that it is the role of the nurse to protect the patient’s right for privacy. At the same time, she understands that Trista is a new nurse who wanted to learn more about patients by accessing their records. Even though Trista did not cause harm to her patients, Nina believes that it is not right to violate a patient’s privacy.

In Step five, Nina must identify moral positions of key individuals involved (Gilliland, 2010). Nina recalls that Nurse Darline was present when Trista made inappropriate comments about patients in the lunch room. Darline is also friends with Trista on Facebook and saw her inappropriately posting a photo of a patient. Nina needs to clarify if Darline understands that Trista has violated patient privacy in many ways and on multiple occasions. Nina concluded that Darline’s beliefs and values are the same as hers. Darline believes that Trista is wrong for breaching patient confidentiality. However, she did not report Trista because she believes Trista did not cause harm to any patients.

Identification of value conflicts is necessary in step six of the bioethics decision model. It is important to identify value conflicts because this can contribute to making ethical decision difficult (Gilliland, 2010). This case study shows that both Nina and Darline have value conflict. Both nurses agree that Trista has violated patient privacy. However, both chose to ignore the situation because they feel that Trista has not caused harm to any patients. Nina must decide what the best outcome is because Trista continues to violate patient privacy.

The next step in the bioethics model is to determine who should make the decision (Gilliland, 2010). Nina made the decision that she will be the one to report Trista to her manager. Darline has agreed with Nina that she will support her when the manager has questions about the situation of Trista violating patient privacy.

Step eight is to identify a range of actions with anticipated outcomes (Gilliland, 2010). The following are a list of possible actions and outcomes:

A. Report Trista to ED manager

• Action: Trista receives disciplinary action

⎥ receives re-education on patient privacy and confidentiality

⎥ not allowed to carry her mobile device during working hours

⎥ allowed limited access to the EHR system

• Outcome: patient’s privacy will no longer be violated

B. Continue to ignore the situation

• Action: Nina and Darline continue to ignore Trista’s ongoing behavior

• Outcome: Trista and potentially other healthcare professionals will continue to breach patient privacy

In step nine of the bioethics model, Nina must make the final choice for action. She needs to select the choice with the highest positive resolution (Gilliland, 2010). In this case, the best course of action is to select option A. Nina needs to report Trista to the ED manager. Trista has to be discipline for her actions and learn that she has violated patient privacy multiple times. Trista will learn from her mistakes and become more aware of her actions. In this case, the ethical duty is that nurses are accountable for their actions. It is a nurse’s duty to protect and respect the privacy of every patient.

In the last step, Nina must evaluate her decision and action (Gilliland, 2010). Nina made the right decision to no longer ignore the situation and report Trista. Trista violated her patient’s privacy when she posted a photo of the patient on Facebook. As a result, Trista no longer takes photos or post comments about her workplace and patients. She only accesses patient information necessary to provide care to her assigned patients. In addition, patients at the ED can feel safe that their information will be kept private and confidential.

Healthcare professionals play a major role in advocating for patients as well as other fellow colleagues struggling with difficult ethical decisions (Park, 2009). In this case study, the ethical issue of breaching patient confidentiality that many healthcare professionals frequently face was identified. As a result of the case study analysis, other healthcare professionals can utilize the bioethics decision-making model to assist in solving future ethical dilemmas. Healthcare professionals such as nurses have the obligation to protect patient confidentiality and privacy. With the advancement of digital communication, it is apparent that nurses, providers, and other healthcare professionals must be cautious with keeping patient information confidential.

Research article
Open access
Published: 02 September 2016

Confidentiality breaches in clinical practice: what happens in hospitals?

Cristina M. Beltran-Aroca 1 ,
Eloy Girela-Lopez 1 ,
Eliseo Collazo-Chao 1 ,
Manuel Montero-Pérez-Barquero 2 &
Maria C. Muñoz-Villanueva 3

BMC Medical Ethics volume 17 , Article number: 52 ( 2016 ) Cite this article

77k Accesses

33 Citations

15 Altmetric

Metrics details

Respect for confidentiality is important to safeguard the well-being of patients and ensure the confidence of society in the doctor-patient relationship. The aim of our study is to examine real situations in which there has been a breach of confidentiality, by means of direct observation in clinical practice.

By means of direct observation, our study examines real situations in which there has been a breach of confidentiality in a tertiary hospital. To observe and collect data on these situations, we recruited students enrolled in the Medical Degree Program at the University of Cordoba. The observers recorded their entries on standardized templates during clinical internships in different departments: Internal Medicine; Gynecology and Obstetrics; Pediatrics; Emergency Medicine; General and Digestive Surgery; Maxillofacial Surgery; Plastic Surgery; Orthopedics and Traumatology; Digestive; Dermatology; Rheumatology; Mental Health; Nephrology; Pneumology; Neurology; and Ophthalmology.

Following 7138 days and 33157 h of observation, we found an estimated Frequency Index of one breach per 62.5 h. As regards the typology of the observed breaches, the most frequent (54,6 %) were related to the consultation and/or disclosure of clinical and/or personal data to medical personnel not involved in the patient’s clinical care, as well as people external to the hospital. As regards their severity, severe breaches were the most frequent, accounting for 46.7 % of all incidents. Most of the reported incidents were observed in public areas (37.9 %), such as corridors, elevators, the cafeteria, stairs, and locker rooms.

Conclusions

Medical professionals are obligated to protect the confidentiality of their patients. The duty to ensure discretion and confidentiality in the medical profession is morally justified based on the rights arising from relationships, and medical practice involves trust relationships with both patients and society. This duty of confidentiality provides a fundamental basis for the existence of some level of trust in the doctor-patient relationship [ 1 , 2 ]. From the ethical point of view, respect for the principles of beneficence, non-maleficence and also autonomy is recognized as a major justification for maintaining patient confidentiality, based upon a fundamental consideration for persons [ 3 ]. Altisent [ 4 ] defines it as “the moral right to assist people in maintaining the privacy of what they entrust to others, who correlatively acquire the obligation to guard secrecy”.

Respect for confidentiality is important to safeguard the well-being of patients and ensure the confidence of society in the doctor-patient relationship. Health information is not only based on objective observations, diagnoses, and test results, but also subjective impressions about the patient, their lifestyle, habits, and recreational activities. The improper disclosure of such highly sensitive information could harm patients’ reputation or result in lost opportunities, financial commitments, and even personal humiliation [ 5 ]. This obligation is stringent but not unlimited. In fact, there are two general exceptions where it is necessary to question whether or not to maintain confidentiality: when the safety of others or public health is threatened [ 6 , 7 ].

Medicine today is practiced by healthcare teams formed not only by physicians, residents, and nursing staff, but also nursing assistants, orderlies, administrative personnel, and even students. Patients should be aware of the large number of people in hospitals who need to access their medical records to provide the best possible health care [ 8 ], which consists in obtaining an accurate diagnosis, providing the appropriate treatment, as well as receiving the necessary training to do so. It is for this reason that hospital personnel are required to protect patient confidentiality. Breaches of confidentiality in clinical practice due to carelessness, indiscretion, or sometimes even maliciously, jeopardize a duty inherent in the doctor-patient relationship [ 9 ]. Careless behavior, such as speaking about patients in public spaces like elevators [ 10 ] and cafeterias, during telephone conversations, or even when accessing electronic data, can result in breaches of patient confidentiality [ 7 ].

By means of direct observation, our study examines real situations in which there has been a breach of confidentiality. To achieve our aim, we first estimate the frequency of the phenomenon, that is, we quantify the number of times that patient confidentiality is breached in the different medical departments of a hospital. We then classify the situations recorded by the observers according to two characteristics: type and severity. Thirdly, we establish a relationship between the data recorded during the observations: the specific medical department and area where the observations were made, and the type of professional involved. The identification and characterization of such situations could be of use to health professionals and hospital management with a view to implementing the necessary measures to prevent such incidents.

Experimental design

We conducted an observational, cross-sectional epidemiological study on situations defined as breaches of confidentiality in clinical practice. The study was carried out in a 1197-bed university tertiary hospital with an average of 39,912 admissions and 748,245 patient visits per year. Footnote 1

Research was conducted in compliance with the Helsinki Declaration and approved by the Ethics Committee of Clinical Research of the reference hospital.

Additionally, our study adheres to STROBE guidelines (Additional file 1 ) for reporting observational research. Footnote 2

Selection of participants and sample collection

To observe and collect data on situations in which confidentiality was breached, we recruited 5 th -year and 6 th -year students enrolled in the Medical Degree Program at the University of Cordoba at the beginning of the academic years 2010–2011, 2011–2012, 2012–2013, and 2013–2014. All participants were adults, and signed a consent form with a confidentiality agreement, especially in order to avoid awareness of the study and consequently the bias of changing the behavior of the observed subjects. A total of 99 observers (75 women and 24 men) participated in the study, two of which abandoned the project.

To ensure the anonymity of the participants in the study, each of the observers was assigned a numerical code. In order to standardize the collection of data, the observers were trained by the researchers through interviews and in training sessions with groups of up to three students. A checklist was used during the training sessions to inform the observers about different types of confidentiality breaches. Specifically, the checklist contained several items describing situations in which the most common confidentiality breaches may occur. However, the observers were also instructed to record any other type of incident that was not specifically reflected on the checklist. Incidents that the researchers did not consider to be examples of unethical conduct (i.e., breaches of confidentiality) were excluded from the study.

The observers recorded their entries on standardized templates during clinical internships in the following departments and units: Internal Medicine; Gynecology and Obstetrics; Pediatrics and specialties; Adult Emergency Medicine; General and Digestive Surgery: Hepatobiliary Surgery, Colorectal Surgery, Breast Surgery, Endocrine and Upper Gastrointestinal Surgery, and Oncological Surgery; Maxillofacial Surgery; Plastic Surgery; Orthopedics and Traumatology; Digestive; Dermatology; Rheumatology; Mental Health; Nephrology; Pneumology; Neurology; and Ophthalmology.

In addition to describing each breach of confidentiality, the observers recorded the total number of days and hours corresponding to each period, the area/s where the breach occurred, the day and time of the incident, the type of health professional responsible for the breach, as well as the gender and age range of the person involved. It seems important to underline that observers were interested in collecting the type of professional, as well as another anonymous sociodemographic data; therefore, the identity of the observed subjects remained unknown for the researchers.

Study variables

Medical departments.

The medical departments in which the observations were made included a total of 37 Clinical Management Units (CMU). Due to the diversity of the units and the scarcity of data observed in some of them, we decided to regroup them into seven categories according to the similarities between them, especially when the rotation period of the students was less than 200 days. The resulting categories were:

Internal Medicine and the Emergency Department

Gynecology and Obstetrics

General and Digestive Surgery

Maxillofacial Surgery and Plastic Surgery

The rest of the CMUs corresponding to other medical or surgical specialties were grouped into a single category that included the Orthopedics and Traumatology Department and the Emergency Department, as well as the Digestive, Dermatology, Rheumatology, Mental Health, Nephrology, Pneumology, Neurology, and Ophthalmology departments.

Finally, an additional “Unknown” category included breaches of confidentiality observed in other areas of the hospital or committed by personnel who did not belong specifically to any CMU or medical department.

Number of observations

Number of observations refers to the number of times the same type of breach committed by the same staff member was observed during the corresponding rotation. This allowed us to determine if the breach of confidentiality was an isolated or repeated incident, which in turn, had an effect on the degree of severity of the breach.

Type of breach observed

Once all the templates were collected, the recorded breaches of confidentiality were classified into three categories according to their description as follows:

Confidentiality breaches related to the custody of clinical histories and records (admission forms, clinical and nursing report sheets, laboratory tests and other complementary examinations, and any other type of record containing patient data), as well as computer access to such records.

Confidentiality breaches related to the consultation and/or disclosure of clinical and/or personal data to medical personnel not involved in the patient’s clinical care, as well as people external to the hospital.

Situations in which the improper disclosure of the patient’s clinical data resulted from inadequate infrastructure, equipment, or poor organization of the hospital.

Breach severity

In addition, we ranked the severity of the breaches described above from low to high severity as follows:

Minor confidentiality breaches are defined as those in which sensitive patient data is not properly safeguarded or handled (excluding the following categories), but which do not result in observable consequences. This includes the custody of clinical histories and records or breaches due to inadequate hospital infrastructure.

Minor confidentiality breaches committed repeatedly: more than once.

Severe confidentiality breaches are defined as the disclosure of sensitive data, as well as incidents that result in some kind of observable consequence. These breaches correspond to situations where clinical patient data are disclosed to third parties or to medical personnel not involved in the patient’s care, as well as those that are committed intentionally, or related to the patient’s sexual life, mental or other stigmatizing illnesses, and racial or ethnic background. Such breaches are considered to be particularly severe as these data are of a highly private nature.

Serious confidentiality breaches that occur repeatedly: more than once.

Area where the breach was observed

In order to reduce the number of areas where the observations were recorded, we grouped the areas into categories based on their similarity as follows:

Meeting areas (offices, classrooms, etc.) and specific areas where healthcare is provided (exam rooms, treatment rooms, operating rooms, etc.).

Nursing stations on hospital wards.

Patient rooms, which are usually occupied by two patients and their respective companions.

Other public areas: corridors, elevators, hospital entrances, stairs, and locker rooms.

Personnel involved in the breaches

The observers were required to record the staff member who committed the breach of confidentiality. Once all the data were collected, it was found that two or more staff were often responsible for the confidentiality breach. The personnel were classified as follows:

Nursing staff

Nursing assistants

Administrative personnel

Frequency of observed breaches

Given that the observers were assigned different rotation periods during the academic year, the total hours of observation varied across medical departments (Table 1 ). Thus, a new quantitative variable broken down by medical department was used: the Frequency Index (FI). The FI indicates the number of confidentiality breaches recorded per hour of observation. To calculate the FI, the number of breaches committed in each department was averaged against the total hours of observation.

Statistical analysis of the data was performed using PASW Statistics 18 software (IBM SPSS®) for Windows. In addition to the descriptive analysis, proportions for the qualitative variables were compared between groups using chi-square tests (χ2) for contingency tables. For the FI quantitative variable, the comparison of means in the different medical departments was performed using the Kruskal-Wallis and Mann-Whitney U tests (post-hoc). Values above the 95 % confidence level ( p < 0.05) were considered statistically significant.

Observations were conducted over a total of 7138 days and 33,157 h in the medical departments of the hospital during the study period. A total of 635 checklists with the observations recorded during the rotation periods were collected. Five of the confidentiality breaches reported by the observers were excluded from the study because some of the situations involved incidents not directly related to confidentiality. Specifically, these were cases where informed consent protocols were not properly followed or situations in which patient privacy was not violated because their clinical or personal data were discussed in the context of a clinical session to decide the most appropriate therapeutic approach to be taken. Finally, 630 questionnaires with valid observations were collected, of which 520 (82.5 %) referred to situations where patient confidentiality had been breached.

As regards distribution across medical departments, the largest number of checklists (25.2 %) and observed incidents (27.1 %) were collected in the Department of Internal Medicine and the Emergency Department. Pediatrics followed close behind with 24.3 % of all checklists and 21.2 % of recorded breaches. The lowest number of questionnaires and observed breaches corresponded to the “Unknown” category, with 0.8 % and 1 %, respectively.

General characteristics of the observed breaches

The general characteristics of all the recorded confidentiality breaches, including their type and severity, where they were observed, and the personnel involved, are shown in Table 2 .

As regards the typology of the observed breaches, the most frequent were related to the consultation and/or disclosure of clinical and/or personal data to medical personnel not involved in the patient’s clinical care, as well as people external to the hospital. This type of breach accounted for 54.6 % of all recorded incidents.

As regards their severity, severe breaches were the most frequent, accounting for 46.7 % of all incidents.

Most of the reported incidents were observed in public areas (37.9 %), such as corridors, elevators, the cafeteria, stairs, and locker rooms.

With regard to the personnel involved in the confidentiality breach, 650 staff were responsible for 520 of the observed breaches. This is due to the fact that many of the incidents involved more than one person. Most of those responsible for the observed breaches were physicians, specifically 51.4 %.

Frequency Index of breaches

When calculating the FI for each medical department, the “Unknown” category was not taken into account as the small number of recorded observations did not allow us to determine the actual number of hours of observation, thus precluding the calculation of this index. As shown in Fig. 1 , the calculations revealed that “Other medical and surgical specialties” had the highest median frequency of confidentiality breaches, with 0.083 breaches per hour of observation, while the lowest median IF corresponded to Internal and Emergency Medicine, with 0.023 confidentiality breaches per hour.

Frequency Index of confidentiality breaches observed in the medical departments (mean values; *: p < 0,001)

Comparison by characteristics of the breaches

The “Unknown” category was excluded from the statistical analysis, in part due to the reasons mentioned above, but also because of the low incidence of confidentiality breaches recorded in these services (5). Therefore the calculations were performed on 625 rather than the 630 initial observations, and a total of 515 observed breaches were considered instead of 520.

No significant differences ( p = 0.194) were found between observing a breach or not and the gender of the person making the observation.

The results for the association between medical departments and the personnel involved in the observed confidentiality breaches were statistically significant ( p = 0.001). Across departments, physicians committed breaches of confidentiality most frequently, especially in Internal Medicine and the Emergency Department (54.8 %). Breaches were committed less frequently by the other groups; specifically, 24.8 % were committed by Internal Medicine and Emergency Department residents, and 30 % by Gynecology and Obstetrics nursing staff.

A statistically significant trend ( p = 0.059) was found for the association between type of breach and the medical departments in which they were observed. In all cases, the most frequently observed breaches were those related to the consultation and/or disclosure of clinical and/or personal data to non-medical staff or third parties.

A statistically significant association was found for type of breach and the area of the hospital where it was observed ( p < 0.001). As shown in Table 3 , the most frequent breaches related to the disclosure to and/or consultation of clinical and/or data with non-medical staff and third parties were predominantly observed in meeting areas and specific work areas (75.8 %), patient rooms (90 %), and public areas (53.9 %). The most frequent breaches recorded at nursing stations were those related to the custody of clinical histories and documents (80 %).

Similarly, a statistically significant association was found between certain categories of personnel involved in the observed breach and type of breach (Table 3 ). Specifically, the association was significant for physicians ( p = 0.005) and nursing staff ( p = 0.002), with both groups being involved most frequently in the disclosure and/or consultation of clinical and personal data (54.2 % and 56.2 %, respectively). A statistically significant association was also found between orderlies ( p = 0.004) and the custody of clinical records and histories (68.4 %).

The association between areas of the hospital where breaches of confidentiality were observed and the medical department to which the person involved belonged was statistically significant ( p < 0.001). As shown in Fig. 2 , breaches of confidentiality were more frequent at the Internal Medicine and Emergency Department nursing stations (40.4 %), and in the meeting and work areas of Gynecology and Obstetrics (48.5 %) and Pediatrics (46.4 %). Breaches were observed more frequently in public areas corresponding to General and Digestive Surgery (39.3 %) and Maxillofacial and Plastic Surgery (51.3 %), and in meeting and specific work areas of other medical and surgical specialties (37.8 %).

Relationship between area where confidentiality breaches were observed and medical departments

Regarding the personnel involved in the breaches (Fig. 3 ), a statistically significant association was observed between physicians ( p = 0.022) and orderlies ( p = 0.026), both of whom committed the majority of breaches in public areas of the hospital (36.5 % and 68.4 %, respectively). A significant relationship ( p < 0.001) was also found for nursing staff, with breaches primarily observed at nursing stations (36.2 %).

Relationship between area where confidentiality breaches were observed and personnel involved

As shown in Table 4 , there was a statistically significant relationship between the severity of the observed breaches and the medical department to which the person responsible for the confidentiality breach belonged ( p < 0.001). The most frequent breaches were of a severe nature in all of the medical departments, particularly in other medical and surgical specialties (64.9 %) and Gynecology and Obstetrics (59.6 %).

Moreover, a statistically significant association was found between breach severity and the area of the hospital where the breach was observed ( p < 0.001, see Table 4 ). Severe breaches were observed more frequently in meeting and specific work areas (68.2 %), while minor breaches were more frequent at nursing stations (46.4 %).

A significant association was observed within certain groups of personnel involved in the breach (Table 4 ), namely physicians ( p < 0.001) and residents ( p = 0.006), both of which committed severe breaches more frequently (43.4 % and 38.5 %, respectively).

Comparison of FI between medical departments

A statistically significant association ( p < 0.001) was found between the FI of other medical and surgical specialties and the remaining medical departments, with the former showing the highest frequency (Fig. 1 ).

The main objective of this study is to highlight the importance of patient confidentiality as a legal and ethical duty of health professionals in charge of patient care. To achieve this objective, and through a field study using many hours of direct observation (a total of 33,157 h), we have tried to reveal situations in which these professionals violate a duty inherent in their relationship with patients.

How often is patients’ confidentiality breached?

To date, very few studies have directly recorded incidents related to confidentiality breaches during clinical practice in healthcare facilities, nor the frequency with which they occur. This last aspect, which we believe to be of great interest, was dealt with in a similar study by Mlinek and Pierce [ 11 ], who reported situations where patients’ confidentiality and privacy was breached in the emergency department of a university hospital with about 22,000 medical patient visits a year. Confidentiality breaches occurred for 26 out of 32 patients in the triage/waiting area over a 6 h observation period, whereas between 3 and 24 breaches occurred per hour in patient care areas during 18 h of observation.

Our study was conducted in a university tertiary hospital, but unlike the previous study, the observations were made in virtually all areas of the hospital; specifically 37 different CMUs. The observers recorded confidentiality breaches in all the departments, with a global FI of 0.016 breaches per hour (i.e., one confidentiality breach every 62.5 h). The median FI of confidentiality breaches (Fig. 1 ) was higher in the category of “other medical and surgical specialties”, where 1 breach for every 12.05 h of observation was recorded. This is probably due to the fact that although fewer total hours of observation were conducted, this category includes a larger number of CMUs. In 2012, the Emergency Department of the hospital involved in our study conducted 124,847 medical patient visits. Footnote 3 Considering that our estimate was made jointly (Internal Medicine and the Emergency Department), the median of breaches was 1 per every 43.48 h of observation. Therefore, Internal Medicine and the Emergency Department, as well as General and Digestive Surgery were the departments with the lowest FI.

As can be seen, the average number of breaches we recorded was much lower than that reported by Mlinek and Pierce [ 11 ] (even considering our joint category). There are many additional reasons why both studies are not comparable. For example, Mlinek and Pierce [ 11 ] recorded a wide range of incidents that included comments and information obtained on patients through auditory and visual observation. Moreover, the observers in their study were specifically located in certain areas of the hospital chosen by the researchers themselves which are conducive to certain types of confidentiality breaches considered to be the most frequent. In contrast, our observers did not choose a particular area to “seek out” incidents either in the exams rooms or patient care areas of the Emergency Department. Another factor regarding the lower FI we report is that our observers received specific training using a checklist of the most common breaches, although this may have conditioned them to focus primarily on the breaches established by the researchers a priori.

Characteristics of the confidentiality breaches in our hospital

The checklists completed by the observers included a record of the hours and days spent observing each medical department, as well as other information such as a description of the observed breach of confidentiality, the area of the hospital where it occurred, and the type of staff; factors that were taken into account when analyzing the recorded incidents.

Our study reveals that most confidentiality breaches (or incidents regarding a disclosure of confidential information) occurred primarily in public areas such as corridors, elevators, and stairs (37.9 %). Due to the presence of people external to the hospital in these areas, confidential information should be treated with utmost care. Indeed, one of the first fieldworks on the breach of confidentiality [ 10 ] already pointed in that direction. In their study, Ubel and Cols [ 10 ] made observations in 259 elevator rides in different hospitals, reporting inappropriate comments that breached patient confidentiality in 14 % of all rides. In our study, public areas were followed closely behind by work areas (30.4 %), medical consultations, treatment rooms, and operating rooms. This widespread phenomenon varied from one department to another and also depended on the type of breach.

Regarding the categories of confidentiality breaches we established, a large number were related to the custody of clinical records (Type 1). Specifically, there were situations in which folders containing medical records were left open on the counters of nursing stations where anybody walking by could see them, or left unguarded on carts in the middle of corridors and other public areas, and were even lost in such unlikely places as locker rooms, classrooms, or patients’ rooms. As for electronic clinical records, there was a number of cases where computers were left unguarded, thus allowing anyone to access them. The improper destruction of records with patient data such as throwing out the trash in public wastepaper baskets without destroying bracelets, identifying stickers, or patient lists occurred to a lesser degree.

The disclosure of clinical or personal data to non-medical staff or third parties (Type 2) was the most frequent type of breach (54.6 %), with situations in which the clinical and even personal data of identifiable patients or patients who had just left the physician’s office were discussed either in front of another patient, by phone, or with other colleagues not involved in the clinical assistance. Conversations in which specific data was revealed about patients were also frequent in public areas, especially corridors, stairs, and elevators. Another type of observed behavior was providing care in consultations or treatment rooms with open doors or curtains, conducting medical examinations of patients in their rooms on the ward in the presence of relatives of another patient who was in the room, and the retrieval of electronic data by an acquaintance not involved in the patient’s care without the patient’s knowledge or consent.

As for situations where confidentiality was breached due to inadequate infrastructure or poor organization (Type 3), the majority occurred when informing patients’ families in hospital wards, operating rooms, or unsuitable areas such as corridors and waiting rooms due to the lack of space. The observers also reported other situations in which practitioners decided to place several patients in the same room in order to conduct certain examinations due to the shortage of material.

In relation to the degree of severity, severe breaches were the most frequent (46.7 %). This is due to the fact that most incidents were related to the disclosure of clinical or personal data (Type 2), and were considered particularly severe with regard to protecting patient privacy. Breaches which led to some kind of observable consequence were also considered severe; for example, when conversations inside an exam room were overheard because the door was left open, and obviously when there was some intentionality in the action. These last cases, in which personnel breached the patient’s confidentiality in an intentional manner—by accessing electronic records to consult the clinical data of acquaintances who were not their patients and without the patient’s consent; or the case of the physician that disclosed information about a psychiatric patient to a representative of a pharmaceutical company at the entrance to an exam room−were fortunately rare. In most cases, we assume that the reasons for such breaches of confidentiality arise from a lack of knowledge about the legal and ethical repercussions of such actions, as well as carelessness in handling information. Our opinion is in line with studies such as that of Elger [ 12 ] who conducted surveys with groups of physicians. They found that although health professionals are often aware of the importance of confidentiality, a significant percentage does not how to avoid breaches of confidentiality in their daily practice.

We found that breaches defined as severe (68.2 %) (Table 4 ), and hence those that involve the disclosure of patients’ clinical and personal data (Type 2), were more frequent, particularly in meeting or work areas (75.8 %). This is not surprising as most patient care is provided in exam rooms, treatment rooms, and operating rooms where a large amount of data is handled. In contrast, incidents related to the custody of clinical histories (Type 1) were more frequent at nursing stations (80 %) as were minor breaches (46.4 %). This may be explained by the fact that most clinical records, either in paper or electronic format, are handled in these areas of the hospital. Specifically in the case of Internal Medicine and the Emergency Department, these incidents were more frequent at nursing stations (40.4 %) (Fig. 2 ). This is because the majority of breaches (43.3 %) involved the disclosure of data (Type 2), while a slightly lower percentage (39.7 %) was related to the custody of clinical records (Type 1). This is likely due to the fact that information regarding the patient’s clinical course, is often recorded at nursing stations, where unguarded folders containing clinical records may be left open on counters or displayed in computers without a password, thus permitting access to anyone passing by.

In relation to factors intrinsic to emergency departments, another study by Olsen and Sabin [ 13 ] reported that 36 % of patients and family members overheard conversations and that 1.6 % heard inappropriate comments, although they did not find significant differences between patients placed in walled vs. curtained rooms. In a subsequent study, Olsen and Cols [ 14 ] reported that after elimination of rooms separated only by curtains, the percentage of patients who overheard conversations between medical staff dropped to 14 %.

In Gynecology and Obstetrics (48.5 %), Pediatrics (46.4 %), and other medical and surgical specialties (37.8 %), a larger number of confidentiality breaches were observed in meeting and work areas (Fig. 2 ). This is consistent with the fact that the most common breaches in these areas were the disclosure of clinical or personal data to personnel not involved in the patient’s care or third parties (Type 2) as most medical care and personal contact with patients occurs in exam rooms, treatment rooms, and operating rooms. Physicians have often been reported to converse with colleagues about an identifiable patient in front of another patient in exam rooms or on the phone. In the surgical departments of our hospital (Fig. 2 ), such as General and Digestive Surgery (39.3 %) and Maxillofacial and Plastic Surgery (51.3 %), breaches of confidentiality were primarily observed in the public areas of the hospital. This may be due in part to the fact that, as our observers noted, it is common practice to inform family members in areas such as corridors and waiting rooms following surgery.

Another factor analyzed in our study were those responsible for breaches of confidentiality. Like Ubel and Cols [ 10 ] and Mlinek and Pierce [ 11 ], we found that such incidents were committed by all healthcare personnel, including, in our case, medical students. Hendelman and Byszewski [ 15 ] also demonstrated that medical students were involved in 19−51 % of all reported incidents.

In our study, physicians were observed to be responsible for the largest number of breaches (51.4 %), although we believe that this might be due to some bias as the observers were medical students who were doing their clinical internships primarily under the direction of physicians and to a lesser degree with medical residents. This is an important point because although medical care is currently provided by teams, and all members of the team have the obligation to maintain confidentiality, it is physicians who are primarily responsible for ensuring that this duty is met, not only with respect to patients’ clinical data, but also other types of information inherent to the doctor-patient relationship.

As regards the characteristics of the breaches (Table 3 ) in general, and especially in the case of physicians (54.2 %) and nurses (56.2 %), the most frequent had to do with the disclosure of clinical or personal data to non-medical staff or third parties (Type 2), and were therefore of a severe nature. In contrast, orderlies were responsible for most of the minor breaches (52.6 %) (Table 4 ) related to the custody of clinical histories (68.4 %) (Type 1, see Table 3 ). Regarding the personnel involved in breaches and breach severity, the collection of data was performed anonymously and the identity of the observed subjects was unknown, therefore we could only determine the number of repeated minor and severe breaches and the type of personnel involved in them, but not specifically how many different subjects were really responsible of the breaches. The main objective of our study is to examine real situations collecting general and sociodemographic data (medical departments, area, type of personnel involved…) in order to propose necessary measures to prevent such incidents, but devoid of any punitive intention.

As to the area where the breaches occurred (Fig. 3 ), breaches committed by nursing staff were observed primarily at nursing stations (36.2 %). This is not surprising as this is the area where they carry out much of their work. On the other hand, auxiliary (38.7 %) and administrative staff (57.1 %) were observed to commit most breaches in meeting and work areas as they perform their tasks primarily in offices. As regards the rest of the hospital staff, especially physicians (36.5 %) and orderlies (68.4 %), breaches were committed most frequently in public areas. In the case of physicians, this could be explained by careless behavior, and because they are primarily responsible for informing patients and their families, which, as mentioned above, is often done in public areas such as corridors and waiting rooms. With regard to orderlies, breaches are mainly committed in public areas as one of their principle tasks is to transfer clinical records. As the observers repeatedly noted, “medical records were found lying about unguarded in hospital corridors”.

Limitations of the study

Among the limitations of our study, we should first note that the observers selected for the fieldwork were medical students. This could have had an effect on the recorded observations since their knowledge and expertise on the subject was, to some extent, limited. However, we attempted to overcome this limitation by providing personalized training to each of the observers.

In addition, although the observers signed a confidentiality agreement to avoid suspicion of being observed and the subsequent bias of changing their behavior, we cannot completely rule out the possibility of a Hawthorne effect as a confounding factor.

Moreover, the type of breaches recorded by the observers were subjectively classified a posteriori into specific categories based on the content of the comments. In cases deemed to be unclear, consensus was reached among the researchers regarding the category in which to include the breach.

On the other hand, the study was carried out in a Spanish university tertiary hospital, and though we do believe that the problem is very similar in other hospitals, it cannot be directly generalized.

Finally, it should be noted that other medical and surgical specialties was not a homogeneous category as it was comprised of different CMUs that were grouped together for the purpose of statistical comparison.

The breach of patient confidentiality remains one of the major problems encountered in daily clinical practice. Following many hours of observation in a tertiary hospital, we found an estimated Frequency Index of one breach per 62.5 h. Confidentiality breaches are important due to the consequences they have for the doctor-patient relationship, and because the lack of security of private patient information may have social implications that could eventually translate into a loss of confidence in the healthcare system.

In addition to aspects related to hospital organization or infrastructure, we have shown that all healthcare personnel are involved in confidentiality breaches, especially physicians (the most frequent group). While most are committed unintentionally, a non-negligible number are severe, repeated breaches (9.5 %), thus suggesting certain carelessness, perhaps through ignorance about certain behaviors that can jeopardize patient confidentiality. Our findings indicate that it is advisable to improve medical education about the importance of confidentiality at both the undergraduate level and through awareness campaigns among medical professionals that stress the need for greater care and attention in the management and handling of clinical information.

These data were obtained from the 2012 Annual Report.

Strobe document with items that should be included in reports of cross-sectional studies

These data were obtained from the 2012 Annual Report. Clinical Management Unit of the Adult Emergency Department.

Boyd KM. HIV infection and AIDS: the ethics of medical confidentiality. J Med Ethics. 1992;18 Suppl 4:173–9.

Article Google Scholar

Kleinman I, Baylis F, Rodgers S, Singer P. Bioethics for clinicians: 8. Confidentiality. CMAJ. 1997;156(4):521–4.

Google Scholar

Carrese JA, Sugarman J. The inescapable relevance of bioethics for the practicing clinician. Chest. 2006;130 Suppl 6:1864–72.

Altisent R. Confidencialidad. In: Romeo CM, editor. Enciclopedia de Bioderecho y Bioética. Granada: Comares; 2011. p. 425–30.

Shapiro R. Breaking the code: is a promise always a promise? In: Kushner TK, Thomasma DC, editors. Ward Ethics: Dilemmas for Medical Students and Doctors in Training. Cambridge: Cambridge University Press; 2001. p. 50–2.

Chapter Google Scholar

Seedhouse D, Lovett L. Practical Medical Ethics. West Sussex: John Wiley & Sons; 1992.

Jonsen AR, Siegler M, Winslade WJ. Clinical Ethics: A Practical Approach to Ethical Decisions in Clinical Medicine. 7th ed. New York: McGraw-Hill; 2010.

Siegler M. Sounding boards. Confidentiality in medicine—a decrepit concept. N Engl J Med. 1982;307(24):1518–21.

Clark PA. Confidentiality and the physician-patient relationship -- ethical reflections from a surgical waiting room. Med Sci Monit. 2002;8 Suppl 11:31–4.

Ubel PA, Zell MM, Miller DJ, Fischer GS, Peters-Stefani D, Arnold RM. Elevator talk: observational study of inappropriate comments in a public space. Am J Med. 1995;99 Suppl 2:190–4.

Mlinek EJ, Pierce J. Confidentiality and privacy breaches in a university hospital emergency department. Acad Emerg Med. 1997;4 Suppl 12:1142–6.

Elger BS. Violations of medical confidentiality: opinions of primary care physicians. Br J Gen Pract. 2009;59 Suppl 567:e344–52.

Olsen JC, Sabin BR. Emergency department patient perceptions of privacy and confidentiality. J Emerg Med. 2003;25 Suppl 3:329–33.

Olsen JC, Cutcliffe B, O’Brien BC. Emergency department design and patient perceptions of privacy and confidentiality. J Emerg Med. 2008;35 Suppl 3:317–20.

Hendelman W, Byszewski A. Formation of medical student professional identity: categorizing lapses of professionalism, and the learning environment. BMC Med Educ. 2014;14:139.

Download references

Acknowledgements

We would like to thank the students enrolled in the Medical Degree Program at the University of Cordoba at the beginning of the academic years 2010–2011, 2011–2012, 2012–2013, and 2013–2014, who participate as observers in the project.

Not applicable in this section.

Availability of data and material

Datasets analyzed in this study were collected by observers using checklists, those observers were identified with a numerical code to ensure their anonymity in the study. Therefore those checklists cannot be shared publicly, although they are in main researchers’ possession at the University of Cordoba.

Authors’ contributions

EGL and ECC conceived and designed the present study, while EGL and CMBA collected and assembled the data. CMBA, EGL, MMPB and MCMV, contributed to analyzing and interpreting the data. CMBA and EGL drafted the article. EGL revised the article for important intellectual content. CMBA and EGL had full access to all of the data in the study and take responsibility for the integrity of the data and the accuracy of the data analysis. All authors gave their final approval.

Competing interests

The authors declare that they have no competing interests.

Consent for publication

Ethics approval and consent to participate.

Research was conducted in compliance with the Helsinki Declaration and approved by the Ethics Committee of Clinical Research of the reference hospital. All participants were adults, and signed a consent form with a confidentiality agreement.

Author information

Authors and affiliations.

Section of Legal and Forensic Medicine, Faculty of Medicine and Nursing, University of Córdoba, Avenida Menéndez Pidal s/n, 14004, Córdoba, Spain

Cristina M. Beltran-Aroca, Eloy Girela-Lopez & Eliseo Collazo-Chao

Internal Medicine Department, IMIBIC/Hospital Reina Sofia, University of Cordoba, Córdoba, Spain

Manuel Montero-Pérez-Barquero

Statistic and Methodology Department, IMIBIC, Córdoba, Spain

Maria C. Muñoz-Villanueva

You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cristina M. Beltran-Aroca .

Additional file

Additional file 1:.

STROBE document. (DOCX 34 kb)

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License ( http://creativecommons.org/licenses/by/4.0/ ), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The Creative Commons Public Domain Dedication waiver ( http://creativecommons.org/publicdomain/zero/1.0/ ) applies to the data made available in this article, unless otherwise stated.

Reprints and permissions

About this article

Cite this article.

Beltran-Aroca, C.M., Girela-Lopez, E., Collazo-Chao, E. et al. Confidentiality breaches in clinical practice: what happens in hospitals?. BMC Med Ethics 17 , 52 (2016). https://doi.org/10.1186/s12910-016-0136-y

Download citation

Received : 15 August 2016

Accepted : 17 August 2016

Published : 02 September 2016

DOI : https://doi.org/10.1186/s12910-016-0136-y

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Confidentiality/privacy
Professional ethics
Professional-patient relationship

BMC Medical Ethics

ISSN: 1472-6939

General enquiries: [email protected]

confidentiality case study health and social care

The ICO exists to empower you through information.

Case studies and examples

Share this page.

Share via Reddit
Share via LinkedIn
Share via email

Our data sharing code provides real-world examples and case studies of different approaches to data sharing, including where organisations found innovative ways to share data while protecting people’s information.

Here are some case studies additional to those in the code.

Data sharing to improve outcomes for disadvantaged children and families

Sharing with partners in the voluntary or private sector, landlord and tenant data sharing, sharing medical records of care home residents, ensuring children’s welfare: data sharing by local authorities with ofsted, the regulator of social care and early years provision in england, effective information sharing between the police and ofsted in england.

Sharing medical records between GP practice and hospital trust

Improving data sharing processes and practices at an NHS trust

Improving health services with responsible data sharing, sharing health data for research purposes.

Social workers frequently need access to information about children and their families when deciding whether there is a safeguarding risk and what support is most appropriate.

Two councils in different areas of the UK partnered with a not-for-profit organisation to find a data sharing solution where social workers would have all the information they need from the start.

After extensive user research and workshops with stakeholders and families, they found that social workers needed access to the contact details of the lead practitioner of a case from other services (police, housing, schools and adult social care), and basic information about when the service was last involved with the family. The research found that sharing such data would:

reduce the amount of time social workers spend looking for information;
enable more joint working among services (eg children’s social care working more closely with adult social care);
ensure social workers have access to all the information they need when assessing safeguarding risk and making support decisions for children and their families; and
allow children and families to access better, more timely services.

At the same time, the two councils and the not-for-profit organisation explored the information governance and ethical implications of accessing and using sensitive personal data within social care. They ran ethics workshops with the project team and conducted user research with those most likely to be affected by the data sharing (residents who have had contact with social care and social workers).

The research enabled the two councils to design, build and embed a digital data sharing solution that empowers social workers, enables professional judgement, protects privacy, and ultimately enables children and their families to access the right support and reach their potential.

A group of voluntary sector organisations worked with health and social care partners (both private and public sectors) on a project to deliver improved outcomes for older people in the community and in hospital.

The project team recognised that it needed to establish a culture of shared information, along with a phased, proactive approach to seeking individuals’ consent. It also recognised that the involvement of volunteers could have implications for the sharing of data within the project team, as they have a different legal status to the agencies’ employees and might not have received the same level of training as employees in the work of the organisation.

The project was set up as follows:

The volunteers signed contracts setting out their roles, responsibilities and standards - including those for information security - equivalent to those of the agencies’ employees. The contracts were intended to formalise and support the volunteers’ responsibilities for gathering and sharing information. Training and ongoing support were provided to the volunteers.
GPs asked their elderly patients whether they would like to take part in the project. They were asked specifically whether they agreed to relevant information from their health record being shared with a multi-disciplinary project team consisting of health, social care and voluntary sector practitioners.
At the initial home visit, the volunteer explained the information-sharing aspects of the service and asked for written consent.
All of the organisations and GP practices involved in the project entered into a single data sharing agreement. This built accountability and trust between the agencies involved.

Note it was important to consider whether the necessary legal power or ability to share personal data was in place. The legal power is separate from the lawful basis for data processing.

A housing association occasionally received requests from organisations such as utility companies, debt collectors and councils for information about current and former tenants. However it was considered not to be appropriate to enter into a data sharing agreement as the sharing was not on a regular basis.

On one occasion, a utility company contacted the housing association and asked for the forwarding address of a former tenant who was in arrears on his gas and electricity account. The housing association disclosed the information because they had advised tenants at the start of their tenancy that they would make such disclosures because of the contractual relationship between tenants and the utility company. All tenants had agreed to this.

On another occasion, a debt collection company acting for a third party contacted the housing association for the forwarding address of a former tenant. The housing association decided that it could not disclose the information because it had no lawful basis for the disclosure. It withheld the tenant’s new address from the debt collection company.

The housing association dealt with requests for information effectively because it had put a system in place which required a senior person or group of people, trained in data protection, to decide whether or not to release personal information on a case-by-case basis.

This involved verifying the identity of the requester, insisting that all requests were in writing and ensuring that the requester provided enough information to make a proper decision. If the housing association decided to share the information, they only provided relevant, necessary information and, in every case, they made a record of the disclosure decision.

Staff in a privately-owned care home did not have access to the recent medical history of residents. Instead, the home used to phone the GP practice or call out a GP every time they needed more information. This could be a risk, as the staff might need to check quickly what medicines residents were taking and at what dosages.

To make the process more efficient, the care home and the local GP practice signed up to a formal data sharing agreement, so the care home staff would have access to their residents’ electronic medical records when necessary.

The GP practice and local Clinical Commissioning Group made potential residents aware that if they were admitted to the care home there was a possibility that their medical record would be accessed. In addition, when patients were admitted to the care home, their explicit consent - or that of their representatives – was sought before their electronic medical record was accessed. Where consent was not provided, the former system of contacting a GP would continue to be used.

Other key features of the data sharing agreement were:

access to residents’ records could only take place while they were under the care of the home;
access was restricted to the clinical and professional nursing staff at the care home;
access was only allowed where this was necessary to provide treatment and for residents’ safety;
access was restricted to information relevant to the provision of care to residents;
access to the information was by secure means; and
the information obtained was held securely and in accordance with good information management practice.

A formal data sharing agreement can put in place effective safeguards for residents and can ensure the various parties involved in data sharing are working to a common set of rules. An agreement can also help to deal with the ethical and confidentiality issues that can arise in health and social care.

Even if there is a data sharing agreement in place, organisations still need to make sure that individuals whose data may be shared are aware of what is taking place. This can be done through the privacy information they provide, using various methods. In the circumstances outlined here, it might be more effective to talk to individuals to explain the situation and to find out whether they agree to their information being shared. Their decision needs to be documented.

Data sharing can help ensure the welfare of children and other vulnerable individuals.

This example concerns the sharing of personal data by staff in local authorities with Ofsted, in its role as the regulator of social care and early years provision in England.

The example focuses in particular on the role of the Local Authority Designated Officer (LADO), who is responsible for managing child protection concerns or allegations made against staff and volunteers who work with children and young people.

Data protection enables fair and proportionate data sharing. That means that LADOs should be confident they can share relevant information with other local authorities and with Ofsted. The information shared by LADOs helps Ofsted to build a complete picture about an individual’s suitability to provide services to children.

Mr D wants to register with Ofsted to provide a holiday play scheme for children in the Westtown Borough Council area. He has previously worked in a setting providing social care to children in the Easttown Borough Council area. His home is in the Northtown Borough Council area.

In order for Ofsted to reach a properly informed judgement on the suitability of anyone to provide services to children, it needs all relevant information about them. It is essential for the LADOs in Easttown and Northtown to share the information about Mr D with Ofsted when requested. This is the case irrespective of where Mr D lives or works.

This data sharing is vital, in order for Ofsted’s registration system to be effective in ensuring the safety of children.

The Chief Constable in Barsetshire police force promotes a culture where the safety of children is paramount. That includes officers in the force alerting authorities and sharing information appropriately to protect children from harm.

Officers are familiar with the role of Ofsted as the regulator in England of early years settings including childminders and nurseries, and of children’s social care services including children’s homes. Because of this, officers know that the information they share can be used by Ofsted to make children safe.

The force has provided a named contact that Ofsted staff can get in touch with, if they need to talk about concerns at any institution that Ofsted inspects or regulates. The police have been given a regional contact in Ofsted that they can get in touch with about any new information.

Police receive a call-out to a children’s home because a child has gone missing. This is not the first occasion that this child has gone missing. The child has a history of unexplained absences and is found hanging around in a local park with older young people, some of whom are known to police as gang members.

The police officers have two linked concerns that lead to them sharing information with authorities: the safety of the child who went missing, and the safety of the children’s home.

Actions taken by the police officers:

1. To safeguard the child, they contact the children’s social care team in the local authority and share information with social workers about the child’s involvement with the gang.

2. The police also contact Ofsted to tell them they are concerned that there have been multiple police call-outs to this children’s home because of children going missing. The children are vulnerable and the police consider they are at a high risk of involvement with a local gang.

This information is valuable to Ofsted who can use it to help the young people concerned. The children’s home had notified Ofsted about the child going missing, but they did not include information about the child being at risk of gang involvement.

Ofsted now considers the intelligence from police and, under its regulatory role, decides to visit the children’s home to find out what the manager and staff are doing to keep children safe and to reduce the risk of children being groomed by local gangs.

An inspector from Ofsted visits the home and finds that staff were unaware of the possible gang involvement by children in the home. Staff had not talked to children to find out where they were going or what they were doing, and although they had noticed some changes in the behaviour of the child who went missing, they had not recorded this or notified the child’s social worker. The inspector’s view is that safeguarding arrangements in the home do not appear to comply with the relevant regulations.

Because of the information shared by the police and the findings of the inspector, Ofsted is able to take regulatory action to ensure that safeguarding arrangements at the children’s home are improved. Ofsted schedules further visits to monitor practice at the home and to check that improvements have been made. The inspector continues to liaise with police to monitor the welfare of children in the home.

Sharing medical records between a GP practice and hospital trust

These scenarios apply to England only, but the general principles are relevant in Northern Ireland, Scotland and Wales where health services are a devolved matter.

A GP practice received a request for the records of one of their patients. They are receiving care in a hospital in another part of the country. This is outside of the local shared care record initiative, which is a system that governs patient records sharing locally. The practice is confused about whether they require the patient’s consent to share the data.

Health and care settings often use the concept of consent. However, it is often misunderstood due to the use of the term in different contexts. In this case, the consent required to view and share confidential medical information is different from the consent that the data protection legislation defines as a lawful basis for processing personal data.

To help the GP practice, the hospital directs them to information available on the NHS IG Portal , a service that provides specific information governance advice to organisations that provide care services. The hospital also reminds the care setting of their responsibilities under the Health and Social Care (Quality and Safety) Act 2015 and Caldicott Principle 7 . This allows them to share someone’s personal data where it is likely to enable them to receive health or social care, and this is in their best interests.

After reading the guidance, the practice understands how this separate legal requirement for consent in a health and social care context interacts with consent as a lawful basis under data protection legislation. In this circumstance (they are sharing data for direct care purposes), they can share the data without the explicit consent of the patient. Their consent is implied due to the provision of health and care (ie, it is within the reasonable expectation of the patient for the care home to share information for these purposes). In addition, health and care staff have a legal duty to share information to support direct care.

Through the use of sector-specific guidance, organisations can reach a shared understanding of the data protection requirements for sharing data. This can reduce the friction that occurs between organisations as they consider their separate obligations under data protection law.

After receiving criticism that their procedures are hindering data sharing, an NHS trust’s information governance department establishes a new process within the organisation. This ensures people consult them in good time as part of any new processing activity that requires personal data.

In order to do this, they:

seek senior or executive level support for the proposal eg by the Senior Information Risk Owner (SIRO) or board where applicable;
identify and review the points within the organisation where they establish new data processing activities and build information governance into business case and procurement checklists;
ensure timescale allocation for setting up required legal and governance documents such as data sharing agreements;
devise new template data protection impact assessments and data sharing agreements for organisations to use to simplify their processes;
provide training to the relevant staff and issue further communications across the organisation to highlight the new processes;
build professional networks with information governance colleagues in local organisations to learn best practice approaches and improve the information governance culture;
establish a review process to help understand occasions where they could not share data and apply the lessons learnt to future data sharing plans; and
hold a drop-in ‘meet the team’ session or issue an information sheet about their work and how their early participation will benefit colleagues.

Following this review and process redesign, the information governance team are now informed in good time about any new processing. They can ensure the team takes the appropriate governance steps before new processing takes place.

A healthcare care provider is looking to improve the services they offer their patients. By sharing appropriate levels of data with other care organisations in the area, the organisation realises they can improve services. However, the organisation traditionally avoids risk when it comes to sharing data. This adversely impacts the quality of care they can provide.

As the organisation looks to improve their data sharing practices, they decide to find ways they can assure themselves that whenever they shares data, they are doing so responsibly. They want to make sure they are adhering to the requirements of data protection law, common law and their responsibilities to their service users.

They refer to the considerations the ICO lays out in the data sharing checklist in the data sharing code of practice . The organisation builds on this by adding the following checks:

The status of the organisation (with respect to the legal powers provided by the Health and Social Care Act 2015 etc).
The nature of the processing and purpose for which the organisation needs to share data.
The status of the organisation they plan to share the data with, which could include reviewing the information in the NHS Data Security and Protection Toolkit (DSPT).
Other appropriate due diligence checks such as the NHS Digital Technology Assessment Criteria (DTAC).
The amount of data being requested for the purpose or purposes they are using it for.
The necessity for the data sharing (does it need to happen, or can the organisation achieve the purpose another way, for example using anonymised data?)
Ensuring the organisation has suitably informed the patients or service users of the proposed sharing and of their data subject rights.

After implementing this approach, the organisation feels more confident about sharing data. By keeping a record of their decisions, they are also demonstrating their accountability for their actions.

A hospital trust is preparing to trial a medical device that they are developing to support clinical decision-making for patients suffering from heart disease. The device is a data-driven app that applies a risk model based on details from the patient’s medical history. Although members of the trust’s clinical team developed the risk model, a third-party private company are developing the app itself.

The trust wishes to use patient data to support the research phase of the app development, which is part of the approval process for medical devices. This involves sharing patient data with the app’s developers for research purposes. As the app developer will need health information, which is capable of identifying people for this research, the hospital trust needs a legal basis for lifting the common law obligation of confidentiality to disclose and use the information for the purposes of this research programme. Before the trust shares the data, they consider a number of questions as part of their data protection impact assessment (DPIA), which include the following:

What is the lawful basis under UK GDPR to process this data?
What can they do to minimise the amount of data they need to process to effectively perform this task?
Will the trust be able to get explicit consent (common law) from each patient to view their medical information for this purpose? Is this practical? Are there other ways to satisfy the common law?
What approvals do they require in order to carry out the research?

Following a review of guidance relating to confidentiality and consent available on the NHS IG Portal , the Trust understands that they can identify a lawful basis under UK GDPR. However, for common law purposes they need to make an application to the Confidentiality Advisory Group (CAG) under section 251 of the NHS Act 2006 for advice on whether the research group can access the data without the patients’ explicit consent. This is because the purpose of the processing is not direct care, and they do not have the implied consent of the patient to access this data (under common law).

Following a successful CAG application and approval, the trust could share the information from their patient records in order to carry out this research. Analysis of the confidential patient information meant that the trust could confirm the effectiveness of their risk model and seek approval for their medical device.

To breach or not to breach a patient’s confidentiality? A case study in the colorectal clinic

By Daniel Sokol.

A patient presents to the colorectal clinic with bleeding from the rectum. “ Doctor ”, he says sheepishly, “ I must tell you that I have sex with my dog .”

Intercourse with an animal, once known as ‘buggery with an animal’, is a criminal offence under s69 of the Sexual Offences Act 2003 , with a maximum penalty on conviction of 2 years’ imprisonment. The offence covers both the intentional penetration of a living animal’s vagina or anus with the offender’s penis, or intentionally causing or allowing one’s anus or vagina to be penetrated by the penis of a living animal.

Should the doctor breach the patient’s confidentiality and inform the relevant authorities?

The duty of confidentiality appears in the Hippocratic Oath and has been described by the 17 th century French doctor, Jean Bernier, as the “soul of medicine”.[i] The French call it “le secret médical” (“medical secret”), stressing the link between secrets and confidentiality. There is a strong public interest in the maintenance of this duty. Without it, the all-important trust between doctor and patient will be eroded. Patients may be reluctant to share private information with their doctors, or may not attend their doctor at all, with adverse consequences to their health. Would this patient have spoken so freely without a belief that the doctor was duty-bound to keep his secret? Maintaining confidentiality may therefore benefit the health of the patient and, more broadly, society.

Yet, however strong, the duty is not absolute. There are times when a doctor must, by law, disclose a patient’s information, as in the case of certain notifiable diseases and under terrorism legislation.

In this case, the doctor is under no statutory obligation to breach the patient’s confidences. The question is whether the doctor may do so in the public interest. There is, in my view, such an interest in protecting a dog from the likely harm, whether physical or psychological, of sex with a human and bringing offenders to justice.

On the other end of the scales, aside from the public interest in preserving a strong duty of confidentiality, must be placed the patient’s potential harm or distress from the disclosure, including the loss of his liberty in the event of a custodial sentence, financial loss if fined, and the loss of trust in the medical profession. In my experience , patients whose confidentiality has been breached regard it as a betrayal, a break of an implicit promise of secrecy, and develop an antipathy to doctors.

In its guidance, the General Medical Council permits disclosure of confidential information if this is likely to be necessary for the prevention, detection or prosecution of “serious crime”. There is no definition of this term, although there is specific mention of crimes against the person. While offences such as murder, manslaughter, rape, kidnapping, child abuse, and grievous bodily harm would plainly fall within the category of serious crime, it is doubtful that intercourse with an animal, whose ordinary sentence would result in a community order rather than imprisonment, would so fall. The Department of Health’s supplementary guidance on public interest disclosures , published in November 2010, noted that a serious crime will “likely include…crimes which carry a five-year minimum prison sentence but may also include other acts that have a high impact on the victim.”

In my opinion, faced with this ethical conundrum, the doctor should have sought advice from colleagues, the Trust’s ethics committee, their defence organisation, or the British Medical Association’s ethics hotline, to help conduct the balancing exercise above. If consulted at the time, I would have advised the doctor to maintain the patient’s confidentiality. The public interest in disclosure does not appear compelling enough to tip the scales away from the strong Hippocratic duty to keep the patient’s secrets.

The doctor should nonetheless advise the patient of the medical risks of his sexual activity and recommend referral to a mental health professional.

[1] Bernier, J. Essais de m é decine (Paris, Simon Langronne, 1689) , p.268

Author : Daniel Sokol

Affiliations : 12 King’s Bench Walk Chambers, London, UK; medical ethicist

Declarations : This article does not constitute legal advice and should not be used as a substitute for such advice.

Competing interests : None declared.

Social media account of post author : @DanielSokol9 ; Website

Comment and Opinion | Open Debate

The views and opinions expressed on this site are solely those of the original authors. They do not necessarily represent the views of BMJ and should not be used to replace medical advice. Please see our full Blog Terms and Conditions .

All BMJ blog posts are posted under a CC-BY-NC licence

BMJ Journals

Log in using your username and password

Search More Search for this keyword Advanced search
Latest content
Current issue
JME Commentaries
BMJ Journals

Doctors have an ethical and legal duty to respect patient confidentiality. We consider the basis for this duty, looking particularly at the meaning and value of autonomy in health care. Enabling patients to decide how information about them is disclosed is an important element in autonomy and helps patients engage as active partners in their care.

Good quality data is, however, essential for research, education, public health monitoring, and for many other activities essential to provision of health care. We discuss whether it is necessary to choose between individual rights and the wider public interest and conclude that this should only rarely be necessary. The paper makes some recommendations on practical steps which could help ensure that good quality information is available for work which benefits society and the public health, while still enabling patients’ autonomy to be respected.

confidentiality
health care
good quality data

https://doi.org/10.1136/jme.29.1.36

Statistics from Altmetric.com

Request permissions.

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

Read the full text or download the PDF:

Case Discussion

A 14-year-old accompanied by her mother presents with complaints of nausea and vomiting for two weeks. After her mother leaves the room, she admits to being sexually active and tells you that she has had unprotected intercourse recently with her boyfriend and missed a period.

Her parents do not know she is sexually active, and she does not want her mother to know that a pregnancy test is being done or the result of that test. Pregnancy test comes back positive.

This patient, a 14-year-old, has requested that you not convey to her mother that a pregnancy test has been sent. In other words, she has requested that you respect her confidentiality. We talk about confidentiality. What is the rule of confidentiality, and how does it differ from respecting someone's privacy?

Distinction between violations of confidentiality and privacy:

Violations of privacy involve the unauthorized disclosure of someone else's private information (e.g., looking at records without authorization).
That they voluntarily imparted in confidence and trust
When there was an implicit or explicit promise not to divulge that information without their permission
The ethical basis of a rule for confidentiality is embodied in the word. Maintaining confidentiality is important because someone has confided private information to us. Breaking that confidence undermines their ability to trust. The Latin root of confidentiality is confidere , which means "to trust."

Is there a general duty of confidentiality, and what is the basis for this general ethical rule?

There should always be a strong presumption to respect confidentiality and avoid breaking confidences when at all possible. The duty of confidentiality is based on four major arguments:

Respect for autonomy, or respect for persons, calls for us to allow others to decide who they want to know certain details about themselves. Respecting others and caring for them should create in us a disposition to respect their wishes that certain intimate details of their lives remain confidential. We show them disrespect when we make that decision for them by telling their "secrets" (deontological ethics).
One could ask whether good people should really even have aspects of their lives which they would not want other people to know about. Two points are worth noting: we all fall short of our ethical ideals, and we make mistakes that we prefer others not know about.
Some persons are courageous enough to be honest about these things, but most of us aren't. What is important here, however, is that respecting others requires that we let them decide whether to reveal these things and to whom they feel they need to reveal these things.
Confidentiality in the therapeutic relationship is assumed. Therefore, an implied promise exists between the patient and her physician. Absent a prior warning by the physician to the contrary, to break confidentiality is to break a promise made to the patient.
Under circumstances of trust , such as disclosures made in most patient-provider relationships, the patient is betrayed when confidences are broken. They have confided in us assuming that we will not disclose what they have told us. To do so would do violence to that trust. Trust is essential for communities of people to function effectively. Without trust and fidelity, communities (and the persons within them) suffer.
An expectation exists in society that confidence will be kept in medical settings. This expectation makes people trust those who care for them in times of illness. Because the expectation exists, and because of the inequality in intimate disclosures, medical care providers have a special obligation to be trustworthy and loyal.
The effectiveness of medicine often depends upon patients revealing intimate details and secrets of their lives. The breaking of confidences would have a negative effect on medicine because patients would be less likely to entrust these intimate details to their providers if they might be revealed to others (utilitarian ethics). Thus routinely breaking confidence harms the therapeutic relationship.
For example, people who are at risk for HIV may not seek testing if they think that information will be available to anyone other than the doctor. Without the assurance of confidentiality, no identification of people at risk can occur.

Is there an obligation to maintain confidentiality when the patient is an adolescent?

Adolescents' concerns about confidentiality can be a barrier to accessing health services (Booth, Ford, Reddy, Cheng, Klein). When they know that confidentiality will be respected, they are more likely to seek healthcare, return for healthcare and disclose sensitive information about risky behaviors (Ford).

One study (Reddy) of girls ages 12 to 17 in the United States found that nearly 60% reported that if their parents were notified, they would stop using all or some sexual health services or delay testing or treatment for sexually transmitted infections.

Other studies have found that about a third of adolescents would not seek health care for sensitive health concerns if their parents could find out (Cheng, Klein).

The majority of adolescents wish to obtain healthcare for some or all of their health concerns without parental knowledge (Thrall).

One in 10 adolescents reported not visiting their health care provider in the previous year despite wanting to do so because of the fear that their parents would find out (Thrall). This study also found that the provision of confidential healthcare was a significant predictor of having discussed substance use with providers in the preceding two years.

One British survey of 188 adolescents ages 16 to 17 found that 85% of them ranked confidentiality as the first- or second-most-important issue in seeking health services (followed by telephone advice, written information, special clinics, friendliness and magazines in waiting room) (McPherson).

Another survey found that 58% of adolescents had health concerns they wished to keep private from their parents. Due to concerns about privacy, only 57% were willing to see their physician about sensitive subjects (Cheng).

Doesn't the law require we tell parents these things?

Laws regarding confidentiality vary from state to state. In Washington state, confidentiality is tied to informed consent, such that any individual who can provide informed consent (and most adolescents can provide consent for diagnosis and treatment of STDs, pregnancy, contraception and psychiatric care) is also owed the duty of confidentiality.

How will you strategize what happens next, e.g., sending a test while the girl waits, but not telling the mom what has been done?

What is perhaps most important is to make a plan with the girl. One option is to suggest that a visit to a public health clinic or Planned Parenthood might be a safer way to protect her confidentiality.

If she wants you to perform the pregnancy test, then she needs to be aware that her mother may have questions about what is happening and why tests are being done. It will also be necessary to plan for how the test result will be shared once the mother is back in the room.

What if her mother asks what tests you are doing?

While you have promised confidentiality to the daughter, this does not require that you lie or mislead the girl's mother. The daughter needs to understand this. If asked a question by the mother about what tests are being done, you may need to say that you cannot divulge that to her.

In that case, an uncomfortable situation may arise with the mother confronting the daughter. The physician's duty in this case is to make the daughter aware of this risk of doing the test now with her mother present.

Is it ever appropriate to violate the duty of confidentiality? If so, under what conditions?

The clearest situations in which confidentiality can be justifiably overridden are those in which the patient places another person or the community at significant risk of serious harm.

Confidentiality is limited in cases where others may be harmed significantly if the confidence is kept. Respect for autonomy does not extend to allowing harm to be done to others.
Probability of harm
Magnitude of harm
Forseeability of harm
Preventability of harm
Identifiability of victim (s)
Potential impact on a general policy of confidentiality
Is there a high likelihood of significant harm ?
Will breaking the confidence prevent the harm ?
Are there any less intrusive alternatives that would prevent the harm and not require breaking confidentiality or some other ethical obligation? One must always seek an alternative way of dealing with the problem that might allow you to keep confidence. Every effort must be made to get the person's consent to reveal what needs to be revealed. If people are at risk of serious harm and disclosure is necessary to prevent that harm and there is no less intrusive alternative than disclosure, disclosure is justified.
If confidentiality must be broken, only those with an absolute need to know should be given access to that information, and only that information that is needed to prevent harm should be revealed.
In most cases, patient should be notified that confidentiality is to be violated.

What are some examples where breaking the rule of confidentiality might be justified?

State laws may mandate reporting of certain communicable diseases, including STDs and HIV. Beyond mandatory reporting, one's duty to protect others when your patient has an infectious disease is usually discharged by warning the patient that they are at risk to others and telling them how they can prevent spread of the disease to others.
When someone says that they are going to hurt someone else
These conditions may include driving under the influence; promiscuous HIV-infected person having unprotected intercourse; an airline pilot with uncontrolled seizures. (There is a recent $3 million tort case involving a physician who failed to report an epileptic patient to the DMV. The patient had an accident and injured a passenger.) Laws governing whether reporting of these situations is mandatory vary from state to state.
Duties are to the child. To report parents is not to break confidentiality, but to uphold your duty to give priority to the best interests of the child. State laws require healthcare providers to report suspected neglect or abuse to child welfare authorities.

What about harm to self? Is your feeling that the adolescent might harm herself or that she might later regret her decision sufficient reason to break the rule of confidentiality?

These are referred to as paternalistic violations of confidentiality: "It is done for the patient's own good."

Paternalistic violations of confidentiality are rarely justified in adults, especially regarding those patients who demonstrate the capacity to make the decision in question (understanding of issues, thoughtfulness, ability to make a decision, awareness of and willingness to accept consequences).

Notice that a breach of confidentiality is not justified simply because you think it would be better for the patient if others knew about a certain condition or problem. Respect for persons requires that a person with capacity be permitted to decide whether or not it would be beneficial to her that others know the information in question.

Adolescents should be encouraged to consult with parents about decisions.

Confidentiality should only be violated if what the adolescent has revealed suggests there is a strong likelihood of serious harm to them; that the harm will most likely be prevented by breaking confidence; that all alternatives have been exhausted; that they have been given the opportunity to make the revelation themselves; and that they have been notified of your intention to break confidentiality. This is more easily justified if there is some evidence of limited autonomy on the part of the adolescent.

If you decide you must break confidentiality, what are your obligations to the adolescent patient?

Notify them of your obligation to make the revelation.
Explain the reasons you feel obligated to break confidentiality.
Offer an apology that you cannot maintain confidentiality.
Offer them the opportunity to make the revelation themselves in your presence.

If you decide to maintain the confidentiality of your adolescent patient, what are some of the ways confidentiality may not be maintained?

Mark Siegler has asked whether confidentiality is a "decrepit concept." He had a patient express his concern over the number of people who appeared to have access to his inpatient chart. Siegler counted 75 to 100 people with legitimate reasons to be looking at the chart. When he informed the patient of this, his reply was: "Perhaps you should tell me just what you people mean by 'confidentiality!'"

Likewise, when a physician at an East Coast institution had an HIV test done at his home institution, within hours he had acquaintances approaching him to offer their sympathy.

In this case, the girl was notified that her pregnancy test was positive and persisted in her request that her mother not be told. Does she need to know about other ways her parents may find out about the test result even though you have promised not to divulge that information without her permission?

If she is covered by her parent's insurance, they will receive a bill. The bill might be itemized, including some mention of a pregnancy test.
If her parents were to request a copy of her medical records, they would likely receive all of the information it contained. Many offices have no strategy for identifying information in the medical record that the adolescent would have wished to remain private.

Conclusion With Suggestions

Have a standard discussion with all adolescents at the beginning of a visit (warning of limitations on your ability to maintain confidentiality):

"What you tell me here is between you and me. I will not tell your parents or others about what we have discussed without your permission.

"However, I want you to be aware that there are certain circumstances under which I will not be able to keep that promise. For example, if what you tell me suggests that you intend to harm yourself or place someone else at risk of serious harm, I will need to share that information.

"You should also understand that your parents will get a bill for this visit and may ask you about it. That bill may have the names of tests that we do today…"

If there is no mechanism in place to restrict access to the records of adolescent patients, they should be warned that parents may have access to their records (if they request them), and that you may not be able to prevent that possibility (even in states that respect minors' desire to have records not be revealed to parents, it may happen inadvertently).

Make a plan with the adolescent regarding follow-up of lab results and billing to assure confidentiality.

Do not leave messages on answering machines. Likewise, recognize that fax and email communications can easily be sent to the wrong person.

Make a plan with the adolescent regarding how she wishes to be contacted by you for follow-up on lab results.

Confidentiality and Adolescents

1. Instructor's Guide 2. Student's Guide 3. Case Discussion

This instructor's guide was developed by Douglas S. Diekema, MD, MPH, director of education, Treuman Katz Center for Pediatric Bioethics and Palliative Care, Seattle Children's.

In addition to the copyright notice set forth in the link below, permission to display, cache and print unlimited copies of the Case-Based Teaching Guides referred to on this page is hereby granted, solely for educational purposes, without charge (other than charges solely to cover the costs of copying), and without alteration of the Materials in any way.

Also in This Section…

Instructor's Guide: Confidentiality and Adolescents
Student's Guide: Confidentiality and Adolescents

Seattle Children’s complies with applicable federal and other civil rights laws and does not discriminate, exclude people or treat them differently based on race, color, religion (creed), sex, gender identity or expression, sexual orientation, national origin (ancestry), age, disability, or any other status protected by applicable federal, state or local law. Financial assistance for medically necessary services is based on family income and hospital resources and is provided to children under age 21 whose primary residence is in Washington, Alaska, Montana or Idaho.

Confidentiality in Health and Social Care

Confidentiality Policy In Health And Social Care

Neoma Toersen

Writer for Health and Social Care

Posted 2 February 2024

Confidentiality in health and social care is essential to forming trust within the sector. It forms an ethical foundation that respects the dignity and privacy of individuals receiving care. Whether it involves respecting someone’s privacy or another person’s preferences, the duty of sharing information is just as important as the duty to protect confidentiality.

We at The Access Group understand the importance of sharing information and managing confidentiality in health and social care. We have been working with care services for over 30 years and with help from our experts, have put together a guide to confidentiality in health and social care so you can understand the complexities surrounding this vital concept.

What is Confidentiality in Health and Social Care?

Confidentiality in health and social care definition consists of keeping sensitive information private and respecting the wishes of individuals. Private information may include medical records, personal preferences or other restricted information. Upholding confidentiality is key to building trust.

In hindsight, confidentiality means that carers must not share the personal details of someone with others unless they’ve been permitted to do so or it’s absolutely necessary. This respects a service user’s right to control access to their personal information, which protects their privacy and dignity .

Why is Confidentiality Important in Health and Social Care?

Confidentiality in health and social care is both a legal and respectful requirement. The Human Rights Act (1998) gives every individual the right to respect both their private and family life, which includes having personal information held in confidence. Then the Care Act (2014) says that ‘’access to personal confidential data should be on a strict need-to-know basis.’’ The moral importance of confidentiality in health and social care includes:

Building a foundation of trust between service users and care providers
Creating an environment where people feel safe disclosing sensitive information
Respecting individual autonomy and upholding the right to privacy

The trust formed through confidentiality is essential for effective communication, accurate diagnosis and the development of personalised care plans . Safeguarding sensitive information also demonstrates a commitment to preserving the dignity and personal choices of service users.

What Legislation Relates to Confidentiality in Health and Social Care?

As mentioned above, several legal frameworks govern confidentiality in health and social care. To add to the Human Rights Act and Care Act listed above, in the UK, the Data Protection Act (2018) and the General Data Protection Regulation (GDPR) set the standards for protecting personal data, including health information. Additionally, the Health and Social Care Act (2012) reinforces the importance of confidentiality and data protection in the delivery of care services.

Benefits of Confidentiality in Health and Social Care

The main benefit to maintaining confidentiality in health and social care is to build trust and rapport amongst care staff and service users. Doing so leads to more open and honest communication, which can benefit the health and well-being of individuals.

Respecting the dignity and personal choices of individuals is also key to promoting a person-centred approach to care while promoting confidence and forming trust.

Confidentiality can also prevent the misuse of confidential information, this could refer to legal or immoral use of it. As a result, this could benefit your care service as it’ll protect your reputation.

Finally, when people feel comfortable with sharing information, it can help them receive the best possible treatment for medical conditions. Medical experts and care providers should always maintain anonymity when their crucial duties are carried out.

Confidentiality Policy in Health and Social Care

Services usually implement confidentiality policies and procedures in health and social care to ensure employees, service users and their families understand how their personal information and data is being used, and who has access to it. The policies will outline the expectations, procedures and safeguards to guarantee the secure handling of sensitive information by those who have access to it.

Policies and procedures often cover areas like data storage, access controls (restricting access to sensitive information based on job roles and responsibilities) and guidance for sharing information within legal and ethical boundaries. This should include consent protocols, which outline the processes for obtaining informed consent for information sharing.

Examples of Confidentiality in Health and Social Care

Fully understanding confidentiality in health and social care begins with knowing what kind of information you need to keep quiet. Examples of confidentiality in health and social care include:

Medical records – Service user medical records including diagnoses, treatment plans and test results are maintained with strict confidentiality to protect sensitive health information.
Private discussions – Social workers and counsellors ensure the privacy of service user discussions, ensuring their personal issues and concerns are not disclosed without their consent.
Personal information – Care providers mustn’t share personal details of service users, like their address or contact details, unless it’s necessary for their care and/or with proper authorisation.

Other examples include but are not limited to, name, date of birth, age, sex, current contact details of family, bank information, personal goals, assessments or reports and personal care issues.

How to Maintain Confidentiality in Health and Social Care

Maintaining confidentiality in health and social care requires a careful approach from all professionals involved in the care service, alongside a combination of legal adherence and ethical considerations. To uphold confidentiality, the following strategies can be used:

Informed consent – Obtain written consent from service users before sharing their information with anyone else, make sure you explain the purpose and potential recipients.
Secure information handling – Make sure that electronic and physical records are stored securely, with restricted access only to authorised personnel.
Change log - ins and passwords – Doing so regularly will keep security measures and programs up to date for IT systems and will enhance the protection of personal data. Any data breaches must be reported immediately.
Record information wisely – Only necessary and relevant information of individuals should be recorded and assessed, you don’t need to make a record of everything.
Training and awareness – Regularly train your care staff on confidentiality policies and update them on any changes in legislation or best practices if they come about.
Challenge and verify – Where necessary, make sure you ask for the identity of any person who is requesting confidential or person-identifiable information.
Avoid giving too much away – When asked for information, you should share only the minimum amount of information that is necessary to attain the purpose.

Professionals must follow the law, which includes complying with relevant data protection and confidentiality legislation. Access to sensitive information should be limited/restricted to those directly involved in the individual’s care. Finally, encryption should be applied to communication channels to keep them secure and reduce the risk of information being leaked when sharing it electronically.

Knowing how to promote confidentiality in health and social care is also advisable. Promoting confidentiality requires a collective effort from both the care service and individuals. Some strategies include fostering a culture that values privacy and confidentiality alongside quality care. You should also regularly review and update policies to align with evolving legal and ethical standards.

When Can You Break Confidentiality in Health and Social Care?

Please note that in health and social care, there is no absolute confidentiality. While confidentiality is a fundamental principle within the health and social care industry, there will be circumstances where it may be ethically and legally justifiable to breach confidentiality. For example, if it’s in the best interest of the service user, or another party whose needs outshine those of the service user’s present situation.

Another example, a health and social care practitioner may need to discuss the symptoms of an individual with a fellow practitioner to ensure that they provide the best possible support. This includes being able to refer the individual to another service that may suit them better.

Confidentiality may be broken due to having a legal obligation to disclose a report. Legal mandates may be required for contagious diseases or complying with court orders. In extreme circumstances, a carer may need to unveil information about someone in court if they are called upon to do so.

Care workers may need to break confidentiality if they suspect a service user will seriously harm themselves or someone else. This doesn’t always include self-harm or drug use unless it’s believed that the individual might accidentally harm themselves in a life-threatening way, or they don’t have full mental capacity.

A final example includes a care worker breaking confidentiality due to suspecting that their client is going to commit a criminal offence. This is something that many people in health and social care are familiar with. Again, it doesn't usually refer to drug use unless the person is supplying it.

Sharing Information and Managing Confidentiality in Health and Social Care

Understanding the boundaries of confidentiality in health and social care is essential. At times, there will be a need to share information for successful care while maintaining confidentiality and this requires careful consideration.

To help, protocols should be put in place to manage information sharing within legal and ethical boundaries, and effective communication among care providers, with explicit consent from service users, helps strike this delicate balance.

Breach of Confidentiality in Health and Social Care

A breach of confidentiality in health and social care is not done on ethical or legal grounds, which means it can have serious consequences. It erodes the trust between service providers and users while compromising their well-being. It could also permanently damage the reputation of your care service.

You have a duty to protect confidentiality in health and social care. To address breaches promptly, you must have procedures in place. These may include investigating the incident, implementing corrective measures and notifying the affected parties where necessary.

Some examples of a breach of confidentiality include leaving confidential information unattended in a non-secure area or disclosing confidential information without proper authorisation.

Maintain Confidentiality in Health and Social Care

In the health and social care industry, confidentiality stands as a fundamental principle that forms trust, preserves dignity and upholds the individual rights of your service users. By understanding the importance of confidentiality alongside legislation and practical aspects, you will be able to navigate the area with ethical integrity. As we continue to evolve our approach to care, the commitment to confidentiality will remain key to safeguarding the trust and well-being of individuals.

To help you support your care team, maintain confidentiality within your care service and to protect your service if a data breach occurs, you should consider implementing our Policies and Procedures software. This will allow you to manage all of your health and social care policies, procedures, documents and forms in one digital platform, which will attain and maintain ongoing compliance with your regulator.

Our award-winning software at The Access Group has been created by health and social care professionals, including former regulators, clinicians and providers, so you will be getting a platform designed for success. Our Policies and Procedures are quick and easy to set up and have been approved for use with the CQC, Care Inspectorate Wales and Care Inspectorate Scotland. You can learn more about our software or book a demo by contacting us today.

HSC A&P CARE Policies And Procedures Blog Banner

Health, Support and Social Care
Residential Care
Social Care

Fall Risk Assessment in Social Care

" data-gtm_content_url="/en-gb/blog/hsc-fall-risk-assessment-in-social-care/">Read more >

Best EHR System

" data-gtm_content_url="/en-gb/blog/hsc-best-ehr-system/">Read more >

Privacy Notice
Cookie Policy
Gender Pay Gap Report
Annual Report and Consolidated Financial Accounts 2022
Annual Report and Consolidated Financial Accounts 2023
Tax Strategy
Modern Slavery Policy Statement
Brexit Statement
Accessibility Statement
Director’s Statement on Section 172
Company News
Our Management Team
Our Offices
Our Global Operations Centres
0845 345 3300

Internet explorer is no longer supported

We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.

A Guide to Confidentiality in Health and Social Care

The duty to share information can be as important as the duty to protect confidentiality. The HSCIC Guide to Confidentiality 2013 shows health and care workers what they should do and why, to share information safely while following rules on confidentiality. It covers the five confidentiality rules:

Confidential information about service users or patients should be treated confidentially and respectfully.
Members of a care team should share confidential information when it is needed for the safe and effective care of an individual.
Information that is shared for the benefit of the community should be anonymised.
An individual's right to object to the sharing of confidential information about them should be respected.
Organisations should put policies, procedures and systems in place to ensure the confidentiality rules are followed.

The HSCIC Guide to Confidentiality 2013 reference document provides legal background to this guidance.

Last edited: 9 March 2022 4:19 pm

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Med Princ Pract
v.30(1); 2021 Feb

Principles of Clinical Ethics and Their Application to Practice

An overview of ethics and clinical ethics is presented in this review. The 4 main ethical principles, that is beneficence, nonmaleficence, autonomy, and justice, are defined and explained. Informed consent, truth-telling, and confidentiality spring from the principle of autonomy, and each of them is discussed. In patient care situations, not infrequently, there are conflicts between ethical principles (especially between beneficence and autonomy). A four-pronged systematic approach to ethical problem-solving and several illustrative cases of conflicts are presented. Comments following the cases highlight the ethical principles involved and clarify the resolution of these conflicts. A model for patient care, with caring as its central element, that integrates ethical aspects (intertwined with professionalism) with clinical and technical expertise desired of a physician is illustrated.

Highlights of the Study

Main principles of ethics, that is beneficence, nonmaleficence, autonomy, and justice, are discussed.
Autonomy is the basis for informed consent, truth-telling, and confidentiality.
A model to resolve conflicts when ethical principles collide is presented.
Cases that highlight ethical issues and their resolution are presented.
A patient care model that integrates ethics, professionalism, and cognitive and technical expertise is shown.

Introduction

A defining responsibility of a practicing physician is to make decisions on patient care in different settings. These decisions involve more than selecting the appropriate treatment or intervention.

Ethics is an inherent and inseparable part of clinical medicine [ 1 ] as the physician has an ethical obligation (i) to benefit the patient, (ii) to avoid or minimize harm, and to (iii) respect the values and preferences of the patient. Are physicians equipped to fulfill this ethical obligation and can their ethical skills be improved? A goal-oriented educational program [ 2 ] (Table (Table1) 1 ) has been shown to improve learner awareness, attitudes, knowledge, moral reasoning, and confidence [ 3 , 4 ].

Goals of ethics education

• To appreciate the ethical dimensions of patient care

• To understand ethical principles of medical profession

• To have competence in core ethical behavioral skills ( )

• To know the commonly encountered ethical issues in general and in one's specialty

• To have competence in analyzing and resolving ethical problems

• To appreciate cultural diversity and its impact on ethics

Ethics, Morality, and Professional Standards

Ethics is a broad term that covers the study of the nature of morals and the specific moral choices to be made. Normative ethics attempts to answer the question, “Which general moral norms for the guidance and evaluation of conduct should we accept, and why?” [ 5 ]. Some moral norms for right conduct are common to human kind as they transcend cultures, regions, religions, and other group identities and constitute common morality (e.g., not to kill, or harm, or cause suffering to others, not to steal, not to punish the innocent, to be truthful, to obey the law, to nurture the young and dependent, to help the suffering, and rescue those in danger). Particular morality refers to norms that bind groups because of their culture, religion, profession and include responsibilities, ideals, professional standards, and so on. A pertinent example of particular morality is the physician's “accepted role” to provide competent and trustworthy service to their patients. To reduce the vagueness of “accepted role,” physician organizations (local, state, and national) have codified their standards. However, complying with these standards, it should be understood, may not always fulfill the moral norms as the codes have “often appeared to protect the profession's interests more than to offer a broad and impartial moral viewpoint or to address issues of importance to patients and society” [ 6 ].

Bioethics and Clinical (Medical) Ethics

A number of deplorable abuses of human subjects in research, medical interventions without informed consent, experimentation in concentration camps in World War II, along with salutary advances in medicine and medical technology and societal changes, led to the rapid evolution of bioethics from one concerned about professional conduct and codes to its present status with an extensive scope that includes research ethics, public health ethics, organizational ethics, and clinical ethics.

Hereafter, the abbreviated term, ethics, will be used as I discuss the principles of clinical ethics and their application to clinical practice.

The Fundamental Principles of Ethics

Beneficence, nonmaleficence, autonomy, and justice constitute the 4 principles of ethics. The first 2 can be traced back to the time of Hippocrates “to help and do no harm,” while the latter 2 evolved later. Thus, in Percival's book on ethics in early 1800s, the importance of keeping the patient's best interest as a goal is stressed, while autonomy and justice were not discussed. However, with the passage of time, both autonomy and justice gained acceptance as important principles of ethics. In modern times, Beauchamp and Childress' book on Principles of Biomedical Ethics is a classic for its exposition of these 4 principles [ 5 ] and their application, while also discussing alternative approaches.

Beneficence

The principle of beneficence is the obligation of physician to act for the benefit of the patient and supports a number of moral rules to protect and defend the right of others, prevent harm, remove conditions that will cause harm, help persons with disabilities, and rescue persons in danger. It is worth emphasizing that, in distinction to nonmaleficence, the language here is one of positive requirements. The principle calls for not just avoiding harm, but also to benefit patients and to promote their welfare. While physicians' beneficence conforms to moral rules, and is altruistic, it is also true that in many instances it can be considered a payback for the debt to society for education (often subsidized by governments), ranks and privileges, and to the patients themselves (learning and research).

Nonmaleficence

Nonmaleficence is the obligation of a physician not to harm the patient. This simply stated principle supports several moral rules − do not kill, do not cause pain or suffering, do not incapacitate, do not cause offense, and do not deprive others of the goods of life. The practical application of nonmaleficence is for the physician to weigh the benefits against burdens of all interventions and treatments, to eschew those that are inappropriately burdensome, and to choose the best course of action for the patient. This is particularly important and pertinent in difficult end-of-life care decisions on withholding and withdrawing life-sustaining treatment, medically administered nutrition and hydration, and in pain and other symptom control. A physician's obligation and intention to relieve the suffering (e.g., refractory pain or dyspnea) of a patient by the use of appropriate drugs including opioids override the foreseen but unintended harmful effects or outcome (doctrine of double effect) [ 7 , 8 ].

The philosophical underpinning for autonomy, as interpreted by philosophers Immanuel Kant (1724–1804) and John Stuart Mill (1806–1873), and accepted as an ethical principle, is that all persons have intrinsic and unconditional worth, and therefore, should have the power to make rational decisions and moral choices, and each should be allowed to exercise his or her capacity for self-determination [ 9 ]. This ethical principle was affirmed in a court decision by Justice Cardozo in 1914 with the epigrammatic dictum, “Every human being of adult years and sound mind has a right to determine what shall be done with his own body” [ 10 ].

Autonomy, as is true for all 4 principles, needs to be weighed against competing moral principles, and in some instances may be overridden; an obvious example would be if the autonomous action of a patient causes harm to another person(s). The principle of autonomy does not extend to persons who lack the capacity (competence) to act autonomously; examples include infants and children and incompetence due to developmental, mental or physical disorder. Health-care institutions and state governments in the US have policies and procedures to assess incompetence. However, a rigid distinction between incapacity to make health-care decisions (assessed by health professionals) and incompetence (determined by court of law) is not of practical use, as a clinician's determination of a patient's lack of decision-making capacity based on physical or mental disorder has the same practical consequences as a legal determination of incompetence [ 11 ].

Detractors of the principle of autonomy question the focus on the individual and propose a broader concept of relational autonomy (shaped by social relationships and complex determinants such as gender, ethnicity and culture) [ 12 ]. Even in an advanced western country such as United States, the culture being inhomogeneous, some minority populations hold views different from that of the majority white population in need for full disclosure, and in decisions about life support (preferring a family-centered approach) [ 13 ].

Resistance to the principle of patient autonomy and its derivatives (informed consent, truth-telling) in non-western cultures is not unexpected. In countries with ancient civilizations, rooted beliefs and traditions, the practice of paternalism ( this term will be used in this article, as it is well-entrenched in ethics literature, although parentalism is the proper term ) by physicians emanates mostly from beneficence. However, culture (a composite of the customary beliefs, social forms, and material traits of a racial, religious or social group) is not static and autonomous, and changes with other trends over passing years. It is presumptuous to assume that the patterns and roles in physician-patient relationships that have been in place for a half a century and more still hold true. Therefore, a critical examination of paternalistic medical practice is needed for reasons that include technological and economic progress, improved educational and socioeconomic status of the populace, globalization, and societal movement towards emphasis on the patient as an individual, than as a member of a group. This needed examination can be accomplished by research that includes well-structured surveys on demographics, patient preferences on informed consent, truth-telling, and role in decision-making.

Respecting the principle of autonomy obliges the physician to disclose medical information and treatment options that are necessary for the patient to exercise self-determination and supports informed consent, truth-telling, and confidentiality.

Informed Consent

The requirements of an informed consent for a medical or surgical procedure, or for research, are that the patient or subject (i) must be competent to understand and decide, (ii) receives a full disclosure, (iii) comprehends the disclosure, (iv) acts voluntarily, and (v) consents to the proposed action.

The universal applicability of these requirements, rooted and developed in western culture, has met with some resistance and a suggestion to craft a set of requirements that accommodate the cultural mores of other countries [ 14 ]. In response and in vigorous defense of the 5 requirements of informed consent, Angell wrote, “There must be a core of human rights that we would wish to see honored universally, despite variations in their superficial aspects …The forces of local custom or local law cannot justify abuses of certain fundamental rights, and the right of self-determination on which the doctrine of informed consent is based, is one of them” [ 15 ].

As competence is the first of the requirements for informed consent, one should know how to detect incompetence. Standards (used singly or in combination) that are generally accepted for determining incompetence are based on the patient's inability to state a preference or choice, inability to understand one's situation and its consequences, and inability to reason through a consequential life decision [ 16 ].

In a previously autonomous, but presently incompetent patient, his/her previously expressed preferences (i.e., prior autonomous judgments) are to be respected [ 17 ]. Incompetent (non-autonomous) patients and previously competent (autonomous), but presently incompetent patients would need a surrogate decision-maker. In a non-autonomous patient, the surrogate can use either a substituted judgment standard (i.e., what the patient would wish in this circumstance and not what the surrogate would wish), or a best interests standard (i.e., what would bring the highest net benefit to the patient by weighing risks and benefits). Snyder and Sulmasy [ 18 ], in their thoughtful article, provide a practical and useful option when the surrogate is uncertain of the patient's preference(s), or when patient's preferences have not kept abreast of scientific advances. They suggest the surrogate use “substituted interests,” that is, the patient's authentic values and interests, to base the decision.

Truth-Telling

Truth-telling is a vital component in a physician-patient relationship; without this component, the physician loses the trust of the patient. An autonomous patient has not only the right to know (disclosure) of his/her diagnosis and prognosis, but also has the option to forgo this disclosure. However, the physician must know which of these 2 options the patient prefers.

In the United States, full disclosure to the patient, however grave the disease is, is the norm now, but was not so in the past. Significant resistance to full disclosure was highly prevalent in the US, but a marked shift has occurred in physicians' attitudes on this. In 1961, 88% of physicians surveyed indicated their preference to avoid disclosing a diagnosis [ 19 ]; in 1979, however, 98% of surveyed physicians favored it [ 20 ]. This marked shift is attributable to many factors that include − with no order of importance implied − educational and socioeconomic progress, increased accountability to society, and awareness of previous clinical and research transgressions by the profession.

Importantly, surveys in the US show that patients with cancer and other diseases wish to have been fully informed of their diagnoses and prognoses. Providing full information, with tact and sensitivity, to patients who want to know should be the standard. The sad consequences of not telling the truth regarding a cancer include depriving the patient of an opportunity for completion of important life-tasks: giving advice to, and taking leave of loved ones, putting financial affairs in order, including division of assets, reconciling with estranged family members and friends, attaining spiritual order by reflection, prayer, rituals, and religious sacraments [ 21 , 22 ].

In contrast to the US, full disclosure to the patient is highly variable in other countries [ 23 ]. A continuing pattern in non-western societies is for the physician to disclose the information to the family and not to the patient. The likely reasons for resistance of physicians to convey bad news are concern that it may cause anxiety and loss of hope, some uncertainty on the outcome, or belief that the patient would not be able to understand the information or may not want to know. However, this does not have to be a binary choice, as careful understanding of the principle of autonomy reveals that autonomous choice is a right of a patient, and the patient, in exercising this right, may authorize a family member or members to make decisions for him/her.

Confidentiality

Physicians are obligated not to disclose confidential information given by a patient to another party without the patient's authorization. An obvious exception (with implied patient authorization) is the sharing necessary of medical information for the care of the patient from the primary physician to consultants and other health-care teams. In the present-day modern hospitals with multiple points of tests and consultants, and the use of electronic medical records, there has been an erosion of confidentiality. However, individual physicians must exercise discipline in not discussing patient specifics with their family members or in social gatherings [ 24 ] and social media. There are some noteworthy exceptions to patient confidentiality. These include, among others, legally required reporting of gunshot wounds and sexually transmitted diseases and exceptional situations that may cause major harm to another (e.g., epidemics of infectious diseases, partner notification in HIV disease, relative notification of certain genetic risks, etc.).

Justice is generally interpreted as fair, equitable, and appropriate treatment of persons. Of the several categories of justice, the one that is most pertinent to clinical ethics is distributive justice . Distributive justice refers to the fair, equitable, and appropriate distribution of health-care resources determined by justified norms that structure the terms of social cooperation [ 25 ]. How can this be accomplished? There are different valid principles of distributive justice. These are distribution to each person (i) an equal share, (ii) according to need, (iii) according to effort, (iv) according to contribution, (v) according to merit, and (vi) according to free-market exchanges. Each principle is not exclusive, and can be, and are often combined in application. It is easy to see the difficulty in choosing, balancing, and refining these principles to form a coherent and workable solution to distribute medical resources.

Although this weighty health-care policy discussion exceeds the scope of this review, a few examples on issues of distributive justice encountered in hospital and office practice need to be mentioned. These include allotment of scarce resources (equipment, tests, medications, organ transplants), care of uninsured patients, and allotment of time for outpatient visits (equal time for every patient? based on need or complexity? based on social and or economic status?). Difficult as it may be, and despite the many constraining forces, physicians must accept the requirement of fairness contained in this principle [ 26 ]. Fairness to the patient assumes a role of primary importance when there are conflicts of interests. A flagrant example of violation of this principle would be when a particular option of treatment is chosen over others, or an expensive drug is chosen over an equally effective but less expensive one because it benefits the physician, financially, or otherwise.

Conflicts between Principles

Each one of the 4 principles of ethics is to be taken as a prima facie obligation that must be fulfilled, unless it conflicts, in a specific instance, with another principle. When faced with such a conflict, the physician has to determine the actual obligation to the patient by examining the respective weights of the competing prima facie obligations based on both content and context. Consider an example of a conflict that has an easy resolution: a patient in shock treated with urgent fluid-resuscitation and the placement of an indwelling intravenous catheter caused pain and swelling. Here the principle of beneficence overrides that of nonmaleficence. Many of the conflicts that physicians face, however, are much more complex and difficult. Consider a competent patient's refusal of a potentially life-saving intervention (e.g., instituting mechanical ventilation) or request for a potentially life-ending action (e.g., withdrawing mechanical ventilation). Nowhere in the arena of ethical decision-making is conflict as pronounced as when the principles of beneficence and autonomy collide.

Beneficence has enjoyed a historical role in the traditional practice of medicine. However, giving it primacy over patient autonomy is paternalism that makes a physician-patient relationship analogous to that of a father/mother to a child. A father/mother may refuse a child's wishes, may influence a child by a variety of ways − nondisclosure, manipulation, deception, coercion etc., consistent with his/her thinking of what is best for the child. Paternalism can be further divided into soft and hard .

In soft paternalism, the physician acts on grounds of beneficence (and, at times, nonmaleficence) when the patient is nonautonomous or substantially nonautonomous (e.g., cognitive dysfunction due to severe illness, depression, or drug addiction) [ 27 ]. Soft paternalism is complicated because of the difficulty in determining whether the patient was nonautonomous at the time of decision-making but is ethically defensible as long as the action is in concordance with what the physician believes to be the patient's values. Hard paternalism is action by a physician, intended to benefit a patient, but contrary to the voluntary decision of an autonomous patient who is fully informed and competent, and is ethically indefensible.

On the other end of the scale of hard paternalism is consumerism, a rare and extreme form of patient autonomy, that holds the view that the physician's role is limited to providing all the medical information and the available choices for interventions and treatments while the fully informed patient selects from the available choices. In this model, the physician's role is constrained, and does not permit the full use of his/her knowledge and skills to benefit the patient, and is tantamount to a form of patient abandonment and therefore is ethically indefensible.

Faced with the contrasting paradigms of beneficence and respect for autonomy and the need to reconcile these to find a common ground, Pellegrino and Thomasma [ 28 ] argue that beneficence can be inclusive of patient autonomy as “the best interests of the patients are intimately linked with their preferences” from which “are derived our primary duties to them.”

One of the basic and not infrequent reasons for disagreement between physician and patient on treatment issues is their divergent views on goals of treatment. As goals change in the course of disease (e.g., a chronic neurologic condition worsens to the point of needing ventilator support, or a cancer that has become refractory to treatment), it is imperative that the physician communicates with the patient in clear and straightforward language, without the use of medical jargon, and with the aim of defining the goal(s) of treatment under the changed circumstance. In doing so, the physician should be cognizant of patient factors that compromise decisional capacity, such as anxiety, fear, pain, lack of trust, and different beliefs and values that impair effective communication [ 29 ].

The foregoing theoretical discussion on principles of ethics has practical application in clinical practice in all settings. In the resource book for clinicians, Jonsen et al. [ 30 ] have elucidated a logical and well accepted model (Table (Table2), 2 ), along the lines of the systematic format that practicing physicians have been taught and have practiced for a long time (Chief Complaint, History of Present Illness, Past History, pertinent Family and Social History, Review of Systems, Physical Examination and Laboratory and Imaging studies). This practical approach to problem-solving in ethics involves:

Clinical assessment (identifying medical problems, treatment options, goals of care)
Patient (finding and clarifying patient preferences on treatment options and goals of care)
Quality of life (QOL) (effects of medical problems, interventions and treatments on patient's QOL with awareness of individual biases on what constitutes an acceptable QOL)
Context (many factors that include family, cultural, spiritual, religious, economic and legal).

Application of principles of ethics in patient care

Beneficence,
nonmaleficence	Nature of illness (acute, chronic, reversible, terminal)? Goals of treatment?
	Treatment options and probability of success for each option?
	Adverse effects of treatment and does benefit outweigh harm?
	Effects of no medical/surgical treatment?
	If treated, plans for limiting treatment? Stopping treatment?

Respect for autonomy
	Information given to patient on benefits and risks of treatment? Patient understood the information and gave consent?
	Patent mentally competent? If competent, what are his/her preferences?
	If patient mentally incompetent, are patient's prior preferences known? If preferences unknown, who is the appropriate surrogate?

Beneficence,	( )
nonmaleficence,	Expected QOL with and without treatment?
respect for autonomy	Deficits − physical, mental, social − may have after treatment?
	Judging QOL of patient who cannot express himself/herself? Who is the judge?
	Recognition of possible physician bias in judging QOL?
	Rationale to forgo life-sustaining treatment(s)?

Distributive justice
	Conflicts of interests − does physician benefit financially, professionally by ordering tests, prescribing medications, seeking consultations?
	Research or educational considerations that affect clinical decisions, physician orders?
	Conflicts of interests based on religious beliefs? Legal issues?
	Conflicts of interests between organizations (clinics, hospitals), 3rd party payers?
	Public health and safety issues?
	Problems in allocation of scarce resources?

Using this model, the physician can identify the principles that are in conflict, ascertain by weighing and balancing what should prevail, and when in doubt, turn to ethics literature and expert opinion.

Illustrative Cases

There is a wide gamut of clinical patient encounters with ethical issues, and some, especially those involving end-of-life care decisions, are complex. A few cases (Case 1 is modified from resource book [ 30 ]) are presented below as they highlight the importance of understanding and weighing the ethical principles involved to arrive at an ethically right solution. Case 6 was added during the revision phase of this article as it coincided with the outbreak of Coronavirus Infectious Disease-2019 (COVID-19) that became a pandemic rendering a discussion of its ethical challenges necessary and important.

A 20-year old college student living in the college hostel is brought by a friend to the Emergency Department (ED) because of unrelenting headache and fever. He appeared drowsy but was responsive and had fever (40°C), and neck rigidity on examination. Lumbar puncture was done, and spinal fluid appeared cloudy and showed increased white cells; Gram stain showed Gram-positive diplococci. Based on the diagnosis of bacterial meningitis, appropriate antibiotics were begun, and hospitalization was instituted. Although initial consent for diagnosis was implicit, and consent for lumbar puncture was explicit, at this point, the patient refuses treatment without giving any reason, and insists to return to his hostel. Even after explanation by the physician as to the seriousness of his diagnosis, and the absolute need for prompt treatment (i.e., danger to life without treatment), the patient is adamant in his refusal.

Comment . Because of this refusal, the medical indications and patient preferences (see Table Table2) 2 ) are at odds. Is it ethically right to treat against his will a patient who is making a choice that has dire consequences (disability, death) who gives no reason for this decision, and in whom a clear determination of mental incapacity cannot be made (although altered mental status may be presumed)? Here the principle of beneficence and principle of autonomy are in conflict. The weighing of factors: (1) patient may not be making a reasoned decision in his best interest because of temporary mental incapacity; and (2) the severity of life-threatening illness and the urgency to treat to save his life supports the decision in favor of beneficence (i.e., to treat).

A 56-year old male lawyer and current cigarette smoker with a pack-a-day habit for more than 30 years, is found to have a solitary right upper lobe pulmonary mass 5 cm in size on a chest radiograph done as part of an insurance application. The mass has no calcification, and there are no other pulmonary abnormalities. He has no symptoms, and his examination is normal. Tuberculosis skin test is negative, and he has no history of travel to an endemic area of fungal infection. As lung cancer is the most probable and significant diagnosis to consider, and early surgical resection provides the best prospects for cure, the physician, in consultation with the thoracic surgeon, recommends bronchoscopic biopsy and subsequent resection. The patient understands the treatment plan, and the significance of not delaying the treatment. However, he refuses, and states that he does not think he has cancer; and is fearful that the surgery would kill him. Even after further explanations on the low mortality of surgery and the importance of removing the mass before it spreads, he continues to refuse treatment.

Comment . Even though the physician's prescribed treatment, that is, removal of the mass that is probably cancer, affords the best chance of cure, and delay in its removal increases its chance of metastases and reaching an incurable stage − the choice by this well informed and mentally competent patient should be respected. Here, autonomy prevails over beneficence. The physician, however, may not abandon the patient and is obligated to offer continued outpatient visits with advice against making decision based on fear, examinations, periodic tests, and encouragement to seek a second opinion.

A 71-year-old man with very severe chronic obstructive pulmonary disease (COPD) is admitted to the intensive care unit (ICU) with pneumonia, sepsis, and respiratory failure. He is intubated and mechanically ventilated. For the past 2 years, he has been on continuous oxygen treatment and was short of breath on minimal exertion. In the past 1 year, he had 2 admissions to the ICU; on both occasions he required intubation and mechanical ventilation. Presently, even with multiple antibiotics, intravenous fluid hydration, and vasopressors, his systolic blood pressure remains below 60 mm Hg, and with high flow oxygen supplementation, his oxygen saturation stays below 80%; his arterial blood pH is 7.0. His liver enzymes are elevated. He is anuric, and over next 8 h his creatinine has risen to 5 mg/dL and continues to rise. He has drifted into a comatose state. The intensivist suggests discontinuation of vasopressors and mechanical ventilation as their continued use is futile. The patient has no advance care directives or a designated health-care proxy.

Comment . The term “futility” is open to different definitions [ 31 ] and is often controversial, and therefore, some experts suggest the alternate term, “clinically non-beneficial interventions” [ 32 ]. However, in this case the term futility is appropriate to indicate that there is evidence of physiological futility (multisystem organ failure in the setting of preexisting end stage COPD, and medical interventions would not reverse the decline). It is appropriate then to discuss the patient's condition with his family with the goal of discontinuing life-sustaining interventions. These discussions should be done with sensitivity, compassion and empathy. Palliative care should be provided to alleviate his symptoms and to support the family until his death and beyond in their bereavement.

A 67-year old widow, an immigrant from southern India, is living with her son and his family in Wisconsin, USA. She was experiencing nausea, lack of appetite and weight loss for a few months. During the past week, she also had dark yellow urine, and yellow coloration of her skin. She has basic knowledge of English. She was brought to a multi-specialty teaching hospital by her son, who informed the doctor that his mother has “jaundice,” and instructed that, if any serious life-threatening disease was found, not to inform her. He asked that all information should come to him, and if there is any cancer not to treat it, since she is older and frail. Investigations in the hospital reveals that she has pancreatic cancer, and chemotherapy, while not likely to cure, would prolong her life.

Comment . In some ancient cultures, authority is given to members of the family (especially senior men) to make decisions that involve other members on marriage, job, and health care. The woman in this case is a dependent of her son, and given this cultural perspective, the son can rightfully claim to have the authority to make health-care decisions for her. Thus, the physician is faced with multiple tasks that may not be consonant. To respect cultural values [ 33 ], to directly learn the patient's preferences, to comply with the American norm of full disclosure to the patient, and to refuse the son's demands.

The principle of autonomy provides the patient the option to delegate decision-making authority to another person. Therefore, the appropriate course would be to take the tactful approach of directly informing the patient (with a translator if needed), that the diagnosed disease would require decisions for appropriate treatment. The physician should ascertain whether she would prefer to make these decisions herself, or whether she would prefer all information to be given to her son, and all decisions to be made by him.

A 45-year-old woman had laparotomy and cholecystectomy for abdominal pain and multiple gall stones. Three weeks after discharge from the hospital, she returned with fever, abdominal pain, and tenderness. She was given antibiotics, and as her fever continued, laparotomy and exploration were undertaken; a sponge left behind during the recent cholecystectomy was found. It was removed, the area cleansed, and incision closed. Antibiotics were continued, and she recovered without further incident and was discharged. Should the surgeon inform the patient of his error?

Comment . Truth-telling, a part of patient autonomy is very much applicable in this situation and disclosure to patient is required [ 34 , 35 , 36 ]. The mistake caused harm to the patient (morbidity and readmission, and a second surgery and monetary loss). Although the end result remedied the harm, the surgeon is obligated to inform the patient of the error and its consequences and offer an apology. Such errors are always reported to the Operating Room Committees and Surgical Quality Improvement Committees of US Hospitals. Hospital-based risk reduction mechanisms (e.g., Risk Management Department) present in most US hospitals would investigate the incident and come up with specific recommendations to mitigate the error and eliminate them in the future. Many institutions usually make financial settlements to obviate liability litigation (fees and hospital charges waived, and/or monetary compensation made to the patient). Elsewhere, if such mechanisms do not exist, it should be reported to the hospital. Acknowledgment from the hospital, apologies from the institution and compensation for the patient are called for. Whether in US or elsewhere, a malpractice suit is very possible in this situation, but a climate of honesty substantially reduces the threat of legal claims as most patients trust their physicians and are not vindictive.

The following scenario is at a city hospital during the peak of the COVID-19 pandemic: A 74-year-old woman, residing in an assisted living facility, is brought to the ED with shortness of breath and malaise. Over the past 4 days she had been experiencing dry cough, lack of appetite, and tiredness; 2 days earlier, she stopped eating and started having a low-grade fever. A test for COVID-19 undertaken by the assisted living facility was returned positive on the morning of the ED visit.

She, a retired nurse, is a widow; both of her grown children live out-of-state. She has had hypertension for many years, controlled with daily medications. Following 2 strokes, she was moved to an assisted living facility 3 years ago. She recovered most of her functions after the strokes and required help only for bathing and dressing. She is able to answer questions appropriately but haltingly, because of respiratory distress. She has tachypnea (34/min), tachycardia (120/min), temperature of 101°F, BP 100/60 and 90% O 2 saturation (on supplemental O 2 of 4 L/min). She has dry mouth and tongue and rhonchi on lung auscultation. Her respiratory rate is increasing on observation and she is visibly tiring.

Another patient is now brought in by ambulance; this is a 22-year-old man living in an apartment and has had symptoms of “flu” for a week. Because of the pandemic, he was observing the recommended self-distancing, and had no known exposure to coronavirus. He used saline gargles, acetaminophen, and cough syrup to alleviate his sore throat, cough, and fever. In the past 2 days, his symptoms worsened, and he drove himself to a virus testing station and got tested for COVID-19; he was told that he would be notified of the results. He returned to his apartment and after a sleepless night with fever, sweats, and persistent cough, he woke up and felt drained of all strength. The test result confirmed COVID-19. He then called for an ambulance.

He has been previously healthy. He is a non-smoker and uses alcohol rarely. He is a second-year medical student. He is single, and his parents and sibling live hundreds of miles away.

On examination, he has marked tachypnea (>40/min), shallow breathing, heart rate of 128/min, temperature of 103°F and O 2 saturation of 88 on pulse oximetry. He appears drowsy and is slow to respond to questions. He is propped up to a sitting position as it is uncomfortable for him to be supine. Accessory muscles of neck and intercostals are contracting with each breath, and on auscultation, he has basilar crackles and scattered rhonchi. His O 2 saturation drops to 85 and he is in respiratory distress despite nebulized bronchodilator treatment.

Both of these patients are in respiratory failure, clinically and confirmed by arterial blood gases, and are in urgent need of intubation and mechanical ventilation. However, only one ventilator is available; who gets it?

Comment . The decision to allocate a scarce and potentially life-saving equipment (ventilator) is very difficult as it directly addresses the question “Who shall live when not everyone can live? [ 5 ]. This decision cannot be emotion-driven or arbitrary; nor should it be based on a person's wealth or social standing. Priorities need to be established ethically and must be applied consistently in the same institution and ideally throughout the state and the country. The general social norm to treat all equally or to treat on a first come, first saved basis is not the appropriate choice here. There is a consensus among clinical ethics scholars, that in this situation, maximizing benefits is the dominant value in making a decision [ 37 ]. Maximizing benefits can be viewed in 2 different ways; in lives saved or in life-years saved; they differ in that the first is non-utilitarian while the second is utilitarian. A subordinate consideration is giving priority to patients who have a better chance of survival and a reasonable life expectancy. The other 2 considerations are promoting and rewarding instrumental value (benefit to others) and the acuity of illness. Health-care workers (physicians, nurses, therapists etc.) and research participants have instrumental value as their work benefits others; among them those actively contributing are of more value than those who have made their contributions. The need to prioritize the sickest and the youngest is also a recognized value when these are aligned with the dominant value of maximizing benefits. In the context of COVID-19 pandemic, Emanuel et al. [ 37 ] weighed and analyzed these values and offered some recommendations. Some ethics scholars opine that in times of a pandemic, the burden of making a decision as to who gets a ventilator and who does not (often a life or death choice) should not be on the front-line physicians, as it may cause a severe and life-long emotional toll on them [ 35 , 36 ]. The toll can be severe for nurses and other front-line health-care providers as well. As a safeguard, they propose that the decision should rest on a select committee that excludes doctors, nurses and others who are caring for the patient(s) under consideration [ 38 ].

Both patients described in the case summaries have comparable acuity of illness and both are in need of mechanical ventilator support. However, in the dominant value of maximizing benefits the two patients differ; in terms of life-years saved, the second patient (22-year-old man) is ahead as his life expectancy is longer. Additionally, he is more likely than the older woman, to survive mechanical ventilation, infection, and possible complications. Another supporting factor in favor of the second patient is his potential instrumental value (benefit to others) as a future physician.

Unlike the other illustrative cases, the scenario of these 2 cases, does not lend itself to a peaceful and fully satisfactory resolution. The fairness of allocating a scarce and potentially life-saving resource based on maximizing benefits and preference to instrumental value (benefit to others) is open to question. The American College of Physicians has stated that allocation decisions during resource scarcity should be made “based on patient need, prognosis (determined by objective scientific measure and informed clinical judgment) and effectiveness (i.e., likelihood that the therapy will help the patient to recover), … to maximize the number of patients who will recover” [ 39 ].

This review has covered basics of ethics founded on morality and ethical principles with illustrative examples. In the following segment, professionalism is defined, its alignment with ethics depicted, and virtues desired of a physician (inclusive term for medical doctor regardless of type of practice) are elucidated. It concludes with my vision of an integrated model for patient care.

The core of professionalism is a therapeutic relationship built on competent and compassionate care by a physician that meets the expectation and benefits a patient. In this relationship, which is rooted in the ethical principles of beneficence and nonmaleficence, the physician fulfills the elements shown in Table Table3. 3 . Professionalism “demands placing the interest of patients above those of the physician, setting and maintaining standards of competence and integrity, and providing expert advice to society on matters of health” [ 26 , 40 ].

Physicians obligations

• Cure of disease when possible

• Maintenance or improvement of functional status and quality of life (relief of symptoms and suffering)

• Promotion of health and prevention of disease

• Prevention of untimely death

• Education and counseling of patients (condition and prognosis)

• Avoidance of harm to the patient in the course of care

• Providing relief and support near time of death (end-of-life care)

Drawing on several decades of experience in teaching and mentoring, I envisage physicians with qualities of both “heart” and “head.” Ethical and humanistic values shape the former, while knowledge (e.g., by study, research, practice) and technical skills (e.g., medical and surgical procedures) form the latter. Figure Figure1 1 is a representation of this model. Morality that forms the base of the model and ethical principles that rest on it were previously explained. Virtues are linked, some more tightly than others, to the principles of ethics. Compassion, a prelude to caring, presupposes sympathy, is expressed in beneficence. Discernment is especially valuable in decision-making when principles of ethics collide. Trustworthiness leads to trust, and is a needed virtue when patients, at their most vulnerable time, place themselves in the hands of physicians. Integrity involves the coherent integration of emotions, knowledge and aspirations while maintaining moral values. Physicians need both professional integrity and personal integrity, as the former may not cover all scenarios (e.g., prescribing ineffective drugs or expensive drugs when effective inexpensive drugs are available, performing invasive treatments or experimental research modalities without fully informed consent, any situation where personal monetary gain is placed over patient's welfare). Conscientiousness is required to determine what is right by critical reflection on good versus bad, better versus good, logical versus emotional, and right versus wrong.

An external file that holds a picture, illustration, etc.
Object name is mpp-0030-0017-g01.jpg

Integrated model of patient care.

In my conceptualized model of patient care (Fig. (Fig.1), 1 ), medical knowledge, skills to apply that knowledge, technical skills, practice-based learning, and communication skills are partnered with ethical principles and professional virtues. The virtues of compassion, discernment, trustworthiness, integrity, and conscientiousness are the necessary building blocks for the virtue of caring. Caring is the defining virtue for all health-care professions. In all interactions with patients, besides the technical expertise of a physician, the human element of caring (one human to another) is needed. In different situations, caring can be expressed verbally and non-verbally (e.g., the manner of communication with both physician and patient closely seated, and with unhurried, softly spoken words); a gentle touch especially when conveying “bad news”; a firmer touch or grip to convey reassurance to a patient facing a difficult treatment choice; to hold the hand of a patient dying alone). Thus, “caring” is in the center of the depicted integrated model, and as Peabody succinctly expressed it nearly a hundred years ago, “The secret of the care of the patient is caring for the patient” [ 41 ].

Conflict of Interest Statement

The author declares that he has no conflicts of interest.

Big Data for Social Good

Big social problems require big data solutions.

Using real-world data and policy interventions as applications, this Harvard Online course will teach core concepts in data science, economics, and statistics and equip you to tackle some of the most pressing social challenges of our time.

What You'll Learn

The American Dream—the idea that through hard work any child can rise up and achieve a higher standard of living than their parents—is fading: only half of kids today will go on to earn more than their parents did. Why has this happened? And, how can we reverse the fading of the American Dream? “Big data” is often associated with corporations seeking to improve products by collecting data on customers. What if we could use big data for social good—to address problems such as the fading American Dream, growing income inequality, or persistent racial disparities? Big Data for Social Good will teach you how to use big data, coupled with the tools of data science and economics, to solve some of the most important social problems of our time. Big data can help us cut through politically charged debates and find out what policies actually work from a scientific perspective, making the often-discussed notion of “evidence-based policymaking” a reality. Using big data, we can see how the specific neighborhoods in which we grow up and the schools we attend shape our life outcomes—and how we can take these insights to create better opportunities for all.

The course will be delivered via HBS Online’s course platform and immerse learners in real-world examples from experts at industry-leading organizations. By the end of the course, participants will be able to:

Examine historical income, education and family support, and geography to understand how these economic factors lead to upward mobility
Understand how big data is used to identify the causes of socioeconomic disparities and how data can lead to evidence-based action and outcomes
Explore economic methodologies, such as statistical models, regression analysis, and quasi-experiments in data set combinations
Utilize economic frameworks and apply them to your work
Use evidence to engage and gain support of communities and constituents to drive systemic policy developments and changes

Your Instructor

Raj Chetty, PhD, is the William A. Ackman Professor of Public Economics at Harvard University and Director of Opportunity Insights. His research uses “big data” to understand how we can give children from disadvantaged backgrounds better chances of succeeding. Chetty's research combines empirical evidence and economic theory to help design more effective government policies. His work on topics ranging from tax policy and unemployment insurance to education and affordable housing has been widely cited in academia, media outlets, and Congressional testimony. He has received numerous awards for his research, including a MacArthur "Genius" Fellowship and the John Bates Clark medal, given to the economist under 40 whose work is judged to have made the most significant contribution to the field.

Real World Case Studies

Affiliations are listed for identification purposes only.

Geoffrey Canada

Hear from Geoffrey Canada, an educator, social activist, and author, about his pioneering work in helping children and families in Harlem and about place-based innovations.

Sarah Oppenheimer

Learn how Sarah Oppenheimer’s work bridges research with applied policy and practice to address poverty and support families’ outcomes.

Nathaniel Hendren

Explore research based on the core question “Do markets provide opportunity?”

Available Discounts and Benefits for Groups and Individuals

Experience Harvard Online by utilizing our wide variety of discount programs for individuals and groups.

Past participant discounts.

Learners who have enrolled in at least one qualifying Harvard Online program hosted on the HBS Online platform are eligible to receive a 30% discount on this course, regardless of completion or certificate status in the first purchased program. Past Participant Discounts are automatically applied to the Program Fee upon time of payment. Learn more here .

Learners who have earned a verified certificate for a HarvardX course hosted on the edX platform are eligible to receive a 30% discount on this course using a discount code. Discounts are not available after you've submitted payment, so if you think you are eligible for a discount on a registration, please check your email for a code or contact us .

Nonprofit, Government, Military, and Education Discounts

For this course we offer a 30% discount for learners who work in the nonprofit, government, military, or education fields.

Eligibility is determined by a prospective learner’s email address, ending in .org, .gov, .mil, or .edu. Interested learners can apply below for the discount and, if eligible, will receive a promo code to enter when completing payment information to enroll in a Harvard Online program. Click here to apply for these discounts.

Gather your team to experience Data Privacy and Technology and other Harvard Online courses to enjoy the benefits of learning together:

Single invoicing for groups of 10 or more
Tiered discounts and pricing available with up to 50% off
Growth reports on your team's progress
Flexible course and partnership plans

Learn more and enroll your team !

Who Will Benefit

Community activists and nonprofits

Use big data and economic principles to gain support and advocate for change in underserved communities.

Policy advocates and public sector employees

Serve the needs and requests of your communities better through evidence-based research and defined policy outcomes.

Students and Recent Graduates

Learn how to combine disparate data sets that lead to key findings, insights, and solutions for addressing economic societal problems.

Course Syllabus

Learning requirements: In order to earn a Certificate of Completion from Harvard Online and Harvard Business School Online, participants must thoughtfully complete all 8 modules, including satisfactory completion of the associated assignments, by stated deadlines.

Download Full Syllabus

Study The Opportunity Atlas and Brownsville, Brooklyn cases
Recognize some of the statistical techniques used to measure and map opportunity
Explore granular variation in levels of upward mobility
Study the moving to opportunity experiment
Consider the ethical and societal impacts of social experiments
Explore two methods for causal inference
Interpret methods for establishing statistical significance
Study cases like Creating Moves to Opportunity and the Harlem Children's Zone
Describe the factors that are correlated with differences in upward mobility across places
Understand the relationship between supply and demand
Explain the distinction between constraints and barriers
Study the American Dream and social capital
Understand the concept of social capital
Understand how economic policies can "pay for themselves" in the long terms
Identify different statistical approaches to measuring upward mobility
Investigate both redistributive policies and policies that invest in human capital
Study the effect of mentorship
Explain the relationship between economic growth and equality of opportunity
Identify data sources for studying innovation
Explore innovation as a potential path for increasing both equality of opportunity and economic growth
Understand how to use propensity score reweighting
Study college mobility rates
Explore the extent to which colleges and universities in the US either promote or hinder upward mobility
Understand how to measure the causal effect of college on a student’s outcomes
Recognize the importance of both access and outcomes in determining a college’s Mobility Rate
Understand methods for standardizing data from across different sources
Study the importance of class size and teacher quality in determining students’ outcomes
Understand dynamic models and steady states
Explore differences in upward mobility by race/ethnicity and gender
Explain that differences in upward mobility lead to the persistence of mobility gaps in “steady state”

Earn Your Certificate

Enroll today in Harvard Online's Big Data for Social Good course.

Still Have Questions?

Are there discounts available for this course? What are the learning requirements? How do I list my certificate on my resume? Learn the answers to these and more in our FAQs.

Related Courses

Reducing racial disparities in health care.

In partnership with the Disparities Solutions Center at MGH, this course will help you deliver high-quality health care to all through organizational change.

Data Privacy and Technology

Explore legal and ethical implications of one’s personal data, the risks and rewards of data collection and surveillance, and the needs for policy, advocacy, and privacy monitoring.

Outsmarting Implicit Bias

Designed for individuals and teams, this Harvard Online course taught by preeminent Harvard Professor Mahzarin Banaji teaches the science of implicit bias and strategies to counter the impact of bias in the workplace.

Defining the Role of Authors and Contributors

Page Contents

Why Authorship Matters
Who Is an Author?
Non-Author Contributors
Artificial Intelligence (AI)-Assisted Technology

1. Why Authorship Matters

Authorship confers credit and has important academic, social, and financial implications. Authorship also implies responsibility and accountability for published work. The following recommendations are intended to ensure that contributors who have made substantive intellectual contributions to a paper are given credit as authors, but also that contributors credited as authors understand their role in taking responsibility and being accountable for what is published.

Editors should be aware of the practice of excluding local researchers from low-income and middle-income countries (LMICs) from authorship when data are from LMICs. Inclusion of local authors adds to fairness, context, and implications of the research. Lack of inclusion of local investigators as authors should prompt questioning and may lead to rejection.

Because authorship does not communicate what contributions qualified an individual to be an author, some journals now request and publish information about the contributions of each person named as having participated in a submitted study, at least for original research. Editors are strongly encouraged to develop and implement a contributorship policy. Such policies remove much of the ambiguity surrounding contributions, but leave unresolved the question of the quantity and quality of contribution that qualify an individual for authorship. The ICMJE has thus developed criteria for authorship that can be used by all journals, including those that distinguish authors from other contributors.

2. Who Is an Author?

The ICMJE recommends that authorship be based on the following 4 criteria:

Substantial contributions to the conception or design of the work; or the acquisition, analysis, or interpretation of data for the work; AND
Drafting the work or reviewing it critically for important intellectual content; AND
Final approval of the version to be published; AND
Agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved.

In addition to being accountable for the parts of the work done, an author should be able to identify which co-authors are responsible for specific other parts of the work. In addition, authors should have confidence in the integrity of the contributions of their co-authors.

All those designated as authors should meet all four criteria for authorship, and all who meet the four criteria should be identified as authors. Those who do not meet all four criteria should be acknowledged—see Section II.A.3 below. These authorship criteria are intended to reserve the status of authorship for those who deserve credit and can take responsibility for the work. The criteria are not intended for use as a means to disqualify colleagues from authorship who otherwise meet authorship criteria by denying them the opportunity to meet criterion #s 2 or 3. Therefore, all individuals who meet the first criterion should have the opportunity to participate in the review, drafting, and final approval of the manuscript.

The individuals who conduct the work are responsible for identifying who meets these criteria and ideally should do so when planning the work, making modifications as appropriate as the work progresses. We encourage collaboration and co-authorship with colleagues in the locations where the research is conducted. It is the collective responsibility of the authors, not the journal to which the work is submitted, to determine that all people named as authors meet all four criteria; it is not the role of journal editors to determine who qualifies or does not qualify for authorship or to arbitrate authorship conflicts. If agreement cannot be reached about who qualifies for authorship, the institution(s) where the work was performed, not the journal editor, should be asked to investigate. The criteria used to determine the order in which authors are listed on the byline may vary, and are to be decided collectively by the author group and not by editors. If authors request removal or addition of an author after manuscript submission or publication, journal editors should seek an explanation and signed statement of agreement for the requested change from all listed authors and from the author to be removed or added.

The corresponding author is the one individual who takes primary responsibility for communication with the journal during the manuscript submission, peer-review, and publication process. The corresponding author typically ensures that all the journal’s administrative requirements, such as providing details of authorship, ethics committee approval, clinical trial registration documentation, and disclosures of relationships and activities are properly completed and reported, although these duties may be delegated to one or more co-authors. The corresponding author should be available throughout the submission and peer-review process to respond to editorial queries in a timely way, and should be available after publication to respond to critiques of the work and cooperate with any requests from the journal for data or additional information should questions about the paper arise after publication. Although the corresponding author has primary responsibility for correspondence with the journal, the ICMJE recommends that editors send copies of all correspondence to all listed authors.

When a large multi-author group has conducted the work, the group ideally should decide who will be an author before the work is started and confirm who is an author before submitting the manuscript for publication. All members of the group named as authors should meet all four criteria for authorship, including approval of the final manuscript, and they should be able to take public responsibility for the work and should have full confidence in the accuracy and integrity of the work of other group authors. They will also be expected as individuals to complete disclosure forms.

Some large multi-author groups designate authorship by a group name, with or without the names of individuals. When submitting a manuscript authored by a group, the corresponding author should specify the group name if one exists, and clearly identify the group members who can take credit and responsibility for the work as authors. The byline of the article identifies who is directly responsible for the manuscript, and MEDLINE lists as authors whichever names appear on the byline. If the byline includes a group name, MEDLINE will list the names of individual group members who are authors or who are collaborators, sometimes called non-author contributors, if there is a note associated with the byline clearly stating that the individual names are elsewhere in the paper and whether those names are authors or collaborators.

3. Non-Author Contributors

Contributors who meet fewer than all 4 of the above criteria for authorship should not be listed as authors, but they should be acknowledged. Examples of activities that alone (without other contributions) do not qualify a contributor for authorship are acquisition of funding; general supervision of a research group or general administrative support; and writing assistance, technical editing, language editing, and proofreading. Those whose contributions do not justify authorship may be acknowledged individually or together as a group under a single heading (e.g. "Clinical Investigators" or "Participating Investigators"), and their contributions should be specified (e.g., "served as scientific advisors," "critically reviewed the study proposal," "collected data," "provided and cared for study patients," "participated in writing or technical editing of the manuscript").

Because acknowledgment may imply endorsement by acknowledged individuals of a study’s data and conclusions, editors are advised to require that the corresponding author obtain written permission to be acknowledged from all acknowledged individuals.

Use of AI for writing assistance should be reported in the acknowledgment section.

4. Artificial Intelligence (AI)-Assisted Technology

At submission, the journal should require authors to disclose whether they used artificial intelligence (AI)-assisted technologies (such as Large Language Models [LLMs], chatbots, or image creators) in the production of submitted work. Authors who use such technology should describe, in both the cover letter and the submitted work in the appropriate section if applicable, how they used it. For example, if AI was used for writing assistance, describe this in the acknowledgment section (see Section II.A.3). If AI was used for data collection, analysis, or figure generation, authors should describe this use in the methods (see Section IV.A.3.d). Chatbots (such as ChatGPT) should not be listed as authors because they cannot be responsible for the accuracy, integrity, and originality of the work, and these responsibilities are required for authorship (see Section II.A.1). Therefore, humans are responsible for any submitted material that included the use of AI-assisted technologies. Authors should carefully review and edit the result because AI can generate authoritative-sounding output that can be incorrect, incomplete, or biased. Authors should not list AI and AI-assisted technologies as an author or co-author, nor cite AI as an author. Authors should be able to assert that there is no plagiarism in their paper, including in text and images produced by the AI. Humans must ensure there is appropriate attribution of all quoted material, including full citations.

Next: Disclosure of Financial and Non-Financial Relationships and Activities, and Conflicts of Interest

Keep up-to-date Request to receive an E-mail when the Recommendations are updated.

Subscribe to Changes

If you are viewing this version of CT.gov, you are using an unsupported browser or you are in Internet Explorer 9 using compatibility mode. This means that the design and layout of the site is not fully supported, however the content of the site is still fully accessible and functional. For the full website experience, please update your browser to one of the following: Google Chrome , Firefox , Safari , Internet Explorer 10 or higher.

It seems that JavaScript is not working in your browser. It could be because it is not supported, or that JavaScript is intentionally disabled. Some of the features on CT.gov will not function properly with out javascript enabled.

Settings Menu

High Contrast High Contrast Mode On or Off switch On Off
Font Size regular font size large font size

Connecticut State Department of Public Health

Get Your Local HeatRisk

Change the Script

Change the Script is a statewide program that connects town leaders, healthcare professionals, treatment professionals, and everyday people with the resources they need to face prescription drugs and opioid misuse.

Young woman assisting older man with mobile device

The State of Connecticut Human Services Portal

At Health.CT.gov, you’ll find health services for you and your loved ones, programs specifically tailored for your community, and easy directions to apply for the help you need.

The Connecticut AIDS Drugs Assistance Program

The CT AIDS Drug Assistance Program provides eligible low-income residents with medications and health insurance premium assistance for the treatment of HIV and HIV-related conditions.

Online Resources

Current Commissioner's Orders
Birth, Marriage, and Death Certificates
Fact Sheets - Health and Wellness Topics
Immigration Resources: Connecticut Family Preparedness Plan
Public Health Code
Find your Local Health Department
Requests for Proposals
Healthcare Associated Infections
State Health Assessment
Healthy Connecticut 2025 Initiative
DPH-Led Working Groups and Advisory Councils

News and Press

CT DoAg announces increased funds and early start of Farmers’ Market Nutrition Program on June 1

Commissioner Juthani's Memorial Day message to DPH staff

Governor Lamont announces launch of Connecticut Student Loan Repayment Program for health care providers in underserved areas and facilities

DAS announces $122 million in grants to public schools for HVAC system upgrades

Biden-Harris Administration announces more than $28 million for Connecticut lead pipe replacement to advance safe drinking water as part of Investing in America agenda

Commissioner Manisha Juthani, MD

Welcome to the Connecticut Department of Public Health. We hope you find this website both helpful and informative. Please add us to your bookmarks and check back frequently for up-to-date information on the services we offer.

About Department of Public Health

About the Commissioner
Our Mission and Vision
Organizational Chart
DPH Phone Directory

Social Media

TrainConnecticut
View our Calendar of Events

Department of Public Health

For health care practitioner license questions, please call 860-509-7603 or visit www.ct.gov/dph/license

Driving Directions

Media centre

Search the HCPC

Recent searches

Suggestions.

{{search.Title}}

Case studies and template

Case studies to help you to reflect on your practice.

These case studies will help you to reflect on your practice, and provide a summary of reflective models that can help aid your reflections and make them more effective.

Templates are also provided to guide your own activities. Remember, there is no set way to reflect and you can adapt these activities to suit your learning style and your role.

Your reflection should be about learning and improving your practice. If you’d like to see how reflection has impacted the practice of some of our registrants, watch this short video.

Getting started

Here are some tips to think about when you set out to reflect.

Sole practitioners' group

Case study: Carl is a podiatrist working in independent practise. He is a sole practitioner and has run his business for 10 years

Group reflection within a team

Case study: Munira is a physiotherapist working in private practice. She has treated her service user Russel for the last three months after he was involved in a fall at home.

Reflecting by yourself

Case study: Emily is a dietitian working in an NHS Trust hospital. She also volunteers at a local charity that raises awareness about diabetes at events and conferences

Reflective practice template

Template to help you guide your own activities

Data governance
Alexander S. Gillis, Technical Writer and Editor
Jacqueline Biscobing, Senior Managing Editor, News

What is compliance?

Compliance is the state of being in accordance with established guidelines or specifications, or the process of becoming so. Software, for example, may be developed in compliance with specifications created by a standards body, and then deployed by user organizations in compliance with a vendor's licensing agreement. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation.

Compliance is a prevalent business concern, partly because of an ever-increasing number of regulations that require companies to be vigilant about maintaining a full understanding of their regulatory requirements for compliance. To adhere to compliance standards, an organization must follow requirements or regulations imposed by either itself or government legislation.

Regulatory compliance examples

Some prominent regulations, standards and legislation that organizations may need to be compliant with include the following:

Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act was enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices. Among other provisions, the law sets rules on storing and retaining business records in IT systems.
Can Spam Act of 2003. The Can Spam Act requires businesses to label commercial emails as advertising, use legitimate return email addresses, provide recipients with opt-out options and process opt-out requests within 10 business days.
Health Insurance Portability and Accountability Act ( HIPAA ) of 1996. HIPAA Title II includes an administrative simplification section that mandates standardization of electronic health records systems and includes security mechanisms designed to protect data privacy and patient confidentiality.
Dodd-Frank Act . Enacted in 2010, this act aims to reduce federal dependence on banks by subjecting them to regulations that enforce transparency and accountability to protect customers.
Payment Card Industry Data Security Standard ( PCI DSS ). PCI DSS is a set of policies and procedures created in 2004 by Visa, MasterCard, Discover and American Express to ensure the security of credit, debit and cash card transactions.
Federal Information Security Management Act ( FISMA ). Signed into law in 2002, FISMA requires federal agencies to conduct annual reviews of information security programs. This is done to keep risks to data at or below specified acceptable levels.
Occupational Safety and Health Administration ( OSHA ). The OSHA requirements were introduced by the U.S. Congress in 1971 to protect worker health and safety in the U.S.
General Data Protection Regulation ( GDPR ). GDPR is legislation that went into effect in the European Union in 2018 that updated and unified data privacy laws. The purpose of GDPR is to protect individuals and the data that describes them and to ensure organizations that collect this data do so in a responsible manner.

IT compliance guidelines vary by country; Sarbanes-Oxley Act, for example, is U.S. legislation. Similar legislation in other countries includes Germany's Deutscher Corporate Governance Kodex and Australia's Corporate Law Economic Reform Program Act 2004. As a result, multinational organizations must be cognizant of the regulatory compliance requirements of each country they operate within. For example, GDPR applies to all organizations that are based outside the European Union, as long as they also operate in the EU.

Regulatory compliance vs. corporate compliance

There are two main types of compliance that denote where the framework is coming from: corporate and regulatory. Both corporate and regulatory compliance consist of a framework of rules, regulations and practices to follow.

Corporate compliance applies to the rules, regulations and practices an organization puts into place for compliance -- according to both external regulations and internal policies.
Regulatory compliance applies to the rules, regulations and practices an organization puts into place for compliance -- according to external regulations.

Corporate and regulatory compliance are very similar, with their main difference being whether their policies come from internal or external regulations.

Chief compliance officer and other compliance roles

As regulations and other guidelines have increasingly become a concern for corporate management, companies are turning more frequently to specialized compliance software and IT compliance consultancies. Many organizations have even added compliance jobs, such as the role of chief compliance officer (CCO).

The main responsibilities of a CCO include ensuring the organization is able to both manage compliance risk and pass a compliance audit . The exact nature of a compliance audit will vary, depending on factors such as the organization's industry, whether it is a public or private company, and the nature of the data it creates, collects and stores. Other responsibilities of a CCO include identifying the potential risks an organization faces, assessing the effectiveness of any risk-prevention processes and resolving any compliance issues.

Chief compliance officer roles and responsibilities

Other possible compliance roles include the following:

Compliance analysts. Compliance analysts help organizations remain compliant with regulations and prepare them for audits.
Compliance services associates. This role focuses on identifying, prioritizing and resolving issues for clients.
Compliance coordinator. This role focuses on preparing and completing regulatory and compliance documents, as well as making sure they adhere to federal, state and government requirements.
Compliance director. This role focuses on ensuring organizations conform to all rules, regulations and laws placed upon them. They are also responsible for managing and correcting any violations that occur.

Best practices and strategies for corporate compliance

To ensure an organization follows compliance laws or regulations, they should follow these best practices:

Determine compliance goals. Focus on the areas of compliance the organization needs to improve the most, such as a specific regulation, law or a violation that is costing the organization money.
Know the regulatory environment. Laws and regulations may change over time, so having staff members -- either as a part of a compliance department or otherwise -- who keep up to date on new regulations relevant to the organization's industry is a good idea.
Implement compliance tools. Compliance tools can automatically track data, aiding in compliance risk management.
Hold compliance audits. An in-depth review of regulatory compliance areas ensures an organization is following compliance regulations correctly and can help identify areas an organization needs to improve.
Review compliance regulations regularly. A regular review helps find weak points and gives an organization a chance to improve and keep its compliance efforts up to date.
Train employees for compliance policy. If employees cannot follow compliance policies, then the organization cannot fully adhere to the policies. Employees should be trained and made aware of relevant policies and be held accountable when policies are not followed.

Learn more about compliance and its related security concerns in this article.

Continue Reading About compliance

How compliance provides stakeholders evidence of success
How can a compliance strategy improve customer trust?
Data protection compliance costs less than noncompliance
Top five threats to compliance during the pandemic
Binance CEO says 'compliance is a journey' as world's largest crypto exchange faces growing crackdown

Related Terms

Dig deeper on data governance.

Businesses face growing patchwork of state AI laws

data retention policy

AI and compliance: Which rules exist today, and what's next?

The race to regulate AI: 2024 unpacked

With trusted data as a foundation, the longtime analytics and data integration vendor has been pragmatic in its creation of an ...

The longtime analytics vendor's latest new features include data integration capabilities targeting data quality and a GenAI ...

The analytics and data integration vendor is focused on providing users with a foundation of trusted data as it develops an ...

Many organizations struggle to manage their vast collection of AWS accounts, but Control Tower can help. The service automates ...

There are several important variables within the Amazon EKS pricing model. Dig into the numbers to ensure you deploy the service ...

AWS users face a choice when deploying Kubernetes: run it themselves on EC2 or let Amazon do the heavy lifting with EKS. See ...

Incorporating consulting services and flexible accommodations for different LLMs, developer-focused Contentstack offers its own ...

As SharePoint 2019 approaches its end of life, users can expect reduced support. Migration to newer platforms like SharePoint ...

Measuring knowledge management effectiveness requires quantitative and qualitative data. Metrics like the balanced scorecard ...

With its Cerner acquisition, Oracle sets its sights on creating a national, anonymized patient database -- a road filled with ...

Oracle plans to acquire Cerner in a deal valued at about $30B. The second-largest EHR vendor in the U.S. could inject new life ...

The Supreme Court ruled 6-2 that Java APIs used in Android phones are not subject to American copyright law, ending a ...

SAP showcases new Business AI applications and continues to make the case for S/4HANA Cloud as the future of SaaS-based ERP ...

SAP acquires the digital adoption platform vendor in a bid to expand its portfolio of applications that helps customers moving ...

On the first day of Sapphire, SAP focused on business AI and the criticality of its GenAI assistant. But analysts say the ...

COMMENTS

PDF Privacy and Confidentiality
This This case case demonstrates demonstrates how how health health care care workers workers can easily can cross easily the line cross and the breach line and an individual breach an s right individual's to privacy right and to confidentiality. privacy and confiden7ality. Before Before accessing accessing a a client client's s health ...
Breach of confidentiality
Respect confidentiality. Standard 5.1. You must treat information about service users as confidential. Standard 9. Be honest and trustworthy. Standard 9.1. You must make sure that your conduct justifies the public's trust and confidence in you and your profession. Standard 10. Keep records of your work.
Case Analysis: Breaching Patient Confidentiality and Privacy
Case Study. The use of digital communication such as EHR, email, social media, or the internet has become the norm in healthcare (Lo, 2013). However, the use of digital communication poses risks of breaching patient privacy and confidentiality. The following case study illustrates inappropriate use of digital communication: Trista was a new ...
Confidentiality and public interest disclosure: A framework to evaluate
In the interim, the Health and Social Care Act 2012 renamed the Council of Healthcare Regulatory Excellence 44 as the Professional Standards Authority for Health and Social Care ... by the Professional Standards Authority investigating perspectives on consistency in healthcare regulation used confidentiality as a case study to prompt discussion ...
Health professionals' knowledge and attitude towards patient
Respecting patients' confidentiality is an ethical and legal responsibility for health professionals and the cornerstone of care excellence. This study aims to assess health professionals' knowledge, attitudes, and associated factors towards patients' confidentiality in a resource-limited setting. Institutional based cross-sectional study was conducted among 423 health professionals.
Confidentiality breaches in clinical practice: what happens in
Background Respect for confidentiality is important to safeguard the well-being of patients and ensure the confidence of society in the doctor-patient relationship. The aim of our study is to examine real situations in which there has been a breach of confidentiality, by means of direct observation in clinical practice. Methods By means of direct observation, our study examines real situations ...
Confidentiality in Direct Social-Work Practice: Inevitable Challenges
Ethics in community mental health care: Confidentiality and common sense. Community Mental Health Journal, 32(6), 513-518. Crossref. Google Scholar. Bollas C., & Sundelson D. (1995). ... Kugelman W. (1992). Social work ethics in the practice arena: A qualitative study. Social Work in Health Care, 17(4), 59-80. Crossref. Google Scholar.
The conflict between maintaining confidentiality in social work and
The social worker claimed that he acted pursuant to the exception provided for in Section 8 (a) (3) of the SWA, which permits a breach of the duty of confidentiality when "the social worker is convinced that the information is required for the care of that person's minor children."According to the social worker, he violated the duty of ...
Introduction to confidentiality
Confidentiality means protecting personal information. This information might include details of a service user's lifestyle, family, health or care needs which they want to be kept private. Service users expect the health and care professionals who are involved in their care or treatment, or have access to information about them, to protect ...
Case studies and examples
Here are some case studies additional to those in the code. Data sharing to improve outcomes for disadvantaged children and families. Sharing with partners in the voluntary or private sector. Landlord and tenant data sharing. Sharing medical records of care home residents. Ensuring children's welfare: data sharing by local authorities with ...
'But don't tell anybody': The dilemma of confidentiality for the lone
Social workers are often referred to as agents of social control (e.g. Higgins, 1980; To, 2006).From the perspective of critical social work, this role may be subject to criticism, as this function in the service of social control can be seen as a tool to protect the interests of powerful groups (e.g. Dominelli, 2002; Higgins, 1980; Hyslop, 2011) and to reify dominant discourses (e.g. Fook ...
To breach or not to breach a patient's confidentiality? A case study in
Maintaining confidentiality may therefore benefit the health of the patient and, more broadly, society. Yet, however strong, the duty is not absolute. There are times when a doctor must, by law, disclose a patient's information, as in the case of certain notifiable diseases and under terrorism legislation.
Confidentiality
This section provides guidance on some of the issues relating to how health and care professionals handle information about service users. ... Webinar: respect confidentiality. #MyHCPCStandards webinar series: Standard 5 - respect confidentiality. Read more ... Guidance on the use of social media; Social media case studies; Webinar: communicate ...
Confidentiality and the duties of care
THE LAW. On the one hand the law appears to give patients rights to privacy and confidentiality. The Human Rights Act 1998 includes article 8—the right to respect for "private life"—although this may be overridden for "the protection of the public health". 3 The Data Protection Act 1998, also accords individuals rights, in terms of access to their data, their right to know how it ...
Case Discussion: Confidentiality and Adolescents
The duty of confidentiality is based on four major arguments: The principle of respect for autonomy or respect for persons. Respect for autonomy, or respect for persons, calls for us to allow others to decide who they want to know certain details about themselves. Respecting others and caring for them should create in us a disposition to ...
PDF Case Study I. Privacy/Confidentiality
of confidentiality in the use and disclosure of information. Principle 3. Preserve, protect, and secure personal health information in any form or medium and hold in the highest regard health information and other information of a confidential nature obtained in an official capacity, taking into account the applicable statutes and regulations.
Confidentiality in Health and Social Care
Confidentiality in health and social care is both a legal and respectful requirement. The Human Rights Act(1998) gives every individual the right to respect both their private and family life, which includes having personal information held in confidence. Then the Care Act (2014) says that ''access to personal confidential data should be on ...
A Guide to Confidentiality in Health and Social Care
The duty to share information can be as important as the duty to protect confidentiality. The HSCIC Guide to Confidentiality 2013 shows health and care workers what they should do and why, to share information safely while following rules on confidentiality. It covers the five confidentiality rules: Confidential information about service users or patients should be treated confidentially and ...
Challenges of Confidentiality in Clinical Settings: Compilation of an
Since Hippocrates, confidentiality has been presented as 1 cornerstone of ethics in healthcare. Confidentiality roots back to the respect for autonomy and self-control on information. Respecting patients confidentiality and privacy are considered as the patients' rights. From deontological aspect, confidentiality is a duty and based on virtue ...
Principles of Clinical Ethics and Their Application to Practice
The 4 main ethical principles, that is beneficence, nonmaleficence, autonomy, and justice, are defined and explained. Informed consent, truth-telling, and confidentiality spring from the principle of autonomy, and each of them is discussed. In patient care situations, not infrequently, there are conflicts between ethical principles (especially ...
Health & Social Care in the Community
Health and Social Care in the Community is an essential journal for anyone involved in nursing, social work, physiotherapy, occupational ... Roma, and Gypsies: A Participatory Qualitative Study. Louise Condon, Suzy C. Hargreaves, Denise Barry, Jolana Curejova, Donna Leeanne Morgan, Sam Worrall, Filiz Celik, Menna Price, First Published: 25 ...
Reducing Racial Disparities in Health Care
Offered in conjunction with the Disparities Solutions Center at Massachusetts General Hospital (MGH), this health equity course will use real-world examples, case studies, and insights from leaders in the field to help you understand the history of racism in health care and digest the latest in understanding racial disparities in health care—allowing you to create strategic approaches that ...
Security and Privacy in Digital Healthcare Systems: Challenges and
The study aims to investigate the crucial need for ensuring security and privacy in the digitisation of healthcare systems, focusing on the challenges that arise and exploring potential strategies to address them.
Big Data for Social Good
Using real-world data and policy interventions as applications, this Harvard Online course will teach core concepts in data science, economics, and statistics and equip you to tackle some of the most pressing social challenges of our time. Big Data for Social is Harvard Online Course taught by Raj Chetty. This short course combines statistics and economics to help changemakers plan for ...
Key principles of confidentiality
tell service users when you have disclosed their information (if this is practical and possible); keep appropriate records of disclosure; keep up to date with relevant law and good practice; if appropriate, ask for advice from colleagues, professional bodies, unions, legal professionals or us; and. make your own informed decisions about ...
Defining the Role of Authors and Contributors
Authorship confers credit and has important academic, social, and financial implications. Authorship also implies responsibility and accountability for published work. The following recommendations are intended to ensure that contributors who have made substantive intellectual contributions to a paper are given credit as authors, but also that ...
Connecticut Department of Public Health
Governor Lamont announces launch of Connecticut Student Loan Repayment Program for health care providers in underserved areas and facilities. 5/20/2024. DAS announces $122 million in grants to public schools for HVAC system upgrades. 5/2/2024
New Report Reviews Evidence on Long COVID Diagnosis, Risk, Symptoms
The new report says that some health effects of Long COVID, including chronic fatigue and post-exertional malaise, cognitive impairment (sometimes referred to as "brain fog"), and autonomic dysfunction, can impair an individual's ability to work or attend school for six months to two years or more after COVID-19 infection.
Case studies and template
Case studies to help you to reflect on your practice. These case studies will help you to reflect on your practice, and provide a summary of reflective models that can help aid your reflections and make them more effective. Templates are also provided to guide your own activities. Remember, there is no set way to reflect and you can adapt these ...
What is compliance?
compliance validation: In compliance , validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out. When regulated industries install or change any equipment that impacts the identity, strength, or quality of their products, their regulatory agency requires that the company ...

Case Analysis: Breaching Patient Confidentiality and Privacy

The Nursing Voice December 2015

Confidentiality breaches in clinical practice: what happens in hospitals?

Conclusions

Experimental design

Selection of participants and sample collection

Study variables

Number of observations

Type of breach observed

Breach severity

Area where the breach was observed

Personnel involved in the breaches

Frequency of observed breaches

General characteristics of the observed breaches

Frequency Index of breaches

Comparison by characteristics of the breaches

Comparison of FI between medical departments

How often is patients’ confidentiality breached?

Characteristics of the confidentiality breaches in our hospital

Limitations of the study

Acknowledgements

Availability of data and material

Authors’ contributions

Competing interests

Consent for publication

Author information

Corresponding author

Additional file

Rights and permissions

About this article

Share this article

BMC Medical Ethics

Case studies and examples

Data sharing to improve outcomes for disadvantaged children and families

Improving data sharing processes and practices at an NHS trust

Sharing medical records between a GP practice and hospital trust

To breach or not to breach a patient’s confidentiality? A case study in the colorectal clinic

Log in using your username and password

You are here

Statistics from Altmetric.com

Read the full text or download the PDF:

Case Discussion

Is there a general duty of confidentiality, and what is the basis for this general ethical rule?

Is there an obligation to maintain confidentiality when the patient is an adolescent?

Doesn't the law require we tell parents these things?

How will you strategize what happens next, e.g., sending a test while the girl waits, but not telling the mom what has been done?

What if her mother asks what tests you are doing?

Is it ever appropriate to violate the duty of confidentiality? If so, under what conditions?

What are some examples where breaking the rule of confidentiality might be justified?

What about harm to self? Is your feeling that the adolescent might harm herself or that she might later regret her decision sufficient reason to break the rule of confidentiality?

If you decide you must break confidentiality, what are your obligations to the adolescent patient?

If you decide to maintain the confidentiality of your adolescent patient, what are some of the ways confidentiality may not be maintained?

Conclusion With Suggestions

Confidentiality and Adolescents

Also in This Section…

Confidentiality in Health and Social Care

What is Confidentiality in Health and Social Care?

Why is Confidentiality Important in Health and Social Care?

What Legislation Relates to Confidentiality in Health and Social Care?

Benefits of Confidentiality in Health and Social Care

Confidentiality Policy in Health and Social Care

Examples of Confidentiality in Health and Social Care

How to Maintain Confidentiality in Health and Social Care

When Can You Break Confidentiality in Health and Social Care?

Sharing Information and Managing Confidentiality in Health and Social Care

Breach of Confidentiality in Health and Social Care

Maintain Confidentiality in Health and Social Care

Related Reading

Fall Risk Assessment in Social Care

Best EHR System

Internet explorer is no longer supported

A Guide to Confidentiality in Health and Social Care

Principles of Clinical Ethics and Their Application to Practice

Highlights of the Study

Introduction

Ethics, Morality, and Professional Standards

Bioethics and Clinical (Medical) Ethics

The Fundamental Principles of Ethics

Beneficence

Nonmaleficence