Confidentiality

Patients need to be able to trust that physicians will protect information shared in confidence. They should feel free to fully disclose sensitive personal information to enable their physician to most effectively provide needed services. Physicians in turn have an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient.

  1. Restrict disclosure to the minimum necessary information; and
  2. Notify the patient of the disclosure, when feasible. Physicians may disclose personal health information without the specific consent of the patient (or authorized surrogate when the patient lacks decision-making capacity):
  3. To other health care personnel for purposes of providing care or for health care operations; or
  4. To appropriate authorities when disclosure is required by law.
  5. To other third parties situated to mitigate the threat when in the physician’s judgment there is a reasonable probability that:
    1. the patient will seriously harm him/herself;
    2. the patient will inflict serious physical harm on an identifiable individual or individuals.

    For any other disclosures, physicians should obtain the consent of the patient (or authorized surrogate) before disclosing personal health information.

    AMA Principles of Medical Ethics: III, IV, VII, VIII

    Council Reports

    Ethics Cases & Legal Briefs

    Related Opinions

    Opinion 2.3.1

    Electronic Communication with Patients

    Electronic communication can raise special concerns about privacy and confidentiality, particularly when sensitive information is being conveyed. Physicians using electronic communication hold the same ethical responsibilities to patients as they do during other clinical encounters.

    Opinion 3.1.1

    Privacy in Health Care

    Respecting patient privacy is a fundamental expression of respect for patient autonomy and a prerequisite for trust. Patient privacy includes personal space (physical privacy), personal data (informational privacy), personal choices, including cultural and religious affiliations (decisional privacy), and personal relationships with family members and other intimates (associational privacy). Physicians must seek to protect patient privacy in all settings to the greatest extent possible.

    Opinion 3.2.2

    Confidentiality Postmortem

    In general, patients are entitled to the same respect for the confidentiality of their personal information after death as they were in life, with a few exceptions. Physicians have a corresponding obligation to protect patient information, including information obtained postmortem.

    Opinion 3.2.4

    Access to Medical Records by Data Collection Companies

    Information gathered and recorded in association with the care of a patient is confidential. Disclosing information to third parties for commercial purposes without consent undermines trust, violates principles of informed consent and confidentiality, and may harm the integrity of the patient-physician relationship.

    Opinion 3.3.2

    Confidentiality & Electronic Medical Records

    Information gathered and recorded in association with the care of a patient is confidential, regardless of the form in which it is collected or stored.

    Opinion 4.1.3

    Third-Party Access to Genetic Information

    Patients who undergo genetic testing have a right to have their information kept in confidence, and a variety of state and federal laws prohibit discrimination by employers, insurers, and other third parties based on genetic information.