eMJA     The Medical Journal of Australia

Home | Issues | eMJA shop | My account | Classifieds | Contact | More... | Topics | Search   

→ See also "Sharing patient information between professionals: confidentiality and ethics"

→ Next article in this issue

→ Contents list for this issue

→ More articles on Law

→ More articles on Ethics

→ Download a pdf version of this article

→ Search PubMed for related articles

Editorials

Confidentiality and privacy: beyond legal duties

Colin JH Thomson
MJA 2003 178 (6): 252-253

Building a patient's trust is just as important as following the letter of the law

The cases and discussion in the article by Braunack-Mayer and Mulligan in this issue of the Journal (page 277)1 provide informative examples of legal and ethical dimensions of confidentiality and privacy in doctor–patient relationships. It is important to clarify the foundations and scope of both legal and ethical duties.

In law, information provided to a medical practitioner by a patient becomes subject to a statutory duty to protect the patient's privacy and a common-law duty of confidence owed by the medical practitioner to the patient.

*A failure to fulfil this duty is not an offence, although it can be the foundation of a complaint to the Office of the Privacy Commissioner. Privacy Act 1988 (Cwlth), section 36.

†There is specific legislation in the Australian Capital Territory (Health Records [Privacy and Access] Act 1997), New South Wales (Privacy and Personal Information Protection Act 1998) and Victoria (Health Records Act 2001), and other States are actively considering such legislation, including New South Wales in relation to health information.

Statutory duty. The statutory duty* varies according to whether federal or state legislation applies. The federal Privacy Act 1988 applies to health information used by a private organisation and permits use or disclosure of such information without the patient's consent in a specified list of circumstances.2 Those that relate to the examples given by Braunack-Mayer and Mulligan are (a) disclosure for purposes directly related to the purpose of collection in ways that the patient would reasonably expect;3 and (b) disclosure that is reasonably believed to be necessary to prevent or lessen a serious and imminent threat to a person's life, health or safety.4 The scope of the statutory duty is not yet clear, as guidelines5 and public interest determinations6 issued by the Federal Privacy Commissioner indicate.

Common-law duty. The common-law duty arises from a contract between patient and doctor or the presumption that the relationship is one of a class to which the law attaches that obligation. The duty is said to encourage patients to disclose full information so that medical practitioners can provide effective healthcare, a basis for a public interest in such duties of confidence.7 Correctly understood, it is not a duty to keep all information secret, but a duty to use the information only for the purposes for which it was provided and not for any other purpose.8

Medical ethics. In ethics, the duty of confidence in medical practice has strong historical origins in formal statements of medical ethics. Different translations of the Hippocratic oath recognise that the duty applies only to some and not to all information. These statements include "what should not be published abroad",9 "things shameful to be spoken about",10 and "things that should never be blurted out".11 Thus, its scope can be described by reference to the purpose of the disclosure.12 The justifications for this duty include a respect for patient autonomy and an expression of the professional virtue of fidelity.13

In Cases 1 and 2 presented by Braunack-Mayer and Mulligan, Ms X's and Mr Y's information was clearly provided for the purpose of providing diagnosis, advice and/or treatment to them. Their doctors' uses of that information to clarify a diagnosis, confirm decisions about treatment or seek additional advice could fairly be described as uses for that same purpose. As such, those uses would not be breaches of the common-law duty of confidentiality. However, the particular use described in Cases 1 and 2 may not conform to the Privacy Act, as it seems clear that neither Ms X nor Mr Y reasonably expected that use of their information. (There is no suggestion that the disclosure was reasonably necessary to prevent or lessen a serious and imminent threat to their life, health or safety.)

The legal and ethical implications of access to Ms Z's test results in Case 3 are less clear, because of the involvement of two medical practitioners and the lack of explanation as to how the second doctor had access to the test results. Clarification of these details is important. However, if there was an explanation of access, it is clear that the information was used for the purpose of diagnosis and treatment, the purpose for which it was provided. Ms Z's being unaware of that use remains relevant for the Privacy Act.

Thus, the common-law duty of confidence may not have been breached by any of the doctors in the three cases. The statutory duty to protect privacy may have been breached, depending on clarification of some uncertainties of interpretation. However, what remains important is that the patients all plainly felt that their information had been used in ways that surprised or troubled them. It could be said that the patients thought that an ethical duty had been breached.

It seems there were two main causes for their concern, both of which have ethical importance. First, they did not know about (and did not feel that they had consented to) the way their information was used, and, second, that use diminished their trust in their doctors.

Consent that is based upon an adequate and clear disclosure of how information will be used is the best response to the first cause of concern. Being given that information and, in turn, giving consent also respects a patient's autonomy. Routine advice as to whom a patient's information will be disclosed in the course of using it for diagnosis and treatment will probably also meet the requirements of the Privacy Act.3 Further, patients can, by their consent, agree to wider uses or disclosures of their information.

As to the second cause of concern, acting in order to generate and maintain a patient's trust is the best response. In doing so, a doctor expresses the virtue of fidelity. This lies at the foundation of the doctor–patient relationship: it extends beyond merely keeping promises (eg, to maintain confidentiality) and speaks to character and the establishment, and not the assumption, of a relationship of trust.14

The authors are correct to identify the ethical importance of attending carefully to patients' awareness of and understanding about how their information is used. Exceeding minimal legal duties by doing more than merely making patients aware of how their information will be used is important to building trust and to providing effective healthcare.

→ See also "Sharing patient information between professionals: confidentiality and ethics"

  1. Braunack-Mayer AJ, Mulligan EC. Sharing patient information between professionals: confidentiality and ethics. Med J Aust 2003; 178: 277-279.<eMJA full text>
  2. Privacy Act 1988 (Cwlth), section 14. National Privacy Principle 2. Available at: http://www.privacy.gov.au/publications/npps01.html#b (accessed Feb 2003).
  3. Privacy Act 1988 (Cwlth), section 14. National Privacy Principle 2.1(a).
  4. Privacy Act 1988 (Cwlth), section 14. National Privacy Principle 2.1(e).
  5. Guidelines on privacy in the private health sector. Office of the Federal Privacy Commissioner, November 2001. Available at: http://www.privacy.gov.au/health/guidelines/index.html#1 (accessed Feb 2003).
  6. Temporary Public Interest Determination No. 2001-1. Office of the Federal Privacy Commissioner, 22 July 2002. Available at: http://privacy.gov.au/publications/tpid2001_1med.pdf (accessed Feb 2003).
  7. A-G v Guardian Newspapers Ltd (No 2) [1988] 3 WLR 776 at 807, per Lord Goff.
  8. Hamblin J, Bell D. Confidentiality. In: Golden J, Grozier D, editors. The laws of Australia. Sydney: The Law Book Company Limited, 1994: Part 20.7, para [6].
  9. Hippocrates. Jones WHS, translator. The Loeb Classical Library. Cambridge: Harvard University Press, 1923: 164-165.
  10. Edelstein L. From the Hippocratic oath: text, translation and interpretation. Baltimore: Johns Hopkins Press, 1943.
  11. von Staden H. In a pure and holy way: personal and professional conduct in the Hippocratic oath. J Hist Med Allied Sci 1998; 51: 406-408.
  12. Campbell A, Charlesworth M, Gillett G, Jones G. Medical ethics. Melbourne: Oxford University Press, 1998: 23.
  13. Beauchamp TL, Childress JF. Principles of biomedical ethics. 5th ed. New York: Oxford University Press, 1994: 418-424.
  14. Pellegrino ED, Thomasma DC. The virtues in medical practice. New York: Oxford University Press, 1993: 65-78.

(Received 24 Dec 2002, accepted 6 Feb 2003)

Faculty of Law, University of Wollongong, Wollongong, NSW.

Colin JH Thomson, BA LLB LLM, Associate Professor; and Consultant in Health Ethics, National Health and Medical Research Council.

Reprints: Associate Professor Colin J H Thomson, Health Ethics Section, National Health and Medical Research Council, GPO Box 9848 MDP 100, Canberra, ACT 2601. colin.thomsonATnhmrc.gov.au

AntiSpam note: To avoid spam, authors' email addresses are written with AT in place of the usual symbol, and we have removed "mail to" links. Replace AT with the correct symbol to get a valid address.

©The Medical Journal of Australia 2003 www.mja.com.au Print ISSN: 0025-729X Online ISSN: 1326-5377

Home | Issues | eMJA shop | My account | Classifieds | More... | Contact | Topics | Search

The Medical Journal of Australia    eMJA