Careful consideration of the ethical implications is required before patient information should be shared without the patient's knowledge.
Routine and apparently uncontroversial releases of information can be perceived as problematic by patients.
The ethics of such "ordinary" breaches of confidence can be explored by considering the patient's autonomy, the patient's best interests, and the public interest in preserving or breaching confidentiality.
Patient autonomy can be supported and ethical problems may be avoided when patients are given as much information as possible about foreseeable information disclosures.
With recent amendments to the Privacy Act 1988 (Cwlth), there is both increased awareness of and sensitivity about disclosure of health information among users of healthcare services. Traditionally, the greatest ethical concerns about breaches of confidentiality have arisen in situations in which third parties are involved: for example, when not disclosing information about a patient's sexually transmitted disease may mean that the patient's partner is at risk of significant harm. However, in other situations, health professionals and administrators make decisions to disclose information about patients because it seems to be in the patient's best interests to do so.
We explore here the ethical implications of a number of relatively mundane cases in which information about patients was disclosed without the patient's consent, for reasons related primarily to the patient's best interests. The cases described are examples of "ordinary" instances in which information may be shared without seeking a patient's consent, in contrast with the more dramatic examples that are reported in the popular press from time to time.
The case studies are part of a larger (unpublished) study on confidentiality issues conducted in 2001 by one of us (E C M) with ethical approval from the Social and Behavioural Sciences Research Ethics Committee of the Flinders University of South Australia. (The methodology of the study was similar to that of an earlier study conducted in 1999.1) Interviewees were recruited during a population survey, in 2001, of 3037 randomly selected South Australian adults. Interviews were conducted by E C M. We present here short extracts from interviews with three of 24 survey respondents who reported that a doctor or a health service had released information without obtaining their permission. The content of the interviews has been edited to protect the anonymity of the interviewees and to remove repetition.
Ms X: I'm not really complaining much about it, because it was for my own benefit. I had a study done which showed I have a very rare malformation. My specialist said, "I've shown a few people your photos". So he had obviously got a lot of opinions on it. He was lost, because it was so rare that there had only been one other case like this in Australia before. He did not know what to do and he kind of showed around my photos, had a bit of a get-together, and showed as many people as he could, to ask what to do.
Mr Y: I am a patient in a special unit where the staff have a meeting every week. They discuss the test results and whatever they want to discuss. You sort of find out along the way. They don't tell you what goes on, but you get second-hand information. The nurse will come back and say, "At the meeting the doctor said this . . .". I don't like them discussing me behind my back, but I also think it is a good idea for communication and for them to nut things out.
Ms Z: I changed to a new GP, and he was able to access the results of tests that my previous doctor had done via the computer. I was very surprised that information that one doctor had was available on the computer for another doctor. He did not ask me if that was okay; he did not explain to me; he just said "I'll check what the tests were"... and I was just really surprised and wondered what else was freely available for everybody to read. Having come from an abusive background, I'm very touchy about anything like that going on ... and about being traced. I wasn't sure of how he did it — obviously the second doctor was able to tap into the files of the company that did the tests. His assumption was that I was just ready to trust him and feel okay about what he was doing, but I'm not that kind of person; I'm very sceptical.
The duty of confidentiality requires that doctors keep secret the information they are given by patients and/or that they discover or learn about patients through their professional interactions.2 By that definition, each of the three scenarios constitutes a breach of confidentiality. Regardless of whether the breaches were justifiable or not, the scenarios demonstrate how routine and apparently uncontroversial releases of information can be perceived as problematic by patients.
It benefits patients by providing a secure environment in which they are most likely to seek medical care and to give a full and frank account of their illness when they do;
It supports public confidence and trust in healthcare services more generally;
It expresses respect for patients' autonomy: people have a right to choose who will have access to information about them, and a rule of confidentiality for medical practitioners reassures patients that they can determine who will be privy to their secrets.
These are three robust arguments for maintaining confidentiality, but there are some circumstances in which breaches of confidentiality are permissible, and sometimes even necessary.
Some commentators have argued that breaches of confidentiality are a normal part of contemporary healthcare. Some have gone so far as to label confidentiality a "decrepit concept", as the sharing of information has become ubiquitous within healthcare teams.5,6 In contrast, Justice Michael Kirby has rejected the notion that a loss of privacy is simply the inevitable result of accepting the advantages of electronic record-keeping. He has argued instead for a renewed commitment to the value of privacy.7
Even if they are part of contemporary healthcare, such "routine" breaches of confidence should not be accepted unthinkingly. Breaching confidentiality in these situations may be justifiable if it is the best or only way in which the patient's best interests can be served.
In Case 1, Ms X recognised that her specialist had passed on information about her and discussed her condition with other clinicians in order to secure the best care for her. However, the specialist could have asked Ms X if she was happy for him to discuss her case with other clinicians. Had he done so, he would have both respected Ms X's right to control access to information about herself and acted in her best interests.
Cases 2 and 3 raise rather more complex issues than can be solved by a simple question to the patient.
In Case 2, Mr Y recognises that team meetings improve the quality of his care, but is not satisfied by this and has continuing concerns.
The unit staff responsible for Mr Y's care can offer at least two arguments in defence of their conduct. First, they might suggest that, when he decides to receive his care in a hospital outpatient setting, Mr Y tacitly gives consent for information about him to be shared among members of the treating team. It is probably reasonably obvious that such sharing takes place — after all, in the course of Mr Y's treatment a range of staff will be involved, not all of whom he will meet personally. In addition, as staff changes occur reasonably frequently in hospitals, Mr Y's care is likely to be monitored by a changing array of health professionals over time. It may not be practicable for individual patients to know exactly who is involved in every aspect of their care at all times.
Second, it can be argued that it is not just Mr Y's quality of care that is at stake here. Team meetings and case conferences are important quality assurance mechanisms, and their impact can be felt beyond the patient being discussed. Other patients in the clinic will also benefit when regular case reviews are carried out, as will the students and staff who derive benefit from the learning opportunities presented by case conferences. Mr Y's anxiety might well have been alleviated had he known a little more about how a large hospital is run and how this may affect his care. Some hospitals do provide brochures outlining the likely range of people who will need to access patients' health records and who may be involved, even tangentially, in their care.
In Case 3, it is reasonable to ask whether Ms Z's test results should be in a databank that can be accessed by doctors other than the one who originally ordered the tests. It is likely to save Ms Z time, inconvenience, money and even discomfort if previous results can be accessed quickly by her current treating doctor. However, Ms Z's concerns are not really related to the test results, but rather to other information about her past. Given her history, she has good reason to fear unauthorised disclosure of information.
In Ms Z's case, judging what is really in her best interests is obviously important. It is true that openness can often benefit patients, allowing more accurate diagnosis, more appropriate treatment, or better support in distressing situations. It is also true that the risks associated with disclosure to the wrong people are significant for Ms Z. From two ethical perspectives — respecting Ms Z's right to privacy and acting in her best interests — it is difficult to justify the breach of confidentiality that occurred.
The doctors (and the pathology company) involved in Ms Z's care might offer similar arguments to those offered by Mr Y's treating team, but they do not withstand scrutiny. First, it is unlikely that a patient consenting to pathology tests could be taken to be giving her implied consent for an undisclosed number of doctors to access her results in the future. Second, there are no clear and compelling reasons why other patients, or society in general, would benefit if test results such as these were accessible without explicit consent.
Sharing information between members of the treating team, or between different treating practitioners, is a common and necessary practice in the delivery of healthcare. At the same time, all transfers of information without the knowledge of the patient require careful ethical consideration.
Patients should be given as much prospective information as possible concerning the types of people to whom their health information may subsequently be disclosed. This advice will reduce the number of situations in which implicit consent for routine information transfers is relied upon. If a patient has not been advised that his or her information will be disclosed, clinicians need to satisfy themselves that they are acting in the individual patient's best interests and that broader social benefits outweigh the social cost of compromising confidentiality.