Confidentiality Notes

Introduction

Learning Objectives: Understand the role of confidentiality within the medical context

Learning Goals:

What establishes a breach of confidence or privacy?

What justifies a breach of confidence or privacy?

Central Issues:

Two reasons why it is important for doctors to respect patient confidentiality: (1) information about health is private, and the patient should have the right to control who has access to it; (2) without an assurance of confidentiality, a patient might withhold information and this may prevent proper diagnosis/treatment

The legal duty of confidentiality is not absolute. The reality of modern medical treatment is that patient information will be shared among a team of health care professionals. Information can also be disclosed where the public interest in disclosure outweighs the public interest in respecting confidentiality

Genetic information raises a number of complex issues in relation to confidentiality

Why respect confidentiality

Origins of confidentiality

Unlike patient autonomy, patient confidentiality has its origins in the Hippocratic oath.

Justifications for confidentiality

Both deontological and teleological reasoning can be used to justify the existence of a duty of confidence between doctors and patients. Deontological arguments would emphasis the patient’s right to privacy and their interest in controlling access (protection of liberty i.e. patient’s right to privacy, dignity etc.). Here, there is a division between privacy as constituting either the protection of informational secrecy, or the protection of informational control. There is a further deontological argument from the perspective of the doctor’s conscience (which stems largely from the Hippocratic oath). However, deontological arguments can also be made to justify a weakening of the duty: e.g. patient’s who don’t share data are free-riding and this individualistic approach to autonomy is in conflict with the relational nature of society).

The consequentialist approach would justify confidentiality from the fact that good medical care depends on patients being open and honest with their doctors. In this regard, there is evidence that patients are unlikely to be candid with their doctors if their confidentiality was not protected. Similarly though, consequentialist reasoning can be used to justify a weakening of the duty: e.g. data sharing is necessary to improve public health and medical research.

In light of these tensions, obviously an absolute duty of confidentiality cannot be compatible with the realities of medical treatment, and in this sense, the law does recognise situations where the duty of confidentiality may be breached. This is made all the easier (and arguably, all the more difficult to ensure that confidentiality is not arbitrarily breached) by advances in technology. At the same time, it is unrealistic to think that patients want their medical information to be kept secret from the whole world; they may very well want to share it with people who can help them or help others.

The law in this area is not well-structured. This owes to a number of factors: (1) the duty of confidentiality exists in a number of different contexts; (2) remedies available for a breach of the duty do not incentivise litigation.

Remedies

If a patient discovers an impeding breach of confidence, they can apply for an injunction. If the disclosure has already taken place, they can sue in negligence or defamation if there is damage. If there is no damage (feelings or reputation wise), then it is unlikely for there to be any remedy, although damages were awarded in Cornelius v De Taranto for the disclosure of a psychiatric report which contained potentially defamatory statements.

Duty of confidentiality

At common law

At common law, as explained by Lord Goff in the Spycatcher case, the duty of confidentiality arises when confidential information comes to the knowledge of the confidant in circumstances where he has notice, or is held to have notice that the information is confidential, with the effect that it would be just in all the circumstances that he should be precluded from disclosing it to others. In other words, the duty will exist where the nature of the information itself makes it confidential, and the circumstances in which it was received makes it confidential. The duty will be breached where it would be unjust or detrimental to the individual if (a material part of) the information was disclosed to others without their consent for a purpose inconsistent with that which the information was originally disclosed.

Lord Goff goes on to say that the duty of confidentiality is subject to three limiting principles (these effectively go to its scope): (1) the information must be confidential not itself not available in the public domain (although this raises questions around how much one needs to be put in the public domain for the duty to be extinguished, and the level of generality of information available in the public domain); (2) there is no duty re information that is useless or trivial (this raises questions about what is trivial or useless); (3) there exists no weightier public interest in its disclosure. The first two limiting principles deny that a duty of confidentiality exists, whereas the latter overrides it.

In the medical context, the situation is generally quite clear: medical information is generally the kind which is treated as confidential, and the doctor-patient relationship is generally one in which a duty of confidence arises (see e.g. W v Egdell). An alternative way of looking at it would be to say the duty of confidentiality is a subset of the doctor’s duty of care. This will only be a material alternative if the patient suffers some kind of harm as a result of negligent disclosure.

It is usually assumed the duty is owed to the patient. However, health care providers might also have an interest in ensuring the confidentiality of their patient records. In Ashworth...

Buy the full version of these notes or essay plans and more in our Medical Law Notes.