What is Doctor Patient Confidentiality?

The Oath of Hippocrates, commonly known as the Hippocratic Oath, is sworn to by newly licensed physicians. The Oath includes the promise that “Whatever, in connection with my professional service, or not in connection with it, I see or hear, in the life of men, which ought not to be spoken of abroad, I will not divulge, as reckoning that all such should be kept secret.”  This duty to not divulge is referred to today as the concept of doctor patient confidentiality.

What Information Must Be Kept Confidential Under Doctor Patient Confidentiality?

Under the duty of doctor patient confidentiality, when a prospective or existing patient seeks the advice, care, or treatment of a physician, the doctor must keep what the patient reveals to the doctor in confidence. The duty of confidentiality also covers what doctors may independently conclude or form an opinion about, based on their having examined or assessed patients.

Doctor patient confidentiality covers all medical records (e.g., x-rays, lab reports), all communications between patient and doctor, and communications between the patient and other professional staff working with the doctor. Under doctor patient confidentiality, a doctor cannot divulge any medical information about the patient to third persons without the patient’s consent. 

Are there Exceptions to Doctor Patient Confidentiality?

There are several exceptions to this rule requiring doctor patient confidentiality.  A doctor is generally permitted to divulge confidential information if that information is at issue in a lawsuit. In addition, if a patient tells a doctor that the patient intends to cause immediate harm to another person, the doctor may be required to warn the person who is threatened with harm.

The “immediate harm” exception to doctor patient confidentiality was established in the well-known case of Tarasoff v. Regents of California. In that case, UC Berkeley student Tatiana Tarasoff began dating fellow student Prosenjit Poddar. Eventually, Ms. Tarasoff told Mr. Poddar that she was not interested in a serious relationship. They then stopped dating.

Poddar then underwent a severe emotional crisis, going so far as to contact Tarasoff and tape-record their conversations so he could try to find out why she did not love him. Eventually, Poddar sought psychological help at Berkeley. He confided, to a Berkeley psychologist that he intended to kill Tarasoff. The psychologist did not inform Tarasoff or her parents about the threat. Several weeks later, Poddar carried out the plan he had confided to the psychologist. Poddar stabbed and killed Tarasoff. Tarasoff’s parents then sued the psychologist and the university for failure to warn them of the threat. The parents argued that had they or their daughter known of the threat, steps could have been taken to protect her. The psychologist and the university, on the other hand, argued that the threat was protected under doctor patient confidentiality.

The case worked its way up to California’s highest court, the California Supreme Court. The California Supreme court found that a mental health provider has a duty not just to the patient, but also to people whom the patient specifically threatens. The court stated that doctor patient confidentiality must yield, to the extent to which disclosing confidential information is necessary to avert danger to others. 

Since Tarasoff was decided in 1976, ⅔ of the states now impose a “duty to warn” on physicians when a patient confides he or she intends to immediately harm a specific person. 11 states allow a doctor to warn the patient, but do not require that the doctor do so.

How Long Does Doctor Patient Confidentiality Last?

Doctor patient confidentiality continues even after a patient has stopped seeing or being treated by that particular doctor. Doctor patient confidentiality also survives the death of a patient. That means if the patient passes away, his or her medical records and information are still protected by doctor-patient confidentiality.

What is the Difference Between Doctor Patient Confidentiality and the Privacy Rule?

The HIPAA Privacy Rule gives patients the right to keep certain health information called protected health information (PHI), private. 

Privacy deals with rights, while confidentiality deals with obligations. Patients who disclose PHI to healthcare providers have the right to ensure its privacy.  Patients waive privacy rights by giving written authorization permitting use or disclosure of PHI. Confidentiality refers to the duty, or obligation, of anyone entrusted with health information to keep that information confidential unless a patient consents to the doctor divulging the information.

What is the Difference Between Consent and Authorization?

The Privacy Rule permits, but does not require, a covered entity, voluntarily, to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and healthcare operations. Covered entities that do so have complete discretion to design a process that best suits their needs.

By contrast, an “authorization” is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or healthcare operations, or to disclose protected health information to a third party specified by the individual.

See How It Works