Trust is the basis of the patient- doctor relationship. It allows patients to share important and sensitive information with the doctor to enable the latter to provide appropriate care for the patient.
Since time immemorial, the patient has had a right to expect non-disclosure of personal information obtained during the course of a doctor’s professional duties, unless consent is given.
The professional duty of confidentiality covers not only what a patient may reveal to a doctor, but also what the doctor may independently conclude or form an opinion about.
Doctors cannot divulge a patient’s medical condition, even to the latter’s closest family members without consent, no matter how much they may want to.
In complying with this duty, doctors sometimes face tricky situations, as the duty of confidentiality is not absolute, with situations where it may be legally and ethically breached.
Recent disclosure by the police of a person’s health information and its publication by the print and electronic media raises concerns. Some of the issues involved are considered below.
The right to privacy is entrench-ed in and protected by international human rights law, e.g. Article 12 of the Universal Declaration of Human Rights.
Although the Federal Constitu-tion does not expressly provide for the right to privacy, this right is provided for in the Penal Code, Private Health Care Facilities and Services Act and Regulations, Communications and Multimedia Act, Personal Data Protection Act and case law.
Section 107 of the Private Health Care Facilities and Services Act provides for regulations on matters relating to patients’ rights with regards to the healthcare services provided by any healthcare facility or service, including patients’ privacy, confidentiality of information and access to patients’ medical reports and records.
The Private Health Care Facilities and Services Regulations state explicitly that it is the responsibility of a private healthcare facility or service, or custodian of a patient’s medical records, to maintain confidentiality of such records in its possession.
Malaysia, together with many countries (e.g. Hong Kong, Austra-lia, New Zealand, Canada and those in the European Union), have data protection legislation.
The Personal Data Protection Act has several provisions prohibiting the disclosure of personal data without the consent of the affected person.
The Malaysian Medical Council (MMC) has specific provisions for confidentiality.
A doctor who has been found guilty of a breach of confidentiality after an inquiry, will be subject to disciplinary punishments provided under the Medical Act.
The MMC’s Code of Professional Conduct states, “A practitioner may not improperly disclose information which he obtained in confidence from or about a patient.”
This is amplified in the MMC’s guideline, Duties of a Doctor, comprising Good Medical Practice and Confidentiality, which affirms the patient’s right to expect confidentiality. Although confidentiality is an important duty, it is not absolute.
The MMC’s guideline on Confidentiality (Source: www.mmc.gov.my) states: “A practitioner can disclose personal information if it is required by law; the patient consents – either implicitly for the sake of their own care or expressly for other purposes; or it is justified in the public interest.
“When disclosing information about a patient, the practitioner shall:
(a) use anonymised or coded information if practicable and if it will serve the purpose
(b) be satisfied that the patient: (i) has ready access to information that explains that their personal information might be disclosed for the sake of their own care, or for clinical audit, and that they can object; (ii) has not objected
(c) get the patient’s expressed consent if identifiable information is to be disclosed for purposes other than their care or clinical audit, unless the disclosure is required by law or can be justified in the public interest
(d) keep disclosures to the minimum necessary, and
(e) keep up to date with, and observe, all relevant legal requirements, including the common law and data protection legislation.”
Doctors who are responsible for confidential information have to ensure that the information is effectively protected against improper disclosure when it is disposed of, stored, transmitted or received.
When patients give consent for disclosure of information about themselves, the doctor has to ensure that they understand what will be disclosed, the reasons for disclosure and the likely consequences.
The doctor has an obligation to respect requests by patients that information should not be disclosed to third parties, except in exceptional circumstances, e.g. when the health or safety of others would otherwise be at serious risk.
The doctor can only disclose such relevant confidential information for a specific purpose.
The doctor’s duty of confidentiality exists not only within the patient-doctor relationship, but also after the patient’s death.
In cases of disclosures to courts or in legal proceedings, the MMC’s guideline states explicitly: “The practitioner shall disclose information if ordered to do so by a judge or presiding officer of a court.
“The practitioner shall object to the judge or the presiding officer if attempts are made to compel him or her to disclose what appears to be irrelevant information, such as information about a patient’s relative who is not involved in the proceedings.
“The practitioner shall not disclose personal information to a third party such as an advocate or solicitor, police officer or officer of a court without the patient’s expressed consent, unless it is required by law or can be justified in the public interest.”
Breach of confidentiality
Confidentiality is breached when there is disclosure to a third party of information learnt about a patient without his/her consent or court orders.
It is immaterial whether the disclosure is oral or written, by telephone or facsimile, or electronic, e.g. e-mail, short message service (sms) or social media.
Breaches of confidentiality have an impact on a patient’s personal and social life, as well as employment. The impact is greater in the case of disclosure of psychiatric conditions, communicable diseases like HIV/AIDS, hepatitis B, etc.
Even disclosure and publication of common conditions (e.g. pregnancy) can impact on the individual.
Patient confidentiality is a sine qua non for good medical practice. Appropriate care can only be provided if patients are assured that personal information is kept confidential.
Everyone involved in the provision of healthcare has a role to play in ensuring patient confidentiality.
Patients should take charge by insisting that their right to confidentiality be respected.
Those in authority and the media who are contemplating disclosing or publishing a person’s health information should ask themselves what their response would be if their own personal health information is similarly disclosed.
Putting it another way, is it acceptable to them for the public to know that they have conditions like sexually transmitted infections, depression, anxiety or even pregnancy in a single woman?
Everyone should respect another person’s health information.
Dr Milton Lum is a past president of the Malaysian Medical Association. The views expressed do not represent that of any organisation the writer is associated with. The information provided is for educational and communication purposes only and it should not be construed as personal medical advice. Information published in this article is not intended to replace, supplant or augment a consultation with a health professional regarding the reader’s own medical care. The Star disclaims all responsibility for any losses, damage to property or personal injury suffered directly or indirectly from reliance on such information.