Correct Patient Privacy and Confidentiality Violations

Article excerpt

How easy is it to violate patient privacy and confidentiality in a practice setting? Very easy. Such violations usually are unintentional and occur because of a preoccupation with the task at hand.

The concept of privacy and confidentiality is basic to medicine. It is often violated, however, thereby exposing physicians to legal, Health Insurance Portability and Accountability Act (HIPAA) and moral concerns.


Confidentiality means that you cannot share a patient's information with any other person in either verbal or written form. Information learned during the course of treatment that is material to that treatment is protected by confidentiality laws. Disclosure of such information could be construed as a breach of a patient's privacy.

Doctor-patient privilege means that a patient's information is protected and cannot be obtained by any third party. Although you own the records, the patient owns the privilege, A patient must waive the privilege before you can release records or discuss his or her case with others.

A patient, rightfully, does not want or expect his or her personally identifiable health information to be shared with others. But in your office, you never know who is listening. It could be a friend, a relative, or a reporter. If a patient authorizes a third party to be present, however, then the privilege regarding that third party is waived.

Patients have the right to sue you if you violate their privilege and they are damaged as a result In one example, a patient's employer heard from a physician that an employee had AIDS and, as a result, fired the employee/patient The doctor was sued and lost.


Federal HIPPA laws are superimposed on state confidentiality laws. Federal laws usually supersede state laws, but state law still may prevail if it is more strict.

HIPAA protects all personally identifiable health information. It includes all information that identifies, or could reasonably be used to identify, a patient regardless of medium employed. Although originally envisaged as a regulator of electronic health records (EHR), it applies to paper records and verbal communication as well.

HIPAA allows the transfer of personally identifiable health information without a patient's consent in three circumstances: for treatment payment and healthcare operations.

Although HIPAA regulations often are burdensome, they help clarify some issues for physicians. Before HIPAA, patients had no specific waiver that allowed physicians to share information, yet good practice and avoidance of malpractice dictate the abundant sharing of information. This conundrum for the physician is now resolved.

HIPAA also adds more penalties. Patients can still sue, but they can also complain to the federal government The government can investigate and can impose fines.


Privacy lapses may be intentional or unintentional. Most lapses are avoidable with care. They are often the result of preoccupation with other tasks at hand. Privacy comes up in all aspects of patient care, from making the appointment through the office visit testing, and/or surgery. No areas of an office are exempt from possible violations.

Many inadvertent and often seemingly harmless violations of patient privacy occur in the office setting on a day-to-day basis. Some of the causes of those violations:

Office design. Privacy should be a concern as you plan the design of your office. It is common to sit in a doctor's office and hear everything the physician is saying to the patient in the next room, either through the wall or a door that is left open.

New facility. If you are just starting a practice or moving into a new facility, make it a priority to ensure confidentiality at all times. When building a new office, bring up the topic of privacy during the design stage. It is much easier to plan ahead than correct a problem later. …