CONFIDENTIALITY Privacy and confidentiality are cornerstones of the doctor-patient relationship. Patients must feel comfortable disclosing all relevant information, most of which is highly sensitive in nature (bodily functions, physical, sexual activities, medical history etc.). With this information, doctors can then provide the proper diagnosis and treatment. Medical privacy encourages patients to seek information and support to fully understand and evaluate their options, so that they can make the most informed medical decisions. It promotes individual autonomy, by sheltering those seeking morally controversial medical care from outside criticism and interference with decisions. The disclosure of personal health information has the potential to be embarrassing, stigmatizing or discriminatory. Furthermore, denial of access to treatment and various goods such as employment, life, and medical insurance, could be placed at risk if the flow of medical information were not restricted. Privacy violations in healthcare mainly occur as a result of human error, theft, compromises to electronic systems and inaccurate access controls. This includes: • • • • • • •
Disclosure of personal health information to third parties without consent. Inadequate notification to a patient of a data breach. Unlimited or unnecessary collection of personal health data. Collection of personal health data that is not accurate or relevant. The purpose of collecting data is not specified. Refusal to provide medical records upon request by client. Provision of personal health data to public health, resear ch, and commercial uses without de-identification de-identifi cation of data and improper security standards, storage and disposal
However, there are certain situations where disclosure of personal health information, is permissible, for example: •
• • • •
Public safety (e.g. Disease registration, communicable disease investigations, Drug adverse event reporting Shared confidentiality (e.g. during referral to another doctor). When required by law. Medical research (e.g. vaccination studies). Administration of justice (e.g. specific provisions of malpractice cases, Workmen’s compensation cases, consumer protection cases, or for income tax authorities).
LEGISLATION
Laws are dynamic, in that they reflect the societal attitude at a particular period and are enacted to control the behavior and practice of the society.vi society.vi Recent Recent examples include the the enactment of The Persons with Disabilities Act to empower, promote equality and participation of persons with disabilities, The Pre-Natal Diagnostic Techniques Act to curb female feticide and The M edical Council of India, Code of Ethics Regulations that set the professional standards for medical practice. In India, a uniform statute specifically specificall y protecting medical privacy does not exist. Health legislation in India is specific to certain health conditions including mental/physical illness, disability, communicable diseases and HIV/AIDS. Broadly speaking, the existing legal framework is weak. Additionally, recurring themes include lack of safeguards, toothless implementation, inadequate redressal mechanisms and judicial inactivity. Medical Council of India's Code of Ethics Regulations, 2002 The Medical Council of India (MCI) Code of Ethics Regulations sets the professional standards for medical practice. • Patient Confidentiality
• Written Consent
• Data Access and Retention
• Research
Publication of photographs or case studies without consent by patients is prohibited. If the identity of the patient cannot be discerned then consent is not needed. However, the method of consent, whether verbal or written, is not stated. This is peculiar as other claus es specifically state, whether verbal or written, is required.
Epidemic Diseases Act, 1897 Mental Health Act, 1987 Right to Information Act, 2005
The Right to Information Act (RTI) 2005lii entitles citizens to request and access information that is publicly available and related to public interest. Disclosure of information is restricted to information provided in a fiduciary relationship, personal information that has no relationship to any public activity or interest, or if it would case unwarranted invasion of privacy of the individual. The confidentiality standards involved in maintaining medical records of a patient, including a convict, by the Medical Council of India cannot override the provisions of the Right to Information Act. The Act, however, carves out some exceptions, including the release of personal information, the disclosure of which has no relationship to any public activity or interest or which would cause unwarranted invasion of the right to privacy. In such cases, discretion has been conferred on the concerned Public Information Officer to make available the information, if satisfied that the larger public interest justifies the Information Technology Act
The Information Technology Act, 2000lv (IT Act) provides legal recognition to any transaction, which is done by electronic way or use of Internet. It deals with the issue of data protection and privacy in a piecemeal fashion. Under the IT Act, public health is a criterion amongst others (national security, economy etc.) that determines whether information infrastructure is treated as critical. Computer resources that consist of critical information infrastructures are protected systems, for the reason t hat its destruction can have an adverse impact on national security, economy, public health or safety. This is very significant step as today IT infrastructure may also be used to manage certain services offered to public at large, destruction of which may directly affect public health and safety. Case Laws Although constitutionally recognized, the right to privacy has mainly been interpreted in judicial decisions and case law. This knee-jerk approach to privacy has resulted in an increase in public health litigation during the last two decades. Right to Privacy vs. The Right to Know Breach Of Confidence Of Patients Mr. X vs. Hospital Z In this case the plaintiff was going to marry a certain Ms. Y but the marriage was called off on the grounds of a blood test conducted at a certain hospital Y which purported that the plaintiff was HIV. The plaintiff then approached the National Consumer Disputes Redressal Commission for damages against the defendants, on the ground that the information which was required to be kept secret under medical ethics was disclosed illegally and, therefore, the defendants were li able to pay damages. The counsel for the plaintiff had contended that the principle of ‘duty of care’, as applicable to persons in the medical profession, includes the duty to maintain confidentiality and since this duty was violate d by the respondents, they are liable in damages to the appellant. A Code of Medical Ethics has been made b y the Indian Medical Council which, provides as under ‘Do not disclose the secrets of a patient that have been learnt in the exercise of your profession. Those may be disclosed only in a court of law under orders of the Presiding Judge.’ The plaintiff’s co unsel thus argued that the defendants were under a duty to maintain confidentiality on account of the code of medical ethics. However the court held that the proposed marriage carried with it the health risk to an identifiable person who had to be protected from being infected with the communicable disease from which the plaintiff suffered.
The court also uses what the General Medical Council of Britain says about HIV infection, “When diagnosis has been made by a specialist and the patient after appropriate counselling, still refuses permission for the general practitioner to be informed of the result, that request for privacy should be respected. The only exception would be when failure to disclose would put the health of the health-care team at serious risk. All people receiving such information must consider themselves to be under the same obligations of confidentiality as the doctor principally responsible for the patient's care. Occasionally the doctor may wish to disclose a diagnosis to a third party other than a health-care professional. The Council think that the only grounds for this are when there is a serious and identifiable risk to a specific person, who, if not so informed would be exposed to infection.... A doctor may consider it a duty to ensure that any sexual partner is informed regardless of the patient's own wishes.” This an explicitly clear guideline helping the court make a de cision in the defendant’s favor. The right to confidentiality, if any, vested in the plaintiff was not enforceable in that situation. As the right to confidentiality in India is because of the right to privacy under Article 21 and the cases of Kharak Singh vs. State of U.P and Govind vs. State of M.P. the court held that like all other rights this right is not absolute and subject to reasonable restrictions. The court held that if the marriage had proceeded in due course, then Ms. Y would surely have been infected with the deadly disease AIDS and then her ‘right to life’ that is, the right to lead a healthy life would be violated. Thus in the interest of public morality the court decided that the appeal of the plaintiff is without merit. Doctor patient confidentiality is held to be one of the sacrosanct rights ac cording to the Hippocratic Oath and it is codified in India in the form of the Code of Medic al Ethics by the Indian Medical Council under the Indian Medical Council Act, 1956. This bases itself on the International Code of Medical Ethics. That right is that a doctor can not divulge details of the patients being treated by him even after his death except in a court of law. According to the researchers this right is extremely important as it gives legal remedy to people wronged by medical practitioners who have violated such an important right. In India the most important case is X vs. Hospital Z as it showcases an exception to action against breach of confidentiality. It says that the right to confidentiality has some exceptions associated with it. In that case the judge states, “Circumstances in which the public interest would override the duty of confidentiality could, for example, be the investigation and prosecution of serious crime or where there is an immediate or future (but not a past and remote) health risk to others”. Here we understand that in the interests of the public override that of the specific person whose confidentiality was breached. In our view this is desirable as ‘blind enforcement’ of rights without taking into consideration public welfare does not help anybody. So the courts’ position is that this right is important and justifiable except in various situations such as in cases of public morality.
