2009 THE AUTHORS. JOURNAL COMPILATION 2009 BJU INTERNATIONAL
Medico Legal
PATIENT CONFIDENTIALITY
MARSH and REYNARD
BJUI BJU INTERNATIONAL
Patient confidentiality: ethical, legal and
regulatory responsibilities
Howard Marsh and John Reynard*
Department of Urology, Medway Maritime Hospital, Gillingham, Kent, and *Department Churchill Hospital, Oxford,
UK
Accepted for publication 5 March 2009
INTRODUCTION of men, which ought not to be spoke abroad, not normally be disclosed without the
I will not divulge, as reckoning that all such consent of the patient’ [7].
Confidentiality is fundamental to the trust should be kept secret’. The British Medical
upon which the doctor-patient relationship is Association (BMA) defines confidentiality as If a disclosure is made which is not permitted,
founded. This is recognized in the Hippocratic ‘the principle of keeping secure and secret then under the common law the patient can
oath, the UK NHS Confidentiality Code from others, information given by or about an seek redress in the law, not only against the
of Practice [1] and more recently in the individual in the course of a professional organization but also against the individual
NHS Constitution [2]. A duty to respect relationship’ [5]. responsible for the breach.
confidentiality is the subject of clear guidance
from the General Medical Council (GMC) A doctor has a duty to respect patient STATUTORY OBLIGATIONS TO RESPECT
[3], whilst the legal obligation to respect confidentiality because: (i) Information about CONFIDENTIALITY
confidentiality is determined by case law and a person’s health is private; (ii) a patient’s
enshrined in statute. willingness to provide information of (i) The Data Protection Act 1998: The Act
relevance to diagnosis and treatment is states that all personal data must be
Recent high-profile cases of lost data have founded on a guarantee of confidentiality. ‘processed . . . fairly and lawfully’. ‘Processed’
focused the spotlight on the security of means storing the information, disclosing or
centrally held personal information. Although using it. Processing of such data, without
there have so far been no high-profile cases THE LEGAL BASIS OF CONFIDENTIALITY consent, is allowed where it is necessary for
involving lost medical data, current practices medical purposes (treatment, diagnosis,
with regard to maintenance and storage of The duty to respect confidentiality is governed research) and is undertaken by a health
medical records, together with the prospect of by common law and statute. professional who has a duty of confidentiality.
a central electronic patient record [4], should Thus, the day-to-day sharing of confidential
encourage every doctor to focus their THE COMMON LAW AND CONFIDENTIALITY data contained in medical records does not
attention on ways in which they can avoid require a patient’s consent, for the obvious
sensitive information getting into the wrong Justice Boreham summarized the common reason that such a requirement would
hands. law duty to respect confidentiality in Hunter v unnecessarily complicate the process of care.
Mann [6]: ‘the doctor is under a duty not to
In this article we discuss the legal and disclose, without the consent of his [or her] (ii) The Human Rights Act 1998: Article 8 of
regulatory framework governing patient, information which he [or she], the The Human Rights Act (the right of respect for
confidentiality; provide a reference source for doctor, has gained in his professional capacity, private and family life) requires that private
the extensive literature on the law and save. . .in very exceptional circumstances’. (In information, such as medical notes, is kept
regulation of confidentiality; and offer advice the case in question, these exceptional private. It is not difficult for a patient to
on matters of relevance to daily practice, such circumstances existed. The defendant doctor establish that any disclosure of their medical
as the sending of confidential information had been asked for information that might records, without their consent, is prima facie a
by e-mail and how one should reconcile have resulted in the apprehension of a violation of Article 8. However, under Article 8
conflicting legal and regulatory guidance on, suspect wanted for dangerous driving in a the right to confidentiality is not absolute. It is
e.g. patient consent to disclosure of a medical stolen vehicle. The court held that doctor’s qualified by section [2]: ‘there shall be no
report commissioned by a third party. duty of confidentiality was overridden by the interference by a public authority with the
statutory duty imposed by the then Road exercise of this right except . . . in the interests
Traffic Act). of national security, public safety . . . for the
THE ETHICAL BASIS OF CONFIDENTIALITY prevention of crime . . . or for the protection
The document ‘NHS Information Governance’ of the rights and freedoms of others’.
The ethical basis for confidentiality is not goes further to say ‘in practice, this means
a new concept. The Hippocratic Oath that all patient information, whether held on Thus, the interests of the individual patient
states: ‘Whatever, in connection with my paper, computer, visually or audio recorded, or must be balanced against the public’s
professional practice. . .I see or hear in the life held in the memory of the professional, must interests in preventing and solving crime, in
© 2009 THE AUTHORS
164 JOURNAL COMPILATION © 2 0 0 9 B J U I N T E R N A T I O N A L | 1 0 4 , 1 6 4 – 1 6 7 | doi:10.1111/j.1464-410X.2009.08608.x