Confidentiality and Privacy - Module 2

The objective of this module is to provide information and generate discussion concerning how the concepts of confidentiality and privacy apply to elderly patient populations.

Confidentiality refers to the duty to protect privileged information and to share entrusted information responsibly. It stems from the notion that a person’s wishes, decisions, and personal information should be treated with respect. The duty of confidentiality can apply to individuals, organizations, and institutions. In fields like medicine, the law, and counseling, there are explicit, professional obligations to keep personal information in confidence, because the trust is the foundation for meaningful professional relationships.

As a general rule, health care providers have a responsibility to avoid disclosing personal and medical information that has been entrusted to them without the patient’s consent. In accordance with professional standards, when a patient’s private information is shared, there is the expectation that health care providers will keep the information in confidence. This might include details pertaining to a patient’s diagnosis, prognosis, history of illness, drug use, family history, and sexual activity.

Privacy refers to the right to be free from interference. Privacy is supposed to enable individuals to exert control over their own lives, which includes deciding who should have access to personal information, and when and how this information will be disclosed. Although there continues to be vigorous debate about whether the U.S. Constitution guarantees a right to privacy, the legal basis for the right to privacy typically stems from the Fourteenth Amendment. In Florida, the right of privacy is discussed within the state’s constitution in Article I, Section 23.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was created in part to protect information contained within the medical records of patients. One of the primary goals of HIPAA was to establish federal standards regulating how electronic data is transmitted and shared. In principle, storing medical records electronically can give physicians, insurance companies, and other parties easier access to these records, which raises concern that private information might be shared without the knowledge or consent of patients.

In most circumstances, under the revised HIPAA guidelines, health care providers are required to obtain a patient’s consent before confidential information is shared with other parties. Depending on the situation, a physician’s office may be required under HIPAA to provide written notice of privacy practices to the patient. This notice should include the rights that the person has as a patient and the measures that will be used to keep his/her personal and medical information private. HIPAA also regulates marketing practices in order to protect a patient’s information from being sold and distributed to health plans, pharmacies, and drug companies without the patient’s consent.

Although there remain disputes concerning what the concepts of privacy and confidentiality precisely entail, it is generally agreed that they are not absolute notions. The level of privacy that one can reasonably expect, for example, varies dramatically depending on the context. One’s privacy can appreciably diminish when one discloses information in a public area. Medical information that a patient discusses with his/her physician while walking in a city park might be overheard by other individuals. Yet if this information is discussed while in a private office, it is more likely that privacy can be maintained.

Concerns of justice and of upholding the common good can sometimes supercede the duty to keep information confidential. In most circumstances, health care providers must obtain a patient’s consent before sharing that patient’s information with other parties. Yet there are rare circumstances, such as when a court order has been issued, wherein a physician may be legally obligated to disclose a patient’s information without the patient's consent. Similarly, a physician might have a “duty to warn” the state if it is believed that a patient poses an obvious threat to other individuals. With regard to elderly patients, it is a fairly common problem that a physician treats an elderly individual who is unwilling to stop driving a car, but whose physical or mental capacity to do so may be compromised. This type of situation illustrates the tension that may arise between the obligation to keep the patient’s information in confidence and the obligation to prevent the patient from causing harm.

The importance of privacy and confidentiality to elderly patients should not be overlooked. Although health care teams, family, and friends might assume that these concepts are unimportant to an elderly patient, the patient might not agree. A competent patient should expect that information shared with a health care team will be kept confidential regardless of the patient’s age. Further, if privacy is maintained, this might enable elderly patients to feel that they have an appreciable level of control over their own lives even when they are in the hospital. Health care teams should not, for example, automatically assume that an elderly patient wants family and friends in the hospital room when personal and medical information is being shared. The desire to maintain one’s privacy does not necessarily decline with age.


  1. Suppose an elderly patient enters that hospital and is not lucid enough to express his/her wishes is the treating physician permitted to disclose medical information to the patient’s family without obtaining consent? In principle, physicians should not disclose a patient's medical information to family members unless the patient has made his/her wishes clearly known through an advanced directive or through some other means. However, it is rather common that a patient’s wishes are not fully known when admitted into a hospital. This problem can be magnified when there is not sufficient time to gather evidence of the patient’s wishes before a treatment decision has to be made. With regard to this type of situation, there has been significant debate in health care communities concerning whether it is morally and professionally appropriate to inform the family and allow them to make decisions for the patient. Health care providers generally agree, however, that family members should be contacted concerning their relative’s condition when there is a medical emergency.

  2. Do physicians have a duty to notify the state when an elderly patient has a physical or mental impairment that may interfere with the patient's driving ability? The answer varies depending on state law, but typically they do not. Florida, physicians are not legally obligated to notify the state when treating a patient that they believe is no longer capable of driving a car although they are encouraged to do so if it is likely that the patient will pose a danger to others. According to the American Medical Association, there are some circumstances where it is ethical for physicians to report a patient to the Department of Motor Vehicles if they believe that the individual poses “a strong threat to patient and public safety.”