Home Blog

Confidentiality risks overview


Confidentiality is about data. It refers to the handling of information that a person has disclosed in a relationship of trust, with the expectation that it will not be divulged to others without permission.  

Providers must consider the protection of privacy and confidentiality as part of their ethical and regulatory duty to protect the rights and welfare of human subjects. Maintaining privacy and confidentiality helps to protect subjects from potential harms that could occur with a breach of confidentiality, such as psychological distress, loss of insurance, loss of employment, or damage to social standing.   

Practitioners are required to maintain and protect the privacy and confidentiality of all personally identifiable information, except as required by law or released with the written permission of the subject. Subjects, including children, have the right to be protected against invasion of their privacy, to expect that their dignity will be maintained, and to be assured that the confidentiality of their information will be maintained. The more sensitive the data, the greater the care investigators must take in obtaining, handling, and storing data. 

During the consent process, they must explain what information will be collected, how it will be used, who will have access to it, and what will happen to it after the study ends. When applicable, they should explain any special precautions they will take to ensure the confidentiality of sensitive information. This will allow subjects to understand how their information will be used and decide if potential confidentiality risks are acceptable to them. 

Practitioners should take reasonable steps to ensure that their communications with the patient are confidential and in accordance with patient preferences. For example, physician-patient medical discussions generally should be in private, or a patient might prefer that the physician call their office rather than home. Nonetheless, unless the patient objects, practitioners can share medical information with a patient’s immediate family members, or someone who is known to be a close personal friend if the information relates to that family member’s or friend’s involvement with the patient’s care or payment for care. Practitioners are expected to exercise professional judgment x

An authorized personal representative of the patient should be treated the same as the patient. Thus, the representative has the same access to information and may exercise the same rights regarding the confidentiality of information. Nevertheless, practitioners may restrict information or access if there are reasonable concerns about domestic violence, abuse, or neglect by the representative. 

Some communication cannot remain confidential. Healthcare practitioners are sometimes required by law to disclose certain information, usually because the condition may present a danger to other people. For example, certain infectious diseases (e.g., HIV, syphilis, TB) must be reported to state or local public health agencies. Signs of child and, in many states, adult or elder abuse or neglect typically must be reported to protective services. Conditions that might seriously impair a patient’s ability to drive, such as dementia or recent seizures, must be reported to the Department of Motor Vehicles in some states.