This article is written by Kashish Kundlani, from Ramaiah Institute of Legal Studies, Bangalore. This article discusses confidentiality and privacy in healthcare.

Introduction

The term ‘privacy’ and ‘confidentiality’ is important in the fiduciary relationship between a doctor and a patient. This relationship of trust arises when the fair expectation of mutual trust is there between the doctor and his patients. 

Medical confidentiality is a concept of doctors maintaining all the information received during the course of the patient’s treatment.

Have you ever wondered why medical confidentiality is so important? the answer is that the patients on a daily basis share their secret or sensitive personal information to the health care providers such as doctors, physicians, hospitals etc. If at any point, the patient feels that the information is not protected and there are chances that it may get divulged, then they might not share the information in the first place, therefore it should be at the topmost priorities of the health care providers to maintain the privacy and confidentiality. 

About Confidentiality and privacy in healthcare

The patient’s confidentiality regarding his/her treatment is of vital importance and should be protected. It is the right of an individual that his/her personal and medical information is kept private or confidential. Such delicate and confidential information about the individual should only be in between him and the doctor, physician, healthcare or health insurance company.

The medical information of the patient given to a health care provider shall not be divulged to others unless the patient gives his consent to disclose such information to others. The confidentiality of a patient should be maintained because the communication of personal information or records may create personal or professional problems while the patients depend on doctors to keep their medical information private.

Though it is very rare to keep the medical records or information completely undisclosed as the very common breach of confidentiality occurs when the doctors pass the medical information to others and refer it as one of their case studies. If this information gets published in professional journals, the identity of the patient is never disclosed and if it appears in any way then the patient has the right to sue.

Apart from the publishing of the case studies, one more threat or risk to the medical privacy is the fact that most of the medical bills are paid by the health insurance company so in that case, it is very difficult to keep the information secret as health records can be viewed by insurance companies as well as by the medical laboratories, researchers etc.

Privacy and confidentiality difference

Privacy applies to a person. Privacy means keeping the medical records restricted or in the vault from the public release because it protects the patient’s identity. 

If in any case, such personal medical information reaches the unauthorized third party and the identity of a patient is ascertained or known without the consent of the patient then such patient can take legal action.

Whereas, confidentiality applies to the data. It refers to an individual’s right to have personal and detectable medical information which remains private between the patient and the physician. It is an extension of privacy.

Confidentiality of the patient is an essential element of the personal regard for the patient and also an essential criterion to uplift an honest and transparent conversation between patient and physicians. Divulged information about the patient’s treatment is important as it helps the doctor understand the case thoroughly and properly.

Privacy and confidentiality: A Right

There are so many rights which the patient has and can duly exercise them whenever they require.

Some of the rights are:- 

• Right to Appropriate Medical Care and Humane Treatment,  
• Right to  Information, 
• The Right to Choose Health Care Provider and Facility, 
• Right to Medical Records, Right to Privacy and Confidentiality etc.

So, the right to privacy and confidentiality is one of the rights given to the patient where the patient has the right to be free from public exposure. But are subject to certain exceptions which are:-

• If the mental or physical condition is in question and the Court orders the patient to surrender himself to a physical and mental examination by a physician or;
• When the public health and safety demands or;
• When the patient himself gives up his right in writing or;
• It can be disclosed to the parents or the legal guardian of the patient where the patient is not of legal age or mentally incapacitated; and if the patient is of legal age, then, the information can be disclosed with his right to choose the person to whom the medical information should be communicated. 

Laws governing the Confidentiality and Privacy of a patient in India

• According to the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002, it has been stated under chapter 7- (7.14) that the registered medical practitioner shall not divulge any of the secrets of a patient that have been acquired in the exercise of his/her professional skill or while conducting the treatment.
• Chapter 8- (8.2) states about the consequences of the violation. It explains that if any complaint is made with regards to the professional misconduct of any registered medical practitioner and the same was brought before the Medical Council of Disciplinary action, then, upon the receipt of the complaint, the appropriate medical council will hold an enquiry and will also give the opportunity to the registered medical practitioner to be heard in person or by a pleader. And if during the course of the enquiry or proceeding, the registered medical practitioner is found guilty of committing professional misconduct, then he will be awarded with the punishment as it deems fit with the situation by the Medical Council or they may also direct the removal of his medical practice altogether or for only a specified period.
• And under chapter 8- (8.5),  if the decision is pending on the complaint registered against him, then the appropriate Council may restrict the physician from performing the procedure or practice which is under research/scrutiny.

Other than the ‘code of ethics’ there are no such specific laws in India which protect the privacy and confidentiality of the patient’s data but the Health Ministry has proposed a Digital Information Security in Healthcare Act  (DISHA) in 2018 which is yet to be finalised.

It is regarded as likely to provide a complete legal framework to ensure the privacy of the patients, especially in the era of where more than paper electronic health records are used.

If it gets finalised, then it will give the people complete ownership of their health data. 

For example, if a person visits the doctor and the doctor places the result of the tests into an electronic health record, then that information will be completely protected by the DISHA Act as it will be placed within the healthcare system.

Exception

Absolute privacy and confidentiality is not possible under the healthcare sector because if the doctors start keeping all health records a secret or confidential, despite knowing the fact that if such information is not communicated to the public then it will result in the spread of a dangerous disease from his patient such as HIV/AIDS, Tuberculosis etc. So, sometimes in the interest for the public good, the patient’s data has to be communicated.

Case law 

Mr. Surupsingh Hrya Naik v. State of Maharashtra 23 March, 2007

In this case, the Medical Council Code of Ethics and Right to Information Act, 2005 was in conflict. In this case, it was questioned that making the health records public, under the Right to Information Act would constitute a violation of the right to privacy. So in this situation, the Bombay High Court held that the Right to Information will supersede the Right to Privacy and Confidentiality. As in this case, the petitioner was undergoing the punishment imposed on him by the Honourable Supreme Court during which, he was admitted to the hospital and he underwent surgery as he had been experiencing heart problems, low sugar and blood pressure issues. Here, it was held that the medical records of a person who is sentenced or convicted or is in the police or judicial custody and during that period such person is admitted in the hospital or in any nursing home then, that information should be made available to the person asking for the information but that hospital or the nursing home should be maintained by the State or public authority or any other public body. Only in the exceptional cases, where the reason is also a valid one, the information which is recorded in writing can be denied.

So the decision, in this case, was that the Right to Information Act can supersede the Medical Council Code of Ethics.

Radiological & Imaging Association v. Union of India on 26 August 2011

In this case, the petitioner challenged the circular of the Collector and District Magistrate, Kohlapur which required that the Radiologist and Sonologist should submit the on-line form F under the Pre-conception and Pre-natal Diagnostic Techniques Rules (PNDT) and also to install the SIOB (silent observer) for all the sonography machines, as a part of `save the baby’ campaign for improving sex ratio in the district. The petitioner challenged this on the grounds that it violates the privacy of their patients. The Bombay High Court held that the images are stored in the silent observer and are not transmitted online to any server and thus, it remains fixed in the ultrasound machine and only after the request of the Collector/ the civil surgeon, in the presence of the concerned radiologist/ sonologist/ doctor in-charge of the Ultrasound Clinic, the silent observer will be opened. After all the considerations of the fact, it was held that there is no violation of the doctor’s duty of confidentiality or the patient’s right to privacy. It was further observed that the outline of the right to privacy must be restricted or limited by the public interest and should also move along with each and every provision of the PNDT rules. And also, the use of a silent observer system on a sonograph has necessary safeguards or protection and it does not violate any privacy rights as the declining sex ratio of the country was considered a compelling public interest that could override the right to privacy. 

Mr. X v. Hospital Z

In this case, the respondent took a sample of the blood of the appellant as the blood was to be transfused to another. In the blood sample report of the appellant, it was found out that the appellant is HIV positive. So the appellant’s marriage was called off because without the expressed consent of the appellant, the hospital authorities divulged the information to his family and somehow the information reached the girl’s family.

Due to which the appellant had to leave his place of work and also had to shift to a new city as he was highly criticised and was shunned by the community.

As a result, the appellant approached the National Consumer Dispute Redressal Commission to claim damages against the respondent’s act. The appellant asserted that the respondent had illegally disclosed the appellant’s medical information without his consent and had also breached his duty which was to keep the medical information of the patient’s confidential. The National Consumer Dispute Redressal Commission, however, dismissed their plea and stated that the remedy for such a dispute would be in a Civil Court.

Thereafter, the appellant filed the plea in the Supreme Court and contended that, in the medical profession, the ‘duty of care’ is applicable and it also includes the ‘duty of confidentiality’ and in addition, it was also argued that since the duty was violated or breached, the respondent was liable to pay for the damages caused.

So in the conflict of appellants’ fundamental right to privacy and Ms. A’s fundamental right to be informed about the dangerous disease which was a threat to her life, the Court said that the latter’s right to be informed will override the former’s right. As a result, the respondent’s were held not guilty and the Court also held that the duty to maintain secrecy in the doctor-patient relationship is not absolute and can be broken for the public good or interest. Hence, for this reason also, the respondent was held not guilty.

But the Court, under Section 269 and 270 of the Indian Penal Code, held the appellant guilty on the grounds that he knew that he had a venereal disease but still decided to marry.

Conclusion

The privacy and confidentiality in healthcare should be the utmost priority which has to be maintained by the doctor. The doctor and patient relationship is based on trust and it also contains a lot of information or data which should be kept in secrecy in order to prevent any misuse. The changing environment of every sector from paperwork to electronic records is at a very fast pace and this change from paper to everything online needs protection of data and a complete watch. In India, only the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 is present while many Acts are yet to be made or enforced. 

However, there are so many gaps in the policies made or in-making, because on one side it gives the right to privacy and on the other, it says that anyone can avail the information or seek to access the records under the Right to Information Act, 2005.

The State, for an effective framework, needs to play an active role while making laws regarding privacy and confidentiality in healthcare and it should also enable the participation between the different institutions, both in the private and public sector.

The joint efforts of these sectors or multiple stakeholders can ensure the creation of a strong and powerful foundational framework in the country on which the Right to Privacy and Confidentiality in healthcare can be efficiently constructed.

References

• https://www.surgeryencyclopedia.com/Pa-St/Patient-Confidentiality.html
• https://cis-india.org/internet-governance/blog/privacy-in-healthcare-policy-guide
• http://samch.doh.gov.ph/index.php/patients-and-visitors-corner/patients-rights
• http://contacttracing.ashm.org.au/why-are-privacy-and-confidentiality-important
• http://archive.nmji.in/archives/Volume-27/Issue-1/27-1-SFM-III.pdf

---

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA