PATIENT CONFIDENTIALITY, ACCESS TO PATIENT INFORMATION AND THE USE OF SUCH INFORMATION

 

1.                 Introduction.

 

The requirement for health care workers to maintain in confidence information gained from the patient, dates back to the Hippocratic Oath.  The justification for confidentiality derives from the ethical principle of respect for autonomy, the trust inherent in the health care worker – patient relationship, and the consequentialist argument that patients would not disclose vital information to their health care worker if they felt the information would not be kept confidential.

 

In the modern hospital, with computerised patient databases and multiple consultants and allied health providers participating in the care of patients, the maintenance of patient confidentiality is increasingly challenging.

 

Despite the importance of maintaining patient confidentiality, this principle is not absolute and does admit of exceptions.  In cases where there is a reasonably high likelihood that the patient will cause serious harm to a specific, identifiable person, this harm may be averted through disclosure of confidential patient information to the third party, and the person is unlikely to discover the information through other means, it may be permissible, even required, to violate patient confidentiality and disclose patient information to the third party.

 

The justification for violating patient confidentiality in such cases is based on the ethical principle of beneficence (promoting good) and non-maleficence (avoiding harm).

 

There are also specific Statutory exceptions to this rule as well as in cases where a court order should be obeyed.

 

2.                 Legislative  Provisions.

 

2.1           Constitution of RSA.

Bill of Rights contained in the Constitution states that everyone has the right to privacy and a right of access to information held by the State or by any other person.  The Promotion of Access to Information Act was promulgated to regulate person’s right to access to information on that person, held by, or under the control of the State, or a private person or body.  The Regulations to be published in terms of the Act will be finalised soon, and the Act will then become operative.  Currently private health care professions have, in general, a discretion to allow access to their records with patient consent.

 

          2.2            Child Care Act.

                    In terms of the Child Care Act

i                 any person over the age of 14 years is competent to consent,

without the assistance of his parents or guardian, to the performance of any medical treatment of himself or his child,

i                 any person over the age of 18 years is competent to consent, without the assistance of his parent or guardian, to the performance of any operation upon himself.

 

Health care workers are also under a duty to keep confidential any information on a minor patient who, in terms of the Act may consent independently to treatment or procedures.  The Act further obliges health care workers to report to the authorities any abuse of persons under 18 years, with or without consent.

 

2.3           Aged Persons Act.

In terms of the latest amendments to the Aged Persons Act, no 81 of 1967, a legal duty is imposed on practitioners to report abuse and injuries to aged persons.

 

2.4           Medical Schemes Act.

The Regulations to the Medical Schemes Act provide that

i                 any information pertaining to the diagnosis, treatment or health of any member of a medical scheme or his/ her dependant must be treated as confidential,

i                 a medical scheme must have access to any treatment records held by the provider and other information pertaining to the diagnosis, treatment and health status of the member in terms of the arrangement, but such information may not be disclosed by the provider to any other person without written consent of the member, unless such disclosure is in terms of any legislation.

 

The arrangement referred to is a written managed care arrangement between a medical scheme and an accredited third party ‘through which utilisation of health care is monitored through the use of mechanisms which are designed to monitor appropriateness, promote efficacy, quality and cost-effectiveness of the delivery of relevant health services.

 

In terms of the Regulations health care providers must put “the nature and cost of each relevant health service rendered and the relevant diagnostic and such other code numbers that relate to such relevant health service.  This is clearly a statutory obligation on the health care provider to divulge patient information with or without consent.

 

2.5           Other legislation.

 

The National Health Act contains a chapter on the Rights and duties of Users and Health Care Providers.  In terms of this chapter health care providers are obliged to maintain health records of users and to maintain the confidentiality thereof. 

 

Users are also entitled to confidentiality of all information concerning them.  Disclosure of information may only be done with the written consent of the user or in terms of legislation, other law or a court order. 

 

Access to health records may be allowed to the following persons; the user, administrative staff; other health care providers and other persons who has been given written consent by the user or a court of law.

 

Administrative staff may get access to health records for any legitimate purpose within the ordinary course of their duties.  Other health care providers may examine records for purposes of study, teaching or research with the user’s consent and authorisation of the head of the establishment and the Ethics Committee.

 

Section 20 of the Act provides for the protection of health records.  A copy is attached as Annexure A. 

 

Provisions to protect the rights of users, similar to those of the National Health Act, can be found in provincial health legislation.

 

3.                 Ethical provisions.

 

3.1            Ethical Rules of the Health Professions Council of SA (HPCSA).

In terms of the Ethical Rules of the HPCSA, it is unethical for a practitioner registered with this Council to divulge any information on a patient that ought not to be divulged, except:

 

i                 with the express consent of the patient, or

i                 in the case of a minor under the age of 14 years, with the written consent of his parents or guardian or

i                 in the case of a deceased patient, with the written consent of his next-of-kin or the executor of his estate.

 

3.2           National Patient Rights Charter.

National Patients Rights Charter states that information concerning one’s health, including information on treatment may only be disclosed with informed consent, except when required in terms of any law or an order of court.

 

3.3           Professional Association’s Codes of Conduct.

The South African Medical Association (SAMA) Code of Conduct states that :

“Doctors should … respect the confidentiality of information entrusted to them, unless law or ethical duty prevents this.”

 

4.                 International References.

 

The right to privacy and confidentiality is recognised internationally.  The UN Universal Declaration of Human Rights states, as a so-called “First Generation Right”, the right to privacy.

 

The Hippocratic Oath states that:

“What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of mend, which on no account one must spread abroad, I will keep to myself holding such things shameful to be spoken about.”

 

The World Medical Association (WMA) International Codes of Ethics states:

“A physician shall preserve absolute confidentiality on all he knows about his patient even after the patient has died.”

 

In contrast to this somewhat old fasioned absolutist approached to confidentiality, most modern codes and declarations provide for exceptions such as to comply with legal requirements, to protect those that could be harmed by not divulging information and disclosure to other health care workers in the interest of the patients.

 

The WMA Declaration on the Rights of the Patient summarises the patient’s right to confidentiality as follows:

 

i       All identifiable information about a patient’s health status, medical condition, diagnosis, prognosis and treatment and all other information of a personal kind, must be kept confidential, even after death.  Exceptionally, descendants may have a right of access to information that would inform them of their health risks.

i       Confidential information can only be disclosed if the patient gives explicit consent or if expressly provided for in the law.  Information can be disclosed to other health care providers only on a strictly “need to know” basis unless the patient has given explicit consent.

i       All identifiable patient data must be protected.  The protection of the data must be appropriate to the manner of its storage.  Human substances from which identifiable data can be derived must be likewise protected.

 

6.            Conclusion.

 

The above is only a brief overview of the history and background of human rights, legal and ethical principles relating to patient confidentiality.  How information on patients during the course of a health care worker’s interaction with that person, should and could, legally and ethically, be used, remains to be clarified.  Issues such as obtaining consent to use patient information, whether identifiable data or not, need to be researched and guidelines drafted.

 

 

MR. A. VOLSCHENK

HEAD:  HUMAN RIGHTS, LAW & ETHICS