An Overview

Maintaining confidentiality means that human service organizations, or persons representing such organizations, may not disclose any information revealed by a person served or discovered by a provider in connection with services the organization provides. The overall purpose of an organization’s ethical and legal duty to maintain confidentiality is to allow the person served to feel free to make full and frank disclosure of information with the knowledge that the organization will protect the nature of the information disclosed.

Full disclosure enables the organization’s providers to diagnose conditions properly and establish appropriate treatment protocols with the person served. In return for the person’s openness and disclosures, organizations should not reveal confidential communications or information without the person’s express consent unless required to disclose the information by law.

Despite both legal and ethical obligations that exist, access to confidential health information has become more prevalent. Integrated delivery systems or networks now have access to confidential information of all persons within their systems. Confidential information is also disseminated through clinical repositories and shared databases in many organizational systems. Although sharing information allows persons to be treated more efficiently and safely, the challenge for human service organizations is to utilize technology while honoring and respecting confidentiality.

What Constitutes a Breach of Confidentiality?

In an overwhelming majority of situations and with very few exceptions, a breach of confidentiality constitutes a disclosure to a third party without consent or court order, of information that the provider has learned within the provision of services, Disclosures can be oral or written, by telephone or fax, or electronically such as e-mail. In very rare circumstances, there are special situations in which confidentiality can be breached outside of these parameters. Those situations are noted in the section below.

When Can Confidentiality be Breached?

Confidentiality is not an absolute obligation. Situations arise where the harm in maintaining confidentiality is greater than the harm brought about by disclosing the information. In general, several situations may give rise for exceptions to exist. Generally, these exceptions are as follows:

Concern for the safety of other specific persons: Providers have the duty to protect identifiable individuals from any serious harm if they have information that could prevent harm. The most common case of this type of exception is that of homicidal ideation, when a person shares a specific plan with a provider of services to harm a particular individual. In addition, if the provider has a concern for the safety of the person served due to the potential of self-harm, confidentiality can be breached in a manner that will assist in minimizing the potential of harm.
Concern for public welfare: Most state’s legal guidelines require reporting of certain communicable and/or infectious diseases to public health authorities. In such cases, the duty to protect public health outweighs the duty to maintain a person’s confidence. From a legal perspective, states have an interest in protecting public health that outweighs individual liberties in certain cases. In particular, reportable diseased can include AIDS, HIV, hepatitis A and B, measles, rabies, tetanus, and tuberculosis. Suspected cases of child abuse and dependent adult and elder abuse are reportable, as are gunshot wounds. Local and municipal codes can vary regarding what is reportable and the standards of evidence required.
Other common instances of confidentiality breaches: In addition to the areas mentioned above, third-party reimbursement, collection of debt, and defense of malpractice or professional complaints are situations that can warrant the disclosure of some level of confidential materials without consent.
While the exceptions to confidentiality that we have noted are typical in most states and human service environments, it is the responsibility of organizations and those who provide services to know and understand all federal, state, and local guidelines in a manner that adheres to all legal requirements.

Who May Grant Permission To Release?

Generally, the authority to release medical information is granted to: (1) the person served, if a competent adult or emancipated minor; (2) a legal guardian or parent if the person served is judged incompetent by a court of law, or is a minor child; and (3) the administrator or executor of a person’s estate if the person becomes deceased. The ability of a person served to access their records varies from state to state. Some states allow the human service professional or provider to determine the level of the person’s right to access, while some states expressly grant persons open access to all information contained in their records.

Implied Consent

A person’s consent to disclose confidential information contained in a medical record may also be implied from circumstances within the treatment setting. For example, personnel directly involved in a person’s care or treatment generally have access to the record. Such consent is implied from the person’s acceptance into services and is usually part of the informed consent or privacy statement document the person has reviewed and signed.

Management, Safeguards, and Security Issues

Human service organizations should have contracts with system vendors, consultants, and other health care providers that specify the parameters of confidentiality within those relationships and the organization’s environment. Organizations should implement security controls over sensitive information, train staff, and set up procedures that prevent the release of information without signed consent.

Summary

Confidentiality is a basic right of all persons who enter human service systems. It is the responsibility of each organization to be acutely aware of all legal guidelines and place them into practice procedures that minimize the risk of breaching the confidentiality of a person served. Training during orientation of new employees and ongoing training should be carried out systematically within organizations to ensure that the right to confidentiality is being upheld by all persons, including both professional and support staff.

QUIZ TIME

Step 1 of 2

MM slash DD slash YYYY
Name:(Required)