Hostname: page-component-586b7cd67f-2plfb Total loading time: 0 Render date: 2024-11-25T12:21:14.087Z Has data issue: false hasContentIssue false

Hospital Consent for Disclosure of Medical Records

Published online by Cambridge University Press:  01 January 2021

Extract

Physicians and other health care providers owe ethical and legal duties to patients to maintain the secrecy of the information learned during the course of patient care. This obligation is fulfilled by limiting access to such information to only those involved in the patient's care-that is, to those within the “circle of confidentiality.” As a general rule, providers may only disclose to others with the written prior consent of the patient. Exceptions may be “ethically and legally justified because of overriding social considerations,” when permitted or compelled by law. For example, eleven states permit providers to disclose identified records to approved researchers.’ Many states compel disclosure in cases where a patient threatens serious bodily harm to another; require reporting to health or law enforcement authorities of communicable diseases, gunshot or knife wounds, or child abuse; and mandate reporting of cancer or other health care cases to state registries (such as immunization, birth, and abortion).

Type
Article
Copyright
Copyright © American Society of Law, Medicine and Ethics 1998

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

See Council on Ethical and Judicial Affairs, American Medical Association, Code of Medical Ethics: Current Opinions with Annotations (Chicago: American Medical Association, 1997): Princ. IV, Op. 5.05; and Annas, G.J., “Privacy Rules for DNA Databanks: Protecting Coded ‘Future Diaries’,” JAMA, 270 (1993): 2346–50.CrossRefGoogle ScholarPubMed
See Capron, A.M., “Protection of Research Subjects: Do Special Rules Apply in Epidemiology?,” Journal of Clinical Epidemiology, 44, Supp. I (1991): At 88S.CrossRefGoogle Scholar
See Siegler, M., “Confidentiality in Medicine: A Decrepit Concept,” N. Engl. J. Med., 307 (1982): 1518–21; and Gostin, L.O., “Privacy and Security of Personal Information in a New Health Care System,” JAMA, 270 (1993): 2487–93.Google Scholar
Council on Ethical and Judicial Affairs, supra note 1, Op. 5.05.Google Scholar
See Gostin, L.O. Lazzarini, Z. Flaherty, K.M., Legislative Survey of State Confidentiality Laws, with Specific Emphasis on HIV and Immunization (Washington D.C.: Georgetown University Law Center, 1997) (presenting the results of a survey of state health departments). Our legal search found the following statutes that permit disclosure by providers to researchers: Cal. Civ. Code § 56.10(c) (West 1994); Conn. Gen. Stat. § 52–146 (1997); Ga. Code Ann. § 31-7-6 (Supp. 1997); 1997 Minn. Laws § 3:23 (amending Minn. Stat. Ann. § 144.335 subdiv. 3a(d) (West 1992)); Mont. Code Ann. § 50-16-529 (1995); R.I. Gen. Laws § 5–37.3–4 (1997); Tex. Rev. Civ. Stat. Ann. art. 4495b, § 5.08 (West 1997); Utah Code Ann. § 26-25-1 (1996); Wash. Rev. Code § 70.02.050 (1996); Wis. Stat. § 146.82 (1996); and Wyo. Stat. Ann. § 35-2-609 (Michie 1995). Other state statutes permit disclosure to the state departments of health for research and other purposes. See Gostin, Lazzarini, Flaherty, , id.Google Scholar
See Donaldson, M.S. Lohr, K.N., eds., Health Data in the Information Age: Use, Disclosure, and Privacy (Washington D.C.: National Academy Press, 1994).Google Scholar
See Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104–191, 110 Stat. 1936 (1996). For a discussion of medical record confidentiality and data collection, particularly in light of provisions under the Health Insurance Portability and Accountability Act, see Symposium, Journal of Law, Medicine & Ethics, 25 (1997): 85138.Google Scholar
Federal bills introduced over the last three years include: Medical Record Confidentiality Act of 1995, S. 1360, 104th Cong. (1995); Medical Privacy in the Age of New Technologies Act of 1996, H.R. 3482, 104th Cong. (1996); Medical Privacy in the Age of New Technologies Act of 1997, H.R. 1815, 105th Cong. (1997); Fair Health Information Practices Act of 1997, H.R. 52, 105th Cong. (1997); Medical Information Privacy and Security Act, S. 1368, 105th Cong. (1997); Health Care Personal Information Nondisclosure Act of 1998, S. 1921, 105th Cong. (1998); and Patient Protection Act of 1998, H.R. 4250, 105th Cong. (1998) (approved by the House of Representatives, July 24, 1998).Google Scholar
See Office of Technology Assessment, Protecting Privacy in Computerized Medical Information (Washington D.C.: U.S. Government Printing Office, OTA-TCT-576, 1993); Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure, Computer Science and Telecommunications Board, National Research Council, For the Record: Protecting Electronic Health Information (Washington D.C.: National Academy Press, 1997); and Lowrance, W.W., Privacy and Health Research (Washington D.C.: U.S. Department of Health and Human Services, May 1997).Google Scholar
See state statutes cited supra note 5.Google Scholar
Annas, supra note 1, at 2346.Google Scholar
See Levine, R.J., “Postmarketing Surveillance—Some Ethical Considerations,” Journal of Rheumatology, 15, Supp. 17 (1988): 3439.Google Scholar
See Fla. Stat. Ann. § 381.026 (West Supp. 1997); and Vt. Stat. Ann. tit. 18, § 1852 (Supp. 1996).Google Scholar
See Mass. Gen. Laws ch. 111, § 70E (Supp. 1997).Google Scholar
See 45 C.F.R. § 46.102(f) (1997).CrossRefGoogle Scholar
See Cann, C.I. Rothman, K.J., “IRBs and Epidemiologic Research: How Inappropriate Restrictions Hamper Studies,” IRB: Review of Human Subjects Research, 6, no. 7 (1984): 57.Google Scholar
45 C.F.R. § 46.116(d).Google Scholar
See Veatch, R.M., “Limits to the Right of Privacy: Reason, not Rhetoric,” IRB: Review of Human Subjects Research, 4, no. 4 (1982): 57.Google Scholar
Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington D.C.: U.S. Government Printing Office, 1977): At 313.Google Scholar
See Melton, L.J. III, “The Threat to Medical-Records Research,” New Engl. J. Med., 337 (1997): 1466–70.CrossRefGoogle Scholar
The seminal case recognizing a duty to warn of threatened harm is Tarasoff v. Regents of the University of California, 131 Cal. Rptr. 14, 17 Cal. 3d 425, 551 P.2d 334 (1976). For a good review of how the duty has affected clinical practices, see Anfang, S.A. Appelbaum, P.S., “Twenty Years after Tarasoff: Reviewing the Duty to Protect,” Harvard Review of Psychiatry, 4 (1996): 6776.CrossRefGoogle Scholar
See Carman, D. Britten, N., “Confidentiality of Medical Records: The Patient's Perspective,” British Journal of General Practice, 45 (1995): 485–88; and Weiss, B.D., “Confidentiality Expectations of Patients, Physicians and Medical Students,” JAMA, 247 (1982): 2695–97.Google Scholar
See Sankar, P. Merz, J.F., “Confidentiality Assurances,” JAMA, 279 (1998): 116.CrossRefGoogle Scholar
See Patient Self-Determination Act of 1990, Pub. L. No. 101–508, § 4206, 104 Stat. 1388 (codified at 42 U.S.C. § 1395cc(f) (1993)).Google Scholar
See Confidentiality of Individually-Identifiable Health Information, Recommendations of the Secretary of Health and Human Services Pursuant to Section 264 of the Health Insurance Portability and Accountability Act of 1996 (Washington D.C.: Department of Health and Human Services, Sept. 11, 1997).Google Scholar