Right to Privacy is Not Absolute
Our legal system provides individuals with the right of privacy that includes a patient’s right to expect that their healthcare record will remain confidential. This right is derived from common law and constitutional law. There are legal decisions that uphold a patient’s right of privacy, as well as federal and state statures and regulations that protect this right. For example, hospital regulations may states require acute primarily responsible for maintaining medical records for all inpatients treated at the hospital and outpatients treated at the clinics. Protections such as these are necessary to ensure a patient’s right of privacy and to prevent emotional distress from the humiliation and embarrassment of an unauthorized disclosure. The right of privacy, however, is not absolute.
Healthcare organizations must implement meaningful restrictions on access to patient records. They must actively limit or prevent access, in keeping with the "need to know" concept. Who really needs to know this information in order to care for the patient? Only those parties should have access. Often, healthcare providers are required to disclose certain patient information to governmental authorities. Patient information that is necessary to provide appropriate patient care can be shared between and among treating healthcare providers within the same facility, but such information must not go beyond those who have a need to know.
Quasi Intentional Torts such as invasion of privacy and breach of confidentiality are most common. Invasion of privacy occurs when someone who has no right to access a patient’s healthcare record does so anyway, thereby intruding on the private concerns of the patient. Breach of confidentiality occurs when someone who has legitimate access to health information about a patient shares with others who have no need to know.
For Example: when a person unintentionally or carelessly reveals confidential information to him/herself or others without a legitimate need to know the confidential information. Examples include, but are not limited to: discussing confidential information in a public area; leaving a copy of confidential information in a public area; and leaving a computer unattended in an accessible area with a medical record unsecured.
There are four types of patient information that are entitled to increased protection from inappropriate disclosure due to the sensitive nature of the information and the likelihood that it may from the basis for discrimination . Patient information that contains references to the following conditions must be carefully guarded:
- Substance abuse
- Mental illness
- Sexually transmitted diseases
- Genetic makeup
In some states, a subpoena duces tecum must state that the documentation requested shall not be produced ore released until the date specified for the taking of the deposition. The provision gives opposing counsel, usually the patient’s attorney, the opportunity to quash the subpoena. Opposing counsel may have reason to believe that the subpoenaed information is not at issue in the case, is confidential, and should not be released. Subpoena Duces Tecum means "appear in court and bring the treatment record" An important note to remember is do not release the record until the date specified on the subpoena! This date gives opposing legal counsel time to quash (fight and defeat) the subpoena. If an attempt to quash is underway, do not respond to the subpoena duces tecum. Instead, wait for a court order.
Reference: Legal and Ethical Issues in Health Occupations-by Tonia Dandry Aiken