Ethical Issues in Surgical Practice: Applying the Principles of Patient Privacy
summary With the implementation of the Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA, doctors have had to become more conscientious about protecting patient privacy. HIPAA is an on-going process. The first wave of patient privacy standards took effect in April, the final extension for meeting electronic claims standards expires this month, and security standards complementary to the privacy provisions go into effect in 2005. A practice’s “Notice of Privacy Practices,” which HIPAA requires patients to sign, can address many privacy situations, but not all. These 5 surgical ethicists discuss some of those scenarios, and the key principles behind respecting and protecting a patient’s privacy.
MCGRATH: With HIPAA, all doctors have become more sensitive about respecting the patient’s right to privacy, but as surgeons we’ve always had to be particularly conscientious about keeping certain patient information confidential.
Here is a scenario that is not unfamiliar to us: You are scheduled to perform a laparoscopic cholecystectomy on a prominent elected official in your city. During the preoperative workup, this 48-year-old man reveals that he was severely depressed several years ago. With psychiatric care and medication, he says, his problem resolved, and he is no longer on the medication.
He knows that many people may see his medical record. He asks that you omit this portion of his history so that the information cannot become public. He fears that revelation of his former problem would jeopardize his political career, even though he is quite established politically.
The ethical question is this: Should you honor this patient’s request? What is the surgeon’s duty to preserve the patient’s confidentiality in this case?
† BENEFICENCE TOWARD THE PATIENT
ANGELOS: We need to give patients the opportunity to control the release of private information about themselves. This is an extension of informed consent. HIPAA is quite explicit about this (Tables 2 and 3).
TABLE 1What HIPAA Says About… Protected Health Information
|The [HIPAA] Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity [ie, medical practice] or its business associate, in any form or media, whether electronic, paper or oral. The Privacy Rule calls this information “protected health information (PHI).”
|“Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (eg, name, address, birth date, Social Security Number).
McGRATH: What ethical principles apply here?
HANLON: The principle of beneficence toward the patient holds that the patient has a right to privacy. That includes confidentiality, not only about surgical procedures the patient has had or will have, but also regarding personal data.
The physician is the patient’s advocate. If patients do not feel comfortable that anything they say to their physicians would be kept secret, the doctor-patient relationship would deteriorate, and so would patient care. Therapeutic considerations of confidentiality include encouraging the patient to seek care and increasing the patient’s opportunity for more effective treatment.
The basis for maintaining the principle of confidentiality in this sense is threefold: 1) preserving autonomy through privacy; 2) maintaining the physician’s advocacy role; and 3) enhancing the trust that will ultimately give rise to better patient care. Confidentiality enhances and maintains the social construct of faith in the therapeutic entity; it fosters the patient’s trust in the physician.
The Principle of Autonomy
MCGRATH: How does the principle of autonomy apply?
SIEGLER: The duty of confidentiality is based on respect for the right to privacy and to control information. The ancient notion that medicine can be practiced better if the patient is guaranteed confidentiality goes back at least to the Hippocratic Oath, which states, in part, “What I may see or hear in the course of treatment, or even outside the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to speak about.”
The premise of confidentiality is found in every ethics code, including those from religious and cultural traditions. There must be something universal about the need for confidentiality within a well-functioning medical relationship, both in medical systems like ours that emphasize patient autonomy and in systems where medical paternalism is the norm.
McGRATH: Protecting information may prevent discrimination against a patient based on illness.
GEWERTZ: The HIV/AIDS epidemic has made clear something that had long been evident with tuberculosis and other communicable diseases: that knowledge of a person’s illness led to discrimination against that person.
Confidentiality can help to prevent discrimination in employment and in determining eligibility for health-care and life insurance. Employers and insurance agencies often ask for a breach of confidentiality by requiring patients to permit disclosure of their medical records—a breach that complicates matters greatly.
† PRIVACY VERSUS OBLIGATION TO OTHERS
MCGRATH: While our society and profession take very seriously the principle of autonomy and the right to control the use of information about us, it is not absolute. As with all our civil liberties, personal freedom may legitimately be constrained when the exercise of such freedom puts others at risk.
Applied to the question of confidentiality, this means that although patients have the right to control the ways in which information about themselves will be shared, that right is limited by the obligation not to harm others. When harm is threatened, the principle of autonomy (and its duty to preserve confidentiality) no longer takes precedence, and disclosure without the patient’s authorization may be permissible or required.457
To examine one aspect of confidentiality in practice, let’s discuss the issue of disclosing information to the patient’s relatives and friends.
Disclosure to Relatives and Friends
HANLON: We start from the premise that any disclosures would be governed by the patient’s wishes. A patient might dictate, for example, that certain information should not be disclosed to relatives, whether close or distant, and even more so, not to friends. The physician must talk to the patient to learn how or if the patient wants that information disseminated.
GEWERTZ: I sometimes fall into a trap here. When a patient comes to the office, I may assume that the mere presence of another person in the room with that patient permits an open and frank discussion of the patient’s condition, but that may not be the case.
A patient might dictate that certain information should not be disclosed to relatives, whether close or distant, and even more so, not to friends. The physician must talk to the patient to learn how or if the patient wants that information disseminated.
I don’t always state explicitly to the patient, “We are now going to discuss your care. Are you certain that this individual needs to be in the room?”—but I should, although HIPAA regulations are vague on this point. This person may be a friend or a driver. When the other person in the room is the patient’s spouse, the patient will almost always include him or her in the discussion, but not invariably.
Dr Hanlon is correct in saying that in every case, we should request clear instructions from the patient about disclosing information.
ANGELOS: After completing an operation, surgeons go to the waiting room and talk to anyone who is there. Some of those people may be close relatives; others may be drivers. Rarely have we asked the patient before the surgery, “With whom, if anybody, would you like me to communicate when the operation is over?”
TABLE 2 What HIPAA Says About… Permitted Uses and Disclosure
|A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations:
to the individual (unless required for access or accounting of disclosures);
treatment, payment, and health care operations;
opportunity to agree or object;
incident to an otherwise permitted use and disclosure;
public interest and benefit activities;
limited data set for the purposes of research, public health or health care operations.
|Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.
We simply assume that the people who are waiting are appropriate to communicate with. We haven’t obtained approval or consent from the patient to divulge that the tumor we found was malignant or benign, for example. Yet we do it every day.
GEWERTZ: Another wrinkle is when someone calls you on the phone, representing themselves as an interested party—a son, or a daughter. Do you need an explicit release from the patient to have that discussion? In my practice, we rarely get that explicit release, and I do feel that I’m at risk. But I have generally tended to disclose the information.
If my father were in the hospital with a myocardial infarction in a different part of the country, and I called up and said, “I’m Dr Gewertz. How is my dad doing?” I would not be happy to hear, “I can’t disclose that to you without asking your father’s permission.”
ANGELOS: We can make better efforts to ask patients to identify who should receive what information. We can ask, “Whom will I be talking to in the waiting room? Should I share the results of your operation?”458
In addition, we should be careful about what we say about patients in the hospital where others can readily overhear us.
TABLE 3 What HIPAA Says About… Patient Consent and Authorization
|Obtaining “consent” (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities. The content of a consent form, and the process for obtaining consent are at the discretion of the covered entity seeking consent.
|Authorization. A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations or otherwise permitted or required by the Privacy Rule. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual’s granting an authorization, except in limited circumstances.
|An authorization must be written in specific terms. It may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party. Examples of disclosures that would require an individual’s authorization include disclosures to a life insurer for coverage purposes, disclosures to an employer of the results of a pre-employment physical or lab test, or disclosures to a pharmaceutical firm for their own marketing purposes.
SIEGLER: Many hospitals are now posting signs in the elevators that read, “Please don’t discuss patient care in the elevator. Maintain confidentiality.” Something as simple as that is a useful reminder that elevators are public places.
Skepticism with Third-Party Payers
MCGRATH: Third-party payers ask for a great deal of information. What are the guidelines in disclosing information to them?
ANGELOS: We should be considerably more skeptical about conveying any information to third-party payers. They shouldn’t get information without an explicit release signed by the patient.
Unlike situations when I am speaking with someone who claims to be a relative of my patient and I do not want to refuse that person, I have no trouble offending health-insurance companies. If an insurance representative calls me and says, “We’re calling because we need information about the patient you operated on yesterday,” I say, “I’ m sorry; without written documentation from the patient that I’m supposed to give you this information, I’m not going to pass it on.”
In practice, most patients sign a waiver to have their medical records reviewed by appropriate representatives. A signed waiver gives the physician permission to release medical records and have discussions with those designated parties.
We should be considerably more skeptical about conveying any information to third-party payers. They shouldn’t get information without an explicit release signed by the patient.
Handling Electronic Records
MCGRATH: Not so long ago, information about patients was written on paper and stored in files that were placed in locked cabinets. Today, we use electronic medical records, and concerns with patient privacy are rampant. HIPAA has established privacy standards for the maintenance, reporting and transmission of health-care information electronically.
SIEGLER: Those regulations are being implemented at great cost. Is such an investment appropriate? It is, on balance, because the potential for abuse and wrongful use of personal medical records is substantial.
Some of the activities that need to draw on those records, such as tracking disease patterns and providing risk counseling, are good. Nevertheless, the challenge has always been great, even with written records, to be certain that those records do not fall into the hands of people who might use them for less-than-honorable purposes.459
With computerization comes expanded access to patients’ files, so we must take extraordinary means to protect the underlying principle of confidentiality in the doctor-patient relationship.
† A MATTER OF OMISSION
MCGRATH: So, how do you react when a patient asks you to omit some information from the record (Table 4)?
SIEGLER: I say, “No sweat.” I do it all the time. We believe in the importance of respecting the patient’s values, freedom, and autonomy. We are working to benefit the patient’s health and general sense of wellbeing. If the patient would regard a previous condition as a source of embarrassment and asks to have it omitted from the record, I would comply with his or her wishes. The record is the patient’s. The patient can pass that information along to other providers in the future.
Where there is a duty to warn, reporting is mandatory and legislated. We have no discretion in reporting the diagnosis of a communicable disease such as tuberculosis.
MCGRATH: Do you believe that the patient has complete discretion about what should go in the medical record, or are you obliged to put certain conditions in the medical record because they might have an impact on the patient’s current care?
SIEGLER: I don’t want a medical record that is inaccurate, fraudulent, and replete with omissions. That’s not what I’m advocating. I’m not willing to concur with a request to leave most things out. However, in some circumstances I may be persuaded to omit some information for a legitimate purpose. Overall, I would expect the medical record to be accurate and reflect the truth.
MCGRATH: Aren’t there numerous situations in which information should be included in case another physician had to take over the patient’s care in your absence?
SIEGLER: As someone who has had many patients who have had previous psychiatric care, I can tell you that the separation of records makes it essentially impossible to get information that may be relevant to a patient’s care. Many times we cannot get records that tell us what medications the patient was taking when he came to the emergency room or when she was critically ill and admitted to the intensive-care unit.
TABLE 4What HIPAA Says About… Medical Records
|Access.Except in certain circumstances, individuals have the right to review and obtain a copy of their protected health information in a covered entity’s designated record set.
|Amendment. The Rule gives individuals the right to have covered entities amend their protected health information in a designated record set when that information is inaccurate or incomplete. If a covered entity accepts an amendment request, it must make reasonable efforts to provide the amendment to persons that the individual has identified as needing it, and to persons that the covered entity knows might rely on the information to the individual’s detriment. If the request is denied, covered entities must provide the individual with a written denial and allow the individual to submit a statement of disagreement for inclusion in the record.
The separation of records—which has been advocated as another way of protecting patient privacy—fails to meet the goal of informing other physicians about what’s going on with the patient.
† WHEN TO BREACH CONFIDENTIALITY
MCGRATH: In some situations, we disclose information without a patient’s authorization. Good examples are conditions that have mandatory reporting requirements—a function of the principle of the duty to warn.
Duty to Warn
GEWERTZ: Where there is a duty to warn, reporting is mandatory and legislated. We have no discretion in reporting, for example, the diagnosis of communicable diseases such as tuberculosis, hepatitis, gonorrhea, and typhoid. In addition, we must report suspected child abuse in virtually every state.460
Some of the risk is variable and depends on the patient’s profession. A patient who said he occasionally became lightheaded, for example, might be cautioned not to drive a car or operate heavy machinery. However, if an airline pilot came in with the same complaint, we would have to make the judgment call to decide whether that problem was worthy of reporting to the employer.
TABLE 5 Anticipated Harms as Justifications For Overriding Confidentiality
|Is the harm:
Serious and irreversible?
Unavoidable except by unauthorized disclosure?
Subject to a third party’s intervention to prevent the harm?
Proportionate to the harm of disclosure?
Other conflicts could result if an athlete asked a physician not to inform the team physician about the nature of an ailment. In that situation, since the potential for harm would be limited, breaching confidentiality would be inappropriate.
When the physician feels that harm to a third party is threatened but there is no specific legal requirement to disclose, then the decision to breach confidentiality becomes a judgment call.
Privilege to Warn
MCGRATH: Laws on confidentiality vary from state to state. Although physicians should know the applicable regulations, that does not resolve all the ethical dilemmas that can arise regarding patient confidentiality.
When the physician feels that harm to a third party is threatened but there is no specific legal requirement to disclose, then the decision to breach confidentiality becomes a judgment call. Physicians have a great deal of discretion in this area.
In general, the duty to warn a third party overrides the duty to respect patient confidentiality under certain circumstances: when the potential harm to the third party is serious; when the likelihood for harm is high; when no alternative means exists to warn or protect those at risk; when the third party can take steps to prevent the harm; and when the potential harm resulting from the breaching of confidentiality is minimal and acceptable (Table 5).
When most or all of these criteria are met, the overall harm to the person at risk is greater than the harm to the patient that would result from overriding confidentiality.
ANGELOS: When it comes to sexually transmitted diseases such as HIV/AIDS, individual practitioners will certainly want to encourage the patient to disclose a new diagnosis with a sexual partner. However, the physician has no duty to warn an endangered third party who might be at risk.
In Illinois, physicians have the privilege of warning an endangered third party. In other words, if the physician feels that there is imminent risk to a third party and that person is available at the hospital, the physician has the option to warn this person of the patient’s diagnosis. By law, this is not a breach of confidentiality; however, it would certainly place a significant impediment in the doctor-patient relationship. There is no duty on the part of the physician to seek out the patient’s sexual contacts.
MCGRATH: Occasionally we suspect that older patients, particularly those who are becoming frail, are being treated poorly. Do the same standards for reporting that type of abuse apply, or would you be justified in protecting the confidentiality of those patients?
HANLON: As the elder population grows exponentially, so does the possibility of abuse by caregivers in institutions or even at home. These caregivers are often driven almost to distraction and may abuse the patients, either voluntarily or involuntarily, by restraining them.
Falls are the greatest problem for older people in institutions. Bruises, which in small children may strongly suggest abuse, may in older people be the result of falls. The physician is responsible to discern whether bruises and other evidence of damage may be the result of abuse. So, suspect lesions ought to be reported, first to the institution and then, if that does not bring about changes, to the legal authorities. HIPAA does allow for this kind of reporting.461
When to Override Confidentiality
MCGRATH: Sometimes a surgeon feels that a patient who asks to have specific information withheld from the family is making an unwise decision about his or his own care. How would you proceed?
SIEGLER: If the patient specifically asks you not to discuss the matter with the family, that may take care of your decision. For example, during surgery a patient is found to have colon cancer metastatic to the liver. The patient has said, “Please don’t discuss that with my wife.” The wisdom of overriding confidentiality would depend upon whether there was a clear and imminent danger to the wife. Answer: no. In that case, I might respect the patient’s wishes.
MCGRATH: You open the unfortunate patient up and find metastatic disease. You go to the family waiting room and find the patient’s wife. Do you say, “I can’ t discuss it with you; ask your husband?” Or do you say, “Everything was fine?”
SIEGLER: Nobody has come to terms with this question. You can say, “The surgery, technically speaking, was a great success, but we’ll have to talk about the results with your husband.”
The best way to proceed might be to say to the patient before surgery—in a way that we almost never do—Who is going to be in the recovery room waiting for you? Is it all right with you if I talk to them?” The patient may say, “My son and my daughter-in-law.” You say, “May I speak with them?” and the patient says, “Sure.” In practice, I’m not sure even that step is normally taken.
MCGRATH: Under what conditions might you override a patient’s wish for nondisclosure?
SIEGLER: Let’s say a genetic test has found a patient has presymptomatic Huntington’s disease. He and his wife are thinking about having children. The patient asks that the wife not be informed of his diagnosis. In that case, I would consider the potential risk to the wife and future child to be great enough that I would be inclined to override the patient’s confidentiality.
McGRATH: I’d like to propose another scenario: a patient with a 5- or 6-cm abdominal aortic aneurysm who is in his 50s and in good health decides that he does not wish to undergo surgery. After discussion, he stands firm. Would you be justified in going to his family to discuss his decision?
ANGELOS: No. After I have discussed the risks with the patient, I would have encouraged the patient to talk about it with family members. But once the patient has made a decision, I would not consider it my role to go to the family and urge them to try to talk him into changing his mind.
If the patient specifically requested that I not share information with other family members, I would not do so. I might note the benefits to the patient of having communication among family members and how valuable that can be over time, but ultimately my relationship is with the patient.
The benefits of complying with the patient’s request are considerably greater than the risk of harming the patient by omitting the information from the chart.
SIEGLER: You could ask the patient, “May I have your permission to talk with your family?” and negotiate that with the patient. But if the patient ultimately refuses, I would do the same as Dr Angelos.
Case Study: Withhold Past Medical Data?
MCGRATH: Let’s return to our original case: the city official who wishes to have information omitted from his medical chart.
GEWERTZ: I would comply with the patient’s wishes.
HANLON: I would withhold the information, as requested.
ANGELOS: The past medical information is not relevant to the procedure that the patient is about to undergo. Given his request, I would omit that information.
SIEGLER: The benefits of complying with the patient’s request are considerably greater than the risk of harming the patient by omitting the information from the chart.
MCGRATH: Thank you for being so definitive in this discussion. It’s helpful to recognize that as physicians, we have latitude in some of these areas.