Skip to main content
Chapter 3
Chapter 3

Privacy, Confidentiality & Medical Records

Protecting information gathered in association with the care of the patient is a core value in health care.


Patient privacy encompasses a number of aspects, including personal space (physical privacy), personal data (informational privacy), personal choices including cultural and religious affiliations (decisional privacy), and personal relationships with family members and other intimates (associational privacy).
Opinion 3.1.1

Privacy in Health Care

Respecting patient privacy is a fundamental expression of respect for patient autonomy and a prerequisite for trust. Patient privacy includes personal space (physical privacy), personal data (informational privacy), personal choices, including cultural and religious affiliations (decisional privacy), and personal relationships with family members and other intimates (associational privacy). Physicians must seek to protect patient privacy in all settings to the greatest extent possible.
Opinion 3.1.2

Patient Privacy & Outside Observers to the Clinical Encounter

When individuals who are not involved in providing care seek to observe patient-physician encounters, physicians should safeguard patient privacy by permitting such observers to be present only when the patient has explicitly agreed to the presence of the observer(s), the presence of the observer will not compromise care, and the observer has agreed to adhere to standards of medical privacy and confidentiality.
Opinion 3.1.3

Audio or Visual Recording Patients for Education in Health Care

Audio or visual recording of patients can be a valuable tool for educating health care professionals, but physicians must balance educational goals with patient privacy and confidentiality. Physicians also have an obligation to ensure that content is accurate and complete and that the process and product of recording uphold standards of professional conduct.
Opinion 3.1.4

Audio or Visual Recording of Patients for Public Education

Audio or visual recording of patient care for public broadcast is one way to help educate the public. However, physicians have an obligation to protect patient interests and ensure that professional standards are upheld. Physicians also have a responsibility to ensure that information conveyed to the public is complete and accurate.
Opinion 3.1.5

Professionalism in Relationships with Media

Ensuring that the public is informed promptly and accurately about medical issues is a valuable objective. However, media requests for information about patients can pose concerns about patient privacy and confidentiality, among other issues.


Patients need to be able to trust that physicians will protect information shared in confidence.
Opinion 3.2.1


Physicians have an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient. With rare exceptions, patients are entitled to decide whether and to whom their personal health information is disclosed.
Opinion 3.2.2

Confidentiality Postmortem

In general, patients are entitled to the same respect for the confidentiality of their personal information after death as they were in life, with a few exceptions. Physicians have a corresponding obligation to protect patient information, including information obtained postmortem.
Opinion 3.2.3

Industry-Employed Physicians & Independent Medical Examiners

Physicians may obtain personal information about patients outside an ongoing patient-physician relationship. When conducting third-party assessments or treating work-related medical conditions, physicians have a responsibility to protect the confidentiality of patient information.
Opinion 3.2.4

Access to Medical Records by Data Collection Companies

Information gathered and recorded in association with the care of a patient is confidential. Disclosing information to third parties for commercial purposes without consent undermines trust, violates principles of informed consent and confidentiality, and may harm the integrity of the patient-physician relationship.

Medical records

Medical records serve important patient interests for present health care and future needs, as well as insurance, employment and other purposes.
Opinion 3.3.1

Management of Medical Records

In keeping with the professional responsibility to safeguard the confidentiality of patients’ personal information, physicians have an ethical obligation to manage medical records appropriately. This obligation encompasses managing the records of current patients, retaining old records against possible future need, and providing copies or transferring records to a third party when requested by the patient or the patient’s authorized representative.
Opinion 3.3.3

Breach of Security in Electronic Medical Records

When there is reason to believe that patients’ confidentiality has been compromised by a breach of the EMR, physicians have a responsibility to follow ethically appropriate procedures for disclosure. The degree to which an individual physician has an ethical responsibility to address inappropriate disclosure depends in part on his or her awareness of the breach, relationship to the patient(s) affected, administrative authority with respect to the records, and authority to act on behalf of the practice or institution.