Information gathered and recorded in association with the care of a patient is confidential. Patients are entitled to expect that the sensitive personal information they divulge will be used solely to enable their physician to most effectively provide needed services. Disclosing information to third parties for commercial purposes without consent undermines trust, violates principles of informed consent and confidentiality, and may harm the integrity of the patient-physician relationship.
Physicians who propose to permit third-party access to specific patient information for commercial purposes should:
- Only provide data that has been de-identified.
- Fully inform each patient whose record would be involved (or the patient’s authorized surrogate when the individual lacks decision-making capacity) about the purpose(s) for which access would be granted.
Physicians who propose to permit third parties to access the patient’s full medical record should:
- Obtain the consent of the patient (or authorized surrogate) to permit access to the patient’s medical record.
- Prohibit access to or decline to provide information from individual medical records for which consent has not been given.
- Decline incentives that constitute ethically inappropriate gifts, in keeping with ethics guidance.