The AMA was founded in part to establish the first national code of medical ethics. Today the Code is widely recognized as authoritative ethics guidance for physicians through its Principles of Medical Ethics interpreted in Opinions of AMA’s Council on Ethical and Judicial Affairs that address the evolving challenges of contemporary practice.
Ensuring that the public is informed promptly and accurately about medical issues is a valuable objective. However, media requests for information about patients can pose concerns about patient privacy and confidentiality, among other issues.
Physicians have an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient. With rare exceptions, patients are entitled to decide whether and to whom their personal health information is disclosed.
In general, patients are entitled to the same respect for the confidentiality of their personal information after death as they were in life, with a few exceptions. Physicians have a corresponding obligation to protect patient information, including information obtained postmortem.
Physicians may obtain personal information about patients outside an ongoing patient-physician relationship. When conducting third-party assessments or treating work-related medical conditions, physicians have a responsibility to protect the confidentiality of patient information.
Information gathered and recorded in association with the care of a patient is confidential. Disclosing information to third parties for commercial purposes without consent undermines trust, violates principles of informed consent and confidentiality, and may harm the integrity of the patient-physician relationship.
In keeping with the professional responsibility to safeguard the confidentiality of patients’ personal information, physicians have an ethical obligation to manage medical records appropriately. This obligation encompasses managing the records of current patients, retaining old records against possible future need, and providing copies or transferring records to a third party when requested by the patient or the patient’s authorized representative.
Information gathered and recorded in association with the care of a patient is confidential, regardless of the form in which it is collected or stored.
When there is reason to believe that patients’ confidentiality has been compromised by a breach of the EMR, physicians have a responsibility to follow ethically appropriate procedures for disclosure. The degree to which an individual physician has an ethical responsibility to address inappropriate disclosure depends in part on his or her awareness of the breach, relationship to the patient(s) affected, administrative authority with respect to the records, and authority to act on behalf of the practice or institution.