Confidentiality and Risk of Harm
Confidentiality remains an important, and very practical, consideration in medical practice. However, physicians have always recognized that there are situations where maintaining confidentiality can potentially harm the patient or others. For example, there are specific laws which have mandated physicians to breach confidentiality in a number of circumstances, ranging from reporting child abuse, to unfit drivers. At the same time, the Code of Ethics has always acknowledged that physicians may breach confidentiality if such could avoid a significant risk of harm. Such a situation may arise when a patient communicates to a physician a direct threat regarding another individual. Alternatively, it may involve receiving information from law enforcement that an individual may pose a significant risk to others, including the public at large.
Nevertheless, physicians may remain concerned that they would be subject to an adverse action if they breach confidentiality in such circumstances. To avoid that concern, it has been a consistent College policy to decline to accept as a complaint when an individual is alleging that the physician’s action, in breaching confidentiality, impeded the patient from an illegal or improper purpose.
Hence, the best advice to physicians has always been to weigh the risks of harm of disclosure or nondisclosure based on whatever information is available. In some cases, time may allow the physician to seek advice from the College, and other sources, such as the Canadian Medical Protective Association, in order to come to a conclusion. However, there are circumstances where decisions on these matters have to be made quickly.
Questions have been raised about the impact of recent Personal Health Information legislation, specifically the Personal Health Information Protection and Access Act (PHIPPA). Fortunately for members, the legislation does articulate a similar risk assessment to that which physicians have always been expected to consider.
39 (1) A custodian [hospital, physician, other health professional] may disclose personal health information without the consent of the individual to whom the information relates if the custodian reasonably believes that disclosure is required
(a) to prevent or reduce a risk of serious harm to the mental or physical health or safety of the individual to whom the information relates or another individual, or
(b) to prevent or reduce a risk of significant harm to the health or safety of the public or a group of people, the disclosure of which is clearly in the public interest.
At the same time, PHIPPA also contains provisions which limits any civil liability for a physician either disclosing, or declining to disclose, as long as such is done in good faith.
In the end, Council expects physicians to do the best they can in weighing the potential risks of harm from any particular course of action. These situations will vary. Sometimes important information may be communicated directly from law enforcement. At other times, the situation may speak for itself. For that reason, it is impossible to specify a response to all situations. In some cases, disclosing certain information will have an adverse effect on a patient but still help avoid significant harm to others. In other circumstances, the situation may be less clear. The best general advice that Council can provide is for physicians to always go back to the profession’s first principles and strive to avoid causing harm wherever possible.