Medical privacy refers to a patient's right to have his or her medical information kept confidential. Medical privacy laws and regulations place limits on who exactly medical information can be shared with. Privacy within the medical field is also protected by doctor/patient confidentiality, which is a legally recognized privilege.
There are a number of reasons why medical privacy is important. Patients could fear discrimination on the part of family, friends or employers on the basis of having certain illnesses or diseases. People may also want to keep certain medical information secret for a variety of reasons, such as the need to avoid embarrassment or the desire not to have to speak about an illness to friends.
Medical privacy laws ensure that the patient is able to determine who to share his medical information with and when. In the United States, the Health Insurance Portability and Accountability Act (HIPPA) sets forth laws designed to protect the privacy of patients. There are numerous regulations and safeguards in place, dealing in part with keeping electronic records and in part with other types of disclosure.
Under HIPAA, a physician cannot reveal information about a patient's condition to anyone except the patient without the patient's consent. This means that a doctor cannot even reveal information to a spouse or parent or to the police in the event of a crime. The patient will either need to consent that the doctor may share information or the court, in the case of police, will need to issue a subpoena if extenuating circumstances are present.
Certain limitations exist on medical privacy. For example, a physician can share information with an insurance company if he needs to do so to get treatment approved. Generally, this also requires patient consent, although the patient may simply consent to general sharing of information and may not have to consent on each specific instance. Certain limited information can also be shared with collection agencies if a patient has unpaid medical bills, but this information is usually limited to the cost of treatments performed and cannot provide specific details about the medical services provided.
HIPAA also mandates safeguards for the electronic storage of patient records to ensure privacy. For example, HIPAA sets rules that dictate limited access to electronic records. HIPAA also has policies in place for breach of the privacy rules and reporting requirements in case health records or data is accessed by an unauthorized party.