|
professional
codes, data protection obligations of
Providers’
"information obligations" are routinely traced back
to the Oath
of Hippocrates, constructed sometime between the sixth
century BCE and the first century CE. It enjoins that what
is seen or heard in the course of treatment be kept to oneself
and not "spread abroad."
Ethical codes of
the nineteenth century such as Thomas Percival’s continue
the Hippocratic tradition, promulgating a physician’s
obligation of "secrecy and delicacy" regarding information
obtained in the "familiar and confidential intercourse"
of a professional visit.
Modern examples
include the current American
Medical Association Principles of Medical Ethics, which
requires that practitioners "shall safeguard patient
confidences and privacy within the constraints of the law."
The American
College of Physicians Ethics Manual includes confidentiality
among its "fundamental tenet[s] of medical care."
Strictly speaking,
the Hippocratic oath and its progeny apply only to physicians.
But almost all of the other health care professions, such
as nursing and psychology, have analogous professional norms
and codes. So do most of the organizations representing allied
health professionals. So do groups representing health information
specialists, such as AHIMA/HIMSS.
The
American
Hospital Association Patient Care Partnership (which replaces
the AHA Patient's Bill of Rights) states that patients are
entitled to "respect [for] the confidentiality of your
relationship with your doctor and other caregivers, and the
sensitive information about your health and health care that
are part of that relationship."
Managed care has
made matters vastly more complicated. In a world where medical
information exchange is common, and individual providers sometimes
have little control over downstream data uses, sorting out
confidentiality rules in actual practice can be more difficult
than ever.
Some areas of legally
mandated disclosure are still clear, particularly those related
to public health and safety (for example, communicable diseases,
gunshot and knife wounds). Ethical practices are less well
defined for the vast array of disclosures to secondary users
-- such as managed care evaluators, insurance companies, and
professional review bodies -- who by constraints of law, custom
or contractual arrangement are entitled to review patient
records.
Professional organizations
continue to grapple with the evolving parameters of privacy
and confidentiality in this new world. So do institutional
accreditation organizations, such as the Joint Commission
on the Accreditation of Healthcare Organizations (JCAHO) and
the National Committee on Quality Assurance (NCQA). Federal
legislation like HIPAA, and the
state data protection laws with which it coexists, set some
of the norms of information handling in new ways as well.
See also:
|
