Ethics case study
Documenting sensitive information poses dilemma for physicians
- Previously published ethics case studies are available online.
- For additional ethics resources, visit the College's Center for Ethics and Professionalism
This is the 17th in a series of case studies with commentaries developed by the ACP Ethics and Human Rights Committee. The series elaborates on controversial or subtle aspects of issues not addressed in detail in the ACP "Ethics Manual" or in other position statements.
Dr. Myra Ross, a general internist, works for Omnicare, a large managed care organization in the Northwest United States. Omnicare provides health care on a contractual basis for the area's large military and civilian population.
Dr. Ross practices in one of Omnicare's primary care groups; she refers patients who need specialty care to several of the major medical centers in the community that have contracted with Omnicare. All medical records, including those of military personnel, are maintained in Omnicare's electronic database.
For the past two years Dr. Ross has been treating David Collins, a 39-year-old active duty Army officer, for mild hyperlipidemia. David is an intelligence officer who plans to retire from the military in three years and work for the State Department. He is an engaging, quick-witted man whom Dr. Ross has come to know well. She looks forward to his appointments as a break in the often monotonous clinic routine.
Today, as Dr. Ross enters the examining room, she notices that David is quiet and withdrawn. His posture is uncharacteristically slumped and his eyes, normally twinkling, are surrounded by darkened circles. He answers questions with monosyllabic responses and frequently asks Dr. Ross to repeat her questions.
Dr. Ross comments on David's unusual demeanor and asks if there is anything he would like to discuss. At first he stumbles, but soon reveals that a loved one has recently died. Upon further inquiry, David confesses that the "loved one" was his male companion with whom he had shared a relationship for the past 12 years.
His companion died in an auto accident four months ago. David, aware of the Army's policy on same-sex relationships, feels he must remain silent to his supervisors about his loss. David tells Dr. Ross that if he disclosed his situation to his supervisor, he could forfeit his current position (and perhaps his pension) and would almost surely jeopardize future employment at the State Department. In fact, he has spoken to no one about this loss.
He expresses relief that he can finally unburden himself to Dr. Ross because she is a civilian physician. He explains that he has experienced changes in his weight and appetite, felt excessive guilt and experienced intrusive passive suicidal ideation.
Dr. Ross diagnoses a major depressive disorder and feels that David would most benefit from both antidepressant medication and psychotherapy. David, however, flatly refuses the latter. "Doctor," he says, "there is no way my command wouldn't find out that I'm seeing a 'shrink.' It would destroy my career. It's all I have left."
Dr. Ross tries to assure David that the medical record is confidential and that his supervisors are not routinely entitled to information in it. David shakes his head sadly and lets out a sigh. "Doctor, I can't believe you are so naive," he says. "I'm in Army intelligence. I can promise you there are 10 ways I could breach the confidentiality of the medical record system right now if I wanted."
Although David agrees to try an antidepressant and to see Dr. Ross more frequently, he asks her to refrain from writing anything about the depression in his chart. He also asks her to write his prescription on a paper pad and not enter it into the computer system as she would ordinarily. Finally, David says he will pay for the medication himself rather than risk having a record of it in the Omnicare's prescription benefit database.
Dr. Ross knows she has an obligation to protect David's sensitive personal and medical information; she believes wholeheartedly that medical records should be kept confidential. However, she also believes David is justified in his skepticism about how well confidentiality is safeguarded. Nevertheless, she is uncomfortable prescribing a psychotropic medication without at least some note of it in the record. On the other hand, she fears that David will object to the treatment if she insists on even the barest of documentation. Untreated, he could very easily become much more depressed, even suicidal.
How should Dr. Ross proceed? Does she have an obligation to record the content and clinical plan of this clinic visit?
The question posed in this case is whether physicians are required ethically and/or legally to record information that could, due to an increasingly accessible medical record, harm the well-being of patients. Inability to guarantee the confidentiality of sensitive and potentially harmful information strikes at the core requirement of the doctor-patient relationship: trust. Without trust, patients do not feel that they can disclose intimate and potentially embarrassing and/or damaging details of their lives that physicians need to diagnose and treat effectively.
Medical records are maintained primarily for the purpose of documenting and planning patient care.1 Increasingly, however, information contained in medical records serves other functions that range from review for reimbursement to quality care assessment. Records may also constitute a physician's strongest defense in the course of malpractice litigation.2 The content of records is dictated by these various purposes and also may be prescribed by statute. However, as a basic principle, the kind and amount of information included in a record should be determined by what is essential for patient care. Accurate and complete information is necessary to ensure that patients receive appropriate care.
The American College of Physicians "Ethics Manual" states that while the actual chart is the property of the physician or institution, the information contained in the chart is the property of the patient.3 The right of privacy, defined as the right of individuals to limit access by others to some aspect of one's person, includes information contained in medical records. 4 Therefore, "informational privacy" entails the right of an individual to control the dissemination and use of information that relates to himself or herself. 5 Also, information disclosed in the course of a relationship between a patient and a physician is deemed confidential; this encourages patients to seek medical care and to discuss their problems candidly. 3 The confidential nature of information shared in the course of physician-patient relationships is also meant to protect patients from harm that may result from information being used indiscriminately. 5
Medical confidentiality is not, however, absolute.3 Patients commonly sign waivers that authorize the disclosure of information in their medical records. More problematic, however, are instances where a physician may have a duty to disclose certain information without a patient's consent. Such a breach of confidentiality may be warranted only if the welfare of third parties outweighs the need to protect the privacy of the individual patient, as in the case of communicable diseases, child abuse and knife or firearm wounds. Disclosure may also be required by law in the course of judicial proceedings.
In this case, notations of a psychiatric illness carry the risk of potential discrimination that could destroy the patient's current and future employment if the information is insufficiently protected. Bureaucratic rules in the military or civilian government theoretically may prohibit superiors from accessing medical records without cause or from using psychiatric diagnoses in and of themselves as reasons to dismiss or deny promotion. Nevertheless, patients like David are justified in their concern that individual administrators may have significant latitude in how strictly such rules are interpreted and applied.6 Neither physicians nor patients can assume that rules regulating the use of patient information will effectively stop potential breaches of confidentiality.
Clinicians have additional ethical obligations, primary among them the imperative "do no harm." An accurate medical record helps the health care team avoid unintended complications by alerting them to a patient's condition and current treatment. This is especially important during the inevitable episodes of cross-coverage. Significant depression such as David's is as potentially life threatening as many physical ailments; it must be detected and treated. Like other drugs, pharmacotherapies for depression carry the risk of significant side effects and may interact negatively with other medications. Failure to record significant diagnoses and therapies therefore puts patients at risk.
Because sensitive information regarding chronic medical problems can hurt individuals' ability to obtain insurance or even employment, the practice of keeping "double" records for patients like David has become widespread. Alternatively, some clinicians within health care teams have created "code language" to obscure the true content of clinical interactions. Unfortunately, such practices beg the larger issue, which is the inability of electronic databases to protect the confidentiality of medical records.
Clearly, the advent of electronic charting (particularly within large integrated health care organizations), large databases and computer prescription distribution has eroded the confidentiality of medical records. Already, the sale of data from these sources to insurers, private companies, government agencies and financial institutions has become widespread, much in the same way as credit information is exchanged.
In theory, information that is protected by the doctor-patient privilege does not lose its confidentiality by being incorporated into a computer record. 7 Additionally, the importance of confidentiality has been extended by a recent Supreme Court decision which declared that the communication between a patient and a psychotherapist was privileged. 8 Nevertheless, as David's own insight attests, no system of record keeping is completely immune to breaches of confidentiality. In fact, numerous lawsuits by HIV-infected patients and patients with other culturally stigmatized conditions have illustrated the legal consequences of unauthorized or illegitimate disclosure of information.
Legislation has been proposed to help protect the confidentiality of medical records in the computer age. One draft bill aims to establish uniform standards for handling medical records, set procedures for obtaining consent for disclosure and define who can view records and under what circumstances. However, many commentators claim that the primary intent is to facilitate the computerization of records, which could lead to an even greater flow of information. 9 The draft bill also includes several exceptions to the consent requirements and fails to address insider access to medical records, as in the case of staff members of a health care network or HMO. However, the legislation contains considerable penalties for infractions that may act as a deterrent. And although it is better known for making health insurance more portable, the Health Insurance Portability and Accountability Act, passed by Congress in August 1996, calls for security and confidentiality safeguards. Whether these will be sufficient in light of the increasing ability to exchange information remains questionable. 10
But legal recourse for wrongful disclosure may be of little value to David. For example, he might be asked to authorize access to his medical record at the time of a promotion, placing him in a situation where he could hardly refuse to grant it. Thus, his fear relates not only to accessibility, but also to the very content of the record.
David seems to have accepted the need for some form of treatment and is willing to pay out-of-pocket, but he has genuine concerns about details of his condition being described in his chart. Dr. Ross must emphasize to David the benefits of a complete and accurate record. She should describe how another physician might need details of his care in order to avoid harming him, including emergencies in which David might not be physically able to provide such information himself. Dr. Ross should also explain Omnicare's mechanisms (if they exist) that limit access to sensitive information such as mental illness. She can inquire if there is an additional level of security to access such data, whether there is a record of who accesses the information and if the system can identify attempts to violate access.
The two-year relationship that has evolved between Dr. Ross and David led him to reveal personal and intimate information that could jeopardize his employment if it were discovered by military personnel. Dr. Ross may wish to assure David that she will continue to hold his well-being and interest as paramount and emphasize that she wants to ensure he receives treatment for his depression. She can assure David that only essential data will be recorded. (For instance, his homosexuality is not relevant to therapy for depression and need not be mentioned in this context; only his grief need be noted.)
Furthermore, Dr. Ross should do all that she can to preserve the confidentiality of any information David provides. Finally, she should work with her colleagues to influence Omnicare's policies and contractual arrangement so that in the future she can help assure David and other patients that the confidentiality of their medical history is well protected by the systems to which they entrust their care.
Acknowledgments: The Ethics and Human Rights Committee would like to thank Cynthia Clagett, ACP Associate, Gail Povar, ACP Member, and Karine Morin, co-authors of the case history and commentary.
1. Bruce JAC. Privacy and Confidentiality of Health Care Information. Second edition. Chicago: American Hospital Publishing, 1988.
2. Privacy Protection Study Commission. Personal Privacy in an Information Society. Washington, D.C.: U.S. Government Printing Office, 1977.
3. American College of Physicians Ethics Manual, 3rd edition. Ann Intern Med. 1992; 117:947-60.
4. Gostin LO. Privacy and Security of Personal Information in a New Health Care System. JAMA. 1993; 270:2487-93.
5. Institute of Medicine. Health Data in the Information Age: Use, Disclosure and Privacy. Washington, D.C.: National Academy Press; 1994.
6. Howe E Jr. Uniformed Services University of Health Sciences, personal communication with Dr. G. Povar, June 18, 1996.
7. Cohen JD. HIV/AIDS Confidentiality: Are Computerized Medical Records Making Confidentiality Impossible? Software Law Journal. 1990; 4: 93-115.
8. Jaffee v. Redmond, No. 95-266, 1996 U.S. Lexis 3879 (US June 13, 1996). In general, legal matters require the gathering of all relevant evidence. However, some evidence is protected from disclosure in legal proceedings. Notably, this privilege is invoked to protect confidential communication between psychiatrists (or psychologists) and their clients. In the Jaffee decision, the U.S. Supreme Court held that such a privilege also applies to communications between licensed social workers and their clients in the course of psychotherapy.
9. Woodward B. Patients' Privacy at Risk. The New York Times. Nov. 15,1995.
10. Borzo G. Reform Law Boosts Electronic Records. American Medical News. Sept. 2, 1996.
Internist Archives Quick Links
What will you learn from your Annals Virtual Patient?
Annals Virtual Patients is a unique patient care simulator that mirrors real patient care decisions and consequences. CME Credit and MOC Points are available. Start off with a FREE sample case. Start your journey now.
Internal Medicine Meeting 2015 Live Simulcast!
Unable to attend the meeting this year? On Saturday, May 2, seven sessions will be streamed live from the meeting. Register for the simulcast and earn CME credit after watching each session. Watch it live or download for later viewing.