Improve the health of the people of Wisconsin by supporting and strengthening physicians' ability to practice high-quality patient care in a changing environment.

Policy Compendium

Policy Compendium Home

View Practice, Organization & Interprofessional Policies

MER-009: Confidentiality

Confidentiality: The Wisconsin Medical Society (Society) supports the following statement with regard to confidentiality:

  • The following formulation is intended as an ethical guide regarding the obligation on the part of individuals working in health care occupations to respect the confidentiality of medical information gathered in the course of their work.
  • It is assumed that where necessary and appropriate, various aspects of this statement are congruent with existing state and federal law. But it is also assumed that ethical obligations may in some instances be independent of laws and legal formulations. It is necessary that such ethical statements be cast in commonly understandable language, and not only in the complex constructions used in law.
  • The professional obligation to hold health and illness disclosures in confidential trust is ancient. Hippocrates said: “And whatsoever I shall see or hear in the course of my profession in my intercourse with men, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.”

In cognizance of the preceding considerations, the Society endorses the following viewpoint and procedures:

  • Physicians are bound to respect the confidentiality of medical information regarding individual patients with limited exceptions such as threats of violence to others or self, evidence of child abuse, etc. Physicians are also bound to monitor and encourage similar regard for non-disclosure of medical information on the part of other health-care workers and overall health-care systems.
  • Extraordinary measures to preserve secrecy of medical data are not expected or required. Medical records shall not be considered “top secret” in the manner of national security information, but continuing scrutiny of the health system records is expected of physicians along with reasonable remedial actions when potential breaches in confidentiality are apparent to the practitioner.
  • Physicians and health care systems are not considered responsible for self-disclosure of ordinarily confidential information on the part of the patient, nor shall the physician or care system be considered responsible for disclosures made by fellow-patients coincidentally aware of medical information regarding another patient.
  • Sharing of confidential medical information with duly appointed guardians or parents of minor children shall be considered ethically proper with certain exceptions provided in law, such as the diagnosis and treatment of sexually transmitted diseases or alcohol and other drug abuse.
  • Physicians and other health-system workers should offer patients an explanation of the boundaries of the exchange of confidential medical information among physicians and other health-system workers within a particular hospital, clinic, or health-care system upon request. Such exchange within a system should be limited to legitimate participants with functional needs to know confidential medical data. Patients should also know that all participants in their health care are aware of the expectation of confidentiality.
  • The direct sharing of individual medical data with other physicians or health care workers within the same hospital or system is limited to “need-to-know” situations such as those in relation to consultation requests or team approaches to care of a particular patient. Incidental acquisition of medical information such as a patient’s trip to surgery, observation of x-ray procedures, laboratory results, or even knowledge of a hospital admission obliges all hospital or health care workers to non-disclosure without the patient’s permission. Physicians in particular are expected to refrain from unauthorized examination of medical records on the basis of mere curiosity about a particular or former patient’s condition.
  • The qualifications of treatment reviewers, for whatever reasons a review of medical care might be conducted, shall not be withheld from the patient whose care is reviewed upon the patient’s request. This shall apply even in situations where the identity of the patient is kept anonymous to the reviewer.
  • Health care organizations are expected to periodically conduct educational sessions for all employees, even those with remote or infrequent opportunity for contact with confidential patient data, to inform and remind them of the need and expectation of confidential regard even for incidentally acquired patient information. Employees should be made aware of potential penalties including possible discharge from employment.
  • Patients are entitled to release medical information to any parties they might designate including themselves, given a reasonable interval of time for duplication and mailing. With the patient’s knowledge, the physician shall determine which information to release in a given instance, based on evidence relevant to the purpose at hand.
  • The preceding guidelines are assumed to apply to all data storage, retrieval, and transfer systems, particularly including computerized data systems.

This statement addresses medical ethics and is not intended to constitute legal advice. Where this statement appears to conflict with state or federal law, physicians may wish to consult qualified legal counsel to determine the best course of action. (HOD, 0412)