Five Exceptions to Patient Confidentiality

COURTNEY KIMMELL; DAVID J. SATIN

Maintaining confidentiality is critical to patient trust, but there are common situations when the law permits or even requires the sharing of patient information.

COURTNEY KIMMELL, AND DAVID J. SATIN, MD

Fam Pract Manag. 2025;32(2):25-31

This content conforms to AAFP criteria for CME.

Author disclosures: no relevant financial relationships.

The HIPAA Privacy Rule protects patients' health information by determining who can access it and how it can be used. While exceptions to the confidentiality rule exist, they are commonly buried in dense legal readings and minimized or excluded from HIPAA training.

The Hippocratic Oath captures the default position that our patients can trust us to keep their personal information private: “whatsoever I shall see or hear in the course of my profession … I will never divulge, holding such things to be holy secrets.” Yet the Hippocratic tradition combined with a cursory understanding of HIPAA can create unrealistic expectations about confidentiality for both clinicians and patients.

Physicians face situations every day in which patient information may need to be shared, but they (and their teams) may not understand when the law permits sharing, or even requires it. Although many of the exceptions to confidentiality are likely detailed in the paperwork patients sign as part of their consent to treatment, physicians may have an ethical duty in certain situations to personally educate patients before they disclose information that may be shared.

This article does not provide legal advice, because every situation is unique. Rather, it offers five categories of exceptions to patient confidentiality (discussed and summarized below) so that family physicians have a structured approach for appropriately disclosing information.

Reportable diseases A-Z. Minnesota Department of Health. Modified Sept. 27, 2024. Accessed Jan. 20, 2025. https://www.health.state.mn.us/diseases/reportable/index.html#NaN

National Notifiable Diseases Surveillance System. CDC Office of Public Health Data, Surveillance, and Technology. Updated Nov. 20, 2024. Accessed Jan. 30, 2025. https://www.cdc.gov/nndss/about/index.html

Sachs CJ. Mandatory reporting of injuries inflicted by intimate partner violence. AMA J Ethics Virtual Mentor. 2007;9(12):842-845.

45 Code of Federal Regulations (CFR) § 164.510(b)(3), (b)(4).

English A, Ford CA. The HIPAA Privacy Rule and adolescents: legal questions and clinical challenges. Perspect Sex Reprod Health. 2004;36(2):80-86.

45 CFR § 164.502(a)(1), (f), (g)(3), (g)(5), (j).

Privacy, please: health consent laws for minors in the information age. California Health Care Foundation. January 2013. Accessed Jan. 30, 2025. https://www.chcf.org/wp-content/uploads/2017/12/PDF-PrivacyPleaseHealthConsentMinors.pdf

Sharko M, Jameson R, Ancker JS, Krams L, Webber EC, Rosenbloom ST. State-by-state variability in adolescent privacy laws. Pediatrics. 2022;149(6):1-13.

Etchells E, Sharpe G, Walsh P, Williams JR, Singer PA. Bioethics for clinicians: 1. Consent. CMAJ. 1996;155(2):177-180.

49 CFR § 391.43(a), (g)(5).

Medical review officers. U.S. Department of Transportation. Updated Sept. 24, 2024. Accessed Jan. 30, 2025. https://www.transportation.gov/odapc/mro

49 CFR § 40.327.

49 CFR § 40.163.

45 CFR § 164.512(b)(1)(i), (d), (f)(1)(ii), (f)(4), (g), (h), (i), (j), (k)(1), (k)(5).

Keim T. Physicians for professional sports teams: health care under the pressure of economic and commercial interests. Seton Hall Journal of Sport and Entertainment Law. 1999;9(1):196-225.

Testoni D, Hornik CP, Smith PB, Benjamin DK, McKinney RE. Sports medicine and ethics. Am J Bioeth. 2013;13(10):4-12.

Designated civil surgeons. U.S. Citizenship and Immigration Services. Updated Dec. 6, 2023. Accessed Jan. 30, 2025. https://www.uscis.gov/tools/designated-civil-surgeons

Medical history and physical examination: technical instructions for civil surgeons. CDC. Updated May 14, 2024. Accessed Jan. 30, 2025. https://www.cdc.gov/immigrant-refugee-health/hcp/civil-surgeons/medical-history-physical-examination.html

Instructions for report of immigration medical examination and vaccination record. Form I-693. U.S. Department of Homeland Security. Updated March 9, 2023. Accessed Jan. 30, 2025. https://www.uscis.gov/sites/default/files/document/forms/i-693instr.pdf

45 CFR § 164.506(c).

English A, Benson Gold R, Nash E, Levine J. Confidentiality for individuals insured as dependents: a review of state laws and policies. Guttmacher Institute and Public Health Solutions. July 2012. Accessed Jan. 30, 2025. https://www.guttmacher.org/sites/default/files/pdfs/pubs/confidentiality-review.pdf

HIPAA FAQs for professionals. U.S. Department of Health and Human Services. July 26, 2013. Accessed Jan. 30, 2025. https://www.hhs.gov/hipaa/for-professionals/faq/1040/may-a-medicaid-state-agency-share-information-to-identify-enrollees/index.html

Baker C, Galemore CA, Lowrey KM. Information sharing in the school setting during a public health emergency. NASN Sch Nurse. 2020;35(4):198-202.

Sharing health information with family members and friends. U.S. Department of Health and Human Services Office for Civil Rights. 2022. Accessed Jan. 30, 2025. https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/consumers/sharing-family-friends.pdf

Infectious diseases and circumstances relevant to notification of emergency response employees. U.S. Department of Health and Human Services, Centers for Disease Control and Prevention, National Institute for Occupational Safety and Health; March 2020. Accessed Jan. 30, 2025. https://www.cdc.gov/niosh/docs/2020-119/default.html

45 CFR § 164.404.

Rodriguez L. Message to our nation's health care providers. U.S. Department of Health and Human Services Office for Civil Rights. Jan. 15, 2013. Accessed Jan. 30, 2025. https://www.hhs.gov/sites/default/files/ocr/office/lettertonationhcp.pdf

Black L. Physicians' legal responsibility to report impaired drivers. AMA Journal of Ethics Virtual Mentor. 2008;10(6):393-396.

Continue Reading

More in FPM

More in PubMed

Subscribe

Issue Access

Article Only

Continue Reading

More in FPM

More in PubMed