Legal Aspects in Healthcare Administration Unit 4

Sikkim Manipal University Page No. 55

Unit 4 Informed Consent and Confidentiality
Structure:
4.1 Introduction
Objectives
4.2 Informed Consent
4.3 Professional Secrecy
4.4 Confidentiality in India
Exceptions
4.5 Electronic Medical Records
4.6 HIPAA
4.7 Summary
4.8 Terminal Questions
4.9 Answers

4.1 Introduction
In the previous unit you were introduced to medical ethics. You read about
the various medical ethics documents. You also got to read the Code of
Medical Ethics in India. Doctors are bound to inform their patients the
course of treatment and the risks involved, even before they render a crucial
medical care. In the same way, Doctors are bound to keep secret all
information acquired from a patient during the course of the treatment. It is
the moral and ethical duty of a doctor to maintain confidentiality about all
patient details. Breach in confidentiality is a serious issue and hospitals or
individual doctors can be sued for abandonment of this code of privacy.
Therefore, it is important for a healthcare administrator to understand the
various facets involved in the maintenance of confidentiality of patient
details.
Learning Objectives:
After you read this unit, you will be able to:
Explain about informed consent
State the importance of confidentiality between medical personnel and
patients.
Distinguish the situations wherein privileged communication is
permissible
Describe the implications of breaching confidentiality
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 56
4.2 Informed Consent
Informed consent is a process of communication between a patient and
physician that results in the patient's authorization or agreement to undergo
a specific medical intervention. It is based on the principle of patient
autonomy and is the cornerstone of ethics in patient care and clinical trials.
A patient has a legal and an ethical right to make a decision on what
happens to his or her body. Informed consent empowers patients to be
actively involved in making decisions concerning their own medical care; the
doctor, thereby, guides the patient in making a rational decision. If a
treatment regimen / procedure is performed without informed consent, it can
be considered as battery and assault.
The essential points that need to be communicated to the patient while
obtaining informed consent are as follows:
Diagnosis / differential diagnosis
The nature of the chosen treatment and its risks and benefits
Alternative treatment options available
Risks and benefits of not receiving or undergoing a treatment or
procedure.
The procedure for informed consent should include a session wherein the
patient is given the opportunity to clarify his doubts and get a better
understanding of the treatment or procedure, so that he or she can make an
informed decision and give consent accordingly.
For consent to be valid the patient must be considered competent and the
consent should not be obtained under coercion. One must take added care
if the patient is under undue stress during illness, anxiety and depression or
is incoherent. If the patient is deemed incompetent to give his/ her informed
consent, it should be obtained from a legal guardian.
At this juncture, one may contemplate whether a doctor can perform a
procedure in the absence of consent in the best interests of the patient. In
medical emergencies, the victim maybe unconscious or severely injured and
unable to give consent; at his time, if the hospital personnel may also be
unable to trace a guardian to give consent. In such situations, consent is not
implied but often, to save a patients life, consent has to be presumed.

Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 57
Landmark Cases
Sidway v. Board of Governors of the Royal Bethlehem Hospital (1985)
The patient underwent surgery for chronic backache but this resulted in
damage to the spinal cord which led to paralysis. She then sued the hospital
for not giving her prior information about the risk of paralysis as a
consequence of the surgery. In this case, the court ruled in favor of the
surgeon as the risk of paralysis was less than one per cent and a credible
group of peers and contemporaries stated that the consent obtained by the
supposedly negligent surgeon was sufficient.
Dr Thomas v Smt. Elisa, AIR 1987
In this case, the patient had perforation of the appendix which led to severe
peritonitis that was left unoperated by the doctor as the patient was not in a
condition to give consent and there was no legal guardian / relative
available. The court ruled that it is the doctors ethical and legal duty to treat
the patient to best of his ability.
From the above cases it is evident that patient education is a key factor in
progressing towards making informed consent a mandatory norm. Increased
public awareness should be targeted through the dissemination of
educational leaflets and audio-visual material to the patient population.
Another crucial factor is documentation of all relevant events. Good
documentation can be produced as written evidence in a legal proceeding to
demonstrate that consent was actually taken.
In this regard, it is important to ensure that the hospital has a well-designed
and carefully structured format for informed consent forms. These forms
should include details that can actually be understood by a layperson and
not just involve legal terminology and official language. Communication
between the hospital personnel and patients and their attendants must be
clear at all times. This is dual purpose in that it keeps the patient well
informed and also reduces the apprehension formed in the mind of treating
doctors and other hospital staff.

4.3 Professional Secrecy
A doctor-patient relationship is termed Fiduciary as it is built on a
foundation of trust between the doctor and the patient. However, this is not
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 58
an absolute duty and there are certain exceptional cases wherein a doctor is
required to reveal patient information in the larger interests of society.
Medical records are essential documents in providing and financing health
care and ensuring its proper delivery. These records are very relevant to
patients employers, public health agencies, medical researchers,
educational institutions and for legal purposes. Insurance agencies utilize
patient data for claims payment - review, underwriting and coverage
decisions. Employers of afflicted patients use health data to reduce their
health care compensation costs, as well as to identify employees who may
be costly in the future. Health care providers use the data for research, to
collect reimbursement, coordinate diagnosis and treatment, conduct quality
assurance and monitor other providers.
Professional secrecy is an implied term of contract between the doctor and
his patient. The doctor is obliged to keep secret; all that he comes to know
concerning the patient in the course of his professional work. Its disclosure
would be a failure of trust and confidence. The patient can sue the doctor for
damages if the disclosure is voluntary, has resulted in harm to the patient
and is not in the interest of the public.
The following points may be noted:
Even in reporting a case in any medical journal, care should be taken
those patients identity is not revealed from the case notes or
photographs.
In the examination of the dead body certain facts may be found, the
disclosure of which may affect the reputation of the deceased or cause
of mental suffering to his relatives, and as such, the doctor should
maintain secrecy.
Self Assessment Questions:
1. ___________________ is a process of communication between a
patient and physician that results in the patients authorization or
agreement to undergo a specific medical intervention.
2. State true or false: A patient has a legal and ethical right to make
decision on what happens to his or her body.
3. What are the elements that need to be communicated to the patient
while obtaining informed consent?
4. Explain any one landmark case on informed consent.
5. A doctor-patient relationship is termed __________________.
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 59
4.4 Confidentiality in India
The law in India on confidentiality rests largely on case of Dr X vs.
Hospital Z. This case involved illegal disclosure of HIV status by a hospital
to the betrothed of a HIV positive man.
A doctor is not at liberty to disclose to anyone, the information regarding his
patient, gathered during the course of treatment. However, in the above
case, the Supreme Court ruled that such disclosure was permissible in
situations where there is an immediate risk or future health risk to others.
The Court held that a person suffering from communicable disease is
morally and legally obliged to reveal the nature of his health status to the
woman he intends to marry.
The Supreme Court held that the confidentiality in this case as it involves a
higher public interest or duty. Confidentiality is a right that is granted to the
patient and is essential to that the patients consent is obtained before any
pertinent information is revealed.
4.4.1 Exceptions
All medical professionals are sworn to secrecy and obliged to maintain
confidentiality according to the Hippocratic Oath. Therefore irrespective of
geographical distinctions, it is the duty of the doctor to guard his patients
details as a secret. However, there are certain cases where the duty to
confidentiality may be breached. They are as follows:
With consent of the patient: A doctor is at liberty to disclose a patients
details to a third party if the patient permits him to do so. However, this
poses a difficulty in cases of minors, patients who are mentally
incompetent and the deceased. In these situations it becomes a bigger
dilemma for a doctor to decide if it is appropriate to divulge patient
information as it is not possible to take consent from the above types of
patients.
Infectious disease: if the patient suffering from an infectious disease he
should be persuaded to leave the job until he becomes non-infectious. If
the patient refuses to accept the advice, the doctor can inform the
employer about the illness of the patient.
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 60
Employees and Servants: if the patient is suffering from epilepsy, high
blood pressure, alcoholism, night blindness or drug addiction, then, the
doctor may inform the employer.
Venereal diseases: if a patient is suffering from syphilis and is about to
marry, then, the doctor can disclose the syphilitic condition of the patient
to the women concerned.
Suspected crime: Information should immediately be given by the
doctor to the nearest Magistrate or police officer of such commission or
intension (S 39, CrP.C). If a doctor treats a person suffering from
gunshot or stab wounds he must inform the police.
Legal duty: A doctor may divulge a patients information if he is bound
by law to do so. This is applicable if the doctor has been summoned to
court as an expert witness. Refusal to do so may result in the doctor
being charged with contempt of court. A doctor is also legally expected
to disclose a patients information if the case is that of an infectious
disease or runs the risk of becoming an epidemic.
Notifiable Diseases: In some instances, a doctor is obliged to breach
his duty to confidentiality in the larger interest of the public. This is true if
a patient is suffering from a communicable disease and poses a serious
threat to society. Initially, the doctor should try convincing the patient to
voluntarily divulge the information about his condition. If the patient does
not comply, the doctor has a responsibility to inform and thereby prepare
the community.
Educational purposes: A doctor may describe a patients condition and
disease for the purpose of teaching students or to aid in conducting
medical research. For educational purposes it would suffice to discuss
the details of the disease and symptomatology of the patient without
having to divulge the identity of the patient. It is also accepted if a doctor
similarly shares patient details with his colleagues, nursing staff or other
personnel connected with treatment of the patient.
In the Patients interest: If the doctor deems that it is for a justifiable
cause, he may disclose patient details to the patients family members. It
is not assumed for granted that spouses have the right to know this
information, neither are parents automatically privy to an adult childs
confidential medical details.
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 61
However, even in the above-mentioned exceptions, a doctor should disclose
only that information which is relevant and not all the details regarding the
patient i.e. The doctor is required to disclose patient information only on a
need to know basis.
In India, the laws regarding confidentiality are yet to be enforced stringently.
This is a matter which needs to be attended to urgently in the light of
emergent issues such as HIV and the need for confidentiality.

4.5 Electronic Medical Records
Nowadays, medical data is collected, stored, analyzed and distributed and
put to diverse uses. Computerized medical information must be stringently
protected in order to maintain patient privacy at all times. Every hospital
must specify in its policy as to how this data may be used and to whom such
information can be released.
In the performance of clinical research, electronic records can be used to
source non-identifiable patient data for epidemiologic studies. Password
security is generally the system applied for user authentication, but standard
password access controls do not prevent insider threats and are not helpful
when authentication has been compromised.
Electronically maintained records offer very convenient and widespread
access to patients details and this can be misused if not maintained
securely by trustworthy personnel. One must keep in mind that this is also
applicable to paper records. The latter, however, do not facilitate accurate
audit trail of who has seen the record and what portions of the record were
accessed. Paper records can be easily tampered with, but an electronic
document signed with an encrypted digital signature cannot be changed as
easily. Electronic records can be viewed by multiple users across various
locations simultaneously, however, paper based records can only be seen in
one place at a time, whereas the same information in electronic format can
be available to multiple users simultaneously.
With the rapid integration of technology with healthcare, telemedicine is
gaining prominence. Telemedicine provides a gateway for patients at
remote locations to access advanced clinical care standard. This is based
on advanced systems of communication that are used to transmit patient
details and other healthcare information in between patients and medical
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 62
care providers who are at great distances from each other. As patient
information has to go through various channels of communication before
reaching the doctor, it is made privy to many eyes and hence, there is a risk
of invasion of privacy.

4.6 Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) of 1996
brings about significant changes in the legal and regulatory environments
governing the provision of health benefits, the delivery and payment of
healthcare services, and the security and confidentiality of health
information. The federal Health Insurance Portability and Accountability Act
(HIPAA) sets a national standard for privacy of health information from April
14, 2003. HIPAA aspires to standards for the privacy of the health
information of all individuals.
The Hippocratic Oath, Declaration of Geneva and International Code of
Medical Ethics strive to ensure that the highest standards of patient
confidentiality are maintained. However, HIPAA is a step higher than these
documents and it stringently safeguards patients from inappropriate
exposure of their medical records. It prevents exploitation of individual
medical records but it is yet to lay restrictions on provision of these records
freely to public health authorities for research and community practice of
medicine.
There are two major aspects covered under this Act:
Provisions for health insurance reform
Requirements for administrative simplification
The following guidelines have to be followed if one desires to achieve
HIPAA compliance:
Educate patients of their rights to privacy
Inform patients on how their health information is used
Implement policies that support the uniform standards set forth by the
government
Train all personnel about the new policies and procedures
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 63
The main requirements that need to be complied with under HIPAA are
as follows:
1. Standardization of electronic patient health, administrative and financial
data
2. Unique health identifiers for individuals, employers, health plans and
health care providers
3. Security standards protecting the confidentiality and integrity of
"individually identifiable health information," past, present or future.
It applies only to medical records maintained by health care institutions
wherein the records are maintained and transmitted in electronic form. The
Act states that all healthcare providers must provide their patients with a
copy of the Privacy Rule, which governs how an individuals personal health
information may be used for treatment, payment, or other health care
operations.
Self Assessment Questions
6. What is the disadvantage of using e-medical records?
7. Dr. X v/s Hospital Z is based on ____________ infection.
8. Venereal diseases are an exception to the rule of confidentiality. State
whether True or False.
9. Is it unethical for a doctor to divulge relevant patient details in a court
of law?
10. What is the full form of HIPAA?

4.7 Summary
It is essential to inform patients about the care that would be rendered to
them. This helps them to be an active participant in making healthcare
decisions. Confidentiality is one of the most primary rights of patients.
Medical information and patient details are sensitive in nature and need to
be scrupulously protected. Healthcare personnel need to be up-to-date on
the principles of confidentiality. However, there are certain situations where
it is permissible to reveal patient information but discretely. With the advent
of electronic medical records and telemedicine, there is a need for
meticulously monitoring and specific regulations. Therefore, there are
constant revisions in the existing regulations and guidelines and newer ones
Legal Aspects in Healthcare Administration Unit 4
Sikkim Manipal University Page No. 64
are being framed specifically to ensure confidentiality in all aspects of
healthcare.
Glossary:
Health insurance: This is an insurance that pays for healthcare bills.
Electronic patient record: Computerized patient record.
Notifiable diseases: Reportable disease condition

4.8 Terminal Questions
1. What is professional secrecy?
2. Discuss the case of Dr. X v/s Hospital Z.
3. What are the exceptions to the rule of confidentiality?
4. Write a note on Electronic Medical Records.
5. What is the relevance of HIPAA in confidentiality?
6. Explain Informed consent.

4.9 Answers
Self Assessment Questions
1. Informed consent
2. True
3. Refer 4.2
4. Refer 4.2: landmark cases
5. Fiduciary
6. Refer 4.5
7. HIV
8. True
9. No
10. Health Insurance Portability and Accountability Act
Terminal Questions
1. Refer 4.3
2. Refer 4.4
3. Refer 4.4.: exceptions to confidentiality
4. Refer 4.5
5. Refer 4.6
6. Refer 4.2