Patient Confidentiality

It’s Everybody’s Job, Not Everybody’s Business


As a healthcare worker, you may see and hear confidential information on the job. You can get so accustomed to being around this kind of information that it’s easy to forget how important it is to keep it private.

Privacy is a basic right in our society. Safeguarding that right is your ethical and legal obligation. Patients have a fundamental right to privacy that is governed by law. The Centers for Medicare and Medicaid Services or CMS, the Health Insurance Portability and Accountability Act or HIPAA, and the Standards for Privacy of Individually Identifiable Health Information protect the confidentiality of patient information.

What Is Confidentiality?

Patient confidentiality is a conscious effort by every healthcare worker to keep private all personal information revealed by the patient while receiving healthcare. It may include:

As a healthcare worker, you may see and hear confidential information on the job. You can get so accustomed to being around this kind of information that it’s easy to forget how important it is to keep it private.

Privacy is a basic right in our society. Safeguarding that right is your ethical and legal obligation.

  • Personal identity
  • Physical or mental health condition
  • Type of healthcare provided
  • Payment of care provided

Patients must be given written notice of their rights to privacy of health information as well as how that information will be used and disclosed. They have the right to file a grievance if they believe these rights have been violated. You must protect and promote these rights at all time.

When Is Trust Broken?

The bond of trust between the patient and the healthcare staff must not be broken or compromised in any way at any time. When patients do not trust healthcare workers to protect their privacy, they may:

  • Be hesitant to seek care
  • Not divulge sensitive or vital information needed to provide proper care

Indeed, dire consequences have resulted when healthcare workers failed to protect patients’ privacy. Failure to protect patient privacy
has caused patients to:

  • Lose jobs
  • Suffer false rumors
  • Lose insurance coverage
  • Become estranged from friends and family
  • Lose custody battles
  • Be harassed by the media

Who Is Responsible?

As a healthcare worker, you are obligated to protect patient confidentiality whether you work in a hospital, ambulatory care clinic, long-term care facility, home health agency, rehabilitation center, hospice or any other type of healthcare institution.
All healthcare workers are responsible for patient confidentiality, from nurses and physicians, to maintenance workers and housekeeping staff, to interns and volunteers. In general, those responsible include:

  • Anyone who cares for and consults with patients at or for your organization
  • Anyone who hears conversations about patients
  • Anyone who has access to patient information

In addition to regulating your own behavior with regard to confidentiality, you are responsible for monitoring the behavior of others — such as co-workers, visitors and patients.

Limiting Access

To protect confidentiality, medical information should be accessible only to those who “need to know” in order to deliver effective care.
Some guidelines:

  • Only share patient information with other healthcare workers on a “need-to-know” basis. Never share written or spoken patient information with strangers or anyone else without prior written consent from the patient. Even a patient’s family members may not be privy to patient information.
  • In the case of an un-emancipated minor, the release of information must include written consent from the parent or guardian. Follow your facility’s policy.
  • Never discuss confidential patient information where others can overhear your conversation, such as hallways and elevators.
  • You are obligated to protect the privacy of a patient when you see a breach occurring. Report breaches of confidentiality to someone who can advocate for the patient, such as a nurse on that unit or the designated privacy officer.

The Department of Health and Human Services issued guidelines to protect the rights of patients to keep their medical records private — called Standards for Privacy of Individually Identifiable Health Information. Centers for Medicare and Medicaid (CMS) and the Health Insurance Portability and Accountability Act (HIPAA) also govern patients’ rights to confidential health information. Patients have the right to access their records in a reasonable time, review them for accuracy and have their comments included for the record. Patients may request restrictions on disclosure of certain information and to file a grievance if they believe these right have been violated.

Be On Guard

Your responsibility for protecting patient confidentiality doesn’t end with your work shift. Be on guard against divulging confidential information when in an informal atmosphere or social setting. If asked about confidential matters, a simple reply such as, “I’m sorry, that information is confidential,” is appropriate.

Exceptions To The Rule

Certain situations allow for disclosure without prior written permission, including:

  • Verifying medical claims filed under Medicare, Social Security Disability or similar programs
  • Verifying Worker’s Compensation claims
  • Subpoenas for lawsuits or criminal trials
  • Release for law enforcement purposes
  • Accreditation by JCAHO or other agencies

Your institution has specific guidelines for you to follow when providing information under these special circumstances.

Safeguarding Records

Medical records are extremely confidential and should always be kept in a secured location. Patients have the right to access their records in a reasonable time frame, review them for accuracy and have their comments included for the record.


Subpoenas of medical records require a response. Records are to be sent to a law office only if subpoenaed, or upon written consent from the patient. Follow your facility’s system for handling subpoenas carefully so that the legal system is satisfied and the patient’s interest is considered.

Patient Consent

Handle requests for patient information according to the procedure. Remember to obtain the patient’s informed and written consent. Provide only essential information and remove identifying data whenever possible. In some cases, patients may request that certain records not be released. Follow your facility’s policy in this case.

Confidentiality & Technology

Technological developments, like computers, fax machines and other electronic mediums, have provided instant access to information that is often necessary in order to give patients optimal care. Unfortunately, the information is also potentially accessible to a large group of people who may not have the patient’s best interests in mind.

Computerized Records

Keep computerized and other electronic healthcare information confidential, just like any other medical record. It should only be accessed on a “need-to-know” basis as it directly relates to the delivery of care for that patient. Never access information for personal interest.

Fax Transmission

Controlling confidentiality with a fax is difficult since the request may not be legitimate and the receiving machine may not be secured. Many institutions require a special form that includes a statement saying that the faxed information cannot be divulged any further. Be sure to verify the legitimacy of the request before faxing. Keep accurate records of fax numbers, and dial fax numbers carefully to avoid sending information to the wrong party. Follow your facility’s policy carefully.

Insurance Companies

Requests for patient information by insurers and other payors must be dealt with according to your institution’s guidelines. Keep in mind that information given over the phone is subject to non-secured phone lines and that you are unable to verify the caller’s identity.

Patient Care

Confidentiality is an essential component of patient care. Your employer has developed specific policies and procedures for you to follow to help you protect patient confidentiality. They cover sensitive areas such as:

  • Keeping all records secure, whether paper or electronic
  • Using and disclosing patient information both within and outside your facility
  • Transferring patient information via fax or other electronic medium
  • Providing information to family and friends
  • Informing patients of their rights to privacy of health information

It’s your job to become familiar with the guidelines stated in these policies and procedures and follow them to the letter. Make sure patients know whom to contact for more information regarding privacy practices.


The care-giving relationship cannot be truly effective unless it is based on genuine trust. To fully meet the physical, emotional and psychological needs of the patients you care for, you must make protecting their confidentiality a key priority.

HIPAA TRAINING - Patient Confidentiality Quiz

Congratulations - you have completed HIPAA TRAINING - Patient Confidentiality Quiz. You scored %%SCORE%% out of %%TOTAL%%. Your performance has been rated as %%RATING%% %%FORM%%

HIPAA TRAINING - Patient Confidentiality

Please fill this form out to submit and receive your quiz results via email.

If you are using Internet Explorer: There is a bug in IE that will prevent this page from reloading upon submission, please hit submit and wait 20 seconds. You can then navigate away from this page.

ACKNOWLEDGEMENT OF TRAINING I have read and understand the training, Patient Confidentiality. I acknowledge that by filling out this form and hitting submit, I am signing electronically.

  • Please enter your EpilepsyU username. (This just might be your facebook name if you joined with facebook)
  • This field is for validation purposes and should be left unchanged.
Your answers are highlighted below.
Shaded items are complete.