The following basic principles apply to confidentiality of patients’ information:

1. Information should be available to patients explaining how their data will be shared in the healthcare team, in order to provide an appropriate level of clinical care.

2. Consent should usually be sought where identifiable personal health information is to be used or disclosed outside the healthcare team.

3. Where data is effectively anomised and thereby be identified, the information can be more freely used in regard purposes not directly connected with supporting the care of the patient.

4. Where identifiable data is needed and it is not possible to obtain consent, (which is a rare event), this can be done if public interests require the disclosure.

HPCSA Booklet 5.

The HPCSA guidelines state that patients have a right to expect that information about them will be held in confidence by healthcare practitioners. Confidentiality is “central to trust between practitioners and patients”.[1]

The general rule should be that disclosures be kept to the minimum necessary to achieve the particular purpose for which the disclosure is made.

Practitioners should always be prepared to justify decisions about the use of personal health information and, to this end, must keep a proper record of decisions made in this regard.

As far as the protection of information of information which is stored in electronic form, it is becoming increasingly important that proper protective measures are in place to prevent breaches of confidentiality.

[1] HPCSA booklet 5, paragraph 4.1.