Confidentiality – Disclosure to a Patient’s Family



It is well documented that health professionals owe a common-law duty of confidentiality with respect to health information. In McInerney vs McDonald, the Supreme Court of Canada confirmed this view by stating that:

[C]ertain duties do arise from the special relationship of trust and confidence between doctor and patient. Among these are the duty of the doctor to act with utmost good faith and loyalty, and to hold information received from or about a patient in confidence.

Physicians’ obligations regarding patient confidentiality are also set out in the legislation that governs physicians in each province, in the rules of each provincial regulatory body, and in the codes of ethics or conduct that govern physicians’ associations.

These authorities agree that the content of a patient’s medical record may not be divulged except in specific circumstances.

[Some] circumstances… include communication to another health care-provider, who has a “need to know” information in the [patient’s] record in order to carry out functions; legal authority for disclosure such as subpoena, reportable disease, child abuse; and on the consent of the patient to a third party, either implicitly, as to a paying agency, or explicitly to a lawyer or insurance company.


When a relative becomes ill, it can be a very stressful time for the family. Family members and caregivers often assume a parental role in respect to their relative’s care. Caregivers often think this role entitles them to complete disclosure of, and access to, the patient’s health record.

When speaking with a patient’s family, physicians should be understanding and empathetic and make every effort to alleviate their concerns. Medical information, however, may be shared with family members only with your patient’s consent. Disclosure of information to a patient’s immediate family without consent could result in a finding of professional misconduct by the appropriate regulatory body.

Provincial regulatory bodies, such as the College of Physicians and Surgeons of Ontario, have developed a set of rules, known as “regulations,” that define professional misconduct. These regulations are developed under the authority of the Medicine Act and have the force of law. A physician’s obligations regarding patient confidentiality under these regulations are very clear. In Ontario, according to the Regulated Health Professions Act, the Medicine Act therein, and related regulations, a breach of this duty legally qualifies as an act of “professional misconduct” and includes:

Giving information concerning the condition of a patient or any services rendered to a patient to a person other than the patient or his or her authorized representative except with the consent of the patient or his or her authorized representative or as required by law.

Physicians should take steps to ensure that patient confidentiality is maintained regardless of the technology used to communicate health information. Leaving a voice message could be a problem because more than one person might access messages. Physicians leaving messages on answering machines or voice messaging systems are advised to leave only their names and phone numbers. Physicians must exercise the same caution when sending confidential material by mail, fax, or e-mail.


The authorized representative who can release records, in addition to the patient, can be anyone the patient has given permission to access the records, usually by signing an authorization form. Typically, such authorization is given to lawyers or insurance companies to permit them to obtain medical information from the authorizing patient’s physician. A patient’s authorization for disclosure of his or her medical information to family members should always be explicit. Where such consent is given verbally, physicians should make a note in the patient’s chart of exactly what the patient said in giving the consent. Written requests and consent to release information should be kept in the patient’s chart.

Physicians should be cognizant of the fact that patients are not always aware of the contents of their medical records. For this reason, physicians will better serve their patients and protect themselves by informing patients of and discussing with patients what information is to be disclosed.


The special relationship between physicians and their patients is established firmly on trust and confidence. Any information patients provide in confidence must be kept private, unless a patient gives you permission or such disclosure is required by law. Patients’ ability to decide with whom they will share information is crucial for protecting the right of privacy and for preserving trust in a therapeutic context. Inherent in keeping a medical record is the promise, implied or specific, that it will be kept confidential.

Non-consensual access to, and collection, use, or disclosure of, health information is a violation of patients’ right of privacy, compromises a physician’s duty of confidentiality, and could disrupt the trust and integrity of the therapeutic relationship. Attending physicians should never lose sight of the fact that accountability is owed first and foremost to their patients. The fundamental principle regarding health care information is that it belongs to the patient, not to the physician or the patient’s family, nor to any other health care or government agency, unless required by law.

This article was originally published March 2003. Canadian Family Physician VOL. 49


Source by Tracey Tremayne-Lloyd