The portal uses cookies to provide service functions such as “Bookmark” and to improve website usage. Information and opt-out options can be found in the cookie settings in the privacy policy.

Search

Health care Duty of medical confidentiality: the cornerstone of a trust-based doctor-patient relationship

Doctors must keep their patients’ secrets confidential. This article explains what information classes as confidential and what exceptions there are.

At a glance

  • The duty of confidentiality legally obliges doctors to treat all information that they receive about their patients within the scope of their medical position as confidential.
  • Exceptions to the duty of confidentiality apply, for example, in the event of a legal obligation, authorization to disclose data or a risk to other people.
  • Patients can release their doctor from the duty of confidentiality for certain purposes.
  • If a doctor breaches the duty of confidentiality, this can result in a financial penalty and professional consequences.
Binding handshake between someone in a lab coat and someone in a shirt.

What is the duty of medical confidentiality?

A functioning doctor-patient relationship requires trust. The duty of medical confidentiality is an important cornerstone of this trust. This stipulates that doctors must not disclose their patients’ personal information to third parties. 

The duty of confidentiality protects people’s fundamental right to independently decide what personal information they disclose and who can view or process this information. This is intended to ensure that patient data cannot be passed on without authorization or legal grounds.

The duty of medical confidentiality applies to all information that doctors discover about patients within the scope of their role as medical professionals. It also continues to apply after their patients’ death.

The duty of confidentiality legally obliges doctors to treat all information that they receive about their patients within the scope of their medical position as confidential.

Where is the duty of medical confidentiality defined?

The duty of medical confidentiality is stipulated in the professional codes for physicians of the individual federal states. The German criminal code (Strafgesetzbuch) establishes the need to maintain the confidentiality of patient secrets and the legal consequences of breaching this obligation. 

To protect their patients’ personal data, doctors must also observe the legal regulations on data protection.

Good to know: The duty of confidentiality does not only apply to doctors, but also to dentists, physiotherapists, pharmacists, social workers and workers in public advice centers, among other professionals. Medical trainees and medical students must also comply with the duty of confidentiality. 

What information falls within medical confidentiality?

Medical confidentiality affects all personal information that is not publicly accessible (“secrets”). This includes the following:

  • Illness
  • Medical history
  • Test results
  • Treatment plans
  • Prognoses
  • Patient records
  • The patient’s personal, professional, economic and financial conditions

The duty of confidentiality also applies to people’s names and the basic fact that they are receiving treatment. 

Anonymized information is not subject to the duty of confidentiality. This means, for example, that doctors can discuss patient information with colleagues and obtain advice if the information discussed cannot be assigned to a specific person.

Important: Personal information about a third party may be disclosed to doctors during a patient consultation. This information is also protected by the duty of confidentiality if it is clear that it should remain secret. This would be the case, for example, if a patient tells a doctor about their neighbor’s medical condition. 

To whom does the duty of confidentiality apply?

The duty of confidentiality generally applies to third persons. This also includes the patient’s spouse or relatives. 

In the case of patients who are classed as minors, doctors must carefully weigh up whether parents have to be informed about a situation. The decisive factor here is whether or not the minor is able to fully comprehend the medical situation, the severity of the illness and the risks of possible treatment. If this is the case, doctors must not disclose any information to the parents.

The disclosure of personal information about patients to their employers is also prohibited. Certificates of incapacity for work to be presented to employers solely indicate the period of illness, they do not provide any information about the illness itself.

Patient secrets must also not be disclosed to other doctors. If multiple doctors are treating the same person and it can be assumed that this person would provide consent, information about the person can be exchanged within the scope of the treatment.

Important: Doctors can disclose patient information to their employees within the scope of their professional duties. Everyone involved is subject to the duty of confidentiality. 

What does the duty of confidentiality mean for the disclosure of data?

Doctors are only permitted to disclose their patients’ personal data if

  • there are legal grounds that permit this or even make it obligatory
  • the patient has consented to the disclosure.

When are doctors obliged to disclose patient data?

In some cases, doctors are legally obliged to disclose patient information to certain professional bodies. Patients do not have to provide their consent for such disclosure. 

Contagious illnesses with a reporting obligation 

A reporting obligation exists in relation to certain contagious diseases. If patients are found to have these diseases, this must be reported to the local health authority. Some diseases are reported in anonymized format, for example HIV. For other diseases, such as measles and rubella, the patient’s name must be reported. Such reporting aims to prevent or rapidly detect outbreaks.

Cancer 

Cancer is reported to “cancer registers”. The cancer registers store data about cancer diagnoses, the course of the disease and treatment. This data is used to determine the effectiveness of therapies and improve cancer treatment, for example. Patients can object to their personal data being stored in a cancer register.

Cost statements from health insurance providers or employers’ liability insurance associations 

To settle the cost of treatments, certain patient data must be shared with the Association of Statutory Health Insurance Physicians (Kassenärztliche Vereinigung) and the health insurance provider. 

Much the same applies to data transfers to employers’ liability insurance associations if a doctor provides treatment following an occupational accident or in the case of an occupational disease. In these cases, the key patient data needed to take a decision on the treatment must be disclosed.

Reports by the Medical Review Board  

The Medical Review Board must also be provided with patient data within the scope of reports and audits. Only data that is required to provide the service can be disclosed.

Contagious illnesses with a reporting obligation, cancer, cost statements by health insurance providers or employers’ liability insurance associations as well as reports by the Medical Review Board must be disclosed to healthcare institutions.

Other situations 

Personal data must also be disclosed to the responsible authorities or people

  • if a child has been born
  • if a person has died
  • if the doctor learns of a planned crime such as murder

Good to know: if, for example, a patient reveals to a psychiatrist that he/she is planning an attack on a public place, the psychiatrist is obliged to notify the responsible authorities.  

In what other situations are doctors entitled to disclose information despite the duty of confidentiality?

Doctors are released from the duty of confidentiality in a number of justified cases. 

Risk to a child 

If doctors suspect that a child is being abused or neglected, they are entitled to inform the youth welfare services. The situation must generally first be discussed with the legal guardian. However, if this would increase the risk to the child, the youth welfare services can also be contacted immediately. In the event of imminent danger to the child’s wellbeing, doctors are under obligation to notify the authorities.

Risk to other people 

In some situations, doctors are released from the duty of confidentiality in order to protect other people. For example, a doctor can be entitled to notify an administrative authority if a patient drives despite posing a risk to themselves or others due to a medical condition such as alcohol dependency or epilepsy. However, the doctor must first try to dissuade the person from the dangerous behavior.

Doctors are released from the duty of confidentiality in certain situations, for example if there is a risk to the health or life of other people.

Medical emergency

In some cases, patients are unable to release doctors from the duty of confidentiality, for example if they are unconscious following a serious accident. In such situations, personal data can be collected, used and disclosed to other parties involved in the treatment to save patient lives and protect their health. This is subject to presumed consent. This means that the doctor presumes that the patient would consent to the personal data being used and disclosed in the situation at hand.

Spouses are entitled to decide on health matters for their other half if the latter is incapable of doing so due to illness and there is no lasting power of attorney. This is regulated by the emergency right of representation for married couples. In such situations, doctors are not bound by the duty of confidentiality in relation to the spouse.

Doctors’ legitimate interests 

On exceptions, doctors can also be released from the duty of confidentiality due to their own legitimate interests. One example of this would be if a doctor has no other way of enforcing a fee claim against a patient than by commissioning a lawyer or through a court case. Another conceivable situation would be if doctors need to defend themselves against prosecution and can only do so effectively by disclosing a patient secret.

How does a release from the duty of confidentiality work?

Doctors can disclose patient information if the relevant patient has consented to this. Many patients are familiar with such waivers as forms entitled “Consent to the disclosure of personal information” or “Waiver of confidentiality”, for example.

The following criteria apply for a waiver to be effective:

  • The waiver must be provided at the patient’s free will.
  • The purpose of the waiver must be specifically outlined. A blanket release from the duty of confidentiality is not permissible.
  • The body/authority to which the data will be disclosed must be specified.
  • The waiver of confidentiality does not usually have to be provided in written format although this is useful from a medical perspective.

The waiver of confidentiality can be revoked at any time with future effect.

 

Criteria for a waiver of confidentiality: free patient will, specific purpose, specific data recipient, written form recommended.

What classes as a breach of the duty of confidentiality?

The duty of confidentiality is breached if a doctor discloses patient information without the patient’s consent or other legal grounds. A breach is also deemed to exist if patient information is not sufficiently protected due to negligence. This would be the case, for example, if patient data in a medical practice can be viewed by unauthorized persons due to a lack of protective measures or if personal patient data is transmitted unencrypted by e‑mail or a messaging service.

What happens if the duty of confidentiality has been breached?

If a doctor breaches the duty of confidentiality, this can have serious legal consequences. According to the German criminal code, the disclosure of a patient’s confidential secret can be penalized by a custodial sentence of up to one year or a fine. Claims for damages or compensation can also be asserted. The respective state chamber of physicians can issue a warning or demand the payment of fines, for example.

From where can affected patients obtain assistance?

If patients suspect that the duty of confidentiality has been breached, they can contact their state chamber of physicians. Advice centers such as the Foundation for the Independent Patient Advice Service for Germany (Stiftung Unabhängige Patientenberatung Deutschland) can also offer support.

If patients want criminal proceedings to be instigated due to the breach of the duty of confidentiality, they can also file a criminal complaint with the police or the public prosecutor’s office.

Good to know: In addition to the regulations on the duty of confidentiality, doctor-patient relationships and patient rights are also governed by further laws. An overview of these can be found on the Patient rights page. 

Reviewed by the Foundation for the Independent Patient Advice Service for Germany (Stiftung Unabhängige Patientenberatung Deutschland).

As at:
Did you find this article helpful?

Get informed Recommended articles

A doctor explains something to a patient, pointing to her records. A doctor explains something to a patient, pointing to her records.

The right to information and informed consent

Patients have the right to receive all key information from their doctor with regard to the diagnosis of an illness, the expected outlook and the treatment.

A doctor’s receptionist looks at records in a drawer. A doctor’s receptionist looks at records in a drawer.

Patient record: what it contains and who can view it

Patient records document all significant medical measures. Patients have the right to view their records.

A mechanical blood pressure monitor and judge’s gavel lie on a large book. A mechanical blood pressure monitor and judge’s gavel lie on a large book.

Patients’ rights: what you are entitled to

It is important that patients understand their own rights. This article explains which patient rights exist and what doctors’ obligations are.