On-line version ISSN 0375-1562
S. Afr. dent. j. vol.69 n.10 Johannesburg Nov. 2014
BDS (Lon), LDS.RCS (Eng), MDPH (Lon), DDPH.RCS (Eng), MChD (Comm Dent), PhD (US), PG Dip! Int Research Ethics (UCT), DSc (UWC). Senior Professor and Principal Specialist, Faculty of Dentistry, University of the Western Cape
For many, the professional relationship between a dental practitioner and a patient represents an ideal long-term, close personal relationship that involves friendship as well as professional responsibility. Privacy and confidentiality are essential to all trusting relationships, especially in the professional setting. Privacy refers to how an individual decides what personal information to share with others. In part, it is what individuals choose to let other people know about themselves. Confidentiality is an implicit expectation that privacy will be protected by those entrusted with the information. The level of protection should be commensurate with the level of risk and in some instances, the risk of a breach of confidentiality may be high, with serious implications.
In health care, respecting confidentiality and privacy is not only a legal mandate but also a key to the trust that underpins the dentist-patient relationship. Nowadays many practices are designed in an open-plan manner such that patient consulting areas or rooms are within earshot of the patient reception area. This may lead to serious breaches of privacy and confidentiality. Patients expect privacy and confidentiality from the dentist and dental team when they enter the consulting room. However since a dental assistant is often present during the consultations, patient privacy is already limited, even within the confines of a single consultation room. Nonetheless, the patient must be protected from the distress, and potential stigmatisation and discrimination that may be caused if their privacy is in some respects betrayed.1 The dentist-patient relationship is based on trust and the expectation of confidentiality is central to a patient's trust in their dentist and dental team.
The National Health Act (Act No. 61 of 2003) states that all patients have a right to confidentiality and this is consistent with the right to privacy in the South African Constitution (Act No. 108 of 1996):2 "All information concerning a user, including information relating to his or her health status, subject to section 15, is confidential. Unless:
(a) the user consents to that disclosure in writing;
(b) a court order or any law requires that disclosure; or
(c) non-disclosure of the information represents a serious threat to public health.
Together with the obligation of confidentiality and privacy, another ethical obligation is to safely store any information provided by the patient. This is not only for purposes of clinical record keeping but, also to provide patients with access to their records if they should request it. The right of access of the patient to their records has evolved, and continues to evolve, in response to a greater expectation by the public that they are entitled to know what is recorded on their behalf and to have access to that information. In the openplan settings that many practices are built around today, it is also important to prevent information from being accidentally transmitted (eg. quoted over the telephone within earshot of another person) and prevent unauthorised access to it by keeping the information securely stored at all times.
Information about patients is requested for a wide variety of purposes including education, research, monitoring and epidemiology, public health surveillance, clinical audit, administration and planning, insurance and employment. Health care practitioners have a duty to protect the privacy of patients and respect their autonomy. When asked to provide information health care practitioners should (i) seek the consent of patients to disclosure of information wherever possible, whether or not the patients can be identified from the disclosure; (ii) anonymise data where unidentifiable data will serve the purpose and (iii) keep disclosures to the minimum necessary.3
Seeking consent of patients to disclosure is part of good communication between health care providers and patients and is an essential part of respect for the autonomy and privacy of patients. With regard to access to health records, the National Health Act states that "A health worker or any health care provider that has access to the health records of a user may disclose such personal information to any other person, health care provider or health establishment as is necessary for any legitimate purpose within the ordinary course and scope of his or her duties where such access or disclosure is in the interests of the user". Furthermore, health care providers "may examine a user's health records for the purposes of:
(a) treatment with the authorisation of the user; and
(b) study, teaching or research with the authorisation of the user, head of the health establishment concerned and the relevant health research ethics committee".
The National Health Act2 clearly defines how the privacy of health records should be protected:
1. The person in charge of a health establishment in possession of a user's health records must setup control measures to prevent unauthorised access to those records and to the storage facility in which, or system by which, records are kept.
2. Any person who fails to perform a duty imposed on them in terms of subsection (1) above; falsifies any record by adding to or deleting or changing any information contained in that record; creates, changes or destroys a record without authority to do so; fails to create or change a record when properly required to do so; provides false information with the intent that it be included in a record; without authority, copies any part of a record; without authority connects the personal identification elements of a user's record with any element of that record that concerns the user's condition, treatment or history; gains unauthorised access to a record or record-keeping system, including intercepting information being transmitted from one person, or one part of a record-keeping system, to another; without authority, connects any part of a computer or other electronic system on which records are kept to:
(i) any other computer or other electronic system; or
(ii) any terminal or other installation connected to or forming part of any other computer or other electronic system; or without authority, modifies or impairs the operation of:
(i) any part of the operating system of a computer or other electronic system on which a user's records are kept; or
(ii) any part of the programme used to record, store, retrieve or display information on a computer or other electronic system on which a user's records are kept commits an offence and is liable on conviction to a fine or to imprisonment for a period of time.
There are several practical ways for the dental professional to address and potentially diminish ethical conflicts regarding privacy and confidentiality and some of these are required by law. Practical steps to ensure confidentiality would include closing the door, asking other to leave the room, not speaking about a patient in public areas, filing records securely and having a practice policy. In this regard, practitioners should ensure that they follow legal requirements for providing notice of their privacy practice, that the written information available for all patients about their policy regarding confidentiality is clear and to regularly review dental records management for potential privacy breaches. Practitioners should discuss their position regarding privacy and confidentiality with all new patients. Dentists should also have regular training and on-going discussions with their staff regarding their legal obligations and the importance of confidentiality for maintaining trust and professionalism. Hospitals and dental clinics should regularly review patient record maintenance protocols to prevent any breaches in personal health information. When staff members understand the ethical foundations for such policies and know how to best manage records, they are more equipped to maintain ethical goals.
Despite the ethical mandate to adhere to patient confidentiality that is the foundation for a good provider-patient relationship, there are several morally justified exceptions to preserving privacy and confidentiality that are permitted by law.4 In the context of the dentist-patient relationship, confidentiality is always maintained except:
- In situations where the life of a third party is at risk.
- When the patient consents to the breach in confidentiality.
- When one is ordered to divulge information in a court of law.
- When one is compelled to breach confidentiality by an Act of Parliament as occurs in cases of child abuse.
- When a doctor is a defendant or an accused, confidentiality may be breached only pertaining to information that is material to the case against him/her.
- When there is a moral or legal obligation on the doctor to make a disclosure to a person who has a reciprocal moral or legal obligation to receive that information.
According to the National Health Act No 61 of 2003, Chapter 2 Section 14 the only exceptions to maintaining confidentiality are as follows:
- The patient consents to the disclosure in writing
- A court order or any law requires the disclosure
- Non-disclosure of the information represents a serious threat to public health
These limited exceptions are intended to protect the public and, in some cases, the patients themselves. Unless there is a clear and unambiguous legal exception obligating the practitioner to disclose information, health care providers should always maintain privacy and patient confidentiality.
The principle of confidentiality extends to all members of the dental team. Dentists may have a vicarious liability for the actions of those staff. Good staff training in this area is therefore essential. Breaches of confidentiality by staff, after they have been made fully aware of their duties, would be a serious disciplinary matter, even though confidentiality and privacy ultimately remains the dentist's responsibility. The need to ensure privacy and maintain confidentiality of any information given to us in our professional capacity is paramount. This is morally and legally important because it respects a patient's rights, respects their autonomy, maintains trust in the dental professions, increases patient satisfaction, is good business ethics, is an HPCSA requirement and it respects the Protection of Personal Information Act, No.4 of 2013.
Except for vary rare instances, patient autonomy and their absolute right to privacy and confidentiality must be ensured - this is an ethical and legal right. This includes the expectation that the information provided will be safely stored for their access if need be. Professional relationships are based on a patient's trust that confidentiality will be maintained at all times. Disclosure may only be done as prescribed by law and based upon on our honest beliefs.1
1. Ethics, values and the law. DPL Dental Ethics Module 9: Confidentiality. 2009 [ Links ]
2. South African Parliament. National Health Act of No 61 of 2003, Chapter 2 Section 6. Pretoria [ Links ]
3. Health Professions Council of South Africa (HPCSA). Guidelines for good practice in the health care professions. Booklet 10. Confidentiality: protecting and providing information. Pretoria May 2008 [ Links ]
4. Moodley K, Naidoo S. Ethics and The Dental Team. Van Schaik Publishers, Pretoria, 2010. [ Links ]
Department of Community Dentistry
Private Bag X1
Readers are invited to submit ethical queries or dilemmas to Prof. S Naidoo, Department of Community Dentistry, Private Bag X1, Tygerberg 7505 or email: firstname.lastname@example.org