home > News and Publications > Publications
October 2014
In this Issue

  • The Physician's Duty of Confidentiality in a Technologically Advanced Healthcare System

    Mobile technology has become an integral part of the delivery of health care. Communications between physicians and patients occur through cell phones, tablets and email. As the practice of medicine continues to incorporate these new technologies, concerns about the privacy of patient medical information have also intensified. The Illinois Department of Professional and Financial Regulation (IDFPR) is well aware of these concerns and will actively pursue complaints regarding violations of patient's privacy. Safeguarding patients' privacy has always been a physician's professional duty. Technology has made it simultaneously more important and more difficult.

    In addition, Illinois state law specifically addresses this professional duty. For example, Federal Medical Privacy Rules under both HIPAA and the amendments provided by HITECHoffer a framework for a patient's protected health information. This duty is specifically imposed by the Illinois Medical Practice Act as well. It provides for disciplining a physician for "willfully or negligently violating the confidentiality between physician and patient except as required by law" (225 ILCS 60/22(A)(30)). Breaches of patient confidentiality may also constitute "dishonorable, unethical, or unprofessional conduct" by violating ethical standards of the profession, which require physicians to safeguard patient confidences and avoid breeching responsibilities owed to patients (225 ILCS 60/22(A)(5); Ill. Admin. Code 68, § 1285.240).

    Given these clear federal and state legal mandates and the physician's ethical duty to uphold the privacy standards of our profession, physicians should continuously strive to ensure compliance with these privacy and security standards. Currently, the most common cause of privacy and security breaches involves lost or stolen laptops or tablets. In light of this problem, it is especially important to keep in mind that many of our personal mobile devices instantly store and share emails, documents and photographs through cloud features.

    IDFPR encourages all physicians to actively review their privacy and security practices to ensure that their communications and storage of patient information on mobile devices adhere to federal and state privacy and security laws.

    This article written by Kathleen Barrett, JD, IDFPR legal intern

    U.S. Department of Health & Human Services


    i The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009

View Full Site View Mobile Site