Breach of trust

A healthy doctor-patient relationship must be based on complete trust and candor. If patients don’t have complete faith that their disclosures will remain confidential, they are less likely to reveal information that might prove vital to their treatment.

A doctor who breaks the bond of nondisclosure may be held liable under certain circumstances. Medical professionals can and have been sued for breaking this faith. But if you’re not a doctor or a patient, this issue doesn’t have an impact on your business. Or does it?

Assisting or inducing someone to break the law is illegal, and this third party liability can now be applied to a breach of doctor-patient confidentiality.

In 1965, an Ohio court held a third party liable for inducing such a breach. In Hammonds v. Aetna Casualty & Surety Co., the court found liable an insurance company that had induced a physician to reveal confidential medical information about a patient. An Ohio district court expanded the confidentiality issue by holding an employer liable for inducing the disclosure of medical information regarding one of its employees.

At that point, knowledge of patients’ protected rights of privacy became an issue of importance to all employers.

Defining liability

An employer can be liable for breach of confidentiality even if the breach is accidental. For example, revealing medical information to spouses or other family members can be illegal, even if no harm is intended.

Even a wavier or release won’t always provide full protection to the employer; often, the forms lack the required legal elements to achieve that result.

How do employers run afoul of the rules regarding medical confidentiality? Typically, problems arise from otherwise routine situations. For example, let’s say your HR staff contacts a physician to get a list of an employee’s prescription drugs. The reason may be perfectly innocent. It may even be an attempt to be helpful.

But that doctor should not, without the patient’s explicit consent, give that information to anyone, and the employer can be held liable for inducing the information without consent. Suppose the employer has a policy of drug testing and the results are put in the wrong place. Suppose the HR staffer learns the employee is taking an antidepressant, and mentions this to someone in the office.

It’s easy to imagine how employees would react to having their medical information available to anyone other than their physicians. And you, as the employer, could be held liable for the breach of confidentiality, or the inducement of another party’s breach.

Potential liability can arise even if you’re not a doctor and have no physician-patient relationship with the individual whose information has been revealed. Worse, the liability is not limited to actions taken by management; virtually any member of your work force can make a mistake that can result in a judgment against your company.

Preventive measures

Strict procedures and staff training can alleviate potential problems. The best solution is simple: No information about a person’s medical history should be shared without an explicit written release from the individual, specific to the particular disclosure.

Always verify any information you share is covered by the language in the release. The release should clearly indicate what information is being requested, with whom it will be shared, and for what reason.

In addition to being cautious about how you release information, make sure records are stored securely. Always keep information securely locked away, and train your staff regarding disclosure procedures and the liability that can be incurred when records are handled improperly.

Start with a training session led by an attorney to train higher executives and HR staff about preventive techniques and the legal ramifications. These individuals can then institute training for other employees and new hires.

If questionable situations occur, seek an attorney’s advice as a precaution to attempt to avoid liability. The small amount invested in preventive measures could save an exorbitant amount later.

If everyone understands the importance of keeping medical information private, your business will go a long way toward avoiding painful complications and side effects. Jacklyn J. Ford is a partner with Vorys, Sater, Seymour and Pease LLP, where she practices in the field of labor and employment law with an additional practice in health care systems, behavioral health and privacy. Kimberly L. Rathbone is an associate in the Cleveland office of the firm where she practices in the litigation group. They can be found on the firm’s Web site at www.vssp.com.