CanMEDS Professional
Patient Confidentiality

Patient Confidentiality



Why is patient confidentiality important?


What is potential harm that could come to a patient if confidentiality is breached?


What are some of the challenges to maintaining patient confidentiality?




There are some particularly challenging situations that you may have to face, such as questions from a family member, the handling of information when you are treating more that one family member, treating colleagues, or practicing in a small community.

Simple things: speaking the hospital cafeteria, handling patients lists, think of the patient before speaking...even to family members, in public, through email communication or social media.


CMPA offers guidance on the safe use of technology and encourages the use of appropriate backups, passwords and encryption. See references below for links.[1]


Legally and Ethically Imperative

"Physicians are obliged to keep information about their patients secret. The understanding that the physician will not disclose private information about the patient provides a foundation for trust in the therapeutic relationship. Respect for confidentiality is firmly established in codes of ethics and in law. It is sometimes necessary, however, for physicians to breach confidentiality. Physicians should familiarize themselves with legislation in their own province governing the disclosure of certain kinds of information without the patient’s authorization. Even when no specific legislation applies, the duty to warn sometimes overrides the duty to respect confidentiality. The physician should disclose only that information necessary to prevent harm, and should reveal this information only to those who need to know it in order to avert harm. Whenever possible any breach of confidentiality should be dis- cussed with the patient beforehand."[2]


Resources, such as those available from the CMPA help us to understand the practicalities of the physician obligation "to keep patients’ medical records confidential" which needs to be balanced with the patients’ "right of access to the information in their record".

"Consent is the primary way patients exercise right of control over their health information. Most privacy legislation mandates that an individual must give consent for the collection, use or disclosure of his or her personal health information, unless an exception applies. Consent can be provided as a directive, either verbally or in writing, and this is called express consent. Consent can also be implied, where it is reasonable in particular situations to assume the individual consents. When delivering health care, physicians can generally rely on implied consent when collecting personal health information.

Implied consent can include sharing information with other health care providers involved in the patient’s care. The group of people responsible for providing care to the patient is informally referred to as the circle of care." [4]



1. Minimizing medico-legal risk when using technology. June 2008. CMPA. Protecting sensitive electronic health information — think encryption. September 2007. CMPA.

2. Kleinman I, Baylis F, Rodgers S, Singer P. Bioethics for clinicians: 8. Confidentiality. CMAJ 1997;156:521-4 accessed June 24, 2011

4. CMPA. Privacy and confidentiality: Consent and the circle of care. March 2011.

All references for this section