GC174 Confidentiality Balancing Public Vs Private Interests
Confidentiality balancing public versus private interests is the ethical and legal framework guiding when a physician may breach patient confidentiality to protect the wider public, such as in cases of notifiable diseases, serious harm risk, or court-ordered disclosure.
Confidentiality: Balancing Public vs Private Interests
Lecture Map
Confidentiality is a cornerstone of the doctor-patient relationship — without it, patients won't disclose sensitive information, and healthcare collapses. But confidentiality is not absolute. The central tension of this lecture is: when does the public interest outweigh the individual patient's right to privacy? [1]
This lecture systematically covers:
- Why confidentiality matters (ethical, legal, practical foundations)
- When it can be legitimately broken (the exceptions)
- Common pitfalls that breach confidentiality in everyday practice
- How to minimise breaches
- Case studies applying these principles
1. Appraise the importance of confidentiality in research and medical practice 2. Identify the situations when confidentiality might be correctly broken 3. Give example of some common pitfalls in preserving confidentiality in everyday practice 4. Explain how to minimise the potential for breaches of confidentiality 5. Discuss case studies – interactive session [1]
This is a medico-legal and ethics lecture — the type of content that appears in MCQs, SAQs, and minicases as "which ethical principle" or "what should the doctor do next" questions. It integrates with:
- GC 173 (Ethics in psychiatry, consent, confidentiality in psychiatric settings) [2]
- Sexual health / STI disclosure scenarios [3]
- End-of-life ethics and advance directives
- Hong Kong-specific legislation: PDPO, eHRSSO, MCHK Code of Professional Conduct
1. Why Confidentiality Matters — First Principles
Confidentiality: Ensuring that information is accessible only to those authorized to have access — ISO definition [1]
This is not just a rule to memorise. Think about why from first principles:
Utilitarian reasoning: If patients fear their information will be shared, they will withhold information or not seek help at all. This makes diagnosis harder and population health worse. The whole system depends on trust [2].
Deontological reasoning: Respect for autonomy and privacy — the patient has a right to control their personal information. There is an implied promise when a patient consults a doctor that their information will be kept confidential [2].
Virtue ethics: Being a trustworthy professional is core to what it means to be a good doctor.
Every person has the right to:
- Respect for his/her privacy
- Be respected as a human being
- Self-determination, and moral, cultural and religious values
- Physical and mental integrity and security
- Health protection, disease prevention and health care [1]
These aren't just aspirational — they inform legal frameworks worldwide.
Key points:
- All information must be kept confidential, even after death
- Information can only be disclosed if the patient gives explicit consent or if the law specifically provides
- Consent may be presumed where disclosure is to other health care providers involved in that patient's treatment
- All identifiable patient data must be protected
- Patients have the right of access to their medical files and the right to require correction, deletion and clarification of inaccurate, incomplete or irrelevant personal data [1]
Even After Death
A common exam trap: students assume confidentiality ends when the patient dies. It does NOT. The Declaration of Geneva explicitly states information must be kept confidential even after death. This means you cannot casually discuss a deceased patient's conditions with journalists, friends, or even family members who were not previously authorised.
Consent may be presumed where disclosure is to other health care providers involved in that patient's treatment [1]. This is crucial in modern medicine — healthcare is a team process. You need to seek advice, refer patients, and administrative staff handle records [1]. So there is an accepted "need-to-know" basis within the treating team. But this is not a blank cheque — you don't share information with every doctor in the hospital, only those directly involved in the patient's care.
2. Legal Frameworks a Doctor Must Know
1. The International Code of Medical Ethics: "A doctor shall preserve absolute confidentiality except where others are endangered on all he knows about his patient even after the patient has died." [1]
2. Professional Misconduct: "If a medical professional has done something which will be reasonably regarded as disgraceful, unethical or dishonourable by his professional colleagues of good repute, then it is open to the Medical Council of Hong Kong to say that he has been guilty of professional misconduct." [1]
3. Patient's Privacy, Medical Records and Confidentiality:
- Keep good records; Keep records secure
- Understand Personal Data (Privacy) Ordinance
- Make sure to have informed consent before disclosing information to a third party
- Obey guidelines for handling records
- In exceptional circumstances, you may disclose information to a third party without consent if failure to do so may result in risk of death or serious harm, or when required by law to do so [1]
The PDPO is the primary Hong Kong statute governing personal data protection. For doctors, the main implications are:
| PDPO Area | What It Means for Doctors |
|---|---|
| Health records | If a patient (or authorised person / person with parental responsibility / lawfully appointed person for incompetent patient / personal representative of deceased) asks for a copy of their records, the doctor must comply — unless it would be likely to harm the patient or another person [1] |
| History taking | Informed consent is necessary — you must tell patients why you're collecting data [1] |
| Confidentiality | Disclosure must follow informed consent and be used only for the stated purpose [1] |
| Data protection | Electronically stored information must be secured [1] |
| Access to health records/reports | For insurance or employment — patient must consent [1] |
Who Can Request Records?
The PDPO allows records to be requested by: the patient themselves, a person authorised by the patient, a person with parental responsibility (for a child), a lawfully appointed person for an incompetent patient, or the personal representative of a deceased person. Know this list — it appears in exam scenarios where a family member demands records.
Legal framework:
- Ordinances: eHRSSO (Cap 625) and PDPO (Cap 486)
- Code of Practice for Health Care Professionals using eHRSS
- Code of Professional Conduct
- Privacy Commissioner has wide power to investigate complaints concerning use of personal data
- Dual scrutiny: Privacy Commissioner AND eHR Commissioner both have power to refer complaints to police for criminal investigation [1]
Why does eHRSS matter? Because Hong Kong's electronic health record system shares data across public and private sectors. Misuse can lead to criminal investigation — not just a slap on the wrist. A breach of eHRSSO or PDPO can be both negligence and professional misconduct, and a criminal offence [1].
From supporting psychiatry notes [4]:
| Category | Examples |
|---|---|
| Factual information | Name, age, sex, DOB, HKID, hospital number, address, next-of-kin particulars, admission/discharge date, ward/bed number |
| Clinical/Medical information | Diagnoses, conditions, investigation results, treatment plans |
Both categories are protected under PDPO + common law duty of confidentiality [4].
Key frameworks governing research confidentiality:
- The Nuremberg Code
- Declaration of Helsinki
- Personal Data (Privacy) Ordinance
- IRB (Institutional Review Board)
- LKS Faculty of Medicine Research Ethics [1]
Main ethical issues in human subject research:
- Obtain informed consent (writing or oral) — an ongoing, not singular, process
- Enumerate how to manage privacy and confidentiality
- Data reporting, handling and disposal [1]
Informed Consent is Ongoing
The lecture explicitly frames informed consent in research as "an ongoing not singular process" [1]. This means consent isn't just a form signed once at the beginning — researchers must continually ensure participants understand and agree, especially if study conditions change.
4. When Confidentiality Can Be Correctly Broken
The Hippocratic Oath itself contains a qualifier: "Whatsoever things I see or hear concerning the life of men and women... which ought not to be noised abroad, I will keep silence thereon..." — The phrase "which ought not to be noised abroad" implies there ARE things that should be disclosed [1].
In exceptional circumstances, medical information may be disclosed to a third party without the patient's consent: (i) Where disclosure is necessary to prevent serious harm to the patient or other person
- Example: Infectious diseases (ii) When disclosure is required by law [1]
Statutory measures can: 1. Impose a duty at law to disclose certain confidential information 2. Confirm the strict nature of the duty of confidentiality 3. Empower modifications to the duty of confidentiality in given circumstances [1]
Examples:
- Abortion regulation
- Notifiable disease
- Venereal disease
- Tackling crime — criminal investigation [1]
| Statutory Example | Why Disclosure Is Required |
|---|---|
| Notifiable diseases | Public health protection — e.g. TB, COVID-19, cholera. The risk to the population outweighs the individual's privacy |
| Abortion regulation | Legal requirements for reporting |
| Venereal disease | Contact tracing to prevent spread |
| Criminal investigation | Police investigating serious crime may compel disclosure |
Key principles when considering disclosure in the public interest:
- Maintaining confidentiality is the key (default position)
- There is a list of exceptions to the obligation of confidence
- Disclosure should be limited to those regarded as vitally in need of the information
- The risk must be real rather than fanciful
- This real threat needs to be rather of physical harm, as opposed to some other form of harm [1]
Real vs Fanciful Risk — Key Exam Discriminator
The lecture is very specific: the risk must be "real rather than fanciful" and the threat should be of "physical harm" rather than other forms of harm. This means vague concerns about "emotional distress to a third party" would generally NOT justify breaking confidentiality. The threshold is serious physical harm or death.
Can the doctor who decides NOT to inform a third party of the risk be found liable as a matter of law or professional discipline?
Dilemmas:
- Legal duty — action of negligence?
- Danger of death or serious injury is foreseeable?
- Deter the patient from seeking help
- The loss of some patients' privilege (driving licence, insurance) [1]
This is the Tarasoff-type dilemma (though the lecture doesn't name it explicitly). The question is: if a patient tells you they intend to harm someone, and you don't warn the intended victim, could you be liable? The answer in Hong Kong is nuanced — there is no explicit Tarasoff duty, but the MCHK Code allows disclosure to prevent serious harm.
The counter-argument is important too: if patients know doctors will break confidentiality, they may not seek help in the first place, which paradoxically increases danger.
From psychiatry senior notes [4]:
| Situation | Action |
|---|---|
| Immediate danger to self or others | Report to police |
| Child abuse cases | After referral to and consultation with MSWs |
| Serious crime (murder, manslaughter, rape, gunshot wounds, multiple chop wounds) | Report to police |
| Sexual abuse / battered spouse | Referral to MSW or report to police with victim's consent |
| Under-13 pregnancy | = statutory rape (they are unable to give consent) — must report |
Information can only be disclosed without patient's consent if: (1) A search warrant has been issued, OR (2) Disclosure is in the public interest (e.g. cases involving commission of a serious crime, where there is a genuine risk to the public) [2][4]
From senior medicine notes on partner counselling [3]:
- Contract referral is used for resistant clients who continue to put others at risk
- Involuntary partner counselling and referral is a confrontation option of last resort
- Implications of involuntary disclosure:
- Breakdown of communication with the client
- Evaporation of trust of other clients
- Deterrence of clients from seeking medical care
This illustrates the tension perfectly — you want to protect the partner, but forcible disclosure could destroy the therapeutic relationship and deter future patients from seeking care.
From GC 173 (Ethics in Psychiatry) [2]:
"The interests to be served by the duty of confidence... is the private interest of W and not any broader public interest. If I set the private interest of W in the balance against the public interest served by the disclosure of the report... I find the weight of the public interest prevails." [2]
This judicial quote demonstrates the balancing test: courts weigh the private interest of the patient against the public interest in disclosure, and sometimes the public interest wins.
5. Common Pitfalls in Preserving Confidentiality
This is one of the highest-yield sections for exams — scenario-based questions often describe a common pitfall and ask "what went wrong?"
Common pitfalls:
- Careless chat
- Careless telephone manner / careless telephone introduction
- Failure to ensure a secure environment for discussing confidential matters
- Failure to appreciate lack of privacy in an open reception area
- Disclosure of sensitive information while talking loudly on a mobile phone
- Mentioning names
- Failure to ensure confidentiality while discussing a patient with a colleague
- Indirectly divulging the nature of the patient's condition
- Wrongly assuming information may be shared with patient's family members
- Openly criticising a colleague [1]
Additional pitfalls:
- Agreeing to dispense a prescription to a third party without consent
- Disclosing sensitive information to a third party
- Disclosing sensitive information to other patients in reading out dosage instructions
- Leaving information unattended where it can be seen by members of the public
- Not logging off (computers)
- Leaving a patient with access to information (e.g. other patients' records on screen)
- Careless disposal of confidential material [1]
Confidentiality was compromised on 11% of lift journeys. Most comments disguised patient identity, but names were used on 3% of journeys. Doctors made the most comments. — Vigod S et al BMJ 2003;327:1024-5 [1]
Exam Trap: Sharing a Lift
This is a favourite exam scenario: two doctors discussing a case in a hospital lift. Even if you think you're disguising identity, other passengers may recognise the patient. Doctors were the worst offenders [1]. The lift, cafeteria, and corridor are NOT appropriate places for clinical discussions.
Keep your friendships and patients separate [1]
If you encounter a friend as a patient, you must maintain the same professional boundaries. Don't discuss their case socially.
| Pitfall | Why It's a Breach | Real-World Example |
|---|---|---|
| Careless chat in lift/corridor | Third parties overhear identifiable information | Doctors discussing "the hepatitis patient in bed 12" |
| Open reception area | Patients in waiting room can hear | Receptionist loudly confirming "you're here for your HIV test" |
| Mobile phone | Anyone nearby can hear | Doctor on phone describing a case in a coffee shop |
| Not logging off | Unauthorised access to records | Medical student sees another patient's records on an unattended screen |
| Sharing with family without consent | Wrongly assuming family can know | Telling a spouse about HIV diagnosis without patient's consent |
| Careless disposal | Dumpster diving / visible documents | Lab reports in regular bins instead of confidential waste |
| Dispensing to third party | Revealing the patient's medication/condition | Handing a prescription to a family member without consent |
| Criticising a colleague openly | Indirectly revealing patient management details | "Dr X botched the operation on that lung cancer patient in Ward C" |
6. How to Minimise Breaches of Confidentiality
It's impossible to care effectively for patients and preserve absolute confidentiality. Healthcare is a team process — you need to seek advice, need to refer patients, admin staff handle records [1]
This is an important framing for exams: the question is never "can we achieve 100% confidentiality?" (the answer is no), but rather "how do we minimise breaches?"
Any disclosures of information should be:
- With the consent of patients whenever possible
- Kept to a minimum
- Kept anonymous where this will suffice
- Record any decisions made to disclose information, together with the reasons for disclosure
- Witness [1]
IF IN DOUBT, ASK YOUR SUPERVISOR OR SEEK ADVICE FROM YOUR MEDICAL DEFENCE ORGANISATION!!! [1]
The Golden Rule for Exams
When an exam question asks "what should you do if unsure about breaking confidentiality?" — the answer is always: seek advice from your supervisor or medical defence organisation BEFORE disclosing [1]. Document everything. Never act unilaterally in ambiguous situations.
| Strategy | Explanation |
|---|---|
| Consent first | Always try to get patient consent before disclosing anything |
| Minimum necessary | Share only the information that is needed, not the full medical history |
| Anonymise | If you can achieve the purpose without identifying the patient, do so |
| Document | Record what you disclosed, to whom, and why — this protects you legally |
| Witness | Have a witness when disclosure decisions are made |
| Seek advice | When in doubt, ask your supervisor or medical defence organisation |
| Secure environment | Discuss patients behind closed doors, not in public spaces |
| Log off computers | Always |
| Confidential waste | Use proper disposal methods for paper records |
| Lock records | Physical and electronic security |
Confidentiality is:
- Central to the practice of Medicine and research on humans
- About balancing private and public interests
- Essential for high-quality health care delivery
- A competence of the doctor
- The basis for confidence and trust of patients
- Upholding patient's dignity
- One of the foundations of contemporary medical ethics
- About respecting privacy
- A common medico-legal issue (eHRSSO, PDPO)
- Governed by the Code of Professional Conduct [1]
Exam Intelligence
- Definition of confidentiality — ISO definition
- Even after death — Declaration of Geneva
- Two exceptions to confidentiality — (i) prevent serious harm, (ii) required by law
- Real vs fanciful risk — the threshold for public interest disclosure
- Physical harm threshold — not just any form of harm
- PDPO and eHRSSO — know the Hong Kong legislation
- Common pitfalls — especially lift conversations, not logging off, sharing with family
- Minimisation strategies — consent, minimum, anonymous, document, witness, seek advice
- Research confidentiality — informed consent is ongoing, Nuremberg Code, Declaration of Helsinki
- Implied consent for healthcare team members involved in care
| Trap | Correct Answer |
|---|---|
| "Confidentiality ends after the patient dies" | FALSE — confidentiality persists even after death |
| "You can share with the patient's spouse because they're family" | FALSE — family members are NOT automatically entitled; you need patient consent |
| "Any risk to a third party justifies breaking confidentiality" | FALSE — risk must be real, not fanciful, and of physical harm |
| "Breaking confidentiality is always wrong" | FALSE — there are recognised exceptions |
| "Consent for research is a one-time event" | FALSE — it is an ongoing process |
| "Discussing patients in the corridor is fine if you don't use names" | FALSE — indirect identification is still a breach |
| "The Privacy Commissioner can only issue warnings" | FALSE — can refer to police for criminal investigation |
The 2024 MCQ Q95 tested public health ethics principles [5]. Know these:
| Principle | Definition | Example |
|---|---|---|
| Harm principle | Restriction of individual liberty is justified to prevent harm to others | Quarantine of infectious patients; travel restrictions for Zika |
| Least restrictive principle | Use the least restrictive means that achieves the public health goal | Voluntary isolation before mandatory quarantine |
| Reciprocity principle | Society should support those who bear disproportionate burden of public health measures | Compensating quarantined workers |
| Transparency principle | Decision-making processes should be open and accountable | Publishing criteria for public health interventions |
Past Paper Questions
Stem: "The Zika virus is linked to severe birth defects in babies born to infected mothers. Health authorities issued travel restrictions for pregnant women to avoid areas with active Zika transmission. Which of the following principles was used to justify this public health intervention?"
Options: A. Harm principle / B. Least restrictive principle / C. Reciprocity principle / D. Transparency principle
Correct Answer: A. Harm principle
Rationale: The harm principle justifies restricting individual liberty (travel) to prevent harm to others (the fetus/baby). This is directly analogous to the lecture's teaching that confidentiality/liberty can be overridden when there is a real risk of serious physical harm. Trap: "Least restrictive principle" might seem tempting because travel advice (not mandatory quarantine) was used, but the question asks what justified the intervention — that is the harm principle. The least restrictive principle would justify choosing travel advisory over mandatory quarantine but doesn't justify the intervention itself.
Stem: "With the increasing number of lung cancer patients, the hospital would like to develop artificial intelligence for precision medicine in lung cancer management. Name key issues in the system development to gain the public confidence and trust." (10 marks)
Relevance: This question directly tests data confidentiality, privacy, and trust in the context of AI/electronic health records — topics covered in the eHRSSO and PDPO discussion in this lecture. Expected answers would include: data privacy and confidentiality, informed consent for data use, transparency of algorithms, data security, governance framework, compliance with PDPO/eHRSSO, accountability for breaches, anonymisation of data, patient right to opt out, and oversight by ethics committees.
No other directly relevant past paper questions were identified from the indexed past paper content for this specific lecture topic.
Integration with Related Material
The psychiatric context is where confidentiality dilemmas are most acute:
- A patient with violent ideation toward a named individual — do you warn the target?
- A patient with psychosis who is a danger to the public — do you breach confidentiality to arrange involuntary admission?
- The judicial quote from GC 173 provides the legal balancing test: private interest vs public interest, with the court finding public interest may prevail [2]
Partner notification in HIV is a classic confidentiality dilemma:
- Contract referral (patient agrees to notify partners themselves) is preferred
- Involuntary PCRS is a last resort — associated with breakdown of trust and deterrence from seeking care
- This mirrors the lecture's teaching about the dilemma of deterring patients from seeking help [1]
The MCHK Code is the governing document for medical practice in Hong Kong. Key points:
- Professional misconduct = behaviour "reasonably regarded as disgraceful, unethical or dishonourable by professional colleagues of good repute"
- This is a peer standard — what would a reasonable doctor think?
- Breaching confidentiality without justification → professional misconduct
- Failing to breach when legally required → also potentially professional misconduct
High Yield Summary
Confidentiality = information accessible only to those authorised (ISO definition). It is central to medical ethics and the doctor-patient relationship, persists even after death, and is protected by the PDPO (Cap 486), eHRSSO (Cap 625), and MCHK Code of Professional Conduct.
Two exceptions allow disclosure without consent: (1) necessary to prevent serious harm (risk must be real, not fanciful, and of physical harm), and (2) required by law (notifiable diseases, court orders, criminal investigation).
Common pitfalls: careless chat in lifts/corridors, not logging off computers, sharing with family without consent, loud phone calls, open reception areas, careless disposal of records.
Minimisation: obtain consent, keep disclosure to a minimum, anonymise where possible, document decisions and reasons, have a witness, and if in doubt, seek advice from your supervisor or medical defence organisation.
In research: informed consent is ongoing, governed by Nuremberg Code, Declaration of Helsinki, and PDPO/IRB.
Breach consequences: negligence, professional misconduct, and criminal offence under eHRSSO/PDPO.
Active Recall - Confidentiality: Balancing Public vs Private Interests
[1] Lecture slides: GC 174. Confidentiality Balancing public vs private interests.pdf [2] Lecture slides: GC 173. Why should I be locked up Ethics in psychiatry, Consent and Refusal in Treatment.pdf [3] Senior notes: MBBS Final MB (Medicine) (Felix PY Lai).pdf (HIV/STI section) [4] Senior notes: Ryan Ho Psychiatry.pdf (Section 1.2.3 Confidentiality) [5] Past papers: 2024 Fourth Summative MCQ.pdf (Q95) [6] Past papers: 2021 Fourth Summative Minicase.pdf (Case 3 Q16)
GC173 Why Should I Be Locked Up Ethics In Psychiatry, Consent And Refusal In Treatment
This topic explores the ethical principles governing involuntary psychiatric detention, patient autonomy, informed consent, and the legal and moral frameworks for treating individuals who refuse psychiatric care against clinical recommendations.
GC175 A Bus Hit A Train Multiple Trauma; Disaster Management
A mass casualty incident involving a bus-train collision requiring activation of disaster management protocols to triage, prioritize, and treat multiple trauma victims with coordinated prehospital and hospital resource allocation.