In a landmark judgement
delivered yesterday, the Supreme Court of India unanimously ruled that privacy
is a fundamental right.
In its order, the nine-judge
constitutional bench headed by Chief Justice of India said “The right to
privacy is protected as an intrinsic part of the right to life and personal
liberty under Article 21 and as a part of the freedoms guaranteed by Part III
of the Constitution”.
Article 21 ensures protection
of life and personal liberty."No person shall be deprived of his life
or personal liberty except according to procedure established by law.”
In doing so, the Bench
overruled the two earlier judgements, also by the Apex Court, which had ruled
against privacy as a fundamental right.
Right to privacy will be now
find a place along with the other six fundamental rights recognized by the
constitution of India.
1. Right
to equality
2. Right
to freedom
3. Right against
exploitation
4. Cultural
and educational rights
5. Right
to constitutional remedies
Privacy and confidentiality
are important tenets of ethical medical practice. They are the foundation of
the doctor-patient relationship built on trust.
The terms, privacy and
confidentiality have often been considered as synonyms. But, the two are not
the same and it is important to know the difference between the two.
Privacy is the right of a person (patient) to keep
his health information, including any other personal information, private and
undisclosed. Doctors are often privy to private information shared by the
patients during the course of history taking and treatment.
Confidentiality, on the other hand, is what we, as doctors (or
other concerned persons) do with the information that has been entrusted to us.
Confidentiality implies the duty of everyone entrusted with any information to
keep that information private.
Health information is a part
of personal information and includes information for example demographic data
(name, address, phone no etc.), insurance information, identification data,
medical history. Such information along with medical examination, clinical
images during consultation and treatment is considered as information private
to the patient.
Clinical images e.g. photos of
a body part/skin lesion/injury, lab reports, x-rays/scan reports, audio/video
recordings are also health information. They can be taken and shared only after
consent of the patient.
Protecting the privacy of
patient information is the ethical duty of the doctor as also mandated in the
MCI Code of Ethics Regulations.
“2.2 Patience, Delicacy and
Secrecy: Patience and delicacy should characterize the physician.
Confidences concerning individual or domestic life entrusted by patients to a
physician and defects in the disposition or character of patients observed
during medical attendance should never be revealed unless their revelation is
required by the laws of the State. Sometimes, however, a physician must
determine whether his duty to society requires him to employ knowledge,
obtained through confidence as a physician, to protect a healthy person against
a communicable disease to which he is about to be exposed. In such instance,
the physician should act as he would wish another to act toward one of his own
family in like circumstances.
7.14 The registered medical practitioner shall not
disclose the secrets of a patient that have been learnt in the exercise of his
/ her profession except –
· in a court of law under orders of the Presiding
Judge;
· in circumstances where there is a serious and
identified risk to a specific person and / or community; and
· notifiable diseases.
In case of communicable /
notifiable diseases, concerned public health authorities should be informed
immediately.
7.17 A registered medical practitioner shall not
publish photographs or case reports of his / her patients without their
permission, in any medical or other journal in a manner by which their identity
could be made out. If the identity is not to be disclosed, the consent is not
needed.”
Privacy and confidentiality
has been included among the important principles of bioethics (Article 9)
defined by UNESCO under its Universal Declaration on Bioethics and Human Rights
that should be respected. “The privacy of the persons concerned and the
confidentiality of their personal information should be respected. To the
greatest extent possible, such information should not be used or disclosed for
purposes other than those for which it was collected or consented to,
consistent with international law, in particular international human rights
law.”
Another very important aspect
that should be understood and kept in mind is that while hospitals or healthcare
establishments own the physical (or electronic) records, they are only “held in
trust by them on behalf of the patient”. The information or data in the records
are owned by the patient. This information is protected health information.
What constitutes protected
health information? The Electronic Health Records Standards for India 2016
notified last year have elaborated on this.
“Protected Health Information
(PHI) would refer to any individually identifiable information whether oral or
recorded in any form or medium that (1) is created, or received by a
stakeholder; and (2) relates to past, present, or future physical or mental
health conditions of an individual; the provision of health care to the
individual; or past, present, or future payment for health care to an
individual.
Electronic Protected Health
Information (ePHI) would refer to any protected health information (PHI) that
is created, stored, transmitted, or received electronically. Electronic
protected health information includes any medium used to store, transmit, or
receive PHI electronically.
As per the Information
Technology Act 2000, Data Privacy Rules, refers to ‘sensitive personal data or
information’ (SPI) as the subject of protection, but also refers, with respect
to certain obligations, to ‘personal information’ (PI). Sensitive personal
information is defined as a subset of personal information. Followings are
Sensitive personal information that relates to:
1. Passwords
2. Financial information such
as bank account or credit card or debit card or other payment instrument
details
3. Physical, psychological and
mental health condition
4. Sexual orientation
5. Medical records and history
6. Biometric information
7. Any detail relating to (1)
– (6) above received by the body corporate for provision of services
8. Any information relating to
(1) – (7) that is received, stored or processed by the body corporate under a
lawful contract or otherwise”
The patient is the supreme
consent giver, and no action pertaining to his/her health information can be
taken without consent from the patient. Any protected health information can be
shared only after patient consent and that too only with the authorized person.
Divulging this information to any unauthorized person without consent of the
patient is breach of privacy and confidentiality.
This judgement will have huge
implications on how information can be used.
In light of this judgement,
privacy is no longer a common law right. And, it’s not just our ethical duty to
respect the right to privacy of a patient simply because it is prescribed by
the MCI Ethics Code or any other regulatory bodies.
Privacy is now a fundamental
‘inviolable’ right under the Constitution of India.
Disclaimer: The views
expressed in this write up are entirely my own.
Dr KK Aggarwal
No comments:
Post a Comment