Risk Management Tips: Maintaining Patient Confidentiality

The Tip:

Always maintain patient confidentiality.

The Risk:

It is a doctor’s responsibility to keep his or her patients’ medical information private. An inadvertent breach of patient confidentiality – where a third party becomes privy to this private medical information – can be problematic for a physician or a physician’s staff from both a legal and moral standpoint. A patient’s trust in his or her physician relies heavily on this assumed and protected confidential nature of the doctor-patient relationship.


Office staff must be aware that routine office practices, such as discussing patient information within earshot of other patients, can breach patient confidentiality.

  1. Educate your staff periodically to reinforce the need to maintain patient confidentiality and to never discuss patients outside the office.
  2. Every year, have your staff sign a confidentiality agreement.
  3. Assess your physical premises to determine the flow of patients through the office and how best to ensure that confidential patient information, written or spoken, is kept private.
  4. Assess staff work areas to determine patients’ accessibility to computer screens and patient information. How quickly are computer users logged off the system when data entry stops?
  5. Set up your office in such a way that staff conversations cannot be overheard in the waiting area.
  6. Obtain written consent from patients so that minimal information can be left on telephone answering machines.

Risk Management Tips provide guidance to support our physicians and facilities in their ongoing efforts to improve the quality of patient care and reduce liability exposure in the practice of medicine. Please contact MLMIC’s Risk Management Department at (800) 275-6564, weekdays 9:00 AM – 5:00 PM, for guidance regarding your specific situation.