Medical Confidentiality and Information Sharing: Practical Guide

Introduction

Medical confidentiality constitutes one of the fundamental pillars of the relationship of trust between a patient and healthcare professionals. Yet, in a context of coordinated care and multidisciplinary teams, the question of sharing confidential information arises daily. How can one reconcile the absolute obligation of confidentiality with the need to exchange data to ensure optimal care? This practical guide clarifies the legal framework for medical confidentiality and the conditions under which information sharing is legally authorised, based on the provisions of the French Public Health Code and recommendations from the CNIL.

The Legal Foundation of Medical Confidentiality

Medical confidentiality is established by Article L.1110-4 of the French Public Health Code and Article 226-13 of the French Penal Code, which penalises its violation with one year of imprisonment and a fine of 15,000 euros. This confidentiality covers all information that comes to the knowledge of the professional: diagnosis, treatment, patient disclosures, but also observed or inferred elements.

It is binding on all professionals working in the healthcare system: doctors, nurses, pharmacists, midwives, as well as administrative staff in healthcare establishments. The Act of 26 January 2016 on the modernisation of our healthcare system extended this obligation to professionals in the medical and social care sector, creating a unified framework for the protection of confidential information.

Conditions for Information Sharing Between Professionals

Information sharing between healthcare professionals is governed by Article L.1110-4 of the French Public Health Code. Two distinct situations must be distinguished:

Within the same care team: sharing is presumed to be authorised, provided that the patient has been informed and can exercise their right to object. The care team is defined as a set of professionals directly involved in the care of the same patient.

Between professionals not belonging to the same team: prior express consent from the patient is required, collected by any means, including dematerialised means. This consent must be informed, specific and revocable at any time.

In all cases, sharing must be limited to information strictly necessary for coordination or continuity of care, in accordance with the principle of minimisation set out in the GDPR (Article 5).

Legal Exceptions to Confidentiality

Certain situations authorise, and even require, the lifting of medical confidentiality. The reporting of abuse of minors or vulnerable persons (Article 226-14 of the French Penal Code), the mandatory declaration of notifiable diseases (Article L.3113-1 of the French Public Health Code), or the transmission of information to the healthcare insurance company's physician constitute legally provided exceptions.

Conversely, the patient's family does not have a general right of access to medical information. Only the trusted person designated by the patient (Article L.1111-6 of the French Public Health Code) can receive certain information, according to their expressed wishes.

Tools and Best Practices

The implementation of the Shared Medical File (Dossier Médical Partagé - DMP) and the Secure Health Messaging (Messagerie Sécurisée de Santé - MSSanté) makes it possible to technically secure exchanges. Establishments must also adopt a healthcare information systems security policy (PSSI-S) and appoint a Data Protection Officer (DPO), in accordance with the GDPR.

Conclusion

Medical confidentiality is not an obstacle to quality care but a condition for patient trust. Mastering the rules of confidential information sharing enables healthcare professionals to collaborate effectively whilst respecting their ethical and legal obligations. Regular training of teams and clear information for patients are essential to secure these practices.