Medical Confidentiality and Information Sharing: Practical Guide

Introduction

Medical confidentiality constitutes one of the fundamental pillars of the relationship of trust between a patient and healthcare professionals. Yet, in a context of coordinated care and multidisciplinary teams, the question of sharing confidential information arises daily. How can we reconcile the absolute obligation of confidentiality with the need to exchange data to ensure optimal care? This practical guide clarifies the legal framework for medical confidentiality and the conditions under which information sharing is legally authorized, based on the provisions of the Public Health Code and the recommendations of the CNIL.

The Legal Foundation of Medical Confidentiality

Medical confidentiality is established by Article L.1110-4 of the Public Health Code and Article 226-13 of the Criminal Code, which penalizes its violation with one year imprisonment and a fine of 15,000 euros. This confidentiality covers all information that comes to the knowledge of the professional: diagnosis, treatment, patient disclosures, as well as observed or inferred elements.

It applies to all professionals working in the healthcare system: doctors, nurses, pharmacists, midwives, as well as administrative staff in healthcare facilities. The law of January 26, 2016 modernizing our healthcare system extended this obligation to professionals in the medico-social sector, creating a unified framework for the protection of confidential information.

Conditions for Information Sharing Between Professionals

Information sharing between healthcare professionals is governed by Article L.1110-4 of the Code. Two distinct situations must be differentiated:

Within the same care team: sharing is presumed authorized, provided that the patient has been informed and can exercise their right to object. The care team is defined as a group of professionals directly participating in the care of the same patient.

Between professionals not belonging to the same team: the express and prior consent of the patient is required, obtained by any means, including dematerialized. This consent must be informed, specific, and revocable at any time.

Sharing must in all cases be limited to information strictly necessary for coordination or continuity of care, in accordance with the minimization principle set out in the GDPR (Article 5).

Legal Exceptions to Confidentiality

Certain situations authorize, or even require, lifting medical confidentiality. The reporting of abuse of minors or vulnerable persons (Article 226-14 of the Criminal Code), the mandatory reporting of notifiable diseases (Article L.3113-1 Public Health Code), or the transmission of information to the health insurance physician constitute exceptions provided by law.

Conversely, the patient's family does not have a general right of access to medical information. Only the person of trust designated by the patient (Article L.1111-6 Public Health Code) may receive certain information, according to their expressed wishes.

Tools and Best Practices

The implementation of the Shared Medical Record (DMP) and the Secure Health Messaging Service (MSSanté) makes it possible to technically secure exchanges. Facilities must also adopt a health information systems security policy (PSSI-S) and designate a Data Protection Officer (DPO), in accordance with the GDPR.

Conclusion

Medical confidentiality is not an obstacle to quality care but a condition for patient confidence. Mastering the rules for sharing confidential information enables healthcare professionals to collaborate effectively while respecting their ethical and legal obligations. Regular training of teams and clear information to patients are essential to secure these practices.