Medical confidentiality and information sharing: practical guide

Medical confidentiality and information sharing: practical guide

Introduction

Medical confidentiality constitutes one of the fundamental pillars of the relationship of trust between a patient and healthcare professionals. However, in a context of coordinated care and multidisciplinary teams, the question of sharing confidential information arises daily. How can we reconcile the absolute obligation of confidentiality with the need to exchange data to ensure optimal care? This practical guide specifies the legal framework of medical confidentiality and the conditions under which information sharing is legally authorized, based on the provisions of the Public Health Code and the recommendations of the CNIL.

The legal basis of medical confidentiality

Medical confidentiality is established by article L.1110-4 of the Public Health Code and by article 226-13 of the Penal Code, which punishes its violation with one year's imprisonment and a fine of 15,000 euros. This secret covers all information that comes to the attention of the professional: diagnosis, treatment, patient confidences, but also elements observed or deduced.

It is essential for all professionals involved in the health system: doctors, nurses, pharmacists, midwives, but also administrative staff in health establishments. The law of January 26, 2016 to modernize our health system extended this obligation to professionals in the medical-social sector, creating a unified framework for the protection of confidential information.

Conditions for sharing information between professionals

Sharing information between health professionals is governed by article L.1110-4 of the CSP. Two distinct situations must be distinguished:Within the same care team ⬥⬥⬥: sharing is presumed authorized, provided that the patient has been informed and can exercise his or her right to object. The care team is defined as a group of professionals participating directly in the care of the same patient.

Between professionals not belonging to the same team ⬥⬥⬥: the express and prior consent of the patient is required, collected by any means, including dematerialized. This consent must be informed, specific and revocable at any time.Between professionals not belonging to the same team ⬥⬥⬥: the express and prior consent of the patient is required, collected by any means, including dematerialized. This consent must be informed, specific and revocable at any time.

Sharing must in all cases be limited to information strictly necessary for the coordination or continuity of care, in accordance with the principle of minimization established by the GDPR (article 5).

Legal exceptions to confidentiality

Certain situations authorize, or even require, the lifting of medical confidentiality. The reporting of abuse of minors or vulnerable persons (article 226-14 of the Penal Code), the compulsory declaration of notifiable diseases (article L.3113-1 CSP), or the transmission of information to the Health Insurance medical officer constitute exemptions provided for by law.

On the other hand, the patient's family does not have a general right of access to medical information. Only the trusted person designated by the patient (article L.1111-6 CSP) can receive certain information, according to the wishes expressed.

Tools and good practices

The implementation of the Shared Medical File (DMP) and Secure Health Messaging (MSSanté) makes it possible to technically secure exchanges. Establishments must also adopt a health information systems security policy (PSSI-S) and designate a Data Protection Officer (DPO), in accordance with the GDPR.

Conclusion

Medical confidentiality is not an obstacle to the quality of care but a condition for patient trust. Mastering the rules for sharing confidential information allows healthcare professionals to collaborate effectively while respecting their ethical and legal obligations. Regular training of teams and clear information for patients are essential to secure these practices.