Medical Justice provides free consultations to doctors facing medico-legal obstacles. We have solutions for doctor-patient conflicts, unwarranted demands for refunds, online defamation (patient review mischief), meritless litigation, and a gazillion other issues. We also provide counsel specific to COVID-19. If you are navigating a medico-legal obstacle, visit our booking page to schedule a free consultation – or use the tool shared below.

A central tenet of medical practice is whatever a doctor learns about a patient in the course of medical care should be kept private. What happens in the doctor’s office stays in the doctor’s office.

In Ancient Greece, Hippocrates held that physicians must keep secret what they “may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men.”

In 21st-century America, HIPAA levies penalties on physicians who breach patient confidentiality.

This binding of doctors to confidentiality benefits the patient, who must feel free to tell the truth about their condition. It also benefits the public which might otherwise, for example, face a contagious disease that could have been contained had the original patient not avoided treatment out of fear of being revealed.

Information obtained in the course of medical care is generally shielded. It may not ordinarily be disclosed without the patient’s permission.

However, confidentiality is not absolute, when illegal conduct by the patient is involved.

In this column, we will look at (1) the duty to report a patient; (2) the role of HIPAA; and (3) the physician-patient privilege.

1. The duty to report a patient

a. Current illegal activity

The AMA’s Code of Medical Ethics states that “[a] physician shall safeguard patient confidences and privacy within the constraints of the law.”

What does that mean?

A state law, for example, may require the police to be notified about all gunshot wounds. This will necessarily mean that perpetrators will be identified by law enforcement by treating physicians as well as victims when those doctors act “within the constraints of the law.”

On the other hand, it is generally not considered a crime just to be intoxicated on a substance that is itself illegal. So the ER physician treating a heroin overdose is not required “within the constraints of the law” to tell the police about their patient. (Yes, we know possession of heroin is illegal).

If a statute specifically requires a doctor to breach confidentiality to inform law enforcement about a patient’s current known or suspected illegal activity, it will immunize the doctor from civil liability.

Conversely, a reporting statute may create a criminal penalty for doctors who intentionally fail to comply. For example, willful non-reporting of a perpetrator of child abuse is a Class A misdemeanor in New York.

b. Future illegal activity

Mandates to report a patient vis a vis potential future illegal activity focus on threats by the patient to harm others.

These are statutes that derive from the Tarasoff case, which found the patient’s psychiatrist had a duty to warn a third party the patient had threatened to victimize.

A complete analysis of evolving Tarasoff-related law is beyond the scope of this column. Physicians should acquaint themselves with the applicable law in their states (http://www.ncsl.org/issues-research/health/mental-health-professionals-duty-to-warn.aspx). Yes, every state is different. Some states allow breaking confidentiality to warn the third party. Others require it.

Under Tarasoff-based statutes, a physician who believes that he is highly likely to harm an identified individual has a duty to make reasonable efforts to avert that. The Tarasoff I formulation was a requirement to “warn” but Tarasoff II specifies a duty to “protect”, which may be accomplished not just by a personal warning given to the individual at risk but by other reasonable efforts, such as calling the police. This revised standard also affords a physician the option to deal with the situation without breaking confidentiality, such as by arranging for a threatening patient to be committed.

A doctor bound by a Tarasoff statute is immunized from any retaliatory lawsuit alleging breach of confidentiality.

Where things get complicated for physicians are the situations where they believe the threat to be credible, but a specific victim is not clearly defined.

The first step is to actually look at the scope of the state’s statute. If the statute only attaches immunity to revelations made to protect an “intended victim”, then only the situation in the actual Tarasoff case – a specific individual as the threat target – is covered. However, if the statute more broadly refers to “reasonably identifiable victims”, then risks to those who are not specifically known but who can be predicted based on such facts as when and where the threat is directed (“I will bomb the finish line at the 2013 Boston marathon”) would be covered.

The “reasonably identifiable victims” standard does not apply when a threat is made against society in general (“I want to blow up America because it tolerates homosexuality”) or a group that the physician could not actually identify to enable forewarning (“I want to kill every person I see who looks Asian to me”) or the threat itself is too general to even be applied to a prospective victim group (“People will die soon, and I will be famous.”)

Medical and psychological professionals pushed back against Tarasoff. They argued it required doctors to engage in mere speculation and that it undermined the essential trust necessary for successful mental health therapy. Further, there emerged the practical problem of over-reporting when the Tarasoff statutes were passed. Because of that, states have tended to raise the bar on what situations create the Tarasoff duty. State statutes now tend to require warning when the doctor reasonably believes the threat is imminent or that the patient has a known history of violence.

Further, while a majority of states have a “duty to warn/protect” statute, other states, including Florida, Texas, and Alaska, have created permissive statutes that allow a physician to breach confidentiality to notify a third party of a patient’s threat but which does not create a duty to that third party

There are also separate statutes, such as that in California – immunizing mental health professionals from civil suits for failing to warn or protect potential victims as long as the decision to refrain was made in good faith. Such a statute still permits a lawsuit against the negligent physician who ignored a threat that was actually worthy of notification. But it protects the physician who did a proper evaluation of the matter and came to a clinically reasonable decision not to reveal it even though that decision later turned out to be wrong.

If time permits – that is to say, the threat is not imminent – a physician confronting a complex situation should seek clarification from their state medical board because the board has binding authority over ethical mandates on physicians licensed in the state, which includes confidentiality matters. An opinion from a privately-hired lawyer or even from hospital counsel may not afford the same degree of defensibility against later litigation for a breach of confidentiality as board authorization.

The final issue to remember is that even if the threat does not come under a state’s Tarasoff scope, the physician can still act to forestall the threat in a manner that does not breach confidentiality, such as by committing the patient.

2. The role of HIPAA

HIPAA expressly permits releasing protected health information about a patient who is or is suspected to be, a criminal perpetrator to law enforcement without that patient’s authorization.

This applies in the following circumstances:

– In compliance with a court order or summons or warrant or Grand Jury subpoena.

– In response to an administrative request that specifically assures the physician that the information requested about the patient is relevant and material, specific, and limited in scope. (This assurance is needed because a judge is not overseeing the matter).

– For the purpose of identifying a patient who is a suspect or finding a patient who is an escapee or a fugitive. (This is actually limited to very basic information like the patient’s name and address, date, and place of birth, social security number, blood type, distinguishing physical characteristics, type of injury, and the date and time of treatment. Information about matters such as DNA requires a court order, a warrant, or an administrative request.)

– To identify someone who has admitted being involved in a violent crime unless that admission was made through a request for therapy for violent inclinations. (That exception is because we do not want to dissuade potential offenders from seeking treatment.)

– To report a perpetrator of child or elder abuse, as required by law.

– To report a gunshot or stab wound, as required by law.

– To report evidence of a crime that occurred on the premises of the hospital or the physician’s office.

– When such disclosure is consistent with applicable law and ethical standards to prevent or lessen a serious and imminent threat to the safety of an individual or the public. (This would include a Tarasoff situation.)

– For counter-intelligence and national security.

– To corrections having actual custody of the patient. (This is not the same as a mere arrest situation – for the doctor to talk to the arresting officer about the patient there would have to be local law, as there usually is, that then comes under the “as required by law” general exception.)

This is a wide scope. But only the least amount of information that will suffice should be released when dealing with law enforcement (as is typically the case with HIPAA). Therefore, the physician who feels pressured by law enforcement to reveal material that is shielded should require that a court order be obtained to compel the release of the information, an action that then immunizes the physician.

State law must also be borne in mind. In one case, the Cleveland Clinic released information about a defendant in compliance with a Grand Jury subpoena. But Ohio’s statute did not permit that. Therefore, if in doubt, the physician should turn the matter over to hospital counsel for assessment of the pertinent law or should contact their state medical board for a binding opinion, or should insist that the law enforcement member who wants the information get a court order for it.

Physicians should also always remember that matters like substance abuse and mental health carry additional layers of protection on health information release beyond HIPAA. They should make sure that any formal request from law enforcement, and even a court Order, specifically addresses applicable public health statutes before providing the requested information in these areas about the patient.

3. The physician-patient privilege

The physician-patient privilege is a law of evidence, not a law of confidentiality.

How it will be applied is a state-by-state issue. (The Federal Rules of Evidence do not recognize the privilege.) However, the common factors are that the information sought to be shielded must have come to the doctor’s knowledge as part of medical care and be needed for that care.

The mere fact that someone is a patient does not itself create the privilege. The information must actually be offered by the patient during the course of medical care. Therefore if Mr. Patient meets Dr. Doc in a social setting and blurts out to her that he is running a Ponzi scheme and is utterly stressed out by it – that communication is not privileged. However, it would have been privileged had Dr. Doc, during an actual appointment in her office, noted that Mr. Patient’s hypertension was worse and, before deciding to change his medications, had asked if there was any new stress in his life and had gotten the same information.

The information sought to be shielded must be informed that the doctor actually needs to diagnose and treat the patient. Therefore, the bleeding patient who tells Dr. ER, “I was shot when I was robbing First Credit Bank” has just made a statement that is partially subject to the privilege and partially not. The “I was shot” aspect is privileged because Dr. ER needs to know it to treat the patient appropriately. However, “when I was robbing First Credit Bank” is irrelevant to medical care and so Dr. ER may testify about it.

In summary: Mandated reporting statutes about criminal activity by patients immunize doctors against liability for breach of confidentiality. Tarasoff requirements as to potential violent threats have been extended to reasonably foreseeable potential victims in some jurisdictions, but under Tarasoff II a physician has options that may permit the preservation of patient confidentiality. HIPAA permits sharing protected health information with law enforcement, but the released information must be the minimum necessary to comply. The physician-patient privilege, which is the opposite of mandatory reporting against the will of the patient, can be asserted by the doctor or the patient for a final determination by a judge. A court’s Order that the doctor is not bound by the privilege immunizes that doctor against a lawsuit by the patient for breach of confidentiality.

Medical Justice provides free consultations to doctors facing medico-legal obstacles. We have solutions for doctor-patient conflicts, unwarranted demands for refunds, online defamation (patient review mischief), meritless litigation, and a gazillion other issues. We also provide counsel specific to COVID-19. If you are navigating a medico-legal obstacle, visit our booking page to schedule a free consultation – or use the tool shared below.

Learn how Medical Justice can protect you from medico-legal mayhem… 

Jeffrey Segal, MD, JD

Chief Executive Officer and Founder

Dr. Jeffrey Segal, Chief Executive Officer and Founder of Medical Justice, is a board-certified neurosurgeon. Dr. Segal is a Fellow of the American College of Surgeons; the American College of Legal Medicine; and the American Association of Neurological Surgeons. He is also a member of the North American Spine Society. In the process of conceiving, funding, developing, and growing Medical Justice, Dr. Segal has established himself as one of the country’s leading authorities on medical malpractice issues, counterclaims, and internet-based assaults on reputation.

Dr. Segal was a practicing neurosurgeon for approximately ten years, during which time he also played an active role as a participant on various state-sanctioned medical review panels designed to decrease the incidence of meritless medical malpractice cases.

Dr. Segal holds a M.D. from Baylor College of Medicine, where he also completed a neurosurgical residency. Dr. Segal served as a Spinal Surgery Fellow at The University of South Florida Medical School. He is a member of Phi Beta Kappa as well as the AOA Medical Honor Society. Dr. Segal received his B.A. from the University of Texas and graduated with a J.D. from Concord Law School with highest honors.

In 2000, he co-founded and served as CEO of DarPharma, Inc, a biotechnology company in Chapel Hill, NC, focused on the discovery and development of first-of-class pharmaceuticals for neuropsychiatric disorders.

Dr. Segal is also a partner at Byrd Adatto, a national business and health care law firm. Byrd Adatto was selected as a Best Law Firm in the 2023 edition of the “Best Law Firms” list by U.S. News – Best Lawyers. With over 50 combined years of experience in serving doctors, dentists, and other providers, Byrd Adatto has a national pedigree to address most legal issues that arise in the business and practice of medicine.