Navigating Ethics of Physician-Patient Confidentiality: A Communication Privacy Management Analysis

Sandra Petronio, PhD; Mark J DiCorcia, PhD; Ashley Duggan, PhD

Perm J 2012 Fall;16(4):41-45


The ethics of physician-patient confidentiality is often fraught with contradictions. Privacy boundaries are not always clear, and patients can leave an interaction with their physicians feeling uncomfortable about the security of their private medical information. The best way to meet confidentiality and privacy management expectations that patients have may not be readily apparent. Without realizing it, a physician may communicate a patient's information in ways that are inconsistent with that person's perceptions of how his/her medical information should be treated. A proposed model is presented as a tool for physicians to better serve the privacy and confidentiality needs of their patients. This model depends on the communication privacy management (CPM) perspective that emerged from a 35-year research program investigating how people regulate and control information they consider private and confidential. A physician's use of this model enables the ability to establish a confidentiality pledge that can address issues in understanding the best way to communicate about privacy management with patients and more likely overcome potential negative outcomes.

I am a patient in a special unit where the staff have meetings every week. They discuss the test results and whatever they want to discuss. You sort of find out along the way. They don't tell you what goes on, but you get second-hand information. The nurse will come back and say: "At the meeting the doctor said this …" I don't like them discussing me behind my back.1

Confidentiality in medicine involves a careful balance of respecting patient autonomy, the duty to warn, protecting confidential patient information, and soliciting appropriate disclosures.2-4 For each issue, there are fundamental ways that communication is instrumental in traversing the management of confidential private information. Sharing patient information is important to leverage the power of collaboration between the physician and relevant medical team members. Patients often do not understand the full implications of why sharing their private medical information is vital to their care. Although managing confidentiality is guided by ethical and legal principles, many ambiguous situations still arise in the course of patient care, leading to predicaments in privacy management.4-7

Research shows that managing privacy boundaries is a delicate balancing act.6,7 If the regulation of privacy and confidentiality in medical encounters is conducted without consciousness, awareness, and curative intention, the outcome can be counterproductive for patients and physicians, with the potential to compromise ethical and care standards.8

Communication Privacy Management and Patient-Physician Relationship

Communication privacy management (CPM), is a theoretically driven perspective derived from a 35-year social-behavioral research program investigating how people manage private information.7,9 In this report, the CPM perspective is applied to better understand the basis for ethical predicaments in confidentiality between patients and physicians. Briefly, CPM argues that managing privacy and confidentiality means navigating between the need for autonomy and the need for connectedness with others. Navigating is necessary because people want to take others into their confidence (granting access), yet desire to keep a measure of autonomy and privacy (resulting in concealing or protecting information). CPM uses a privacy boundary metaphor representing where private information is located and identifies how the privacy management system operates.

In considering the physician-patient relationship within the CPM perspective, physicians have potentially two privacy boundaries they regulate with patients. They have their own personal privacy boundaries and judgments about situations where personal disclosures are made to patients. Physicians also serve as guardians or co-owners of their patients' private medical information and are included within the patient's privacy boundary surrounding that information. As co-owners, physicians have a complicated role in that they have to make decisions about issues such as the best treatment plan or a prognosis on the basis of information they gather from tests, and they must deliver that information to the patient. In doing this, physicians often have to judge when to share information with the patient about his/her case, how much to share at any given stage of treatment, what to share, and who else to tell about the patients' confidential medical information. Because the medical information belongs to the patients, they feel that the physicians' choices about these issues necessarily need to include conversations with them.5 The reason these issues arise is illustrated in the evidenced-based principles of CPM theory. There are three main CPM principles: 1) privacy ownership, 2) privacy control, and 3) privacy turbulence.7,9,10

Privacy ownership refers to the fact that people believe their private information belongs to them and they own the right to control access to that information. When "original" owners grant access, they create authorized co-owners or confidants who are expected to act responsibly by fulfilling the original owner's expectations for third-party access. Physicians are granted authorized co-ownership or guardian status by patients so that they can administer medical care.

Privacy control defines the system that regulates access and protection of privacy boundaries surrounding information considered personal and within an individual's jurisdiction to regulate. Privacy control is enacted through using privacy rules that regulate access and protection; for example, a patient might say, "I talk only to my doctor about my HIV status and no one else."

Privacy rules are developed on the basis of motivations, assessments of risks and benefits, orientations toward privacy, and situational demands. Thus, needing to trust a physician to gain health care can motivate a patient to reveal information. For the patient, granting access likely includes judging risks and benefits of allowing complete or partial access. Nevertheless, when the patient discloses information, the physician becomes an authorized co-owner or guardian and, with that, comes an implied expectation that the physician will "care" for the information in the way the patient expects. If these expectations about responsible treatment of the information are violated, privacy turbulence results in the physician-patient relationship.

Personal-Professional Boundaries in Confidential Physician-Patient Relationships

Whereas the physician's confidant role is professionally, ethically, and legally guided, it is also determined by the interface of the physician's own privacy rules—about maintaining personal and professional boundaries—with individual patient privacy rules. Stemming from professional training, physicians develop their own set of privacy rules and management strategies to regulate their emotions and personal information.11,12 Physicians learn ways to keep their feelings within their own privacy boundary and under their own control. By using an effective privacy regulation process, physicians are able to protect their own privacy while maintaining a professional physician-patient boundary in the name of objectivity. Having a clear sense of demarcation between the personal and professional is necessary and can afford a physician the ability to better serve in the role of confidant for patients.

The road to effective navigation of both patient and physician privacy boundaries may be predicated on the physician's ability to learn how to be more reflective about communication in patient care.12 From the literature, we find that physicians trained to have a greater awareness of where boundary lines can become blurry—particularly with emotional objectivity and empathy—are more able to communicate effectively.12,13 Physicians' sharing personal emotions, concerns, and experiences can have both positive and negative effects on the physician-patient relationship. Consequently, the judgments made need to rely on clear guidelines with sensitivity to the impact that sharing (ie, crossing a privacy boundary) and not sharing have for the process of patient care.12

Blurring Privacy Boundaries in Physician-Patient Relationships

Both patients and physicians encounter privacy management predicaments. When physicians make inappropriate or unrelated personal disclosures to patients, the patient may feel baffled about the confidant's role a physician is playing. A study found that more often than would be expected, primary care physicians tend to disclose unsolicited and contextually irrelevant personal information to their patients.14 McDaniel et al14 found that 85% of primary care physicians made such disclosures that had little to do with the patients' cases. Interestingly, this research also shows that after physicians disclosed, patients did not necessarily turn the conversation back to the reason they were seeking medical care; nor did the physicians. Furthermore, patients did not find that the physician's disclosure was helpful in any way.

Receiving disclosures of a personal nature from physicians may put the patient in an awkward position. There is an embedded expectation of responsibility for the patient as the physician's confidant. Consequently, unless the disclosure is contextually relevant to the patient's case or can potentially be used therapeutically, a physician's personal disclosure can compromise the ability to establish a professional trusting relationship with the patient.6 For example, if physicians reveal their personal marital problems when listening to a patient's description of medical issues affecting his/her marriage, the patient might feel compelled to comfort the physician.15 In these situations, an implicit confidentiality promise that patients often assume between themselves and physicians becomes reversed and the patient is the confidant with implied responsibilities to the physician.

However, disclosures reinforcing concepts that focus on taking the perspective of the patient can have a powerful impact on how privacy boundaries are regulated. Reinforcing concepts such as normalcy (eg, "Your concerns are not uncommon; many of my pregnant patients have the same fears"), empathy (eg, "I share your frustration that we have not been able to adequately manage your pain, but we are committed to finding a solution"), and encouraging hope (eg, "I know quitting smoking is difficult because I've done it, and I believe when you are ready, you will too") can facilitate effective disclosure for the physician, maintain a useful relationship, and positively influence health outcomes.

Considering these issues speaks to the importance of locating expectations about managing confidentiality and reflecting on how role shifting can disrupt the patient's assumptions about physician behavior when in a confidential medical relationship.12,14 Explicitly inquiring about the patient's expectations concerning how private and confidential information will be managed sets the path to increasing trustworthiness and the ability to actively attend to the patient's desires for privacy management. Doing so also helps to guard against the possibility of mistaking where the borders are between the professional and the personal boundaries.

s this report transitions into presenting a confidentiality negotiation system, it is important to make note of the position on privacy taken in this article as compared to the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA).16 Whereas HIPAA is geared toward providing legal parameters, this essay goes beyond the borders of biomedical intent stipulated by the act. Instead, the argument here focuses on learning how people talk and interpret messages in building relationships concerning regulating their confidential private information.

Confidentiality Negotiation System: Differences Navigated

Physicians and patients operate on a different set of assumptions about how the health care system works. For physicians, navigating in the health care system is part of their daily routine. Physicians rely on the admission process and paperwork to outline requests for private information that, for them, is normative. Patients understand they must provide access to their private medical information, but they have less experience with this system than do the physicians. Furthermore, patients uniformly do not believe all their private information somehow belongs to and should be shared with the physician.15 The incommensurate experiences that the patient and physician may have illustrate underlying issues that can result in miscommunication and violated expectations for privacy management. The outcome can lead to what CPM refers to as "privacy turbulence." Because of these miscommunications, trust may be damaged and difficult to restore.

Physicians must be equipped with effective ways to overcome barriers and to negotiate useful privacy decisions. Through training, physicians can improve their understanding of the patient's privacy orientation and learn new ways of negotiating an agreed-on set of privacy rules to better serve the patient's needs. The five-point model and case study application discussed in the next section illustrate key aspects of confidentiality negotiations, with the goal of establishing a CPM confidentiality pledge. This model is geared to quickly identify the main points of discussion for physician-patient interaction about confidentiality. Obviously, the length of time invested depends on an individual physician's needs and desires regarding the extent of implementing the model.

Communication Privacy Management Confidentiality Pledge Model

A confidentiality pledge advocates that patients and physicians openly discuss the ways patients want their information treated. Constructing this pledge seems best used in an initial face-to-face interaction with the patient as the physician is becoming familiar with the case. In this way, going forward from this initial encounter, the physician is illustrating a level of care and concern for the patient's wishes regarding information considered private. Doing so creates a heightened sense of trust for the patient. Likewise, the pledge also raises awareness of where there are privacy boundary lines for both physician and patient, thus thwarting breaches of confidentiality that can lead to negative outcomes in patient care. A patient's reluctance to engage in conversations about protection of his/her confidentiality may clue the physician into the level of trust or lack thereof that a patient is feeling. In addition, not wanting to share private information may signal other potential problems that could be related to the patient's condition. Considering these possibilities likely helps the physician recognize more attention is needed to unearth the reasons a patient feels reluctant. The basic model can serve as a template to pursue a more in-depth discussion if necessary.

The proposed model gives a clear and concise vision of how to address these problems before they become obstacles, thereby increasing the potential for beneficial patient care.17 As Table 1 illustrates, using the CPM Confidentiality Negotiation System to develop a confidentiality pledge can be achieved with a five-point model that asks who, what, where, when, and how.7 This model shows how to discern ways in which patients define the disclosed medical information as confidential. In addition, it identifies where the borders are located in patients' privacy boundaries surrounding confidential information and aids in judging the level of needed control that patients want over their information. Furthermore, the model sets parameters for areas most likely to concern confidential information, namely, seeking permission to tell information, and creating informational co-owners or shareholders (eg, clinicians, team members and other personnel, family members, and friends). The model also identifies circumstances in which the patient and physician negotiate protection of and access to information, including how, when, and why information might be protected or granted access. Doing so communicates an understanding of rights of ownership (in personal, not necessarily legal terms), granting the ability to exercise control over the information when someone else (eg, the physician) is given license to make the decision on the patient's behalf.

Table 2 provides a teaching hospital's case study analysis to illustrate how a physician might negotiate a confidentiality pledge with patients. This case illustrates the way a physician could open the door for patients to express concerns or expectations they have, by describing practices and policies of sharing patient information among medical staff. In turn, patients are invited, through conversations with the physician, to articulate boundaries for information they do or do not want shared with others, such as certain family members. Likewise, physicians are able to get a better understanding by inviting patients to voice expectations and confirm an understanding of how their information should be managed. These conversations help frame an agreement about the expectations for confidentiality that align physician-patient understandings of how personal and confidential information is handled. By opening the discussion to patients' questions, concerns, amendments, and issues surrounding how best to treat confidential information, the physician prevents the possibility of ethical questions in the future. Physicians can proactively address these matters, decreasing the potential for patients' surprises and anger about how their information is shared.

confidentiality pledge with patients can produce a clear and efficient mutual understanding between the physician and patient for how private and confidential information is handled and delivered.7 Thus, documentation of a negotiated written agreement identifying how the patients believe their information should be managed and the information they define as confidential generates a confidentiality pledge. The general scope of that pledge can easily be integrated into the physician's medical history discussion during an initial visit with the patient. In today's world of electronic medical records, such a pledge may more likely be used if it were found early in the record, perhaps in the problem list, associated with the demographic information or with other documents such as a do-not-resuscitate order.


An examination of the way that a physician's role as confidant is defined captures the relational complexity of decision making where a patient's privacy management is concerned. Accordingly, when physicians and patients jointly articulate privacy management expectations and negotiate a mutually agreed-on set of privacy rules for patient information, it sets clear parameters. In addition, doing so may also make physicians mindful about their own privacy boundary management with patients. Use of the model to establish a confidentiality pledge can help solve some implicit problems in understanding how to communicate about privacy management with patients and can overcome potential negative outcomes.

Disclosure Statement

The author(s) have no conflicts of interest to disclose.


Kathleen Louden, ELS, of Louden Health Communications provided editorial assistance.

1.    Braunack-Mayer AJ, Mulligan EC. Sharing patient information between professionals: confidentiality and ethics. Med J Aust 2003 Mar 17;178(6):277-9.
2.    Jenkins G, Merz JF, Sankar P. A qualitative study of women's views on medical confidentiality. J Med Ethics 2005 Sep;31(9):499-504. DOI:
3.    Offit K, Groeger E, Turner S, Wadsworth EA, Weiser MA. The "duty to warn" a patient's family members about hereditary disease risks. JAMA 2004 Sep 22;292(12):1469-73. DOI:
4.    Beauchamp TL, Childress JF. Principles of Biomedical Ethics (6th edition). New York, NY: Oxford University Press; 2009.
5.    Petronio S, Lewis SS. Medical disclosure in oncology: Families, patients, and providers. In: Miller-Day M (Ed), Family communication and health transitions. New York, NY: Peter Lang Publishing, Inc; 2010. p 269-96.
6.    Petronio S, Reierson J. Regulating the privacy of confidentiality: grasping the complexities through communication privacy management theory. In: Afifi T, Afifi W (Eds). Uncertainty, information management, and disclosure decisions: Theories and applications. New York, NY: Routledge; 2009. p 365-83.
7.    Petronio S. Boundaries of privacy: Dialectics of disclosure. Albany, NY: State University of New York Press; 2002.
8.    Litzelman DK, Cottingham AH. The new formal competency-based curriculum and informal curriculum at Indiana University School of Medicine: overview and five-year analysis. Acad Med 2007 Apr;82(4):410-21. DOI:
9.    Petronio S. Communication privacy management theory: What do we know about family privacy regulation? J Fam Theory Rev 2010 Sep;2(3):175-96. DOI:
10.    Petronio S, Sargent J. Disclosure predicaments arising during the course of patient care: nurses' privacy management. Health Commun 2011 Apr;26(3):255-66. DOI:
11.    Charon R. The patient-physician relationship. Narrative medicine: A model for empathy, reflection, profession, and trust. JAMA 2001 Oct 17;286(15):1897-902. DOI:
12.    Gabbard GO, Nadelson C. Professional boundaries in the physician-patient relationship. JAMA 1995 May 10;273(18):1445-9. Erratum in: JAMA 1995 Nov 1;274(17):1346. DOI:
13.    Meier DE, Back AL, Morrison RS. The inner life of physicians and care of the seriously ill. JAMA 2001 Dec 19;286(23):3007-14. DOI:
14.    McDaniel SH, Beckman HB, Morse DS, Silberman J, Seaburn DB, Epstein RM. Physician self-disclosure in primary care visits: enough about you, what about me? Arch Intern Med 2007 Jun 25;167(12):1321-6. DOI:
15.    Sankar P, Mora S, Merz SF, Jones NL. Patient perspectives of medical confidentiality: a review of the literature. J Gen Intern Med 2003 Aug; 18(8):659-69. DOI:
16.    Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub L No. 104-191, 110 Stat 1936 (Aug 21, 1996). [For more information on HIPAA, visit the Web page of the National Partnership for Women and Families HIPAA guide: and read or download the HIPAA guide. HIPAA also provides some protection for victims of domestic violence from discrimination by employment-based group health plans.]
17.    Wood GC, Spahr R, Gerdes J, Daar ZS, Hutchison R, Stewart WF. Patient satisfaction and physician productivity: complementary or mutually exclusive? Am J Med Qual 2009 Nov-Dec;24(6):498-504. DOI:


Click here to join the eTOC list or text ETOC to 22828. You will receive an email notice with the Table of Contents of The Permanente Journal.


2 million page views of TPJ articles in PubMed from a broad international readership.


Indexed in MEDLINE, PubMed Central, EMBASE, EBSCO Academic Search Complete, and CrossRef.




ISSN 1552-5775 Copyright © 2021

All Rights Reserved