Medical privacy or health privacy is the practice of keeping information about a patient confidential. This involves both conversational discretion on the part of health care providers, and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records has raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.
Privacy for research participants
In the course of having or being part of a medical practice, doctors may learn information they wish to share with the medical or research community. If this information is shared or published, the privacy of the patients must be respected. Likewise, participants in medical research that are outside the realm of direct patient care have a right to privacy as well.
Privacy situation by country
Australia - eHealth
On 1 July 2012 the Australian Government launched the Personally Controlled Electronic Health Record (PCEHR) (eHealth) system. The system is being rolled out in stages. Full implementation will incorporate an electronic summary prepared by nominated healthcare providers, and consumer entered notes. The summary will include information on the individual’s allergies, adverse reactions, medications, immunisations, diagnoses and treatments. The consumer notes will operate as a personal medical diary that only the individual can view and edit. The opt-in system, means people choose whether to register for the eHealth record or not.
Privacy - Governance
The Personally Controlled Electronic Health Records Act 2012 and Privacy Act 1988, govern how eHealth record information will be managed and protected. The PCEHR System Operator abides by the Information Privacy Principles in the Privacy Act 1988 (Commonwealth), and any applicable State or Territory privacy laws. A Privacy Statement sets out the application of personal information collection by the System Operator. The Statement includes explanation of the types of personal information collected, what the information is used for, and how the information is stored. The statement covers measures in place to protect personal information from misuse, loss, unauthorised access, modification and disclosure.
Privacy - Security measures
Security measures include audit trails, so that patients can see who has accessed their medical record and when, and the use of encryption, secure logins and passwords. Patient records are identified using an Individual Health Identifier (IHI) assigned by Medicare as IHI service provider.
Privacy - Issues
A 2012 nationwide survey assessed privacy concerns on patients’ health care decisions, which could impact on patient care. Results found 49.1% of Australian patients stated they have withheld or would withhold information from their health care provider based on privacy concerns.
- How does consent impact privacy?
One concern is that personal control of the eHealth record via consent, does not guarantee privacy is protected. It is argued that a narrow definition, ‘permission’ or ‘agreement’, does not provide protection for privacy and is not well represented in Australian legislation. The PCEHR allows clinicians to assume consent by consumer participation in the system; however, the needs of the consumer may not be met. Critics argue that the broader definition of 'informed consent' is required, as it encompasses the provision of relevant information by the healthcare practitioner, and understanding of that information by the patient.
- Is it legitimate to use personal information for public purposes?
Data from the PCEHR is to be predominantly used in patient healthcare, but other uses are possible, for policy, research, audit and public health purposes. The concern is that in the case of research, what is allowed goes beyond existing privacy legislation.
- What are ‘illegitimate’ uses of health information?
The involvement of pharmaceutical companies is viewed as potentially problematic. If they are perceived by the public to be more concerned with profit than public health, public acceptance of their use of PCEHRs could be challenged. Also perceived as problematic, is the potential for parties other than health care practitioners, such as insurance companies, employers, police or the government, to use information in a way which could result in discrimination or disadvantage.
- What are the potential implications of unwanted disclosure of patient information?
Information ‘leakage’ is seen as having the potential to discourage both patient and clinician from participating in the system. Critics argue the PCEHR initiative can only work, if a safe, effective continuum of care within a trusting patient/clinician relationship is established. If patients lose trust in the confidentiality of their eHealth information, they may withhold sensitive information from their health care providers. Clinicians may be reluctant to participate in a system where they are uncertain about the completeness of the information.
- Are there sufficient safeguards for the protection of patient information?
Security experts have questioned the registration process, where those registering only have to provide a Medicare card number, and names and birth dates of family members to verify their identity. Concerns have also been raised by some stakeholders, about the inherent complexities of the limited access features. They warn that access to PCEHR record content, may involve transfer of information to a local system, where PCEHR access controls would no longer apply.
The privacy of patient information is guaranteed by articles 78 and 100 of legal code 5510.
On the other hand, the Social Security Institution (SGK), which regulates and administers state-sponsored social security / insurance benefits, sells patient information after allegedly anonimizing the data, as confirmed on October 25, 2014.
The National Health Service is increasingly using Electronic health records, but until recently the records held by individual NHS organisations such as General Practitioners, NHS Trusts, dentists and pharmacies were not linked. Each organisation was responsible for the protection of patient data it collected. The care.data programme which proposed to extract anonymised data from GP surgeries into a central database aroused considerable opposition.
In 2003, the NHS made moves to create a centralized electronic registry of medical records. The system is protected by the UK's Government Gateway, which was built by Microsoft. This program is known as Electronic Records Development and Implementation Programme (ERDIP). The NHS National Program for IT was criticized for its lack of security and lack of patient privacy. It was one of the projects that caused the Information Commissioner, to warn that there was a danger of the country "sleepwalking" into a surveillance society. Pressure groups[according to whom?] opposed to ID cards also campaigned against the centralized registry.
Newspapers feature stories about lost computers and memory sticks but a more common and longstanding problem is about staff accessing records they have no right to see. It has always been possible for staff to look at paper records, and in most cases there is no record kept. Electronic records make it possible to keep a record of who has accessed which records. NHS Wales has created the National Intelligent Integrated Audit System which provides "a range of automatically generated reports, designed to meet the needs of our local health boards and trusts, instantly identifying any potential issues when access has not been legitimate.” Maxwell Stanley Consulting will use a system called Patient Data Protect (powered by VigilancePro) which can spot patterns – such as whether someone is accessing data about their relatives or colleagues. 
The most recent development in the USA is the Medical Information Privacy and Security Act (MIPSA). It contains important provisions requiring the generation of an audit trail of information being accessed, and allows patients the ability to partition their data so that, for example, genetic information is not revealed when they go for a flu shot. Individuals have a right to access, copy, edit and augment their information.
Privacy advocates in the United States have raised concerns about the switch from paper to electronic medical records. Some commentators fear this will lead to unauthorized access to personal data.
In New Zealand, the Health Information Privacy Code (1994), sets specific rules for agencies in the health sector to better ensure the protection of individual privacy. The code addresses the health information collected, used, held and disclosed by health agencies. For the health sector, the code takes the place of the information privacy principles.
The introduction of a nationwide system for the exchange of medical information and access to electronic patient records, led to much discussion in the Netherlands. 
- "Australian Government - Department of Health and Ageing". PCEHR Governance. Retrieved 18 May 2013.
- "National E-Health Transition Authority (NEHTA)". Our Work - PCEHR. Retrieved 18 May 2013.
- "Australian Government - Department of Health and Ageing". Expected benefits of the national PCEHR system. Retrieved 18 May 2013.
- "Australian Government - ComLaw". Personally Controlled Electronic Health Records Act 2012. Retrieved 18 May 2013.
- "Australian Government - Office of the Australian Information Commissioner". Information Privacy Principles under the Privacy Act 1988. Retrieved 18 May 2013.
- "Australian Government - Department of Health and Ageing". Privacy. Retrieved 18 May 2013.
- Showell, CM (2011). "Citizens, patients and policy: a challenge for Australia’s national electronic health record". Health Information Management Journal 40 (2): 39–43. http://www.himaa.org.au/members/journal
- Anonymous (2012). "e-Health". Australian Nursing Journal 20 (2): 20.
- Spriggs M, Arnold MV, Pearce CM & Fry C (2012). "Ethical questions must be considered for electronic records". Journal of Medical Ethics 38 (9): 535–539. doi:10.1136/medethics-2011-100413. PMID 22573881. http://jme.bmj.com/content/38/9/535.abstract
- Liaw S & Hannan T (2011). "Can we trust the PCEHR not to leak?". Medical Journal of Australia 195 (4): 222. mja.com.au/journal/2011/195/4/can-we-trust-pcehr-not-leak
- ""Sağlık Bakanlığı SGK bilgilerini sattığını doğruladı: İsim vermeden sattık" ("The Miistry of Health confirms the sale of information [to third parties] through SGK database: 'We sold [data] without [patients'] names'")". Birgün. Retrieved 25 October 2014.
- "Paperless NHS supplement: Data protection – it's a breach of trust". Health Service Journal. 13 March 2015. Retrieved 28 April 2015.
- European Standards on Confidentiality and Privacy in Healthcare
- Opt out of the NHS Spine, or the NHS Confidentiality campaign
- Electronic Frontier Foundation on medical privacy