Privacy is a patient right. Optometrists have an ethical and legal responsibility to safeguard patient information. Patient information includes such information as personal data, medical history, diagnosis, treatment, and financial situation.
Patient information should be shared only on a need-to-know basis with those who participate in the care of the patient. Unless disclosure is required by law, patient information should not be shared with anyone without the patient's written permission. Court orders, subpoenas and investigations by the Office of Professional Discipline are examples of disclosures that may be required even in the absence of the patient's consent.
Patient information, written or electronic, must be kept secure from loss, theft, or unauthorized access, use or disclosure. Confidential information should be kept out of plain view, and stored in a secure environment. Care should be taken not to talk about patients in public places, even if you are not using the patient's name.
Under section 29.1(b)(8) of the Regents Rules, it is unprofessional conduct to reveal personally identifiable facts, data or information obtained in a professional capacity without the prior consent of the patient or client, except as authorized or required by law. If you violate this confidentiality rule you may be subject to charges of unprofessional conduct.
Your decision to disclose patient information must be consistent with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), if it applies. More information regarding HIPAA may be found on the United States Department of Health and Human Services Web site at www.hhs.gov/ocr/hipaa.