The right to privacy is a fundamental human right that plays a crucial role in protecting individual autonomy and dignity. In the context of medical cases, privacy becomes even more significant as patients entrust sensitive personal and medical information to healthcare providers. Maintaining the confidentiality of this information is essential to fostering trust in the doctor-patient relationship. However, this right to privacy is not absolute, and certain situations may require a careful balance between protecting patient confidentiality and meeting legal, ethical, or public health obligations.

For instance, healthcare providers may be legally bound to disclose confidential information in cases of contagious diseases, criminal investigations, or protecting vulnerable individuals, such as children in cases of abuse. Striking a balance between preserving patient privacy and serving the public interest is a challenging but necessary task in medical practice.

This article aims to explore the legal and ethical dimensions of the right to privacy in medical cases, with a focus on how confidentiality is maintained and when it can be ethically and legally breached. By anlysing key legal frameworks and case laws, both in India and internationally, the article seeks to provide a comprehensive understanding of how the right to privacy in healthcare is balanced with broader societal needs. The evolving challenges in the digital era, where medical data is increasingly stored and shared electronically, also underscore the need for stronger protections in medical confidentiality.

Concept Of Right To Privacy:

Private life or privacy generally refers to a sphere where individuals can remain on their own, think and behave as they like, and decide themselves personally where, when and under which conditions to communicate and have a relationship with others, as well as the right to control this sphere.[1]

'Right to Privacy’ means "right to be let alone; the right of a person to be free from any unwarranted publicity; the right to live without any un-warranted interference by the public in matters with which the public is not necessarily concerned"[2]. The right to privacy derives from an English Common Law maxim which asserts that "Every man’s house is his castle".

The right to privacy is a fundamental human right that safeguards individuals from unwarranted intrusion into their personal lives. It encompasses the protection of personal data, private communications, and personal autonomy. This right ensures that individuals can make decisions and conduct their lives without undue interference from the state, corporations, or other entities.

Definition Of Right To Privacy:

The right to privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, property, thoughts, feelings, secrets and identity. The right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose

Evolution Of Right To Privacy:

The evolution of the right to privacy has been a dynamic journey from its early conceptualization to its formal recognition in modern legal systems. Initially, privacy was a somewhat abstract notion, primarily discussed in philosophical and legal circles. The seminal 1890 article by Samuel D. Warren and Louis D. Brandeis, "The Right to Privacy," marked a significant shift, arguing for legal protection against unwarranted public intrusion. This idea gained traction and was embedded in international human rights frameworks, notably with the Universal Declaration of Human Rights in 1948, which asserted the right to be free from arbitrary interference in one’s private life.

In India, privacy was initially implied within broader constitutional rights until the landmark 2017 Supreme Court case, Justice K.S. Puttaswamy (Retd.) v. Union of India[3], officially recognized it as a fundamental right under Article 21 of the Indian Constitution. This ruling underscored privacy's critical role in safeguarding personal dignity and autonomy, including in sensitive areas like medical confidentiality. The case has since driven legislative and policy reforms, such as the Personal Data Protection Bill, reflecting an evolving understanding of privacy in an increasingly digital world.[4]

Confidentiality In Medical Practice

In the 21st century, the concepts of confidentiality and privacy are often regarded as interchangeable. However, confidentiality is primarily an ethical and professional duty (sometimes enforced by legislation), whereas privacy is entirely a creature of modern legislation. In a medical setting, confidentiality is imposed upon the doctor in a doctor–patient therapeutic relationship. The duty of confidentiality predates by some 2,200 years the notion of privacy. The latter encompasses a somewhat inchoate bundle of rights to control information about oneself and the right to exclude others from accessing it.[5]

Medical professionals have a fundamental ethical obligation to maintain patient confidentiality. This principle is rooted in the Hippocratic Oath[6] and modern medical ethics, which emphasize that patient trust is crucial for effective healthcare. Confidentiality ensures that sensitive personal health information disclosed during consultations is not shared without the patient’s consent. It fosters an environment where patients feel secure in discussing their health issues openly, which is essential for accurate diagnosis and effective treatment. Breaches in confidentiality can undermine patient trust, hinder treatment outcomes, and potentially cause emotional or psychological harm.

Communication Between Doctor And Patient’s Relatives:

Communication between a doctor and a patient’s relatives involves sharing essential information about the patient's condition, treatment options, and prognosis. However, it must balance transparency with confidentiality, as doctors are ethically and legally obligated to maintain patient privacy unless the patient consents to share specific details or in cases of medical necessity.[7]

Not only Hippocratic Oath or any legal provision, the general moral principal is also involved while establishing the right to privacy among patient and the doctor. There is a common belief that no one should hide anything from his/her lawyer and doctor.[8] Despite these practices, right to privacy is not absolute. Reporting of transmissible diseases, gunshot wounds, child abuse, and venereal disease may take precedence over the right to privacy. Interventions to hospitalize a person for psychiatric reasons and to prevent harm also have become exceptions to the general rule. Wigmore has stated that to justify privilege (legal protection to a confidential relationship):

• The communications must originate in a confidence that it will not be disclosed.
• Confidentiality must be essential to the satisfactory maintenance of the relationship.
• The relation must be one which the community believes should be fostered.
• The injury to the relationship from disclosure of the communication must be greater than the benefit gained for the correct disposition of the litigation.

Thus, an important point legally and perhaps generally is that the communications must originate in a confidential relationship. If there is no confidential relationship in the first place, then whether privacy should be respected in all ways or just in some becomes important.[9]

IN Case of Mr. 'X' vs Hospital 'Z'[10] -The Supreme Court held that doctor-patient relationship though basically commercial, is professionally a matter of confidence and, therefore, doctors are morally and ethically bound to maintain confidentiality. In such a situation public disclosure of even true private facts may sometimes lead to the clash of one person’s right to be let alone with another person’s right to be informed.

Legal Framework For The Right To Privacy In Medical Practices

The legal framework for the right to privacy in medical practices ensures patient confidentiality through constitutional, regulatory, and international standards.

1. The Constitution of India:
   The Constitution of India does not explicitly mention the right to privacy, but it is implicitly protected under Article 21. This Article guarantees the right to life and personal liberty, which the Supreme Court of India has interpreted to include the right to privacy.
   • Article 21 of the Constitution of India - guarantees the right to life and personal liberty, stating, "No person shall be deprived of his life or personal liberty except according to the procedure established by law."[11]
      
   • The medical sector is an important concern in privacy. Your health information includes any information collected about your health or disability, and any information collected in relation to a health service you have received. Many people consider their health information to be highly sensitive. The right to life is so important that it supersedes the right to privacy. Under medical ethics, a doctor is required not to disclose secret information about the patient as the disclosure will adversely affect or put in danger the life of other people.[12]
      
   • Article 19(1)(a) guarantees the right to freedom of speech and expression, which can sometimes intersect with medical privacy. While doctors, hospitals, or healthcare institutions have a right to express opinions or share general information, they must respect the boundaries set by Article 21 when it comes to patient confidentiality. This balance ensures that the right to privacy in medical practices is not infringed upon by excessive or unnecessary disclosure of patient information. Therefore, while freedom of expression is a fundamental right, it is subject to reasonable restrictions, especially in cases where it could compromise the privacy and dignity of individuals under medical care.[13]
      
2. The Indian Medical Council (Professional Conduct, Etiquette, and Ethics) Regulations, 2002:
   The Indian Medical Council (Professional Conduct, Etiquette, and Ethics) Regulations, 2002, establish clear guidelines for maintaining patient confidentiality.
   • Regulation 1.3 mandates that physicians must respect patient confidentiality, meaning they cannot disclose any information shared during treatment unless legally required or if it serves the public interest. This regulation ensures that sensitive medical information is protected, preserving the trust between patient and doctor.
   • Regulation 1.4 further emphasizes that this duty of confidentiality is not limited to the duration of treatment but continues indefinitely, highlighting the enduring responsibility of doctors to protect patient privacy even after the treatment has ended.[14]
      
3. Personal Data Protection Bill, 2023:
   The Personal Data Protection Bill, 2023 in India seeks to regulate how personal data is collected, processed, and stored, with particular attention to safeguarding individual privacy. In the context of medical practices, this bill reinforces the right to privacy by ensuring that sensitive personal health data is protected.
   • Medical information, categorized as sensitive personal data, requires explicit consent from individuals before being processed by healthcare providers, insurers, or any third-party entities. The bill mandates stringent standards for data storage, minimizing the risk of unauthorized access or breaches, and imposes heavy penalties for violations.
      
   • For patients, this means greater control over their medical information, including the right to know how their data is being used, the ability to withdraw consent, and the assurance that their data will be handled in accordance with privacy principles. It also obliges healthcare providers to implement robust data protection measures, such as encryption and anonymization, to ensure confidentiality. The bill promotes transparency by requiring entities to disclose data processing practices and provide individuals with a mechanism to seek redress in case of data misuse. This legislative framework, therefore, strengthens the protection of privacy rights in medical practices, aligning healthcare data management with global data protection norms.
      
   • An individual whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death or incapacity, and (iv) grievance redressal. Data principals will have certain duties. They must not: (i) register a false or frivolous complaint, and (ii) furnish any false particulars or impersonate another person in specified cases. Violation of duties will be punishable with a penalty of up to Rs 10,000.[15]
      
4. Clinical Establishments Act, 2010:
   Section 14 of the Clinical Establishments Act, 2010 mandates that clinical establishments, such as hospitals and clinics, must maintain accurate and up-to-date medical records for all patients. This provision ensures that patient information is properly documented and stored in a manner that is both confidential and secure. The law obligates establishments to implement adequate safeguards to prevent unauthorized access, disclosure, or misuse of sensitive medical data. Compliance with this section is crucial to protect patient privacy and maintain the integrity of medical records, supporting accountability and transparency within healthcare institutions while ensuring legal and ethical standards are upheld.[16]
    
5. International Standards:
   • Universal Declaration of Human Rights (1948):
     Article 12 of the Declaration asserts the right to privacy and protection against arbitrary interference with personal life. "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."[17]
      
   • International Covenant on Civil and Political Rights (1966):
     Article 17 provides that no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence. "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home and correspondence, nor to unlawful attacks on his honour and reputation."[18]

Exceptions To Confidentiality In Medical Practices From The Right To Privacy:

• Public Interest: When a breach of confidentiality serves a significant public interest, it may be justified. For example, reporting cases of contagious diseases to public health authorities is essential to control outbreaks and protect community health. Such disclosures aim to prevent harm to the public and are often mandated by law.
   
• Contagious Diseases: Medical professionals are required to report cases of serious contagious diseases, such as tuberculosis or COVID-19, to health authorities. This exception is crucial for public health surveillance and for implementing control measures to prevent the spread of infectious diseases, despite the individual’s right to privacy.
   
• Child Abuse: If a healthcare provider suspects or identifies child abuse or neglect, they are legally and ethically obligated to report it to child protection services. This exception prioritizes the safety and welfare of children, overriding the confidentiality of the patient’s information to ensure that vulnerable individuals are protected from harm.
   
• Criminal Investigations: Confidentiality may be breached if the information is pertinent to a criminal investigation. For example, if a patient discloses information related to a serious crime, such as assault or murder, healthcare providers might be required to report this information to law enforcement authorities to aid in criminal justice proceedings.
   
• Legal Requirements: Certain legal requirements may necessitate the breach of confidentiality. For instance, laws or court orders might compel the disclosure of medical records in legal disputes or investigations. In such cases, the obligation to comply with legal directives takes precedence over the patient’s right to privacy.
   
• Patient Consent: In situations where confidentiality must be breached, obtaining patient consent is ideally sought. However, in emergency situations or when legal obligations override, consent may not be feasible or required. The balance between patient autonomy and legal mandates must be carefully managed.
   
• Emergency Situations: In emergencies where immediate action is required to prevent harm, such as disclosing information to emergency responders or family members, confidentiality may be breached to ensure timely medical intervention and patient safety.

In summary, while the right to privacy is a fundamental aspect of medical practice, exceptions are necessary in specific scenarios to address public health concerns, protect vulnerable individuals, comply with legal obligations, and ensure the effective administration of justice.

Judicial Interpretations Regarding Right To Privacy Under Medical Practices:

1. Justice K.S. Puttaswamy (Retd.) v. Union of India The Supreme Court of India recognized the right to privacy as a fundamental right under Article 21 of the Constitution. This landmark decision underscored that privacy encompasses the protection of personal and medical information.
2. Sharda v. Dharmpal Supreme Court considered the question of whether a party to a divorce proceeding could be compelled to take a medical examination. While acknowledging the importance of privacy and confidentiality, the Court found that the right to privacy was not absolute and a party could be asked to take a medical examination in a matrimonial proceeding.
3. X v. Hospital Z This case involved the unauthorized disclosure of a patient’s medical records. The Court emphasized the importance of maintaining patient confidentiality and held that breaches can lead to legal liability.
4. S.R. B. vs. Union of India This case involved the issue of confidentiality of medical records. The Supreme Court held that medical professionals have an obligation to maintain patient confidentiality, which is a facet of the right to privacy. Disclosure of medical information without consent is considered a breach of privacy. The Court reinforced the importance of confidentiality in medical practice and its link to the right to privacy.
5. Aarushi Talwar Case This case addressed the issue of privacy in the context of the use of medical evidence. The Supreme Court emphasized that the handling of medical evidence must respect privacy rights, and unauthorized access or disclosure of medical records is impermissible. The judgment highlighted the need for strict adherence to privacy norms when dealing with sensitive medical information.
6. Smt. Rupa and Others vs. State of Rajasthan This case dealt with the misuse of medical records in legal proceedings. The Rajasthan High Court ruled that medical records should be handled with utmost confidentiality and that any breach of this confidentiality can lead to legal repercussions. The Court stressed that privacy in medical practices is not only a personal right but also a legal obligation.
7. Ram Jethmalani v. Union of India In this case, it was held that the "Right to privacy is an integral part of right to life. This is a cherished constitutional value, and it is important that human beings should be allowed domains of freedom that are free of public scrutiny unless they act in an unlawful manner."
8. Kharak Singh v. State of Uttar Pradesh The Supreme Court of India held that a person’s privacy and personal information, including medical records, are protected under Article 21 of the Indian Constitution. Any violation of this right must be justified by a clear and substantial public interest.
9. State of Punjab v. Major Singh (1967) This case reinforced the principle that medical records are confidential and should not be disclosed without the patient's consent, except where a clear and overriding public interest is established.

Recommendations For Enhancing Patient Privacy And Balancing Confidentiality

• Update Privacy Laws: Revise existing laws to address modern privacy issues, ensuring they cover new technology and practices. This helps keep patient data protected in today’s digital age.
• Mandatory Data Protection: Require healthcare providers to follow strict data protection standards, including encryption and secure storage, to prevent unauthorized access and ensure that patient information remains confidential.
• Clear Consent Procedures: Establish clear rules for obtaining patient consent before sharing their data. Patients should understand how their information will be used and give informed approval before any disclosure.
• Regular Privacy Audits: Conduct frequent audits of healthcare systems and practices to ensure compliance with privacy regulations. This helps identify and correct any weaknesses in data protection measures.
• Enhanced Access Controls: Implement strong access controls, such as multi-factor authentication, to restrict data access to authorized personnel only. This reduces the risk of unauthorized access to patient information.
• Secure Digital Systems: Use and maintain secure electronic health record (EHR) systems that adhere to industry standards. Regular updates and security patches help protect against data breaches and cyber threats.
• Ongoing Staff Training: Provide regular training for healthcare staff on data privacy and security. Educating staff helps prevent accidental breaches and reinforces the importance of protecting patient information.
• Incident Response Plans: Develop and maintain plans for responding to data breaches. These plans should include steps for notifying affected patients and regulatory bodies, as well as measures to prevent future incidents.
• Patient Education: Inform patients about their privacy rights and how their data is safeguarded. Educated patients are more likely to trust the system and report any privacy concerns promptly.

Conclusion:
In conclusion, the right to privacy in medical cases is fundamental, ensuring that patients can trust their healthcare providers with sensitive information. Balancing confidentiality with legal and ethical obligations remains a complex challenge. While maintaining patient privacy is crucial for fostering trust and effective healthcare, certain exceptions must be made to address public health concerns and legal requirements.

Judicial precedents highlight the need for a nuanced approach, where confidentiality is preserved except in cases of significant public interest or legal necessity. To enhance privacy protections, stronger enforcement and updated legislative measures are essential. As technology evolves, safeguarding patient data becomes increasingly critical. By striking a careful balance between privacy and necessary disclosures, we can uphold the integrity of medical practice while addressing broader societal needs.

References:
Books:

• The Constitution Of India By Durga Das Basu 23rd Edition
• Health Data In The Information Age: Use, Disclosure, And Privacy Molla S. Donaldson And Kathleen N. Lohr, Editors; Committee On Regional Health Data Networks, Institute Of Medicine

Articles:

• Protecting Patient Information In India: Data Privacy Law And Its Challenges By Nimisha Srinivas & Arpita Biswas On Manupatra
• Medical Confidentiality And Patient Privacy By Danuta Mendelson And Anne Rees, Research Gate Chapter · January 2014
• Protection Of Privacy And Confidentiality As A Patient Right: Physicians' And Nurses' Viewpoints. By Nilüfer Demirsoy, Nurdan Kirimlioglu, Biomedical Research 2016; 27 (4): 1437-1448, Issn 0970-938x
• Right To Privacy – Reference Note From Members' Reference Service Larrdis Lok Sabha Secretariat, New Delhi No.58/Rn/Ref./Nov/2017
• Privacy And The Supreme Court Of India Published By National Law University Delhi Press
• Right To Privacy Under Indian Constitution By Kush Kalra, Gibs Law Journal 2020
• The Evolution Of Right To Privacy In India By Sargam Thapa, International Journal Of Humanities And Social Science Invention (Ijhssi) Issn (Online): 2319 – 7722, Issn (Print): 2319 – 7714
• The Evolution Of Right To Privacy In India Sargam Thapa, International Journal Of Humanities And Social Science Invention (Ijhssi) Issn (Online): 2319 – 7722, Issn (Print): 2319 – 7714

Websites:

• https://www.nmc.org.in/MCIRest/open/getDocument?path=/Documents/Public/Portal/LatestNews/press.pdf
• https://gitarattan.edu.in/wp-content/uploads/2020/11/giBS-Law-Journal-2020-Research-Paper-5.pdf
• https://www.rsrr.in/post/freedom-of-privacy-in-medical-cases-indian-scenario#:~:text=In other words%2C right to,is disclosed to her%2Fhim.
• https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5473905/#:~:text=The Medical Council of India's,Judge%3B in circumstances where there
• https://www.researchgate.net/profile/Maria-Luiza-Baptista-2/publication/348559318_Rhizomatic_Matrices_Proposition_of_Signals_for_Transdisciplinary_Reearch_in_Tourism/links/600481dfa6fdccdcb8607c85/Rhizomatic-Matrices-Proposition-of-Signals-for-Transdisciplinary-Reearch-in-Tourism.pdf#page=112

End Notes:

1. Yüksel M. The right of privacy and its socio-historical development. Ankara Üniversitesi SBF Dergisi 2003; 58: 181-213.
2. According to Black’s Law Dictionary
3. AIR 2014 SC 2524
4. The Evolution of Right to Privacy in India By Sargam Thapa International Journal of Humanities and Social Science Invention (IJHSSI) ISSN (Online): 2319 – 7722, ISSN (Print): 2319 – 7714
5. DR Ortiz, "Privacy, Autonomy and Consent" (1989) 12 Harvard Journal of Law & Public Policy 91 at 91-92
6. The structure of the Hippocratic Oath consists of two parts. The first part specifies duties of the student towards his teacher and the teacher's family, including the student's obligations towards transmitting medical knowledge. The second part provides for a number of rules to be observed in the treatment of diseases. These rules embody the ideals of the physician's compassion, knowledge and dedication to the patient's welfare.
7. https://www.nmc.org.in/MCIRest/open/getDocument?path=/Documents/Public/Portal/LatestNews/press.pdf
8. Freedom of Privacy in Medical Cases: Indian Scenario By Abhishek Singh & Khushboo Pareek
9. https://www.rsrr.in/post/freedom-of-privacy-in-medical-cases-indian-scenario#:~:text=In%20other%20words%2C%20right%20to,is%20disclosed%20to%20her%2Fhim. Last seen 8th September 2024
10. (1998) 8 SCC 296
11. Constitution of India by Durga Das Basu 23rd edition 2019
12. Right to Privacy : Constitutional Rights and Private Laws by Jeetu Kanwar publication/348559318
13. Article 19 – Freedom of Speech and Expression
14. https://www.indiacode.nic.in/handle/123456789/1362/simple-search?query=Indian%20Medical%20Council%20(Professional%20Conduct,%20Etiquette%20and%20Ethics)%20Regulations,%202002&searchradio=regulation
15. https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023#_edn7 Last seen 9 September 2024
16. http://www.clinicalestablishments.gov.in/cms/Home.aspx/1000
17. https://gitarattan.edu.in/wp-content/uploads/2020/11/giBS-Law-Journal-2020-Research-Paper-5.pdf
18. RIGHT TO PRIVACY UNDER INDIAN CONSTITUTION by Kush Kalra GIBS Law Journal 2020
19. (2017) 10 SCC 1
20. (1998) 8 SCC 107
21. (2004) 4 SCC 743
22. 2013 SCC Online SC 1268
23. 2020 SCC Online Raj 120
24. (2011) 8 SCC 1
25. AIR 1963 SC 1295
26. AIR 1967 SC 63

Written By: Adv.Maithili Kale