Confidentiality of Health Information

Is a nurse legally required to maintain confidentiality?
Yes. There is also an ethical obligation. Legal and ethical requirements to keep patient health information confidential can be found in:
  • federal/provincial/territorial legislation governing personal health information, regulated health professions, health facilities, health insurance, occupational health, and privacy;
  • court decisions;
  • the Canadian Nurses Association’s Code of Ethics for Registered Nurses;
  • provincial/territorial nursing practice standards;
  • institutional confidentiality agreements and policies; and
  • publications by the Canadian Health Information Management Association and Accreditation Canada.

Are there exceptions to the duty to maintain confidentiality?
Yes. The most common exception is the disclosure of relevant health information, both verbal and written, within the health care team. In order for the patient to be treated properly, health team members must be able to share patient information with each other.

Another common exception to the duty of confidentiality is the patient’s authorization to disclose. Nurses must bear in mind that a family connection or friendship does not entitle a person to a patient’s health information. Written authorization from the patient may be required prior to disclosure of health information to a third party or to adhere to law or policy on substitute decision making.

Legislation may require or justify disclosure of otherwise confidential health information. Common examples are child protection legislation, public health and communicable disease legislation, other mandatory reporting legislation,1 and privacy legislation authorizing disclosure to protect public health and safety.2

Involvement in legal proceedings, either as a party or a witness, can justify disclosure of health information relevant to the legal issues to be resolved. If you are a party, your lawyer will advise you. If you are a witness, disclosure can be made under the authority of a court order or subpoena.

In rare circumstances, a nurse may be justified in divulging confidential patient information for the purpose of warning others of possible danger from a patient if there is a credible, imminent risk of serious bodily harm or death to a known person or persons.3 A nurse should first consult with the employer’s administration or legal counsel before releasing any confidential patient information, perhaps to the police, out of concern for others. Depending on the circumstances, consultation with other members of the patient’s health care team, such as their family doctor or psychiatrist, may be helpful in determining the best course of action.

What are the consequences of unauthorized disclosure?
A patient may take legal action in the event of improper release of health information. A nurse could be sued for negligence, breach of confidentiality or privacy, or defamation. A professional nursing licensing body may institute disciplinary proceedings alleging that the nurse has breached the duty of confidentiality.

Must an occupational health nurse divulge employee health information to the employer?
An occupational health nurse is obliged, upon the request of the employer, to release health information only to the extent of advising the employer whether the employee is fit, unfit, or fit within limitations, to perform a particular job. Before releasing any further information, the nurse must obtain the employee’s written consent.

When an employer asks you to reveal confidential health information about an employee, a conflict arises between your obligation to maintain confidentiality and your duty to obey the employer’s orders. If this conflict arises, your professional duty is to maintain employee confidentiality. Some jurisdictions have legislation preventing an employer from gaining access to an employee’s health information, in the absence of the employee’s written consent.4

Is a nurse under an obligation to release health information to the police?
There is no requirement to release health information to actively assist police in investigating a crime, although it is a criminal offence to obstruct police. Health records or information should not be disclosed simply upon request of a police officer. Police may obtain a court order giving them the legal authority to access health records. Police officers who question a nurse about a patient’s medical condition or health record should be referred to the appropriate administrator within the institution. When a nurse is subpoenaed to give evidence at a hearing, the nurse must comply with the terms of the subpoena. This disclosure of relevant health information falls within one of the exceptions to the duty to maintain confidentiality.

  1. Ontario health care facilities, for example, are required by the Mandatory Gunshot Wounds Reporting Act, 2005, S.O. 2005, c. 9, s. 2(1) to “disclose to the local municipal or regional police force or the local Ontario Provincial Police detachment the fact that a person is being treated for a gunshot wound, the person’s name, if known, and the name and location of the facility.”
    Provincial statutes may require a health institution to report adverse events to a central government body with the hope and expectation of reducing similar events in the future. An example is Manitoba’s The Regional Health Authorities Act, C.C.S.M. c. R34, ss. 53.1-53.10.
  2.  For example, see Alberta’s Health Information Act, R.S.A. 2000, c. H-5, s. 37.3.
  3. These are the elements Canadian and American courts, in Smith v. Jones, [1999] 1 S.C.R. 455 and Tarasoff v. The Regents of the University of California et al, 551 P.2d 334 (Cal. 1976) respectively, have identified as needing careful analysis and supporting information prior to disclosure of otherwise confidential information.
  4. For more detail, refer to infoLAW, Occupational Health Nursing (Vol. 17, No. 2, October 2008).


Vol. 1, No 2, October 2008, Revision of September 1993

Need Urgent Legal Information?