Code of Medical Ethics Opinion 3.3.2
Information gathered and recorded in association with the care of a patient is confidential, regardless of the form in which it is collected or stored.
Physicians who collect or store patient information electronically, whether on stand-alone systems in their own practice or through contracts with service providers, must:
(a) Choose a system that conforms to acceptable industry practices and standards with respect to:
- Restriction of data entry and access to authorized personnel
- Capacity to routinely monitor/audit access to records
- Measures to ensure data security and integrity
- Policies and practices to address record retrieval, data sharing, third-party access and release of information, and disposition of records (when outdated or on termination of the service relationship) in keeping with ethics guidance
(b) Describe how the confidentiality and integrity of information is protected if the patient requests.
(c) Release patient information only in keeping with ethics guidance for confidentiality.
AMA Principles of Medical Ethics: V
Read more opinions about this topic
Visit the Ethics main page to access additional Opinions, the Principles of Medical Ethics and more information about the Code of Medical Ethics.