In the Bill, bugging someone's office or residence, or illegally intercepting telephone calls is being made a serious offence attracting up to five years of imprisonment and a fine of Rs 1 lakh. The Bill defines right to privacy and includes in it confidentiality of communication, family life, bank and health records, protection of honour and good name and protection from use of photographs, fingerprints, DNA samples and other samples taken at police stations and other places.
The Bill also moots the establishment of a Data Protection Authority of India that will investigate complaints about alleged violations of data protection.
Leaking information is also a professional misconduct in MCI Act. As per Medical Council of India Code of Ethics Section Clause 7.14, "The registered medical practitioner shall not disclose the secrets of a patient that have been learnt in the exercise of his/her profession except – i) in a court of law under orders of the Presiding Judge; ii) in circumstances where there is a serious and identified risk to a specific person and/or community; and iii) notifiable diseases. In case of communicable / notifiable diseases, concerned public health authorities should be informed immediately." However, the MCI Act does not define all secrets of patient.
This is equally true in America. As per American Medical Association Code of Ethics (Opinion 5.05) "The information disclosed to a physician by a patient should be held in confidence. The patient should feel free to make a full disclosure of information to the physician in order that the physician may most effectively provide needed services. The patient should be able to make this disclosure with the knowledge that the physician will respect the confidential nature of the communication. The physician should not reveal confidential information without the express consent of the patient, subject to certain exceptions which are ethically justified because of overriding considerations.
When a patient threatens to inflict serious physical harm to another person or to him or herself and there is a reasonable probability that the patient may carry out the threat, the physician should take reasonable precautions for the protection of the intended victim, which may include notification of law enforcement authorities. When the disclosure of the confidential information is required by the law or the court, it is the duty of the doctor to inform the patient about the same.
When a doctor is summoned by the court, he or she should disclose the minimal information required by the law and not volunteer additional information.
The AMA Code of Ethics Opinion 5.051 also talks about confidentiality of medical information after death. As per their ethics, the law does change about confidential information where the person is alive or death. Even the post mortem report is confidential information and should not be leaked to any unauthorized relation of the patient. It is the duty of the doctor who is treating a patient to ask the patient about possible names to whom he can disclose about his sickness and to what extent. In the Prabha Manchanda case, Supreme Court of India has clearly decided that even a mother has no right to give extended consent for her daughter who happens to be under anesthesia. In America, confidentiality is defined under the HIPAA Privacy Act.
The privacy rules require a doctor to make reasonable efforts to limit the amount of protected health information of the doctor used or disclosed to the minimum amount that is necessary to accomplish purpose of use or disclosure. Under the HIPAA Private Rules, a hospital is not supposed to announce the name of a patient in the OT list containing the name of a person in open or accessible to the public or disclose any information by which a third person may be able to know that a particular person is undergoing surgery or a medical treatment in the hospital. In no way the diagnosis or reasons of the disease should be disclosed to an unauthorized relation or a person. A doctor should not share the patient information with the patient's family or friends if the patient has asked the doctor not to or if the treating doctor believes, in his or her professional judgment, the disclosure would be inappropriate.
The privacy rules, however, allow the doctor to share patient's information with the patient's family members or friends so long the information is limited, the information directly relevant to that person's involvement in patient's care. For example, a doctor may tell a person living with the patient that the patient needs plenty of rest and lots of fluids or that the patient need to be checked twice daily.
A doctor is not supposed to share more information than the person needs to assist with the patient's care.
HIPAA also prohibits doctor providing patient's list to any representative or a device provider as this would automatically leak the patient's disease condition to an unwanted person.
MCI Act (1.3) also talks about maintenance of medical records:
1.3.1 Every physician shall maintain the medical records pertaining to his / her indoor patients for a period of 3 years from the date of commencement of the treatment in a standard proforma laid down by the Medical Council of India and attached as Appendix 3.
1.3.2. If any request is made for medical records either by the patients / authorized attendant or legal authorities involved, the same may be duly acknowledged and documents shall be issued within the period of 72 hours.
The Act also clarifies that the records can only be given to the patient of the authorized attendant or legal authorities.