Confidentiality of patient health information is a statutory right. This includes genetic and mental health information as well as information in medical records and clinical research. Under HIPAA, healthcare institutions must have policies to protect electronic patient information, including computer access and security procedures. Employees should be trained on their ethical responsibilities regarding patient confidentiality and how to prioritize it over other organizational values if necessary. Breaches of confidentiality by removing identifiable patient information from secure healthcare settings violates patient privacy rights, except in certain overriding circumstances where disclosure is legally permitted.

2. Introduction
 Confidentiality is a patient's right to privacy with respect
to individually identifiable health information, including
genetic information, should be established statutorily.
Individuals should retain the right to decide to whom, and
under what circumstances, their individually identifiable
health information will be disclosed. Confidentiality
protections should extend not only to health records, but
also to all other individually identifiable health
information, including genetic information, clinical
research records, and mental health therapy notes.

3. HIPAA
 Appropriate care often requires that information about
patients be discussed among members of a health care
team; all team members have authorized access to
confidential information about the patients they care for
and assume the duty of protecting that information from
others who do not have access. Electronic medical records
can pose challenges to confidentiality. In accordance with
the Health Information Portability and Accountability Act
of 1997 (HIPAA), institutions are required to have policies
to protect the privacy of patients’ electronic information,
including procedures for computer access and security.

4. Training
 Remind your employees of the organization's
operational priorities. If safety, quality and customer
service come first for example, then make that clear to
your employees. Be clear about what you expect them
to do when they experience conflicts between any of
these core values. Clarify what constitutes ethical
conduct.

5. Training
 Train your employees on their ethical responsibilities.
Teach people how to translate the pledge into specific
actions that support the pledge and build trust.
 Provide support and guidance to employees. Take time to
share what you have learned about how the pledge applies
in particular cases within the organization.

6. Breach of Confidentiality
 Identifiable patient information should either be encrypted
or should not be removed from the security of the health
care institution. The patient's right to privacy is violated
when lapses of this kind occur.
 Overriding concerns can lead to the need to breach
confidentiality in certain circumstances. Access to medical
information and records by third parties is legally
restricted.

7. Conclusion
 Health care workers do need to identify themselves as
having a legitimate reason to seek a particular individual,
but there is no need to disclose the nature of the problem
or any specific details of the case in question. When a
disclosure occurs during the course of a field
investigation, it is a good idea to document what
information was given out and to whom it was given, in
case there are any follow-up questions from the patient or
the person who was informed of the patient's health
problem.