As a legal term, confidentiality refers to a duty of an individual to refrain from sharing confidential information with others, except with the express consent of the other party. There are rules and regulations which place restrictions on the circumstances in which a professional, such as a doctor or attorney, may divulge information about a client or patient, and other situations may be deemed confidential by the use of a contract. To explore this concept, consider the following confidentiality definition.

Definition of Confidentiality


  1. Something told in confidence, or in secret
  2. The state of knowledge being held in confidence
  3. The state of trusting another individual with private affairs or secrets


1645-1655       Latin confīdenti 

What is Confidentiality

Confidentiality is the keeping of another person or entity’s information private. Certain professionals are required by law to keep information shared by a client or patient private, without disclosing the information, even to law enforcement, except under certain specific circumstances. The principle of confidentiality is most commonly expected in the medical field, and the legal field.

Other businesses have a right to expect employees or other business associates to maintain confidentiality. This type of discretion is not automatically assumed, but requires an express agreement between the parties that such information will be kept secret, usually in the form of a signed confidentiality agreement.

Attorney-Client Confidentiality

When an individual consults with an attorney, the law requires the information to be held “in confidence,” meaning that the attorney, and his staff, may not discuss the information with anyone else, except with the express consent of the client. This mandated confidentiality, referred to as the “attorney-client privilege,” enables individuals to speak candidly and openly when consulting with a lawyer, without fear of negative consequences that may come with making information known. Attorney-client privilege applies in any type of matter, whether civil, business, or criminal. In the event an attorney breaks the expected attorney-client confidentiality, he may be subject to serious civil penalties, as well as disciplinary action by the bar association.

Exceptions to Attorney-Client Confidentiality

While rare, certain circumstances may exist in which an attorney may divulge information given in confidence to law enforcement or other officials. This is the case if the attorney believes that his client poses a danger to another person, or that the client is poised to cause serious financial injury to another. Disclosure of this type of information is not mandatory in most jurisdictions, but left to the discretion of the attorney. Most attorneys take the attorney-client privilege very seriously, and do not disclose any confidential information, though they may attempt to convince the client to alter his conduct to stay within the bounds of the law.

In a criminal case, an attorney must keep all information divulged by his client, even if it has to do with crimes previously committed, confidential. Again, this enables the client to speak candidly to his attorney, giving him all information that may be necessary to defend his case, without fear of incriminating himself in the legal system.

For example:

John has been arrested and charged with the murder of his girlfriend, who was beaten severely and left to die. While meeting with his attorney, John discloses the fact that he had murdered his previous wife seven years ago, and hid the body. As shocking as this revelation may be to the attorney, he cannot divulge the information to the police or anyone else.

Patient Confidentiality

Confidentiality is an integral part of caring for people in the mental health and medical fields. Doctors and all healthcare providing facilities and staff are required by law to maintain the confidentiality of patients. While confidentiality in the medical field dates back to the Hippocratic Oath, laws governing this principle have become more strict in recent decades.

Each state has laws governing the release of medical information, however the federal government addressed the issue, mandating the strict protection of patient information, with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA sets national standards for the protection of individuals’ health information, and requires notification of patients in the event a breach of confidential, electronically-maintained, health information occurs.

Waiving Patient Confidentiality

Patients may waive the confidentiality of their medical records by giving written permission for a medical provider to share that information with a specified person or entity. This type of waiver is required even for a doctor to provide the patient’s information to a specialist or other medical provider. Parents may sign a patient confidentiality waiver to allow their children’s medical records to be shared with another medical provider or other entity, such as a sports program or school. In a situation in which a patient has been legally declared incompetent, medical professionals are allowed to discuss the patient’s condition and medical care with the next of kin or legal guardian.

In some instances, medical professionals find themselves in a difficult position, as patient privacy is extremely important, but sharing a patient’s information with other medical providers may be necessary to ensure a continuity of care.

A 1977 ruling by the U.S. Supreme Court (Whalen v. Roe, 429 U.S. 589 (1977) ) expressed the opinion that:

“… some individuals’ concern for their own privacy may lead them to avoid or to postpone needed medical attention. Nevertheless, disclosures of private medical information to doctors, to hospital personnel, to insurance companies, and to public health agencies are often an essential part of modern medical practice…”

Mandatory Reporting and Patient Confidentiality

In certain specific situations in the medical and mental health fields, medical professionals are required to report to an agency. These situations are those in which a patient poses a risk to himself or to others. For instance, certain communicable diseases must be reported to the local health department, or even to the national Centers for Disease Control and Prevention. Medical and mental health professionals are also required to report to law enforcement authorities if they have a reasonable belief that a patient may harm himself, another person, or poses a risk to the general public.

For example:

In 1967, a foreign student at the University of California Berkley, Prosenjit Poddar, became depressed when his love for another student was rebuffed. Poddar became obsessed with the girl, and began stalking her. After two years of this behavior, Poddar sought the help of a psychologist, and he confided to his therapist that he had plans to kill the girl. The psychologist called campus police and asked them to detain Poddar, based on his professional opinion that the young man suffered from paranoid schizophrenia, and that he posed a danger to the young woman who had rebuffed him.

After being detained, Poddar appeared to be rational to law enforcement authorities, and the psychologist’s supervisor, Dr. Harvey Pwelson, ordered his release. The girl and her family were never notified of the potential threat to their safety. A few months later, Poddar carried out the plan he had divulged to his therapist, stabbing the young woman to death. The young woman’s parents sued Poddar’s psychologist, among others, for failing to advise their daughter of the danger.

The California Supreme Court eventually heard the case, and ruled that mental health professionals have a duty, not only to patients, but to other people who may be threatened by a patient. Of this important decision, Justice Mathew O. Tobriner said:

“The public policy favoring protection of the confidential character of patient-psychotherapist communications must yield to the extent to which disclosure is essential to avert danger to others. The protective privilege ends where the public peril begins.”

Medical professionals are also required to report any suspected child abuse. Some states require the reporting of elder abuse, spousal abuse, and domestic abuse as well.

Confidentiality Agreement

A confidentiality agreement, sometimes referred to as a “non-disclosure agreement,” or “NDA,” is a legal contract that outlines the information that one party wishes to share with another, but for which he wishes to restrict disclosure to other parties. In simple terms, a confidentiality agreement is made when a person wishes to confide in another party, but wants to prevent that party from disclosing the information to others.

Confidentiality agreements are most commonly used in business relationships. Confidential information in a business setting may include trade secrets, employment specifics, or other information. Confidentiality agreements may be made unilaterally or bilaterally, which means:

  • Unilateral agreement – used when one party, such as an employer, desires to keep its information private after disclosing it to a person or business.
  • Bilateral agreement – used when both parties entering into a business relationship intend for the information shared between them to be kept secret from all others.

The contents of confidentiality agreements vary depending on the situation, but in general, they all contain certain basic elements:

  • An explanation of the purpose of the agreement
  • A definition of the information to be kept confidential
  • A promise by one or both parties to never disclose the information, or to not disclose the information until a specified time limit or condition has been met
  • Whether there are limits on the information that is deemed confidential

Once the parties enter into a confidentiality agreement, they are bound by law to follow the provisions of the contract. If a party bound by a confidentiality agreement breaches the agreement, it may be subject to serious legal consequences, as the other party may file a civil lawsuit. Confidentiality agreements can be complicated, and they are legally binding. It is a good idea to consult an experienced attorney during the process.

Breach of Confidentiality

Breach of confidentiality is a common law tort, which means it can be brought as a civil lawsuit against the individual who breached the agreement. Penalties that may be handed down include monetary damages, which could be quite substantial, depending on the damage done by the breach, as well as an injunction ordering the individual to stop disclosing protected information.

If a breach of confidentiality occurs regarding medical or legal information, the breaching individual may be subject to penalties by his employer, or by the board that issued his professional license.

Hospital’s Breach of Confidentiality of Doctor with AIDS

In June 1987, William Behringer was diagnosed with pneumocystis pneumonia, and Acquired Immunodeficiency Syndrome (AIDS) at the Medical Center at Princeton. Behringer, who was a surgeon at the Medical Center, immediately began receiving phone calls from fellow staff members who expressed their care and concern, as well as a knowledge of the fact that he suffered from AIDS. Soon, Behringer began receiving calls from friends within the community, and then from patients. Within a few weeks, the hospital had suspended Behringer’s privileges at the Medical Center, curbing his ability to treat patients.

Behringer filed a civil lawsuit against the Medical Center at Princeton for breach of confidentiality, claiming that the employees at the hospital had a duty to maintain confidentiality regarding his medical condition and test results, and that this duty had been breached. Behringer passed away in 1989, before his case was heard, though the Superior Court of New Jersey heard the case anyway in 1991.

The court ruled that, although the hospital administration rightfully suspended the plaintiff’s surgical privileges according to their policy of protecting patients from the risk of infection by an HIV-positive surgeon, it also violated Behringer’s right to confidentiality by failing to take precautions to keep his test results and medical records private. The court awarded monetary damages to the estate of William Behringer for the hospital’s breach of confidentiality.

Related Legal Terms and Issues

  • Attorney-Client Privilege – The legal requirement that an attorney may not reveal any communications with a client, enabling the client to speak freely and honestly with his or her attorney.
  • Civil Lawsuit – A lawsuit brought about in court when one person claims to have suffered a loss due to the actions of another person.
  • Contract – An agreement between two or more parties in which a promise is made to do or provide something in return for a valuable benefit.
  • Injunction – A court order preventing an individual or entity from beginning or continuing an action.
  • Jurisdiction – The legal authority to hear legal cases and make judgments; the geographical region of authority to enforce justice.
  • Liable – Responsible by law; to be held legally answerable for an act or omission.
  • Monetary Damages – Money ordered by the court to be paid to an individual or entity as compensation for injury or loss caused by the wrongful conduct of another party.
  • Plaintiff – A person who brings a legal action against another person or entity, such as in a civil lawsuit, or criminal proceedings.