Patients must be able to trust that what they discuss with their doctor is not simply shared with others.
That trust is at the heart of medical care. That is why every doctor is legally required to adhere to the duty of confidentiality.
Yet it happens that medical information is improperly shared — with family members, employers, insurers, or other organizations. In this blog we explain what the duty of confidentiality entails, when a doctor may share information, and what you can do if your privacy has been violated.
What does the duty of confidentiality entail?
The duty of confidentiality means that a physician may not share any information about a patient with third parties, unless consent has been given or a legal exception applies.
This obligation is set out in:
-
the Medical Treatment Agreement Act (WGBO), and
-
the Individual Healthcare Professions Act (Wet BIG).
Professional confidentiality applies not only to doctors, but also to:
-
nurses, physiotherapists, and psychologists;
-
dentists, specialists, and other healthcare providers;
-
and anyone who has professional access to medical records, such as medical assistants and administrative staff.
In short: everything a patient says, everything that is examined, and everything that is in the medical record, is covered by professional confidentiality.
Why does professional confidentiality exist?
Professional confidentiality is intended to trust between doctor and patient to protect.
Without that trust, many people would be reluctant to speak openly about their symptoms, fears, or medical history.
Medical confidentiality therefore has a double function:
-
Protection of the patient’s privacy, and
-
Promotion of good healthcare delivery.
A doctor can only provide good care if the patient dares to be completely honest — and that is only possible when medical information remains confidential.
When is a doctor allowed to share information?
In principle, a doctor may not share anything without consent.
But there are exceptions in which sharing information is justified or even required can be.
The main exceptions are:
-
Consent of the patient
If the patient explicitly gives permission to share certain data (for example with a partner or treating specialist), this is allowed.
This consent must voluntary, specific, and informed be. -
Legal obligation
In some cases, a doctor is legally required to provide information, for example:-
to the GGD for notifiable infectious diseases;
-
to the police or the judiciary upon a court order;
-
to insurers in certain medico-legal examinations, provided the patient has given consent.
-
-
Compelling interest
In rare situations, a doctor may breach professional confidentiality if there is a compelling public interest is, such as preventing serious danger to others.
This is only permitted if there is no other way to avert that danger.
In such a case, a doctor must always be able to explain why he has breached his duty of confidentiality — and carefully document that decision.
When does a breach of professional confidentiality occur?
There is a breach when a doctor shares information without a legal basis or consent from the patient.
That may, for example, involve:
-
passing on medical information to the employer;
-
discussing your situation with family members without consent;
-
sharing information with an insurer or a municipality without you knowing it;
-
sending medical information by unsecured email;
-
or the viewing of your file by unauthorized personnel.
Such a breach is not only a violation of your privacy,but can also lead to disciplinary, civil, and criminal consequences
for the doctor.
Consequences for the doctor in the event of a breach
-
A doctor who breaches their duty of professional confidentiality may face:a disciplinary measure
-
(such as a warning, reprimand, or even removal from the BIG register);liability for damages
-
, if you have suffered damage due to the breach;and in exceptional cases even criminal prosecution
.In addition, a patient can also file a complaint with the hospital, the complaints committee, or the Dutch Data Protection Authority (AP)
.
What can you do in case of a breach of medical confidentiality?
-
If you suspect that your medical information has been shared improperly, you can take the following steps:
Ask the doctor or healthcare institution for an explanation
First ask your doctor or institution what exactly happened and why your information was shared. -
Sometimes it turns out that there was consent after all or that there was a legal obligation.
Request access to your record
You have the right to access your medical record. It can show who had access and what information was disclosed.Read more about this in our blog Medical record: access, copy and correction -
.
File a complaint with the healthcare provider -
Every healthcare institution is required to have a complaints procedure. You can state in writing what you believe went wrong.
File a complaint with the Dutch Data Protection Authority (AP) -
If your medical data were shared without a lawful basis, you can file a complaint with the AP for a violation of the GDPR (privacy legislation).
Consult a lawyer
If damage has occurred – for example, emotional harm or reputational damage – you may consider holding the doctor or institution liable.
Evidence in a breach of professional confidentiality
In many cases, it is difficult to prove that your data were actually shared.
-
A lawyer can help by:under the GDPR or WGBO to demand access to log files
-
(who has viewed your file?);
-
to hear witnesses;
and to legally analyze the correspondence with healthcare providers.At Arslan Advocaten
we support patients in gathering this evidence and in drafting a formal notice of liability.
The relationship with medical liabilityA breach of professional confidentiality can in itself be a ground for compensation, but it also often plays a role within broader medical liability cases
.
-
For example:when confidential information has been shared with an insurer during an ongoing personal injury case
-
;
or when medical data have been used without consent in a legal proceeding.In such situations there may be both a violation of privacy rights and a medical error
.You can read more about this in our blog Medical liability: when is a doctor or hospital liable?
.
Why legal assistance is importantA breach of professional confidentiality is legally complex and affects both health law and privacy law
.In the event of Arslan Advocaten
we assess whether there has been an unlawful act, help you obtain evidence, and recover any damages from the responsible party.Our assistance is free of charge for victims
, because the costs are recovered from the liable party.
-
Why choose Arslan Advocaten?Specialized in
-
medical liability and health law
-
Expert in privacy and professional secrecy matters
-
Assistance with complaints, compensation claims, and evidence gathering
Free legal assistance for victims
