Your Rights

Medical Records & Privacy

Medical staff will collect a lot of information about your health and the treatment you receive. A medical record contains personal information, so it’s important to know who can see it, change it and copy it. 

Patients have the right to expect that there will be no disclosure of any personal information, which is obtained during the course of a practitioner's professional duties, unless they give consent. The justification for this information being kept confidential is that it enhances the patient-doctor relationship. Without assurances about confidentiality patients may be reluctant to give doctors the information they need in order to provide good care.

The professional duty of confidentiality covers not only what a patient may reveal to the practitioner, but also what the practitioner may independently conclude or form an opinion about.

The Principles are:
  1. When a practitioner is responsible for confidential information, the practitioner shall ensure that the information is effectively protected against improper disclosure when it is disposed of, stored, transmitted or received;
  2. When patients give consent for disclosure of information about themselves, the practitioner shall ensure that they understand what will be disclosed, the reasons for disclosure and the likely consequences;
  3. The practitioner shall ensure that patients are informed that information about them is likely to be disclosed to others involved in their health care, and that they have the opportunity to withhold permission;
  4. The practitioner shall respect requests by patients that information should not be disclosed to third parties, except in exceptional circumstances (for example, where the health or safety of others would otherwise be at serious risk);
  5. The practitioner shall only disclose such relevant confidential information for a specific purpose;
  6. Any information given to health care providers or any concerned third party is done on the understanding that it is given to them in confidence which must be respected;
  7. The practitioner shall anonymise data where unidentifiable data will serve the purpose.
  8. The practitioner shall seek patients’ expressed consent to disclosure of information, where identifiable data is needed for any purpose other than the provision of care or for clinical audit, save in the exceptional circumstances described in this guideline. 
  9. Any disclosure of confidential information shall be in accordance with the requirements of statute and common law.
  10. If a practitioner decides to disclose confidential information, the practitioner must be prepared to explain and justify the decision. These principles apply in all circumstances.
  1. When a practitioner is responsible for personal information about patients, he or she must ensure that the information and any documentation about it are effectively protected against improper disclosure at all times.
  2. Practitioners should take steps to ensure that the patient’s confidentiality is maintained regardless of the technology used to communicate health information.

    Practitioners leaving messages on answering machines or voice messaging systems should leave only their names and telephone numbers and not the confidential information. This same caution must be exercised when sending confidential material by mail, facsimile or electronic mail.
  3. Many improper disclosures are unintentional. The practitioner shall not discuss a patient’s information in an area where the practitioner can be overheard or leave patients’ records, either on paper or on screen, where they can be seen by other patients, unauthorised health care staff or the public. The practitioner shall take all reasonable steps to ensure that consultations with patients are private.
  1. Patients have a right to information about the health care services available to them.
    This should be presented in a way that is easy to follow and use.
  2. Patients also have a right to information about any condition or disease from which they are suffering. This should be presented in a manner easy to follow and use, and include information about diagnosis, prognosis, treatment options, outcomes of treatment, common and/or serious side-effects of treatment, likely time-scale of treatments and costs where relevant. The practitioner must always give patients basic information about treatment he or she proposes to provide, but the practitioner should respect the wishes of any patient who asks not to be given detailed information. The information given will enable patients to make proper choices as partners in the health care process.
  3. The practitioner shall inform patients how information about them may be used to protect public health, to undertake research and audit, to teach or train clinical staff and students and to plan and organize health care services.
  1. Electronic medical records offer an enhanced capacity to manage patient information. The practitioner has a responsibility, as a custodian of patients’ medical records, to ensure the integrity, confidentiality and availability of the medical records.
  2. The practitioner shall ensure that there is an information governance policy with protocols and procedures to ensure that patient information is documented, maintained and disclosed, in accordance with all the Principles of Confidentiality as stated in section 1 of this document, at all times, particularly during the transition from paper based records to electronic records.
  3. The practitioner shall take particular cognizance of the following key principles:
    • seek patients’ consent to disclosure of information, whether or not patients can be identified from the disclosure. Any exemptions are subject to existing provisions under the relevant guidelines of the Malaysian Medical Council.
    • anonymised data where unidentifiable data will serve the purpose
    • keep disclosures to the minimum necessary.
  4. The measures that should be taken to ensure confidentiality include (The list is not exhaustive):
    • physical security measures to prevent unauthorised access;
    • access and authorisation processes to ensure only legitimate users have access to the medical record and that each user has the appropriate level of access to the medical records;
    • the maintenance of audit logs to support the authenticity of additions to the medical records;
    • the protection of any part of an electronic medical record from being deleted. 
    • read-only formats for external documents stored in the medical records;
    • adequate protection whenever medical records are disclosed to health care providers or patients;
    • regular back-up of the medical records, preferably daily for in-patients;
    • adequate virus protection to ensure the medical records are not modified or destroyed by external factors;
    • contingency plans for disaster recovery and denial of service attacks;
    • ensure that no hardware contains any personally identifiable patient information prior to disposal which must be complete; and
    • enhanced security e.g. additional encryption or authentication processes, when networks are more exposed e.g. wireless devices and remote access, or where the equipment that store information are on drives that are at risk of loss or theft e.g. laptops, personal digital assistants (PDAs)
  1. Modern medical practice usually involves teams of doctors, other health care providers, and sometimes people from outside the health care professions. The importance of working in teams is explained in the Malaysian Medical Council's guideline “Good Medical Practice”. To provide patients with the best possible care, it is often essential to exchange confidential information between members of the team, on a need to know basis.
  2. A practitioner must ensure that patients understand why and when information may be shared between healthcare team members, and any circumstances in which healthcare team members may be required to disclose information to third parties.
  3. Where the disclosure of relevant information between health care professionals is clearly required for treatment to which a patient has agreed, the patient's expressed consent may not be required. For example, expressed consent would not be needed where a practitioner discloses relevant information to have a referral letter typed, or a practitioner makes relevant information available when requesting diagnostic investigations.
  4. There will also be circumstances where, because of a medical emergency, a patient's consent cannot be obtained, but relevant information must, in the patient's interest, be transferred between health care providers.
  5. If a patient does not wish a practitioner to share particular information with other members of the healthcare team, those wishes must be respected, except in circumstances where this would put others at risk of death or serious harm.
  6. All members of a healthcare team have a duty to make sure that other team members understand and observe confidentiality. Any one receiving personal information in order to provide or support care is bound by a legal duty of confidence, whether or not they have contractual or professional obligations to protect confidentiality.
  1. Where practitioners have contractual obligations to third parties, such as companies or organizations, they must obtain patients’ consent before undertaking any examination or writing a report for that organization. Before seeking consent they must explain the purpose of the examination or report and the scope of the disclosure. Practitioners should ensure that the final reports are shown to the patient and the patient’s consent is thereafter obtained before submission and that the copies of reports are given to the patient, upon request.
  2. A practitioner must ensure that his or her relationship with third party payers or managed care organizations do not contravene the Principles of Confidentiality
  3. Expressed consent is required before the disclosure of any identifiable condition.
  1. Disclosure in the patient’s medical interests
    1. Disclosure of personal information without consent may be justified where failure to do so may expose the patient to risk of death or serious harm. Where the patient is exposed to a risk so serious that it outweighs the patient’s privacy interest, the practitioner should seek consent to disclosure where practicable. If it is not practicable to seek consent, the practitioner should disclose information promptly to an appropriate person or authority.

      The practitioner should generally inform the patient before disclosing the information. If the practitioner seeks consent and the patient withholds, the practitioner should consider the reasons for this, if any, which are provided by the patient. If the practitioner remains of the view that disclosure is necessary to protect the patient from death or serious harm, he or she should disclose information promptly to an appropriate person or authority.
    2. Rarely a practitioner may judge that seeking consent for the disclosure of confidential information may be damaging to the patient, but that the disclosure would be in the patient's interests. For example, a practitioner may judge that it would be in a patient's interests that a close relative should know about the patient's terminal condition. In such circumstances information may be disclosed without consent.
  2. Disclosures in relation to the treatment sought by children or others who lack capacity to give consent

    Problems may arise if a practitioner considers that a patient lacks capacity to give consent to treatment or disclosure. If such patients ask the practitioner not to disclose information about their condition or treatment to a third party, the practitioner should try to persuade them to allow an appropriate person to be involved in the consultation. If they refuse and the practitioner is convinced that it is essential, in their medical interests, the practitioner may disclose relevant information to an appropriate person or authority. In such cases the practitioner should inform the patient before disclosing any information, and where appropriate, seek and carefully consider the views of an advocate or carer. The practitioner should document in the patient’s record the discussions with the patient and the reasons for deciding to disclose information.
  3. Disclosures where a patient may be a victim of neglect or abuse
    If a practitioner believes a patient to be a victim of neglect or physical, sexual or emotional abuse and that the patient cannot give or withhold consent to disclosure, the practitioner shall give information promptly to an appropriate responsible person or statutory agency, where the practitioner believes that the disclosure is in the patient’s best interests. If, for any reason, the practitioner believes that disclosure of information is not in the best interests of an abused or neglected patient, the practitioner should discuss the issues with an experienced colleague. If the practitioner decides not to disclose information, he or she must be prepared to justify the decision. 
  4. Disclosure after a patient’s death
    1. The practitioner still has an obligation to keep personal information confidential after a patient dies. The extent to which confidential information may be disclosed after a patient’s death will depend on the circumstances. If the patient had asked for information to remain confidential, the patient’s views should be respected. Where a practitioner is unaware of any directions from the patient, he or she should consider requests for information taking into account:
      • whether the person requesting the information has locus standi;
      • whether the disclosure of information may cause distress to, or be of benefit to, the
        patient’s partner or family;
      • whether disclosure of information about the patient will in effect disclose information
        about the patient’s family or other people;
      • whether the information is already public knowledge or can be anonymised;
      • the purpose of the disclosure.
    2. Particular difficulties may arise when there is a conflict of interest between parties affected by the patient's death. For example, if an insurance company seeks information about a deceased patient in order to decide whether to make a payment under a life assurance policy, the practitioner should not release information without the consent of the patient's executor, or next-of-kin, who has been fully informed of the consequences of disclosure.
Medical teaching, medical research and medical audit are essential to the provision of good care.
  1. Where teaching, research or audit is to be undertaken by the team which provided care, or those working to support them, the practitioner may disclose identifiable information, provided he or she is satisfied that patients have been informed that their data may be disclosed, and their right to the disclosure and have not objected.
  2. If a patient does object, the practitioner should explain why information is needed and how this may benefit their care. If it is not possible to provide safe care without disclosing information, the practitioner should explain this to the patient and the options open to him. 
  3. Where medical research and/or audit are to be undertaken, the information should be anonymised wherever that is practicable. Where it is not practicable to anonymise data, or anonymised data will not fulfill the requirements of the research and/or audit, expressed consent must be obtained before identifiable data is disclosed.
  1. Disclosure in the public interest
    1. Personal information may be disclosed in the public interest, without the patient’s consent, and in exceptional cases where patients have withheld consent, where the benefits to an individual or to society of the disclosure outweigh the public and the patient’s interest in keeping the information confidential. In all cases where a practitioner considers disclosing information without consent from the patient, he or she must weigh the possible harm (both to the patient, and the overall trust between doctors and patients) against the benefits which are likely to arise from the release of information.
    2. Before considering whether a disclosure of personal information “in the public interest” would be justified, the practitioner must be satisfied that identifiable data are necessary for the purpose, or that it is not practicable to anonymise the data. In such cases he or she should still try to seek patients’ consent, unless it is not practicable to do so, for example because:
      • the patients are not competent to give consent; or
      • the records are of such age and/or number that reasonable efforts to trace patients
      • are unlikely to be successful; or
      • he patient has been, or may be violent; or obtaining consent would undermine the
      • purpose of the disclosure (e.g. disclosures in relation to crime); or
      • action must be taken quickly (for example in the detection or control of outbreaks of
      • some communicable diseases) and there is insufficient time to contact patients
    3. In cases where there is a serious risk to the patient or others, disclosures may be justified even where patients have been asked to agree to a disclosure, but have withheld consent.
    4. The practitioner should inform the patient that a disclosure will be made, wherever it is practicable to do so. The practitioner must document in the patient’s record any steps taken
      to seek or obtain consent and the reasons for disclosing information without consent 
    5. Ultimately, the “public interest” can be determined only by the courts; but the MMC may also require the practitioner to justify his or her actions if a complaint is made about the disclosure of identifiable information without a patient’s consent.
  2. Disclosures to protect others 
    Disclosure of personal information without consent may be justified in the public interest where failure to do so may expose others to risk of death or serious harm. Where others are exposed to a risk so serious that it outweighs the patient’s privacy interest, the practitioner shall seek consent to disclosure where practicable. If it is not practicable to seek consent, the practitioner shall disclose information promptly to an appropriate person or authority.

    The practitioner shall generally inform the patient before disclosing the information. If the practitioner seeks consent and the patient withholds it, the practitioner should consider the reasons for this, if any are provided by the patient. If the practitioner remains of the view that disclosure is necessary to protect a third party from death or serious harm, he or she should disclose information promptly to an appropriate person or authority. Such situations arise, for example, where a disclosure may assist in the prevention, detection or prosecution of a serious crime, especially crimes against the person, such as abuse of children.
  1. Disclosures required by law
    The practitioner may disclose information to satisfy a specific statutory requirement, such as notification of a communicable disease or of attendance upon a person dependent upon certain controlled drugs. The practitioner should inform patients about such disclosures, wherever that is practicable, but their consent is not required.
  2. Disclosures to the courts
    1. The practitioner may also disclose information if ordered to do so by a judge or presiding officer of a court, or if summoned to assist a Coroner or other similar officer in connection with an inquest or comparable judicial investigation. If a practitioner is required to produce patients' notes or records under a court order, the practitioner should disclose only so much as is relevant to the proceedings. The practitioner should object to the judge or the presiding officer if attempts are made to compel him or her to disclose other matters which appear in the notes or records, for example matters relating to relatives or partners of the patient who are not parties to the proceedings.
    2. In the absence of a court order, a request for disclosure by a third party, for example, a lawyer, police officer, or officer of a court, is not sufficient justification for disclosure without a patient's consent.
  3. Disclosures to statutory regulatory bodies
    Patient records or other patient information may be needed by a statutory regulatory body for investigation into a health professional’s fitness to practise. If a practitioner refers concerns about a health professional to a regulatory body, the practitioner shall seek the patient’s consent before disclosing identifiable information, wherever that is practicable.

    Where patients withhold consent or it is not practicable to seek their consent, the practitioner should contact the MMC, or other appropriate regulatory body, which will advise on whether the disclosure of identifiable information would be justified in the public interest or for the protection of other patients. Wherever practicable, the practitioner should discuss this with the patient. There may be exceptional cases where, even though the patient objects, disclosure is justified.
Practitioners are sometimes approached by the media for comment about medical issues.
Where such comment includes information about patients, the practitioner must respect the patients' right to confidentiality. Before releasing any information, the practitioner should:
  1. Remember that information which the practitioner has learnt in a professional capacity should be regarded as confidential whether or not the information is also in the public domain.
  2. Expressed consent shall be obtained from patients before discussing, matters relating to their care, with the media, whether or not the patient(s)' name(s) or other identifying information is to be revealed. Expressed consent must be obtained if patient(s) will be identified from the details disclosed.
  3. Remember that patient(s) can be identified from information other than name or addresses. Details which in combination may reveal patients' identities include their condition or disease, age, occupation, the area where they live, medical history or the family.
  4. Always consider and act in accordance with the best medical interests of patients when responding to invitations to speak to the media about patients.
Practitioners who decide to disclose or not to disclose confidential information must be prepared to explain and justify their decisions. 
It is generally accepted that the patient should:
  • have access to records containing information about his/her medical condition for legitimate purpose and in good faith;
  • know what personal information is recorded,
  • expect the records are accurate, and
  • know who has access to his/her personal information.
There is evidence that increased access to medical records has provided patients with better understanding of their illness as well as having a positive impact on patient-doctor relationship.

While patients have right of such access to their medical records, they may be permitted to inform the practitioner of any factual errors in the personal patient information. They should not seek to change any entries made by the practitioner in the course of consultation, diagnosis and management as these are made by the practitioner based on his clinical judgement.