Home     Contact Us     Friday Khutbas     Press Releases   

The International Islamic Code for Medical and Health Ethics
CHAPTER 3
Medical Behavior and Physician Rights and Duties
Medical Confidentiality


Back to main page

Article Twenty-Nine: A physician may not disclose a personal secret that has come to his knowledge through the performance of his profession, whether the patient confides the secret to him, or the physician comes to know it in the course of his work, except in the following situations and similar cases that are stipulated in the national laws:

a. if disclosure of a person's secret is done at his own request, which should be in writing or if disclosure of a secret is in the interest of the patient or of society;

b. if the laws in operation require disclosure of the secret, or an order to disclose it is made by a judicial authority;

c. if the purpose of disclosing the secret is to prevent a crime, in which case the disclosure should be strictly to the official authority concerned and to no other party;

d. if disclosure of a person's secret is in the interest of the patient's spouse, provided that it is made to the couple, and not to one without the other;

e. if the physician makes the disclosure in defending himself before a judiciary authority at its request and in as much as the defense requires; and

f. if the purpose of disclosing the secret is to prevent the spread of an infectious disease that would be harmful to society members, provided that the disclosure is made only to the concerned health authority.

Article Thirty:

When minor patients ask to be treated in secret, without their guardians knowing about it, the physician in charge should attempt to find out the reason behind the desire to keep the condition secret from the minor's family, should encourage the patients to get their family involved, and should correct any misconceptions the minor may have.

Article Thirty-One:

A physician may treat underage patients and may refrain from revealing any information that may cause harm to the minors in question, unless the existing laws stipulate otherwise.

Article Thirty-Two:

Before releasing any information about a patient to third parties - such as researchers, pharmaceutical companies, and data collecting institutions - a physician should obtain the patient's informed consent in writing.

Article Thirty-Three:

A patient has the right to obtain, upon request, a detailed report of his medical condition from his attending physician, based on the latter's own examination. The physician, however, should not write a medical report or give testimony on a subject not within his field of specialization, and his report or testimony should be true to the facts that he has learned through his own examination of the patient.

Article Thirty-Four:

A physician may discuss a patient's case, diagnosis, and treatment, as well as the expected development of the case, with the patient's lawyer, provided that the patient or his guardian consent to that.

Article Thirty-Five:

A physician may release information about a patient to an insurance agent, provided that the patient or a legal representative of his should consent in writing. The information released should be only what relates to the insurance item involved. Before disclosing the information, the physician should make the patient aware of the consequences of such disclosure.

Article Thirty-Six:

Physicians and all health staff members should do their utmost to guard the confidentiality of medical reports, including those stored in computer memory. Data should be entered into computers only by authorized people. The date and timing of adding any new data entries should be scheduled, and the person adding or modifying an entry should sign his name.

Article Thirty-Seven:

A patient or a representative of his should be informed when the health institution has a computer data base before the physician sends any data related to that patient to the computer department for storage. All parties who can access the data should be specified in advance. Revealing such information to the patient is an important element in getting his informed consent. Security measures, in proportion with the extent of sensitivity of the patient's data, should be taken to prevent any information leakage or any access to the data base by unauthorized persons.

Article Thirty-Eight:

A patient or someone acting on his behalf should be informed before any report containing data that concerns the patient is distributed. Moreover, the attending doctor should be informed before any data or information relating to the patient is released to parties outside health care establishments, so that no disclosure of such data is made before the patient's consent is obtained.

Article Thirty-Nine:

Confidential information may be disclosed only to parties that keep it highly secret, in accordance with existing laws and regulations, and should be restricted to the data that meets the purpose specified when such disclosure is requested and to the time period specified. All such parties should be told that releasing the data to them does not mean they can pass these data to other parties, apply them for purposes other than what is specified when the data are requested, or use them against the patient's interest.

Article Forty:

Computers should be equipped with backup and retrieval functions to avoid the loss of any data when some failure occurs in the programs or server used. Before a file is deleted, a printout should be submitted to the attending physician.

Article Forty-One:

As soon as the attending physician receives a copy (a printout or a copy saved on a hard, compact, or floppy disk) of stored data, they should be deleted from the data base. The computer department should inform the attending doctor in writing that the deletion is done. A patient has the right to request the deletion of some of the data that concern him, subject to the laws in operation.

Article Forty-Two:

Very strict measures should be taken to prevent free access to the data base, including the introduction of systems to discover any attempts to break into it by any unauthorized party.

Supporting Islamic Legal Evidence:

I. In the Glorious Quran:

1. "God commands you to deliver trusts where they are due" (Al-Nisaa IV: 58).

2. "Do not spy, and do not backbite one another. Would any of you like to eat the flesh of his dead brother? You would loathe it." (Al-Hujuraat XLIX: 12).

3. "Those who would like atrocities to be common among believers will receive painful punishment" (XXIV:19).

II. In the Prophet's Tradition:

1. "A chief is liable to compensation payment."

2. In an attributed tradition quoting Ali, "The confidentiality of meetings is a trust." (Cited by Al-Khateeb Al-Baghdaadi.)

3. In an attributed tradition quoting Thooban, "Do not cause harm to God's servants, nor seek to look at their private parts, for soon after a person seeks to look at the private parts of his fellow Muslim, God would cause his private parts to be exposed so that he is shamed even in his own house." (Cited by Ahmad.)

4. In an attributed tradition quoting Abu Hurairah, "When an individual shields for another, he is shielded by God on the Day of Resurrection." (Cited by Muslim, quoting Abu Hurairah.)

5. "Beware of backbiting. If the things you say about a person [in his absence] are true, you are taking him unaware. If they are not, you are slandering him." Islamic Center of Southern California

All text Copyright © 2002 - 2009 Islamic Center of Southern California
For more about this web site, please contact the Webmaster