seal  Purdue News

June 8, 2004

Patient privacy at risk in hospitals' hallways, lobbies, cafeterias

WEST LAFAYETTE, Ind. – New health communication research shows that casual conversations in hospital hallways and waiting rooms poses a threat to the confidentiality of patients' medical information.

Research conducted at Purdue University by Maria Brann, assistant professor of communication studies at West Virginia University, and Marifran Mattson, associate professor of communication at Purdue, shows patient privacy is breached when hospital employees talk about patient cases in public areas, such as the cafeteria, or with people outside of work. The researchers' paper appears in the spring issue of the journal Health Communication.

"The country has recently invested a tremendous amount of resources in the nation's largest set of federal privacy laws to prevent health-care providers and institutions from divulging or selling patient information," says Mattson, who studies health communication issues of privacy and safety. "But we found that the daily conversations of physicians, nurses, hospital staff and technicians can jeopardize the same kind of personal information. So, not only is there a need for privacy laws, but also we see how challenging it is to maintain such laws in the simplest setting of people talking to each other.

"Those of us in roles that involve health education of patients and care providers must seize the opportunities to teach privacy awareness and skills."

Congress passed the Health Insurance Portability and Accountability Act in 1996 to protect patients' medical information and limit access to that information. The law has been in effect since April 2003. The field research for this study was conducted in 2000 as part of Brann's master's degree thesis at Purdue.

"While volunteering at a hospital as an undergraduate at Purdue, I noticed several instances when health-care providers would discuss patients' information with other health-care workers without being very discreet," Brann says. "Even though the study was conducted before the health insurance act was law, I don't think we would see a great difference in our results."

For this study, Brann only recorded observations in places that were accessible by hospital visitors, such as hallways, elevators, waiting rooms and cafeterias. Fifty-one patients also were interviewed about medical privacy.

"Confidentiality breaches are occurring daily," Brann says. "While health-care providers may not be malicious in their disclosures, they are still sharing patients' most personal information with unauthorized individuals, which has the potential to create problems for the patients."

Disclosure of patient information can lead to identity theft, discrimination or social stigma if a medical condition or patient-identification information is inadvertently revealed. The most common breach found in the study was in casual conversations between employees at workstations or in the cafeteria, where hospital personnel discussed health information about patients and co-workers. Privacy also was violated when the public could overhear phone conversations with insurance companies or other medical consultants in which patients' phone numbers, addresses and Social Security numbers were given. In one extreme example, a receptionist even spoke to insurance companies on speakerphone.

Health-care providers sharing information with their family members also was a concern. Many of the subjects interviewed in this study acknowledged that their family members and friends who work in health care shared patient stories. Most of the subjects justified their loved ones' breaches of privacy as OK because their family members and friends were cautious about not revealing too many details.

"Even without identifying the patient by name, there is cause for concern, especially in a smaller community," Mattson says. "The most serious consequence is that people will find out about loved ones' health problems from someone other than their health-care provider. Just as concerning is that if patients realize their personal information is vulnerable, then they may be less likely to share important details with their physicians or nurses.

"Health-care providers need to pay attention to how they personally breach confidentiality laws, and patients need to bring breaches of privacy to the attention of their physician, nurse, medical assistant or waiting room receptionist. When you overhear a phone conversation in a waiting room where the receptionist is repeating personal information, such as Social Security numbers, gently remind the person or supervisor that you are concerned."

The research was funded by Purdue's Department of Communication.

Writer: Amy Patterson-Neubert, (765) 494-9723,

Sources: Marifran Mattson, will be available at until June 25. After June 26, she can be reached at (765) 494-7596

Maria Brann, (304) 293-3905,

Purdue News Service: (765) 494-2096;


Toward a Typology of Confidentiality Breaches
in Health Care Communication:
An Ethic of Care Analysis of Proper Practices
and Patient Perceptions

Maria Brann and Marifran Mattson

Confidentiality should be a fundamental right of patients in a health-care setting. However, health-care providers who take an oath to uphold confidentiality often neglect this basic patient right. Breaching confidential health information is a serious ethical problem and a communication issue that, historically, has received limited empirical, theoretical, or practical attention. The goals of this project were to frame this issue from an ethic of care perspective, define the concept of a confidentiality breach, identify the types of confidentiality breaches being communicated in health-care organizations, and understand how patients perceive these breaches. Based on interviews with 51 patients and observations of health-care providers, a definition and typology of confidentiality breaches emerged. Theoretical and practical implications also became evident.

* To the Purdue News and Photos Page