Medical Responsibility and the Law

Staff Writer
Apr 25, 2022

If you become a healthcare professional, you will face risks, challenges, and dramatic situations.

Earlier this month, a nurse at the University of Utah Hospital was handcuffed after refusing to draw blood from an unconscious patient and give it to the police. The patient was not under arrest. Being unconscious, he could not offer consent to the officer, and the police did not have a warrant. Without patient consent or a warrant, the nurse chose to not give out the information. Police body cameras captured footage of the nurse being taken away by the police.

The incident raises issues about what responsibilities healthcare providers have regarding patient privacy, consent, and the law.

The foundations of patient privacy

Patient privacy has a long history in medicine. One translation of the Hippocratic Oath reads: “What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself.” Since then, keeping patient information confidential has been a cornerstone of the medical practice, and trust between a patient and a healthcare provider has been one of medicine’s most enduring traditions.

Related resource: Florence Nightingale Teachings We Take to Heart

The Hippocratic Oath, though, is not U.S. law. Nor are longstanding professional traditions laws that police, courts, or healthcare providers are obligated to abide by. The cornerstone of current medical privacy law in the United States is the Health Insurance Portability and Accountability Act of 1996, or “HIPAA.” Specifically, the Privacy Rule that the Department of Health and Human Services added to HIPAA gives that collection of regulations its reputation for protecting patient privacy.

The details of HIPAA are too intricate to get into here, but they do establish rules for how patient information has to be handled, cared for, and transmitted. In general, healthcare professionals are not permitted to give out patient information without adhering to certain best practices and face penalties if they are found in violation of established guidelines. The HIPAA Privacy Rule has made patient privacy more than just established tradition. It is, for the most part, the law of the land.

State law and hospital policy

Within the broad structure of federal law, individual states and hospitals may have differing policies for how they handle disclosing patient information. In the case of the University of Utah Hospital, the nurse in question was following hospital policy. She would only have been permitted to release information if a patient gave consent, was under arrest, or the police had a warrant. In most cases, staff following hospital policy will be defended by their employers in the event of legal action.

It’s the responsibility of everyone working in healthcare, not just nurses, to know and follow the legal guidelines of their state regarding disclosure of medical information and the policies and rules of their particular institution. It’s also worth noting that these rules are not arbitrary or frivolous. Violating patient trust, even in small ways, can erode the goodwill that healthcare providers need to deal honestly with their patients. At the same time, it’s also the responsibility of healthcare providers to abide by requests from officials for information, if all policy and legal requirements have been satisfied.

Working in healthcare provides added gravity to daily tasks. Even small actions on the part of a healthcare worker can have momentous consequences for a patient’s life, health, or (in this case) legal rights. It’s the responsibility of every professional who dons scrubs to know the rules, know why they are in place, and act with deliberation and care.

Learn more about our programs, such as our RN-BSN program and nationally recognized nursing program.


Learn More


Learn More

Apply Now

Request Info