Health data, such as an HIV diagnosis, is classed as particularly sensitive personal data and may only be disclosed with the explicit consent of the individual concerned.

What does patient confidentiality mean?

All doctors, as well as their support staff (e.g. nurses, medical assistants, etc.), are bound by patient confidentiality. This confidentiality is so important that breaches can even lead to criminal charges. Patient confidentiality applies even if the data recipient is also bound by professional secrecy. For example, when referring a patient to a physiotherapist, a general practitioner cannot mention the HIV infection without the patient’s consent. The reason for this is that it isn’t the specific profession that is obliged to maintain confidentiality but, rather, each individual. 

Patients have the right to request access to their medical records from the treating physician at any time without having to provide reasons. Doctors and hospitals are obliged to provide a copy of the medical records, even after the treatment has ended. Since doctors typically have a legal obligation to retain records for 20 years, the originals can only be requested after this period. If the medical records contain incorrect information, the patient can request that it be corrected or deleted. 

Does data protection apply in personal settings?

Data protection breaches also occur in personal settings. One reason for this is that many people mistakenly assume that anything can be shared within private circles and that data protection regulations don’t apply here, but that’s not the case. Even in personal settings, it is solely up to the person living with HIV to decide who they want to tell about their diagnosis. 

 

Detailed information can be found in the booklet HIV and Data Protection (in German and English) and in the Legal Guide HIV (chapter : «Data Protection / Patient's Rights»)