Lecture to 3rd year medical students at the Kulliyah of Medicine International Islamic University, Kuantan, Malaysia on 13th June 2006 by Professor Omar Hasan Kasule MB ChB(MUK), MPH (Harvard), DrPH (Harvard) Professor of Epidemiology and Islamic Medicine, Institute of Medicine Universiti Brunei Darussalam omarkasule@yahoo.com


Privacy and confidentiality are two different concepts that are sometimes confused with one another. An individual has a right to privacy that implies the right to make decisions about personal or private matters and blocking access to provate information. Privacy and autonomy are closely related. Privacy rights define and protect an area in the life of the citizen from which the state is excluded. The physician can enter into this privacy only if there is an autonomous decision of informed consent. There are situations in which the Law permits invasion of a citizen’s privacy such as compulsory screening and treating of some diseases.




The Qur'an mentioned the term secret in many verses[i]. The term secret is relative. What may be a secret for one person may not be for another. What may be a secret in one place and at a particular time may no longer be a secret when time and place change. Secrets are of various degrees of importance. Revelation of some secrets could hurt an individual. Others can hurt the whole community or the whole ummat. Some secret information could be harmful if it is related directly to one individual but could be harmless if it is generalized.


2.2 CONCEPT OF KEEPING SECRETS, kitman al sirr:

Humans are capable of deliberately hiding and sitting on information[ii]. Allah knows all what humans hide and reveal[iii]. The natural default situation is for humans to divulge and share information during conversations even without being obliged or expecting any benefits. Keeping a secret therefore requires effort and discipline. Hiding information may be praiseworthy for example if a person does not reveal is iman in front of enemies, kitman al iman[iv]. Keeping a secret, hifdh al sirr, entrusted to you in confidence is a sign of good Islamic character[v]. You may keep your own secrets from people who are potential enemies. The Prophet taught us to rely on keeping secrets in managing our affairs, al I'itimad ala al kitman fi qadhai al hajat[vi]. Hudhaifat ibn al Yamaan was the keeper of the Prophet’s secrets, sahib sirr al nabiy[vii]. Secrecy could be negative if it involves hiding the truth that should have been spread to others, kitman al haqq[viii]. It is also negative to hide evidence, kitman al shahadat[ix]. The basic position is to keep secrets and information and not reveal them even if there is no foreseeable harm. It is part of good Islamic character not to reveal all what a person knows. The Prophet taught that people should listen more and speak less. The injunction about keeping secrets involves even probing to look for information not related to the present care because this will constitute spying, tajassus, that was prohibited by Law. It is forbidden to try digging into the privacy of another person, la yattabi’u ‘awrat akhiihi[x]. It is forbidden to try to look in the house of another person looking for information. If a person who looks is hurt he can not claim any legal remedy[xi]



The patient voluntarily allows the physician access to private information in the trust that it will not be disclosed to others. This confidentiality must be maintained within the confines of the Law even after death of the patient. In routine hospital practice many persons have access to confidential information but all are enjoined to keep such information confidential.



Clinical care: If the patient is not assured that information revealed to physicians will be kept in confidence, he or she will not provide sufficient information to the physician for proper diagnosis and management. Such violation destroys future co-operation because the patient will hold back some information from the caregiver thus impairing correct diagnosis and appropriate management.


Autonomy and privacy: The patient has a right to keep personal information private and inaccessible to unauthorized persons.


Fidelity: It is part of the trust between the patient and physician that their professional relationship remains private. The psychological basis of fidelity is the private and privileged relationship of trust between the patient and the caregiver. Revealing secrets that occurred to a third party is a violation of the trust. If a person seeks advice and divulges secret information, that information is protected because the advisor is supposed to be trusted, al mustashaar mutaman[xii]. 


The social basis lies in the prohibition of spreading rumors, namiimat[xiii] and backbiting.


The legal basis is based on the law of contract, and three Principles of the Law, qawaid al sharia, and the Law of Property. Keeping medical secrets is part of the physician-patient contract; fulfilling a contract is an obligation in Islam. The Principle of Injury, dharar, states that an individual should not harm others or be harmed by others, la dharara wa la dhirar. The Principle of Hardship, mashaqqa, states that hardship mitigates easing of the sharia rules and obligations, al mashaqqa tajlibu al tayseer. Necessity legalizes the otherwise prohibited, al  dharuraat tubiihu al mahdhuuraat. Necessity is defined as what is required to preserve the five Purposes of the Law (religion, life progeny, property, and intellect). If any of these five is at risk, permission is given to commit an otherwise legally prohibited action.




The ownership of the records is not clear. Do they belong to the patient, the caregiver that wrote them, or the institution? Using the law of property, a product belongs to the person who made it. In this case, the patient is the 'maker' of all the medical facts that are written and should be the acknowledged owner of the records. The patient is also the only person involved who has most to lose if records are misused. Thus, the contents of the medical records cannot be revealed without the express permission of the owner. The general position regarding medical records is that they are a secret that cannot be revealed without specific necessity, dharurat, as defined by the law.



Written records: It is the physician’s responsibility to make sure that medical records are secure and that unauthorized access is not allowed. Secrets are kept within the person, al kitman fi al nafs[xiv]. With development of writing and electronic technology, we now have other ways of keeping secret information. The Qur'an mentioned the tools for producing written records as paper, sahifat[xv] and the pen, qalam[xvi]. The Qur'an used the term kitaab to refer to written records such as scriptures[xvii], the Qur'an[xviii], the record of pre-destination, kitaab al qadr[xix], the record of values, kitaab al qiyam[xx], the record of knowledge, kitaab al ‘ilm[xxi]., and correspondence letters[xxii].  He process of writing was mentioned about evidence, kitabat al shahadat[xxiii] and contracts, kitabat al uquud[xxiv]. Writing of false records was severely condemned[xxv]. The prophet gave guidance about writing and writers[xxvi]. In a modern medical environment, many records are generated about each patient. These prove a challenge as far as keeping of secrets is concerned because many people can access them. Besides their use in medical care, the records can be used for medical education, medical research, and for legal purposes. Prevention of access to records for educational purposes may fall under the prohibition of hiding knowledge, kitman al ilm.




The injunction to keep secrets is binding on both the caregiver and the patient. The patient should not make unnecessary revelation of negative things about himself or herself, satr al mumin ala nafsihi[xxvii]. The patient should consider any injurious information as a secret and cannot reveal it. If it is about his sins or dishonourable shameful things, fahishat, he is forbidden. The prophet condemned al mujahir. A Muslim should repent and conceal his sins[xxviii]. The development of extensive genetic screening technologies has resulted into restrictions on the patient disclosing his or her own medical information. Disclosure of a genetic defect by a patient also discloses information about genetic defects in parents and siblings.



The caregiver should cultivate the Islamic habit of saying only good words and avoiding bad ones[xxix]. He should also cultivate the habit of being humble and speaking little because it is part of iman, al tawadhu’u wa qillat al kalaam min al iman[xxx]. Speaking too often and to anybody may unconsciously lead to divulging confidential information. The general position of the Law is that a caregiver cannot divulge any information about a patient without the patient’s consent or in exceptional circumstances defined by the Law such as when an infectious disease has to be reported. It is prohibited for the caregiver to use the privileged medical information he has for any personal gain. For example, he cannot use his knowledge of the health of a businessperson to buy shares in a certain company. He cannot advise his relatives about marrying or not marrying a certain person because of what he knows about their health. Release of information in the public interest is a more complicated situation. The question arises whether a caregiver is obliged to reveal disease in a leader or airline pilot that could endanger the public? What should the caregiver do if he knows of a patient with a contagious disease that is in the community and is endangering others? Is it a violation of privacy for the caregiver to share medical information with other caregivers caring for the same patient? What about using the data for medical research or medical education? How much can the caregiver tell the relatives of the patient without compromising the regulation of keeping secrets? What should the caregiver do if approached by law enforcement agencies asking for specific medical information that can help them solve a crime? Can a caregiver testify in court against his patient using information obtained during the medical examination? All these are questions for which no easy answers can be given most of the time. The simplest situation is when the patient, the owner of the records, consents to their release provided no other individual is directly hurt by such a release. The patient’s wishes to have information divulged to some individuals may have to be respected.



Release to other health care workers: Information has to be released to other health care givers in the process of clinical management.


Legal requirements: Information release may be required by statute. In some situations public interest may necessitate information release. Crime investigation may justify information release. Judicial proceedings may require release of information to ensure justice. In cases of court litigation, The caregiver could testify in criminal cases that involve dhulm. The Qur'an forbids the revelation of the shameful unless there is dhulm[xxxi]. The caregiver cannot give false testimony[xxxii].


Public interest: There are situations in which over-riding public interest will require refusing to release information even if the patient consents.



Education, research, medical audit are not situations of necessity dharurat that justify violation of confidentiality. Information can be released only if the patient consents.


Employers or insurance companies may require medical information in order to make certain decisions. These are not considered situations of necessity that justify violation of confidentiality. There is no difference in the Law between disclosure during life or after death of the patient. One of the ways for the caregiver to decrease his risk of revealing secret information is to have only the minimum needed for his work. This means that during history taking only those questions directly related to the medical problem should be asked. There should be no probing or digging for unrelated facts.



Some physicians find themselves in a situation of conflict and divided loyalty. A company physician is obliged to report to his employers that will violate the confidentiality between him and his patients. Military physicians may also have to report medical information to the higher brass. The physician may have to make a notification to relevant authorities when he believes that there is serious danger to third parties for example HIV positive cases who share needles or epileptic drivers. Parents who abuse their children may have to be reported. It may be necessary to notify a spouse in case of HIV infection.


[i] (p570 2:77, 2:235, 2:274, 5:52, 6:3, 9:78, 10:54, 11:5, 12:19, 12:77, 13:10, 13:22, 14:30, 16:23, 16:75, 20:7, 20:62, 21:3, 25:6, 34:33, 35:29, 36:76, 43:80, 47:26, 60:1, 64:4, 66:3, 67:13, 71:9, 86:9)

[ii] (p986 3:72, 2:228, 2:271, 3:167, 4:42, 4:149, 5:61, 5:99, 6:28, 14:38, 21:110, 24:29, 27:25, 33:54, 60:1)

[iii] (p986 2:33)

[iv] (p986 40:28)

[v] (      )

[vi] (     )

[vii] (KS195 Bukhari K62 B20, 27, Tirmidhi K46 B37, Ahmad 6:450)

[viii] (p? 2:42, 2:146, 2:159, 2:173, 3:71, 3:187, 4:37, 5:15, 6:19)

[ix]  (p. ? 2:140, 2:283, 5:106)

[x] (KS68: Abudaud K40 B37, Tirmidhi K19 B85, Darimi K19 B3, Ahmad 4:424)

[xi] (KS388 Bukhari K87 B18, Muslim K28 H18, Muslim K28 H19, Muslim K28 H20, Muslim K28 H21, Muslim K28 H22, Muslim K28 H23, Abudaud K38 B22, Tirmidhi K14 B18, Nisai K45 B18, Nisai K45 B19, Nisai K45 B20, Ibn Majah K21 B20, Darimi K15 B18, Ahmad 4:222, Ahmad 4:224, Ahmad 4:427, Ahmad 4:428, Ahmad 4:430, Ahmad 4:435, Tayalisi H1323, Waqidi p399)

[xii] (KS198 Darimi K17 B13)

[xiii] (MB2032)

[xiv] (p987 2:235, 2:284, 3:29, 3:118, 3:154, 27:74, 28:69, 33:37, 40:19)

[xv] (p979 20:133, 52:2-3)

[xvi] (p979 68:1, 96:4)

[xvii] (p977 4:153, 6:7, 17:93, 21:103, 29:48, 34:44, 35:40, 37:157, 34:21, 62:5)

[xviii] (   )

[xix] (p. 978 3;145… 57:22)

[xx] (p979 98:3)

[xxi] (p979 27:40)

[xxii]  (p979 27:28-29)

[xxiii] (p979 43:19)

[xxiv] (p979 2:235, 2:282-283)

[xxv] (p979 2:79)

[xxvi] (KS452 Tirmidhi K40 B20, Tirmidhi K40 B21, Ibn Majah K33 B49)

[xxvii] (KS68 Bukhari K78 B60, Tayalisi H2206)

[xxviii] (MB2037)

[xxix] (KS461)

[xxx] (KS462 Tirmidhi K25 B80)

[xxxi] (p308 4:148, 24:19)

[xxxii]  (MB1176)a

Professor Omar Hasan Kasule Sr. June 2006