Introduction

For diseases that threaten public health, it is important to have timely and accurate information about the disease, including its patterns of spread and transmission. Often, this will require identifying and reporting information to public health officials to allow them to develop effective strategies for combatting the disease. Although collection of such data may be crucial for almost all diseases and conditions with the potential to affect human health, in some cases, reporting is mandatory due to the immediate risks imposed by the disease or condition. Mandatory reporting of infectious diseases (MRID) is an important practice in combating disease outbreaks.1 Numerous countries possess notification systems that are determined in accordance with the characteristics of the disease, including transmission route, severity, risk of spread, vulnerable populations, and current national or international states of the disease. The notification process, which begins when the presence of a certain infectious disease is confirmed by relevant institutions or persons, is not only a trigger for necessary actions to protect public health by containing spread but also a mandatory procedure carried out in health systems during non-pandemic periods. As of 2001, the WHO considers notification to be a broader obligation that is not restricted to infectious diseases but covers all events ‘that may constitute a public health emergency of international concern’ under the International Health Regulations (IHRs).2

MRID and disease surveillance are interwoven procedures. The former is defined as ‘the process of reporting the occurrence of a disease or other health-related conditions to appropriate and designated authorities’, and the latter as ‘the systematic collection, collation, analysis, and interpretation of healthcare data essential for the planning, implementation, and evaluation of public healthcare practice’.3 In recent years, the accurate keeping of medical records and timely initiation of the notification process have become critical in preventing the spread of infectious diseases.4 The main rationale behind MRID is the protection of public health. The data obtained by notifiable infectious disease reports are used for many purposes, including prevention of spread and negative impact, assessing the national and global situation, conducting scientific research, coordination of interventions, and devising or amending health policies. Patients and those who have been in contact with them are examined to track the source of infection and the extent of disease outbreaks. If need be, patients are treated and/or isolated to prevent disease spread. If preventive measures such as vaccination and antibiotic prophylaxis cannot be implemented, contacts of people with confirmed infection and certain high-risk groups can be quarantined, which is an option in the face of infectious diseases with person-to-person spread.5 Individuals’ contact with infection, tracking of said infections and determination of at-risk groups requiring quarantine (when necessary) rely greatly on the route of transmission, and therefore, the transmission characteristics of a known or potential outbreak-causing agent are not only the subject of epidemiology but also present important questions and data for the necessity and the reliable application of MRID. Indeed, this relationship is explicitly described by the WHO Recommended Surveillance Standards, and is further discussed with respect to ethical concerns.6 In the event that an infectious disease is defined as a cause for mandatory reporting, the conceptual framework for reporting and/or notification should be devised in a way that accounts for privacy concerns and the route of transmission and its urgency.1 The latter (urgency of transmission) may in fact be a function of the transmission route itself, as demonstrated by the COVID-19 pandemic in which the SARS-CoV-2 virus was found to be transmissible through inhalation of aerosol or droplets.

The detection, investigation, and appropriate management of outbreaks require the implementation of fast and accurate laboratory diagnostic methods along with timely follow-up of affected individuals and definite identification of the mode(s) of transmission. In order to ensure patient follow-up, personal data including names, ages, addresses and medical records are reported to public health authorities without explicit patient consent. Such notifications are necessary for following up and treating infected individuals, and in certain cases, for the protection of those who cohabit with them.1 7 Here, it is important to note that, in Turkey, not only notifiable diseases but also routine hospital call announcements are made with partial identification—with initials sufficing rather than full identification.

Mandatory reporting of infectious diseases and ethical challenges

On a conceptual level, MRID is at odds with the traditional understanding of patients’ right to confidentiality. Rules pertaining to this right have remained in place since medical oaths of old,8–11 and patient confidentiality remains as a particularly emphasised subject in national laws, international conventions11 and codes for healthcare practice.12 13 However, MRID is among the exceptions to patient confidentiality due to ethical and legal reasons referring to the benefit of society. Hence, there exist certain provisions in international conventions and national constitutions that allow for such an exception. For instance, paragraph 2 of Article 8 of the The Charter of Fundamental Rights of the European Union dictates that ‘Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.’14

In legislation concerning MRID, the aim should be devising approaches that provide a balance between bioethics15 and public health ethics,16 which are centred on considerations such as respect for individual patient rights and community health, respectively.17 According to the principles of public health ethics, taking such measures that violate individual rights and freedoms can only be accepted if a serious public health concern cannot be adequately addressed through measures that do not infringe on individual rights.16 Public health ethics also necessitate that the usefulness of these measures is supported by evidence-based scientific data.18–20 In order to build public confidence in MRID, it is important to increase transparency and instil trust that personal data are being handled with great care in terms of confidentiality and are used only for the designated purposes. If MRID proves necessary, with due respect to patient privacy and transmission route, the patient should be thoroughly informed about the need for and the method of disclosure, and straying from this approach may result in reduced confidence in MRID.21 In addition, the notification system itself must incorporate systematic measures to limit the access of various individuals who receive or respond to these notifications and should obscure various data in a preferential manner based on the disease in question and each responder’s role within the reporting system. The obfuscation of irrelevant data will contribute to partial patient anonymity and can increase confidence in the reporting system(s). Therefore, devising adequate and reliable MRID systems that implement systematic measures to restrict access to certain data is of critical importance.

The obligations of physicians regarding the reporting of infectious diseases

Since the well-being of the society is no less in importance than the well-being of individual patients cared for by physicians, it is widely considered ethically acceptable for physicians to disclose certain types of patient information in such cases that involve criminal offences or infectious diseases.22–24 In Turkey, all public institutions and organisations and various legal or individual persons are responsible for the notification of a notifiable contagious disease. These responsibilities also apply to non-physicians, including hospital administrators, clinical chiefs, specialists and laboratory personnel. Where, as per the Article 61 of the Common Law of Hygiene (CLH), there exists a wide array of persons responsible for notification including owners or lessees and managers of schools, factories, workshops, charities, businesses and retailers, accommodation establishments, and penal institutions, apartment custodians, funeral service workers, and local officials. In many other countries, these responsibilities are also defined by law.25

It is broadly accepted that physicians, and some non-physicians, are obligated to report infectious diseases based on their responsibility to the welfare of society and the improvement of public health. Physicians, who are the first to examine symptomatic patients, are likely to be the ones to notice the earlier signs of an impending outbreak and identify routes of transmission. For this reason, physicians should be aware of the necessity of disease notification and regard the act of reporting as a crucial constituent of patient care.1 However, it is also undeniable that physicians must abide by ethical and legal obligations regarding patient autonomy and privacy, unless such disclosure is legally required, or the patient’s informed consent is obtained.26 27 Finally, physicians and non-physicians involved in any step of the reporting process must be informed by the relevant authorities about the correct means of reporting information to the authorities without breaching confidentiality and the prevention or erroneous actions which may lead to public dissemination of such data, regardless of the nature of the information shared.

MRID demands a balance between the protection of public health and that of individual rights and freedoms. The maintenance of this balance, by physicians and non-physicians who are primary actors in MRID, is of great importance. It is therefore imperative that policymakers take measures to adequately inform physicians and non-physicians (who are responsible for reporting) about the legal regulations and ethical codes to take appropriate balancing actions when necessary.

Mandatory reporting of infectious diseases in Turkey

In Turkey, MRID is primarily regulated by the CLH, particularly by articles 57 through 102 of the CLH, and is supported by a wide range of health legislation.28 On the other hand, the term ‘sensitive data’ is defined in the Law on the Protection of Personal Data as follows: ‘Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership of associations, foundations or trade-unions, information relating to health, sexual life, convictions and security measures, and biometric and genetic data.’29

Article 57 of CLH lists certain infectious diseases and enunciates individuals responsible for the reporting of suspected or confirmed cases of these diseases. After the preliminary reporting of a suspect case is received, the notification is followed with respect to patients’ referral to confirmatory institutions when needed, and conclusive clinical/laboratory data are obtained prior to finalising MRID documents/notification. For physicians, MRID is regulated by Article 58 of CLH, which mandates that they make a report within 24 hours to relevant government agencies. Here it is important to emphasise that the 24-hour rule is an obligation directed to restricted contagious diseases which are stated at article 57 of CLH. However, the inter-related articles stating the reaction time about mandatory reporting of restricted diseases became obsolete with the effective date of Communicable Diseases Notification System Directive (CDNSD).30 Currently, the reaction time of reporting is regulated by the mentioned directive where the contagious diseases are grouped by four as A, B, C and D. Apart from group B which mentions four diseases namely smallpox, epidemic typhus, yellow fever and plague, there is no responsibility of physicians for immediate reporting.

Being an archaic law enacted long before utilisation of modern communication systems and nationwide distribution of health professionals, the CLH lists a wide array of unassociated or irrelevant individuals (or professions) as ‘mandatory reporters’ for infectious diseases, which indicates need for a new and revised CLH law; however, these regulatory problems in the conduct of MRID are currently being addressed by adherence to more modern administrative by-laws, namely the Regulation on the Principles of Surveillance and Control of Communicable Diseases (SCCDR)31 and the CDNSD. These by-laws, in addition to forming the framework for disease notification, declare the responsibilities of hospital administrators, clinical chiefs and specialists, and laboratory personnel in the reporting process.

In order to ensure the protection of individual rights, public health institutions should also comply with confidentiality criteria applicable to health professionals.26 The General Directorate of Primary Health Care of the Ministry of Health is the institution responsible for creating necessary regulations concerning MRID. With a directive issued by this institution, procedures and principles regarding the structure and functioning of the notification system of communicable diseases are specified. Article 13 of the directive mandates that a report of certain diseases be made within a set time frame after confirmation (defined as 24 hours or ‘daily’). Article 11 of CDNSD regulates the processing of personal data, stipulates the protection of patients’ right to privacy, moral and material interests, and basic rights and freedoms during the processing of information and personal data acquired by epidemiological surveillance or disease notification systems.

Another requirement included in the regulations for ensuring the balance between public health and individual rights is developing a notifiable diseases list. In Turkey, these diseases are specified by CLH and SCCDR. Whenever a novel disease emerges, necessary changes are made to the list of notifiable diseases; hence, COVID-191 was added to the SCCDR by an amendment on 22 May 2020.32

Ethical framework regarding mandatory reporting of COVID-19

Once an organism has been identified, the epidemiological teams get to work notifying consultants in communicable disease control. Time is of the essence and rapid reporting is required. Tortuous and bureaucratic procedures about consent are struggling for public health. The need to protect the public against the spread of communicable disease provides a good example of the need for a commonsense approach to the use of confidential data.33

In order to protect public health on a global scale, notification of COVID-19 under MRID is a universal requirement and practice. A global framework can be found in the 2005 IHRs, adopted under Articles 21 (a) and 22 of the Constitution of the WHO.34 The purpose of IHRs is ‘to prevent, protect against, control, and provide a public health response to the international spread of disease in ways that are commensurate with and restricted to public health risks, and which avoid unnecessary interference with international traffic and trade.’ In the first paragraph of Article 6, it is enunciated that ‘Each State Party shall notify WHO, by the most efficient means of communication available, by way of the National IHR Focal Point, and within 24 hours of assessment of public health information, of all events which may constitute a public health emergency of international concern within its territory.’ Thus, it can be said that the predetermined regulatory framework in … regarding MRID meets the requirements of the IHRs.

The usage of regulatory management tools pertaining to the COVID-19 pandemic should be subjected to a high level of scrutiny.34 Determining who, and to what extent, should be informed about patients diagnosed with COVID-19 is of equal importance as MRID during the pandemic. In Turkey, patients with COVID-19 who do not require hospitalisation undergo treatment at home and remain in isolation until they are no longer infectious, which is managed by local health departments. In order to handle this process effectively, relevant persons and institutions must be provided with access to patients’ personally identifiable information, including addresses and phone numbers. However, such access is only acceptable when provided on a need-to-know basis, and confidential information should not be retained by those who access it after the conclusion of their duty, and these individuals must be aware that public disclosure of such data would be in violation of the Law on the Protection of Personal Data.34 Additionally, these professionals should respect the privacy of individuals and families, and avoid engaging in actions that may inadvertently facilitate stigmatisation, such as disclosing specific or general information about the patient’s condition, circumstances of infection and other information which could affect social perception.35 Finally, it is evident that patient confidentiality could suffer in many ways due to the urgency caused by the COVID-19 pandemic and the necessity of tracking spread to limit mortality. However, in relation with the aforementioned systematic obfuscation of irrelevant data to specific individuals within reporting systems, it may be possible to at least decrease the degree and frequency of confidentiality breaches. For instance, an individual evaluating local spread pattern from the notification system may require address information, while phone numbers and names of the cases in question may not be critical to this analysis, and therefore, access could be specifically restricted in a systematic manner to protect some anonymity, even in the midst of a global crisis such as COVID-19.

It is a natural consequence of the treatment process that the COVID-19 status of patients is disclosed to health workers who deliver services to them. However, before allowing full access to descriptive information about the patient, careful consideration of its reason is crucial. In this regard, the mode of transmission of the disease in question is also important. As an example, SARS-CoV-2 and HIV are significantly different viruses in terms of their mode of transmission, and this difference should reflect on the extent of confidential patient information that needs to be accessed by different healthcare workers.

Announcing the positive COVID-19 test results of patients in their workplaces or communities, as well as publishing their images or information on any channel including social media, are illegal in accordance with the principles of the public health and freedom of information law. Such practices may cause patients with COVID-19 to experience discrimination and stigma, and may even result in serious or irreparable harm. Failure to develop a disease reporting system that keeps violations of individual rights and freedoms to a bare minimum can result in human rights violations against patients in their social and professional lives.

Conclusion

The COVID-19 pandemic caused the implementation of quarantine, isolation and lockdown protocols which have resulted in unintended consequences such as restricted access to healthcare services. Undoubtedly, measures that are taken to alleviate the impact of the pandemic should be expected to rapidly mitigate the threats it poses to people’s life, health and psychology, as well as the damage it can do to political, social and economic structures of countries. However, this important expectation should not take precedence over ensuring minimal harm. Disease notification systems that are not designed in a harm-reductionist approach can impel individuals to engage in behaviours that may facilitate discrimination and stigmatisation of others, especially in the context of COVID-19. MRID should be devised and implemented with due regard to balancing potential benefits between individuals and the society. On the basis of protecting privacy in healthcare, regulations and guidelines should be implemented to specify numerous subjects, including data transfer to disease notification systems, permission to access said data and notification of communities of an individual’s COVID-19 diagnosis. This is necessary for devising a disease notification system that acts in conformity with public health ethics and human rights.

Abstract translationThis web only file has been produced by the BMJ Publishing Group from an electronic file supplied by the author(s) and has not been edited for content.Data availability statement

No data are available.

Ethics statementsPatient consent for publication

Not required.

Ethics approval

We confirm that the manuscript is sufficiently anonymised in line with our anonymisation policy and checklist. The article does not need ethics approval.

Acknowledgments

The authors would like to thank Mr SB Mega for improving the use of English in the manuscript.