The degree to which communication and sharing of information is facilitated or automated within computerized health information systems carries increased risk of unauthorized transmission of protected health information.
Imagine your bank records. You should be able to access them, of course, and employees at the bank who are helping you with a transaction should be able to access them, but no one else should. A failure to maintain confidentiality means that someone who shouldn't have access has managed to get it, through intentional behavior or by accident. Such a failure of confidentiality, commonly known as a breach, typically cannot be remedied. Once the secret has been revealed, there's no way to un-reveal it. If your bank records are posted on a public website, everyone can know your bank account number, balance, etc., and that information can't be erased from their minds, papers, computers, and other places. Nearly all the major security incidents reported in the media today involve major losses of confidentiality. So, in summary, a breach of confidentiality means that someone gains access to information who shouldn't have access to it.
Sensitive information or data should be disclosed to authorized users only. In IA, confidentiality is enforced in a classification system. For example, a U.S. government or military worker must obtain a certain clearance level, depending on a position's data requirements, such as, classified, secret or top secret. Those with secret clearances cannot access top secret information.