Confidentiality and Ethics in Health Information Management

Abstract

This article reflects on the challenges faced by the federal public administration regarding the handling of sensitive health information of employees. Drawing on the experience of the Nucleo de Perícias em Saúde (NUPS) at IF Baiano, the text proposes an analysis of the ethical, technical, and institutional implications of managing this data, based on the Lei Geral de Proteção de Dados (LGPD) and the principles of professional ethics. Using a qualitative approach, the study is based on participant observation and documentary analysis of institutional practices. Despite regulatory advances, the risks of undue exposure and unnecessary circulation of sensitive data remain frequent, revealing the need for a more mature organizational culture regarding privacy and confidentiality. Three axes guide the analysis. The first addresses information practices and document flows at NUPS. It points out that weaknesses remain in both physical and digital processes. The lack of standardization, the accumulation of paper documents, and the absence of clear criteria for accessing reports and medical records make the management of these data vulnerable, contradicting LGPD guidelines. The second axis discusses ethics and professional secrecy. The text argues that health information should be understood as an expression of care. The way in which sick employees are treated, especially in serious cases such as cancer or mental disorders, requires empathy and responsibility. The article criticizes the excessive bureaucratization that imposes successive requests for documents and expert reports, creating an environment of distrust and suffering. Secrecy, in this context, goes beyond legality: it is an ethical commitment to human dignity. The third axis presents best practices implemented by NUPS, such as the adoption of the "restricted" field in SUAP for sensitive documents, the use of standardized templates, collaboration with the information technology department to create secure protocols, and dialogue with the Legal Department. Continuous training initiatives for the team are also mentioned, aimed at strengthening an institutional culture aligned with ethics and data protection. Finally, the text proposes that health information should be treated based on a balance between care and control, and that compliance with the LGPD, the Public Servant Code of Ethics, and other regulations is essential to consolidate a fairer work environment. Confidentiality and information security should be seen as pillars of citizenship, not mere bureaucratic requirements. NUPS's experience demonstrates that it is possible to move toward more ethical, sensitive, and protective management of health data in the public service.