4. Privacy and confidentiality of patient information
Learning objectives
• understanding the legal and professional obligation of confidentiality in relation to patient and client information
• identifying the legal and professional consequences when the obligation to keep information confidential is breached
• identifying the professional codes of ethics and conduct that protect patient and client confidentiality
• describing the practical effect of exceptions to the obligation of client confidentiality
• locating and understanding the Privacy Act (Cth) and/or National Privacy Principles (NPPs) and/or Information Privacy Principles (IPPs) and legislation relevant to the state or territory in which you will practise medicine
• discussing legislation that facilitates access to information contained in patient and client health records.
Introduction
The nature of medical practice, whether conducted in the private or public sectors, whether provided by a general practitioner practising alone in a rural area, or by medical practitioners working as members of an institutional healthcare team, will almost always include access to patient and client information. This access, to patient and client private and confidential information, is based on the therapeutic relationship which exists between a medical practitioner and their patient or client. Indeed, it is a combination of the legal, professional and ethical obligations imposed on medical practitioners to keep the patient’s and client’s information confidential — and the patient’s and client’s perception that such information will be kept confidential — that underpins the therapeutic relationship. That is, a medical practitioner needs the patient or client to disclose all their relevant health information to be able to make informed decisions regarding which medical treatment options may be most suitable and appropriate. The patient is only likely to disclose such information, however, if it is understood that their information will be kept confidential and used only for the purpose of clinical decision-making. It is therefore important that medical practitioners have an understanding of the legal, professional and ethical obligations that maintain the confidentiality of patient information and the mechanisms by which privacy of, and access to, patient information is secured.
Various situations in medical practice require the medical practitioner to follow and adhere to the strict provisions of privacy and confidentiality legislation, policies and guidelines. The Good Medical Practice: Code of Conduct for Doctors in Australia1 and the Australian Medical Association (AMA) Code of Ethics2 both expressly refer to the obligation and responsibility of a medical practitioner to keep patient information confidential. Flowing from the application of legislation, policies, guidelines and codes are the principles laid down in case law which have direct application to the day-to-day practice of any medical practitioner involved in the care and treatment of their patients and clients.
Skene3 notes that privacy and confidentiality are different issues in that privacy is focused on the collection of information, whereas confidentiality is focused on communication of that information. Although the duties imposed on a medical practitioner in relation to these two issues differ conceptually, they are complimentary to one another in their application and there is a considerable overlap within a healthcare context.
The Obligation to Keep Information Confidential
The modern day notion of confidentiality, within the context of healthcare delivery by any health professional, originates in the provisions of the Hippocratic Oath. Under this oath a medical practitioner agreed to be bound by the ethical obligation to ensure:
All that may come to my knowledge in the exercise of my profession or outside of my profession or in daily commerce with men, which ought not be spread abroad, I will keep secret and never reveal. 4
The confidentiality of patient and client information is therefore one of the fundamental presumptions founding the relationship between medical practitioners and their patients or clients. Indeed, medical practice takes place in an environment in which the client expects their information will be kept confidential and the medical practitioner appreciates and respects the obligations imposed by that expectation. As stated in the case of Seager v Copydex:5
[A person who] has received information in confidence shall not take unfair advantage of it. He must not make use of it to the prejudice of he who gave it without obtaining consent.
It could be argued that for any medical practitioner to provide optimum care to a patient or client they must have full and frank disclosure of all relevant information by that individual. In the case of X v Y, involving a medical practitioner, the court observed:
If people felt that there was any chance of information given to their doctor, or the doctor’s diagnosis, being passed on, people would be reluctant to seek advice and the disease would go underground. Confidentiality must be absolute or almost absolute … In the long run, preservation of confidentiality is the only way of securing public health; otherwise doctors will be discredited as a source of education, for future individual patients will not come forward if doctors are going to squeal on them. Consequently, confidentiality is vital to secure public as well as private health, for unless those infected come forward they cannot be counselled and self-treatment does not provide the best care. 6
The obligation to keep information confidential has both a legal and ethical basis and includes information such as the patient’s current and previous medical details, family history, social and financial circumstances and any facts in relation to the patient’s or client’s current or previous treatment or medication history. In fact the disclosure by a medical practitioner of information such as the person attended a hospital or a GP may constitute a breach of the duty of confidentiality.
Professional and ethical obligations
Professional codes of conduct and ethics protect the rights of patients and clients to have their information kept confidential. The Good Medical Practice: A Code of Conduct for Doctors in Australia7 expressly recognises the obligation imposed upon medical practitioners to keep patient information confidential. Principle 3 of the Code, ‘Working with patients’ states at 3.2 under ‘Doctor–patient partnership’:
A good doctor–patient partnership requires high standards of professional conduct. This involves …
3.2.3 Protecting patients’ privacy and rights to confidentiality, unless release of information is required by law or by public interest considerations.
And under 3.4 ‘Privacy and Confidentiality’:
Patients have a right to expect that doctors and their staff will hold all information about them in confidence, unless release of information is required by law or public interest considerations. Good medical practice involves:
3.4.1 Treating information about patients as confidential.
3.4.2 Appropriately sharing information about patients for their healthcare, consistent with privacy law and professional guideline about confidentiality.
3.4.3 Being aware that there are complex issues related to genetic information and seeking appropriate advice about disclosure of such information.
Consistent with these provisions, the AMA Code of Ethics states under the section ‘The Doctor and the patient’ at 1.1 ‘Patient care’:
that the medical practitioner is to –
l. Maintain … patient’s confidentiality. Exceptions to this must be taken seriously — may include where there is a serious risk to the patient or another person, where required by law, where part of approved research or where there are overwhelming societal interests.
The professional codes of conduct and ethics therefore impose clear obligations on members of the medical profession to respect the confidentiality of information acquired in the course of professional practice relating to their patients. Such information must not be disclosed to anyone without the consent of the patient or client. Exceptions may arise where the health of the client or others is at risk, where information is sought under legislation or common law, where a court order requires the release of confidential information, or the information is released to those assuming legal responsibility for the patient; for example, when a patient looses capacity and requires a substitute decision-maker for the purpose of healthcare decisions (refer to Chapter 6, consent).
Statutory obligations
Legislation exists at state, territory and federal levels directed specifically to the maintenance of confidentiality in relation to patient and client information. The legislation generally provides that patients and clients of healthcare services have a legally based expectation that the health services are being provided in a way that respects their right to the confidentiality of their information. That is, there is a legislatively imposed obligation on all health professionals (and others who come into contact with the patient’s information as part of their work in the delivery of healthcare services) to protect the patient’s information from disclosure, unauthorised access and/oruse. The legislation can be divided into two categories: first, that which protects the identity of the patient; 8 and second, that which protects information about the patient’s medical condition. 9 In legislation protecting the confidentiality of patient information, health professionals, often referred to as the ‘designated person’ or ‘relevant person’, must not disclose patient information either directly or indirectly to others and there is usually a statutory penalty in circumstances in which information is disclosed inappropriately. As an example, the Queensland Health Services Act 1991, ss 60–62, imposes on public health sector employees a duty of confidentiality and a penalty for breach of that statutory duty. Section 62A states:
Confidentiality
(1) A designated person, or former designated person must not disclose to another person, whether directly or indirectly, any information (confidential information) acquired because of being a designated person if a person who is receiving or has received a public sector health service could be identified from the confidential information.
Maximum penalty — 50 penalty units.
Common law obligations
In addition to the legislative obligations there are obligations imposed on medical practitioners to keep patient information confidential which are imposed and maintained through the various common law decisions. The following is an overview of the legal basis upon which a client may initiate an action at common law in circumstances in which they consider there has been a breach of this obligation.
Negligence
The duty to keep information confidential is part of the duty of care owed by a medical practitioner to their clients. In circumstances in which this duty is breached through the medical practitioner divulging patient information, the medical practitioner may be sued in negligence for the damage caused by the breach. 10 In the case of Furniss v Fitchett11 the medical practitioner disclosed the medical information about his patient to the patient’s husband. The husband then used that information in legal proceedings. In this case Barrowclough CJ stated: 12
[A] doctor’s duty to care for his patients includes a duty not to give a third party a certificate as to his patient’s condition, if he can reasonably foresee that the certificate might come to the patient’s knowledge, and if he can reasonably foresee that that would be likely to cause his patient physical harm.
The decision suggests that where a medical practitioner causes injury, by carelessly revealing confidential information about the condition of the patient, it would amount to a breach of the duty of care. The duty however is not only ‘to avoid telling unauthorised persons things that are confidential. It also covers taking proper precautions to ensure that confidential information does not fall into the wrong hands’. 13
Contract
It is an implied term of a contract involving the provision of healthcare that all information disclosed in relation to that care will be kept confidential. In the public sector there are no contracts between individual health professionals such as medical practitioners and their patients and clients. Contracts in this context are most frequently between the healthcare institution and the government under the Medicare arrangements. However, in the private sector, where the patient receives a service for the fee paid directly to the medical practitioner, a contract will exist which may provide the ground for an action in breach of contract where a client’s information is inappropriately disclosed.
Defamation
An action in defamation is founded on an allegation that the medical practitioner made a statement about a person, which though untrue, is published and thereby lowers the reputation of the person in the eyes of their peers. The subject of the defamatory statement can be any person, incorporated body or government department or agency, however, in a healthcare context it is most likely to arise in circumstances in which the medical practitioner makes a statement about a patient, a colleague or their employer. It is not necessary for the medical practitioner to actually name the person who is the subject of the comment. It is sufficient if the person is identifiable by their peers through the content of the statement. For example, it is not necessary to prove in an action in defamation that the medical practitioner used the actual name, Mr Smith. If the medical practitioner referred to ‘the only 85 year old patient I have’, and everyone in town knows that to be Mr Smith, that would suffice. The law of defamation is not uniform across Australia, with certain jurisdictions such as New South Wales, 14 Queensland15 and Victoria16 having enacted legislation.
Equity
The law recognises the power imbalance between the providers of healthcare services and their patients and clients. Where a medical practitioner discloses information about a patient or client, that person may claim a breach of the fiduciary duty owed to them by the medical practitioner that resulted in a loss. In Coco v A N Clark (Engineers) Ltd17 Megarry J held:
In my judgement, three elements are normally required if, apart from contract, a case of breach of confidence is to succeed. First, the information itself … must have the necessary quality of confidence about it. Secondly, that information must have been imparted in circumstances importing an obligation of confidence. Thirdly, there must be an unauthorised use of that information to the detriment of the party.
The patient or client information must therefore have ‘the necessary quality of confidence about it’, 18 and ‘must have been imparted in circumstances importing an obligation of confidence’. There has been discission as to whether the requirement of a ‘detriment’ would be met in circumstances where the patient has not sustained an ‘economic loss’ as a result of the breach of the obligation to keep the information confidential. It has been suggested that, in cases involving medical confidentiality, the detriment in the use of the confidential information is not necessary and that the ‘mere disclosure and its immediate consequences’ is sufficient to warrant injunctive relief. 19 Australian courts have declined to interpret the medical practitioner–patient relationship as fiduciary in nature and therefore it is unlikely that disclosure of information by any medical practitioner will give rise to an action for breach of fiduciary duty. 20
Disciplinary action
The Health Practitioner Regulation National Law Act 2009 (the National Law) states as one of the objects of the National Scheme; ‘to provide for the protection of the public by ensuring that only health practitioners who are suitably trained and qualified to practise in a competent and ethical manner are recognised’. 21 One of the mechanisms through which this objective is met is the disciplinary process. Health practitioners who conduct themselves in a manner that amounts to ‘professional misconduct’ may be charged by the national regulatory authority and bought before a disciplinary tribunal (refer Chapter 11, professional regulation and discipline). The definition of ‘professional misconduct’ for a registered health practitioner includes ‘unprofessional conduct … that is substantially below a standard reasonably expected …’22 and ‘unprofessional conduct’ includes ‘professional conduct that is of a lesser standard than that which might reasonably be expected of the health practitioner by the public of the practitioner’s professional peers’. 23 The inappropriate disclosure of confidential information about a patient by a medical practitioner would, when benchmarked against these standards, provide the grounds for allegations of professional misconduct. In addition, the inappropriate disclosure of patient or client information may provide the basis for a mandatory24 and voluntary25 notification to the National Agency under the National Law.
Exceptions to the duty to confidentiality
It is clear from the foregoing that patients have the right to confidentiality of their information, however, this right is not absolute and may be overridden in particular circumstances.
Express consent
The disclosure of patient or client information is authorised where the medical practitioner has the express consent of the patient. It is suggested that the issue of with whom, if anyone, the patient’s information may be discussed is clarified as soon as possible. There may be circumstances in which the patient or client consents to a spouse, parent, child or other health professional being given information about the client’s health concerns or particular medication regime. Clearly, where a range of healthcare professionals and workers are caring for a patient or client there is an implied consent to the communication of information necessary for the patient’s ongoing healthcare and wellbeing between those involved in the care.
Legal duty of disclosure
In all Australian states and territories there is legislation requiring the disclosure of patient and client information. Though the specific requirements of each jurisdiction are set out in the respective Acts, it is mandatory in all jurisdictions other than Western Australia for nominated professionals to report suspected child abuse. 26 In most jurisdictions the diagnosis of a communicable disease and/or the presentation of a client with suspicious injuries are also reportable. There are also legislative provisions in the respective jurisdictions to provide information, or produce documents or other materials, as part of the court process. Though in a number of the states or territories there is no legal protection inherent in the health professional–patient relationship, in Victoria, 27 Tasmania28 and the Northern Territory, 29 doctor–patient privilege is permitted in civil proceedings. In both Victoria30 and New South Wales31 there is privilege in the communication between victims of sexual assault and their counsellors.
There may be situations in medical practice that would require a medical practitioner to weigh up the legal and ethical requirements regarding patient confidentiality against legislation that permits a breach of confidentiality.
Public interest disclosure
The obligation imposed on a medical practitioner to keep a patient or client’s information confidential may be overridden in circumstances in which the disclosure of the information is necessary in the public interest. This public interest exception is not clearly defined and arises only where there is a real and significant threat of harm, or the possibility of death. For example, where a medical practitioner is told by the patient or client that they intended to kill or harm another person. 32 In the American case of Tarasoff v Regents of the University of California, 33 the patient told his treating psychotherapist during a consultation that he intended to kill a named individual. The patient carried out his threat and the family of the victim successfully sued the psychotherapist, alleging a negligent failure to warn their daughter of the threat that had been made against her. In this decision, which has not been applied by the Australian courts, the majority of the Supreme Court of California confirmed that the relationship between a psychotherapist or a medical practitioner and their patient was one which ‘may support affirmative duties for the benefit of third persons’. Tobriner J stated: 34
We conclude that the public policy favouring protection of the confidential character of patient–psychotherapist communications must yield to the extent to which disclosure is essential to avert danger to others. The protective privilege ends where the public peril begins.
In the case of W v Edgell and Others35 the doctor was employed to provide an assessment of W, a forensic prisoner, for the purpose of his release to a less secure mental health facility. The psychiatric assessment carried out by Dr Edgell was unfavourable to the prisoner and his legal representative withdrew the application. Dr Edgell, believing W still presented a considerable danger, forwarded his report to the Secretary of State. The court dismissed W’s application based on a breach of doctor–patient confidentiality and held that the public interest in disclosing the information to the authorities outweighed W’s right to have his information kept confidentiality. Bingham LJ of the Court of Appeal concluded: 36
The decided cases clearly establish that the law recognises an important public interest in maintaining professional duties of confidence but the law treats such duties not as absolute but as liable to be overridden when there is held to be a stronger public interest in disclosure.
Privacy Law
While there is an overlap between the concept of confidentiality and the privacy of patient or client information as discussed previously, they are recognised as two different concepts and therefore the requirements in relation to privacy need to be addressed separately. The privacy of a patient’s or client’s personal information is secured under the provisions of the Commonwealth Privacy Act 1988. The Act regulates how personal information is handled with ‘health information’ being classified as ‘sensitive information’. The Privacy Act 1988 (Cth) as amended, 37 covers individuals and the private and public sectors establishing the ten National Privacy Principles (NPPs) 38 (which apply to parts of the private sector and to all health service providers) and eleven Information Privacy Principles39 (IPPs) (which apply to the Commonwealth and Australian Capital Territory government agencies). These principles provide for the collection, storage, security, use and disclosure of personal information and, in addition, deal with the right of access to information and correction of information that is collected about an individual. The legislation creates the position of the Federal Privacy Commissioner to whom complaints may be directed when there is an alleged breach of the provisions.
Section 62A(2) of the Privacy Act 1988 (Cth) states that:
[An] organisation must not do an act, or engage in a practice, that breaches a National Privacy Principle.
An ‘organisation’ is defined under the legislation to include an individual, a body corporate and a partnership, but not a government agency. While small businesses are generally excluded, those that provide a health service are not. 40
The NPPs, which apply to private sector organisations and individuals and all health service providers in the private sector, are summarised as follows: 41
NPP 1: Collection and NPP 10: Sensitive Information and NPP 8: Anonymity — identify the provider’s obligations when collecting a patient or client’s health information. This includes an obligation on a medical practitioner to collect fairly and lawfully only that health information that is necessary to provide a service. The information must be collected directly from the individual (if practicable) and only with the consent of the individual unless an exemption applies. If lawful and practicable, the individual has a right to remain anonymous during the interaction. 42
NPP 2: Use and Disclosure — identifies how health information, once collected by the medical practitioner, can be used within the ambit of medical practise, the healthcare institution or disclosed to third parties outside the practice or the institution. As a general proposition the information can only be used for the purpose for which it was collected.
NPP 3: Data Quality and NPP 4: Data Security — identify the standards required for keeping information up-to-date, accurate and complete. The principles also address the obligation to protect information from misuse, loss, unauthorised access, modification or disclosure. When information is no longer required to be kept it has to be permanently de-identified or destroyed.
NPP 5: Openness — requires the medical practitioner to be open about how the client or patient’s health information is managed and made available. This includes developing a policy document (privacy policy) explaining how the information is handled.
NPP 6: Access and Correction — provides patients and clients with a general right to access and correct information about themselves that a medical practitioner or healthcare institution may hold.
NPP 7: Identifiers — imposes an obligation to limit the use of commonwealth identifiers to the purpose for which they were intended.
NPP 9: Transborder Data Flow — identifies the obligations on a provider when transferring health information overseas.
A private organisation or provider may withhold information and refuse access, by third parties and, in some circumstances, the patient themselves, where disclosure would ‘pose a serious threat to the life or health of an individual’, ‘ have an unreasonable impact upon the privacy of other individuals’, where the ‘information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery’, 43 provision of the information ‘would be unlawful’, 44 and ‘providing access would be likely to prejudice an investigation of possible unlawful activity’. 45
State legislation and government schemes
In relation to health records, a number of states and territories have enacted their own privacy legislation which operates in addition to the federal provisions. 46 Medical students and practitioners therefore need to be aware of any additional obligations imposed by privacy legislation in the particular jurisdiction in which they practise.
Australian Capital Territory
The amended version of the Commonwealth Privacy Act applies to government agencies and is administered by the Privacy Commissioner. In relation to health records, the Health Records (Privacy and Access) Act 1997 applies to those records held in public and private sectors. This legislation is based on the IPPs and provides patients and clients with access to their own health information. In the ACT, the Human Rights Commission handles health record privacy complaints. 47
New South Wales
The Health Records and Information Privacy Act 2002 establishes fifteen Health Privacy Principles (HPPs), provides for the creation of ‘Statutory Guidelines’ to assist in the application of the principles and establishes a framework for managing complaints about the handling of health information. There are four statutory guidelines which are legally binding and apply to the use or disclosure of health information for the management of health services, for training purposes, for research purposes and the notification when collecting health information about a person from someone else. While the Health Records and Information Privacy Act 2002 applies to both the public and the private sectors (to every health service provider or health sector organisation that collects, holds or uses health information), the Privacy and Personal Information Act 1998 applies only to the information held within the public sector.
Northern Territory
The Northern Territory Information Act 2002 applies to the public sector and protects personal information, regulates record-keeping and archival management of information. The Act also incorporates the Privacy Principles and establishes the office of the Information Commissioner in the Northern Territory.
Queensland
Previously under a government privacy scheme, the Information Privacy Act 2009 now regulates the handling of personal information in Queensland. The Act contains eleven IPPs that provide for the handling of personal information by Queensland Government agencies (other than Queensland Health) and nine NPPs that set out how personal information is to be handled by Queensland Health.
South Australia
The South Australian government established a Privacy Committee and issued administrative instructions which require government agencies to comply with IPPs. The Code of Fair Information Practice, which is based on the NPPs, applies to the handling of personal information by the South Australian Health Department.
Victoria
In Victoria the Information Privacy Act 2000 applies to the handling of personal information (except health information) across the public sector. The Health Records Act 2001 covers all personal information held by the health service providers in the public sector and governs the practices of handling health information in the private sector. The Act creates eleven Health Privacy Principles (HPPs) adapted from the NPPs and provides an individual with the right of access to health information collected and held by a health service provider (including a sole practitioner) or organisation. Under the Act an ‘Organisation’ as pertaining to the private sector is defined to include a ‘natural person, body corporate, partnership, trust, unincorporated association or body that is a health service provider or collects, holds or uses health information’: Health Records Act ss3(1), 11(1), (2). The Charter of Human Rights and Responsibilities 2006 also provides a general right to privacy for an individual in Victoria.
Western Australia
The Western Australian public sector does not have a legislative privacy scheme. At the time of writing the Information Privacy Bill 2007 is moving through the parliamentary process. If enacted, it will establish a set of IPPs and regulate the handing of health information in the public sector and private sectors.
Access to Patient and Client Information
At common law the physical property in the patient’s file or records is with the person who made that file or record. 48 If the medical practitioner establishes and maintains a patient file, that file is the property of the medical practitioner who made it. This means that a patient has no legal right at common law to access their file and must therefore gain access under the relevant legislative provisions. Some of the legislation discussed above (in the section, state legislation and government schemes) facilitates access in the private and public sectors to health information. Additionally, there are also the freedom of information legislation at state, territory and federal levels that provide access to, and facilitate production of, personal records specifically in the public sector. The Freedom of Information Act 1982 (Cth) applies to the federal sector and provides any individual, subject to express exclusions, with a legally enforceable right to obtain access to their records in accordance with the Act. Similar legislation is in place in the states and territories and is contained in Table 4.1. The provisions of this legislation may assist the medical practitioner in making a decision as to whether a patient is given access to their medical information and, in some jurisdictions, whether that information is to be made available to others after the patient is deceased. This legislation is accessible through the government websites in each of the states and territories.
| Cth | Freedom of Information Act 1982 |
| ACT | Freedom of Information Act 1989 |
| NSW | Freedom of Information Act 1989 |
| NT | Information Act 2002 |
| Qld | Right to Information Act 2009 |
| SA | Freedom of Information Act 1991 |
| Tas | Freedom of Information Act 1991 |
| Vic | Freedom of Information Act 1982 |
| WA | Freedom of Information Act 1992 |
Children
Whether a child has the right to have their information kept confidential is inextricably connected to both the child’s capacity to make decisions on their own behalf and an assessment as to what is in the best interest of the child in the particular circumstances. Generally, there is an obligation on all health professionals to keep information about their patients and clients confidential unless there is express consent by the patient or client to disclosure. It could be suggested that similar obligations are imposed in relation to the information and data collected by medical practitioners about those of their patients or clients who are children. This obligation, to keep information confidential, is based on the legislation at Commonwealth and state levels, common law decisions and professional codes of ethics and conduct.
It stands to reason that if the child is considered as competent, referred to as Gillick competent, for the purpose of giving a legally valid consent to treatment they also have the right to expect that their information, in relation to that treatment, is confidential (refer to Chapter 6, Consent). The rationale for this proposition is that:
if the parents do not have the power to consent to the medical treatment their child seeks, they do not have the power to obtain medical information about that treatment.
(Law Reform Commission 2004) 49
In circumstances in which a child confirms they want the information kept confidential, or the information is clearly confidential in nature, or given in a situation where confidentiality is implicit, there is a strong argument that there is an obligation of confidentiality attached to their information. However, there are situations in which the law permits, and in some circumstances compels, the disclosure of information pertaining to a child’s health. This includes circumstances in which the child consents to such disclosure, particular situations in which a person with sufficient personal interest (usually a parent) seeks information in the child’s best interests, and when disclosure is mandated by legislation or it is in the public interest to disclose.
As with adults at common law, there is no right of access by a child to their medical records, and any person seeking such access must make an application under the existing legislative provisions. The Commonwealth, state and territory freedom of information legislation operates in the public sector and gives an individual a legally enforceable right to seek access to their records. While it is acceptable in most jurisdictions for a parent to make an application under this legislation on behalf of their child, they may be denied access where the information is potentially prejudicial or where it would be otherwise unreasonable for the parent to be given the access requested. The Privacy Act 1988 (Cth), in its application to healthcare delivery in the private sector, is silent as to the exact age at which the right to access information is acquired. A child’s right to access their own information would therefore appear to be dependent on similar criteria to that which determines their ability to give a legally valid consent; that is, their level of competence or capacity to understand the nature and effect of their decisions and their level of maturity and intelligence.
SCENARIO AND ACTIVITY
During a weekly consultation the patient confides in his psychiatrist that he has sexually assaulted one of his children.
• What are the legal obligations of the psychiatrist?
1 Identify and describe the legal and professional obligation of confidentiality in relation to patient and client information.
2 What legal action may be taken by a patient against a health professional who breaches the obligation of confidentiality?
3 What are the professional disciplinary grounds available where a medical student or medical practitioner breaches the obligation not to disclose patient information?
4 Upon what ground may a health professional disclose patient information?
5 Identify the privacy legislation, principles or scheme in your jurisdiction. How do the provisions or principle apply to medical practice?
6 Identify the legislation in your jurisdiction which facilitates patient access to the content of their medical records.
Further reading
Aberdee, A., ‘The medical duty of confidentiality and the duty to disclose: can they co-exist?’, Journal of Law and Medicine 75 (1995).
Carter, M., ‘Patient privacy in the electronic era: Legal and privacy considerations’, Australian Health Law Bulletin, 117 (2000).
Kloczko, A.; Payne, K., ‘Major changes to health privacy proposed’, Australian Health Law Bulletin Vol. 17 (2009); No. 6–7 at 123–6.
Patterson, M., ‘Shared electronic health records systems: The significance of the privacy dimension’, Australian Health Law Bulletin Vol. 16 (No. 7) (2008).
Endnotes
1.
2.
3.
4.
5.
6.
7.
8.
9.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
