Healthcare professionals (let’s call them ‘HP’s’) often live on a knife edge as they are required to deal with both simple and complex needs of their patients. It is not all negative as there are the rewards such as when a patient returns home happy and healthy. HP’s have an obligation to not gossip to others about patients and to protect the privacy and confidentiality of a patient’s information. There are laws in place which inform HP’s about their obligations.
Obligations of a Healthcare Professional
Accuracy of information
HP’s must ensure that patient information is always correct and updated. Amendments can be made if the HP believes some information is incorrect or the patient asks for corrections to be made.
Information is incorrect if it is any of the following:
If any corrections are made, the HP must verify the identity of the patient and record any changes, just in case they are required at a later date if a dispute takes place.
A patient’s unique health information should be treated in a confidential manner and should not be shared with 3rd parties without consent. A HP must, in most situations, also get consent from the patient prior to delivering treatment.
Consent may be ignored in the following situations:
notification of births and deaths;
reasonable suspicion of child sexual abuse;
notification by doctors to a coroner of a death in certain circumstances;
taking a blood sample when a patient presents for treatment with motor vehicle accident injuries;
taking blood tests which are required for a needle stick injury for a health worker;
notification of the relevant authority for positive test results for certain diseases (e.g. Covid-19, HIV/AIDS, cholera, smallpox).
Patients’ rights to privacy and confidentiality
A. The right to access information
Patients have a right to access any information held about themselves. The information must be supplied within 30 calendar days of the request and in the right format. There may be a charge for providing this information. A responsible person may request this information on a patient’s behalf. This could be any one of the following:
those with an intimate relationship with the patient;
a person nominated to be contacted in the case of an emergency.
but generally a signed authority is required.
A HP can refuse access if:
there are reasonable grounds to suggest that it would pose a serious threat to the life, health or safety of the patient or another person, or to public health or safety;
it contains another person’s confidential information, and disclosing the information would have an unreasonable impact on that individual’s privacy.
The HP must give written notice stating the grounds for refusal and the steps to follow if the patient wishes to file a complaint.
B. The right to a privacy notice
Patients have the right to a privacy notice when engaging a HP. The privacy notice must include the following things, and can be either oral or written:
the healthcare provider’s organization’s identity and contact details;
the facts regarding the collection of the information and its circumstances;
the fact that the collection is required or authorised by law if this is relevant;
the purpose/s of collection;
any consequences for the patient if the health information is not collected;.
the usual disclosures of the health information collected.
C. The right to confidentiality
All personal information collected when providing a health service is considered health information under the Privacy Act. Since health information is ‘sensitive information’, a HP may only disclose it for the primary purpose for which it was collected it, or a secondary purpose in some circumstances.
The primary purpose is the main reason for collecting information which is most often given by the patient to the HP when it comes to reaching a diagnosis or deciding on treatment options. The secondary purpose is one that directly arises from the primary purpose, such as when a HP refers a patient’s case to a specialist. Other cases where disclosure of confidential information is allowed are the following:
patient consented to it;
it is required by law (e.g. by a subpoena);
there is a serious threat to the life, health or safety of any individual, or to public health or safety.
If you are a healthcare professional and receive a request for access to Personal Information that you intend to reject, or a patient that has had a request for access denied, let us know. We may be able to assist. There’s lots of examples and legal cases on these issues.