People generally assume that all communication between themselves and their doctor, or other health professional, A document that sets out what a person wants to happen to their money and other property after they die. remain private, and the law reflects this expectation. If it were not so, people might be reluctant to seek medical treatment and may be less honest in describing their ailments. Most medical consultations are protected by a Found in a statute of delegated legislation. For example, a statutory authority or body is aperson or organisation that has special powers given by parliament to do work for the public benefit. or (1) The system of law developed by the English courts through precedent and adopted in ‘common law countries’ in the British Commonwealth (as opposed to Roman law (civil law) or ecclesiastical law). (2) The case law made by judges in that system. (3) Case law that is not part of the law of equity. (4) Historically, the rules of law common to all people in England, as distinct from local or customary laws. requirement of The principle that private information told to a person must not be revealed to others. Some professionals must keep information confidential, for example doctor–patient and lawyer–client relationships., in addition to the statutory privacy obligations (see HR A written law made by parliament. Also called an ‘Act of parliament’, ‘statute’ or legislation.; Privacy Act).
Confidentiality in hospitals and other services
The law preserving confidentiality in public and private hospitals, day procedure centres and community health centres (called a ‘relevant health service’ in the Act) is in section 141 of the Health Services Act 1988 (Vic) (‘HS Act’). The section applies to the health Formal delivery of legal documents to a person to tell them there are court proceedings against them which they must defend, or to make sure a witness in a case knows when they have to go to court to give evidence. itself, the board of the service, a person who is/was a member of the board, a delegate to a board, a proprietor of such a service, or a person engaged or employed in a service or performing work for it. These people are generally prohibited from disclosing information that could directly or indirectly identify an individual, unless an exception applies. If they do disclose such information, they have committed an A criminal act prohibited by state or commonwealth criminal law. An offence is either a summary offence (minor) or an indictable offence (serious). under the HS Act for which they may be fined up to $8261 (or 50 penalty units with a value of $165.22 each) (see ‘A note about penalty units’ at the start of this book).
In addition, the HR Act and the Privacy Act confer statutory privacy rights on individuals; the HR Act applies to individuals who are treated in a public or private health facility in Victoria. Both Acts set up complaint procedures for individuals who believe confidential information about them has been unlawfully disclosed to a third A person or organisation directly involved in a court case. Parties include the plaintiff or applicant, the defendant, and any third party added to the action, but not independent witnesses. or their health information has not been appropriately handled. For more information, see Chapter 12.4: Privacy and your rights.
Note, however, there are some exceptions to the statutory privacy protections and health providers are sometimes required, or authorised, to disclose confidential information about patients. For example, if a breach of confidentiality is required to carry out a function under an Act, or the giving out of the information is authorised or required by an Act, then it is permissible to give out information.
The HS Act (s 141(3)) lists the cases in which confidential information may be lawfully disclosed:
- with the prior To agree to something being done, to approve an action or arrangement. See also informed consent. of the person to whom it relates or, if that person has died, with the consent of the senior available next of kin of that person; or
- to a An independent body that hears legal claims brought by parties and decides between them. Serious cases are heard by a judge and jury, or just a judge. Less-serious cases are heard by a magistrate., in the course of criminal proceedings; or
- concerning the condition of a person who is a patient in, or is receiving health services from, a relevant health service, if the information is communicated:
- in general terms; or
- by a member of the medical staff of a relevant health service to the next of kin or a near relative of the patient in accordance with the recognised customs of medical practice; or
- to the Australian Red Cross for the purpose of tracing blood, or blood products derived from blood, infected with any disease, or the donor or recipient of any such blood; or
- if it is required in connection with the further treatment of a patient, or transferred electronically between hospitals via a specially established electronic records system for the treatment of patients; or
- the giving of information in accordance with an agreement between the minister and a body to manage a hospital under section 53(1), or a service provider under section 69B(1); or
- the giving of information as described in HPP 2.2(a) of the Health Privacy Principles (HPPs) in the HR Act (for a secondary purpose directly related to the primary purpose for collecting the information), 2.2(f) (for the management of a health service or training of employees), 2.2(h) (to lessen or prevent a serious threat to the life, health, safety or welfare of an individual or a serious threat to public health, public safety or public welfare), 2.2(k) (to establish, exercise, or defend a legal or equitable claim), 2.2(l) (to use or disclose in prescribed circumstances) or 2.5 (to identify an individual; or contact family members where the individual is missing or, due to an accident, the individual is unable to consent) of the HPPs in the HR Act; or
- the giving of information relating to a notification, claim or potential claim to a person or body providing insurance or A promise to pay compensation to cover losses or expenses that may arise in the future if some stated event occurs. For example, if a business partnership ends and one partner continues to run the business, they generally agree to indemnify the others against any claims against the business in the future. Insurance contracts also indemnify the insured against stated risks. (including discretionary indemnity) for any Legal responsibility, enforced by civil or criminal courts. of the relevant health service or a person who is a relevant person in relation to the relevant health service arising from the provision of services by, on behalf of or at the relevant health service; or
- to the Australian Statistician; or
- for the purposes of medical or social research, if:
- the use to which the information will be put and the research methodology have been approved by an ethics committee established under the Former name of local laws. of the agency; and
- the giving of information does not conflict with any other requirements that may be prescribed in regulations under the Act; and
- it is in accordance with HPP 2.2(g) of the HR Act; or
- to a case-mix auditor or auditor under the Act; or
- to a person or class of persons designated in the Government Gazette, employed by a health service or its support functions; or
- in accordance with the relevant provisions of the Family Violence Protection Act 2008 and the Child Wellbeing and Safety Act 2005; or
- to a person to whom, in the opinion of the Minister for Health, it is in the public interest that the information be given.
Both the HR Act and the Privacy Act also set out situations in which it is lawful for health professionals and institutions to disclose health information – these have similarities to the provisions in the HS Act above.
The Privacy Act was amended in 2006 to allow genetic information to be disclosed to blood relatives if a genetic risk is serious but not imminent. This has continued with the amendments made in 2014 to the Privacy Act (s 16A Australian Privacy Principle 6.2(c)).
Confidentiality in a hospital setting is a fluid concept. There may be a large number of people (e.g. doctors, nurses, administration staff) who have access to a person’s file, all of whom have Legally binding or effective. reasons for requiring that access.
Confidentiality between patient and health service provider
In addition to the statutory offences of breaching confidentiality, doctors and other health service providers may be sued at common law (i.e. judge-made law) if they divulge confidential information without a person’s permission. The individual may To take legal action in a civil case. for breach of contract Failing to do what was agreed in a contract. or because the health professional has been negligent in disclosing the information. However, such actions are very rare and complaints about breach of confidentiality would now almost always be dealt with under the privacy Statutory rules made by parliament or by bodies the parliament delegates power to, for example a local council or a registration authority. See delegated legislation; statute. described above.
Again, it should be noted that it is lawful for a health professional to disclose information if:
- some other law requires Providing information to another person or institution as required by a contract or other legal process.; or
- it can be argued that the person has provided express or implied consent for the disclosure; or
- it may be in the public interest for the information to be disclosed.
- Situations where some other laws may require disclosure of otherwise confidential information include:
- revealing to police or a court the presence of alcohol or any other drug in the breath or blood of a driver after a motor accident under Part 5 of the Road Safety Act 1986 (Vic);
- reporting of information under the Births, Deaths and Marriages Registration Act 1996 (Vic);
- reporting a reportable death or a reviewable death to the coroner under Part 3 of the Coroners Act 2008 (Vic);
- reporting cases of suspected child abuse under chapter 4 of the Children, Youth and Families Act 2005 (Vic); and
- notifying infectious diseases and micro-organisms to the Victorian Government Department of Health and Human Services under Part 8 Division 3 of the Public Health and Wellbeing Act 2008 (Vic) (‘PHW Act’).
Situations where consent to a disclosure of information may be implied include a treating doctor giving information to a health provider they are making a referral to, and reports provided for the purpose of insurance where the person has been examined at the request of the insurer.
The law provides little guidance about when it may be in the public interest for a health practitioner to disclose information. This area of law received attention with the emergence of HIV/AIDS. For example, in the case Harvey v PD (2004) 59 NSWLR 639, the court said that a doctor breached his An obligation to take reasonable care to avoid harming other people or their property. Breach of a duty of care that causes damage or loss to another may give rise to an action in tort. to a female patient whose husband, who was also his patient, was HIV positive. However, Australian courts have been reluctant to impose a positive duty on doctors to warn third parties in order to prevent serious harm occurring to them.
The Privacy Act permits a departure from the information handling requirements to justify doctors disclosing genetic information in order to avoid serious risks to the patient’s blood relatives (Australian Privacy Principle 6.2(c)). This might justify warning relatives that a patient has a genetic condition if the patient will not warn them.
The section of the Australian Medical Association’s Code of Ethics that deals with confidentiality states:
Maintain your patient’s confidentiality. Exceptions to this must be taken very seriously. They may include where there is a serious risk to the patient or another person, where required by law, where part of approved research, or where there are overwhelming societal issues.
This may justify a doctor breaching confidentiality in the ‘public interest’ in order to protect third parties (such as warning the sexual or needle-sharing partner of an HIV positive patient), but does not impose an obligation to warn them. The Code of Ethics does not have the same legal validity as A law made by parliament, either state or Commonwealth. Also called an Act, and Act of parliament or legislation. or common law, but it is an indication of accepted medical practice that would provide some (1) A defendant’s response to the legal claims made against them in court by a prosecutor or plaintiff. (2) A lawful excuse for conduct: for example, causing minor injuries to someone while saving them from certain death. (3) ‘The defence’ is also a way of referring to the defendant and their legal team. to a doctor who breached confidentiality in good faith to avoid harm to a third party.
However, the law is unclear in this area; it may equally be found that a doctor is liable for having made an unauthorised disclosure to a third party.