New privacy guidance for private health sector
14 March 2008The Australian Privacy Commissioner, Karen Curtis, this week issued new guidance materials to clarify the permissibility of certain practices for private health service providers.
The guidance materials were developed following consultations with representatives from the health, consumer and privacy sectors. The commissioner stated that the materials are intended to dispel some myths regarding privacy law.
Key topics covered by the guidance materials are outlined below:
Fees for patient access to medical records
The Privacy Act 1988 (Cth) (Privacy Act) allows patients to access their private sector medical records upon request, subject to some exceptions. Health service providers are allowed to charge fees for patient access to medical records. The guidance materials recognised that providing access to medical records should not unreasonably burden health service providers, however fees should not prevent patients in financial hardship from accessing their medical records.
When charging for access to medical records:
- the fee charged must not be excessive
- it is not permissible to charge a fee for lodging a request to access records
- the information accessed and the likely fees should be discussed with the patient before providing access
- outstanding bills should not be included in the access fee
- the cost of legal or third party advice in relation to the access request generally should not be passed on to the patient, and
- the patient’s capacity to pay should be considered and a reduced rate provided where appropriate.
Disclosure of patient information
Patient medical information may be used and disclosed for the primary purpose for which it was collected, for example, to diagnose and treat a medical condition. In addition, health information may be disclosed where the patient gives consent or for a purpose directly related to the primary purpose, such as the patient’s care and wellbeing. This means medical information may be disclosed without patient consent:
- to the medical team involved in treatment (for example, a specialist, nurse or anaesthetist), and
- for the management, funding or monitoring of the health service
if the patient would reasonably expect disclosure to occur.
The patient’s expectations regarding the use of their medical information can be managed through effective communication by the health service provider.
Disclosure for the management, funding or monitoring of the health service includes disclosure for:
- reporting and discussing hospital accidents
- health service accreditation, and
- planning how to best provide care or administer the health service.
Disclosure without consent may not occur for the purposes of:
- direct marketing or fundraising
- training, unless the training forms part of the patient’s treatment, or
- medical research.
Disclosure of the medical information of incapacitated patients
Some disclosure of the health information of an incapacitated patient to a family member or responsible person for care or compassionate reasons is permitted. The disclosure is not required by the Privacy Act unless there is a valid request for information by the patient’s legal representative. Information may be disclosed to the patient’s partner, parents, adult children, emergency contact, a relative who lives with the patient, or someone with a health-related ‘enduring power of attorney’. Allowable disclosure is limited to information necessary for care or compassionate reasons. Information should not be disclosed if against the patient’s known wishes.
For further information, see Information Sheets 21-25 on the Office of the Federal Privacy Commissioner website.
This article was written by Kaman Tsoi, Senior Associate, and Carol Burnton, Articled Clerk, of the Melbourne Corporate group.
For more information please contact
Title : Partner
Office : Melbourne
Phone : +61 3 9288 1581
Fax : +61 3 9288 1567
Email : irene.zeitler@freehills.com
