Chapter 3 Section G: Confidentiality and privacy
Long before there was a specific Act of Parliament about privacy, there was a legal and ethical principle that records kept by health care professionals should be kept confidential.
There have always been exceptions to this principle, in particular when a party to a legal case in court asks through the court process for another person or organisation to produce medical records that are relevant to the court case (‘issues a subpoena’).
A failure to keep health records confidential may be a breach of confidentiality. It may also be a breach of specific privacy laws.
This section deals with:
If you think a health care practitioner or a health care provider has breached the confidentiality of your health records or of any discussions you have had with them as part of your treatment and care, you can complain to the Health Care Complaints Commission.
You may, particularly if you suffer financial loss as a result of breach of confidentiality, also be able to take legal action in court for breach of confidentiality. The law is developing in this area, and there have been calls for new laws to give individuals a right to take legal action for breach of privacy.
Breach of confidentiality of patient records is usually dealt with as part of the disciplinary process for health care professionals such as doctors, dentists and pharmacists.
To find out more about where to get advice about your options to complain about a breach of confidentiality in relation to your health care, click here.
In Australia, there are specific pieces of legislation ('Acts' made by parliaments) that protect the privacy of personal information.
Generally speaking, Australian privacy laws are about how your personal information may be handled. For example, the Privacy Act 1988 (Cth), which applies across Australia, covers:
- when and how your personal information is allowed to be collected, for example, the personal information you provide when you fill in a form;
- how it can then be used and disclosed;
- how its accuracy is to be maintained;
- how securely it is to be kept;
- how long it can be kept;
- your general right to access that information and correct any errors.
These are set out in privacy principles.
Since 2001, the Privacy Act 1988 (Cth) has applied to the private sector as well as the public sector and in particular to health information, which includes medical and hospital records. The NSW Parliament has also passed a law that applies to health information in both the private and public health care sector in NSW, this is the Health Records and Information Privacy Act 2002 (NSW).
This Act applies to health information, which is considered 'sensitive information' and which requires extra protection under privacy law.
The Privacy Act 1988 (Cth) includes Australian Privacy Principles that apply to the Federal Government and some private sector agencies.
In NSW there is also a set of Health Privacy Principles that form part of privacy law. These principles are not rigid but if you think a person or an organisation has not followed them, then you can complain either to the Commonwealth Privacy Commissioner or to the Information and Privacy Commission NSW.
If you think a health care provider has breached privacy principles in relation to your personal health information, you can complain. To find out more about privacy complaints, click here
- The legal and other information contained in this Section is up to date to 30 January 2015.
- This Manual only refers to the law and practices applying to the Australian state of New South Wales (NSW) - unless it states otherwise.
- MHCC does not guarantee the accuracy nor is responsible for the content or the currency of the content of external documents and websites linked to this Manual.