Sharing patients’ private information – know your obligations

May 12, 2017

The changing privacy laws and mandatory data breach notification have brought healthcare information sharing into the spotlight recently.

Healthcare professionals and their practice staff are responsible for looking after some of the most sensitive information about patients. This extends beyond medical records to clinical images and discussions in consultations. Doctors and other employees need to understand their privacy obligations in an ever-more connected world.

Receptionist’s phone call causes relationship breakdown

An Avant member performed a vasectomy on a male patient who was married. The patient was advised to have a sperm test sometime after the procedure to check that it has been successful, and to use contraceptive measures until advised of the results.

He had the test at the appropriate time and the result came back indicating the procedure had been successful. Our member asked his receptionist to call the patient and advise that the procedure had been successful and the patient could stop using contraceptive measures.

The receptionist rang the nominated number and it was answered by the patient’s wife. The receptionist thought that it would be OK to pass the message on to the wife considering the close relationship she was in with the patient. Unfortunately this caused a massive relationship break down between the patient and his wife as she’d had a hysterectomy two years before he had the vasectomy. She wanted to know why he felt the need to have a contraceptive procedure such as a vasectomy. This led to the revelation that he’d had an affair and naturally he was very unhappy about the result being disclosed to his wife.

Privacy obligations

Doctors and practice staff need to be aware of their privacy obligations and should consider the following before disclosing sensitive information:

  • Every new patient should be asked to sign a consent form which nominates another person that the practice can pass information to in the event that the patient can’t be contacted. This should stipulate that any information to be passed on to the identified person will be limited to the need for the patient to speak to the doctor. If the situation is urgent some more information may be shared, but only to enable the contact person to understand the general details of the urgency.
  • Ensure that you have the correct mobile number of the patient and confirm their name before relaying any sensitive clinical information. If you leave a message, it should simply request that the patient contact the practice, as well as indicate (where appropriate) the level of urgency.
  • Check whether telephone conversations being conducted by staff can be heard by patients at the reception desk or while waiting to see a medical practitioner. If so, strategies must be implemented to ensure that patients do not become aware of other patients health information as a result of overhearing telephone conversations. Similar considerations apply to conversations which practice staff have with patients at the reception desk.
  • It is inappropriate for practice staff to triage patients where discussions may be overheard by other patients.
  • Clinical records, whether in storage, or waiting the attention of a medical practitioner, must not be in the view of patients attending the practice.
  • Care must be taken to site computer screens so that they cannot be viewed by patients attending the practice.

If in doubt, visit our Medico-legal Advisory Service page, or call 1800 228 268 in emergencies.

More information

For more information read our news article Are you ready? Mandatory data breach notification.

Share your view

We welcome your feedback on this article – email the Editor at: