🗒 Privacy and Confidentiality

Reading time:

Key messages:

  • Remember the ethical principal and your Hippocratic Oath concerning confidentiality
  • AHPRAs code of conduct state patient information is confidential.  You should only release with patient consent or required by law or public interest
  • Commonwealth privacy legislation provides 13 Australian Privacy Principles (APPs)
  • You should maintain a compliant privacy policy and document your privacy practices/procedures.
  • There are penalties and investigative powers for serious breaches of privacy
  • Note also your State privacy legislation

Exceptions where patient confidentiality and privacy can be breached

Law enforcement requests

Do not provide medical information to Police or the like unless you have the patient’s consent or there is a warrant, subpoena or court order.

Public health laws

There are various State/Territory legislation around reporting infectious diseases, STDs, AIDS, BAC, fitness to drive, child abuse, drug dependent patients, requiring release of health information etc.  Always check with your local State/Territory Health Department for specific details.

Where there is a threat to health or life, health information can be released to reduce/avoid a serious and imminent threat.eg HIV infected person is irresponsibly placing others at risk or seriously ill patient is a risk to his/herself.

Request for health information from all other authorities

You may receive request for health information from solicitors, insurers, Government Departments and the like.

Ensure you have the patient consent before releasing the information. The patient authority should be signed and contemporaneous. Release only what information is requested.

Family disputes

These can be awkward and involve various requests for information and treatment.

As a general rule either parent is entitled to direct treatment or to a child’s health information unless this poses a threat to a child or is precluded by a court order.

Authorised representative access to health information

People, other than patients, can, with the proper authority, access your patients’ health information. For example, parents/guardians of minors, the patient’s lawyer or a legally appointed representative or an authority. 

The important factor is a good medical reason for accessing these records and you have to make sure that the proper consent processes have been completed. 

Remember - always sight and get a copy of the authorising document which should contain the patient’s signature and be recently dated. Keep this document on your file.

Dealing with law enforcement

Do not provide medical information to police or other similar entities unless:

  1. You have the patient’s consent/permission
  2. There is a search warrant, subpoena or other court order

A warrant, subpoena or court order is a forced disclosure defence to breaking your patient confidentiality.

Definitions to note:

  • Search warrant a court order to search for and take possession of evidence.
  • Subpoena – a court order requiring a person or entity to attend court to give evidence or supply information to the court.

After someone is assaulted, and police ask the ED doctor what are the injuries? What should ED doctors do?

  1. Ask for any request in writing 
  2. Provide a factual account of the injuries sustained and refer to the records
  3. Don’t provide opinion or reach conclusions about how the injury may have occurred
  4. If you are providing a written response reach out to your MDO for review before submitting

How long do you keep health records?

  • You must maintain health records throughout the period of ongoing care of that patient to ensure the best practice appropriate care. Health records are the best evidence of your clinical practice.
  • Following cessation of care or your practice, records should be kept for an additional period:
    • For adults, at least a further 7 years
    • For children, at least to age 25
  • Please note this also includes records of deceased patients.
  • There may be times when longer retention of the records may be required and useful. For example: when you are aware of a Medical Board investigation, as there is no time limit stipulated by AHPRA for Board investigation.


Medical Board code of conduct and other policies and guides  (similar to Dental Board) 


Australian Privacy Principles


State/Territory Privacy legislation


Back to top