b positive-chapter 12

7/31/2019 b Positive-chapter 12

1/6

90 B Positive all you wanted to know about hepatitis B: a guide for primary care providers

PRIVACY, CONFIDENTIALITY

AND OTHER LEGALRESPONSIBILITIESSally Cameron Australian Federation o AIDS Organisations, NSW.

Why is privacy and

condentiality important?The Australian Medical Association (AMA) Codeo Ethics requires medical practitioners tomaintain a patients condentiality. Exceptions

Note:This chapter reers to a number o key Australian laws and policies relating to privacy, condentiality andduty o care, and includes a summary o signicant legal cases. Although addressing some important questions,this inormation does not constitute legal advice. In some instances, legislation has been summarised. Practitionersaced with uncertainty in this area are strongly advised to contact their local health department, or the applicableprivacy ofce and they ahould seek independent legal advice.

This chapter has been adapted rom:Australasian Society or HIV Medicine (ASHM). Australasian Contact Tracing Manual. Edition 3 2006. Canberra:Commonwealth o Australia, 2006: 48-51.Available at: http://www.ashm.org.au/contact-tracing/

Links to: Chapter 11: Inection control and occupational health

12

Many people are extremely sensitive about the collection and use o inormation related to theirhealth and health-related treatment.

Health care practitioners should generally only collect health inormation about a patient withthat patients inormed consent, and should advise the patient o the potential uses o thatinormation.

Health care practitioners should have sophisticated systems in place governing the storage andaccess to health inormation records, including physical and technological security controls, andsta training. This is particularly important or those venues where multi-disciplinary care bydierent treating practitioners and allied sta may occur.

The Privacy Act 1988 (Commonwealth) (subsequently reerred to as the Privacy Act) is the primarypiece o legislation governing the privacy o health care inormation in Australia. State andTerritory governments also have laws and regulations aecting privacy practices, which may

intersect or overlap with the Privacy Act. Health care practitioners must make themselves aware otheir privacy and condentiality obligations in their respective situations.

Hepatitis B virus inection is a notiable disease in every Australian State and Territory. Noticationdoes not legally breach a patients right to privacy, although patients should be inormed thatnotication will occur.

In Australia, it is illegal to discriminate against a person on the basis o their perceived hepatitis Bvirus inection or their perceived human immunodeciency virus (HIV) inection.

KEY POINTS

to this must be taken very seriously. They mayinclude where there is a serious risk to thepatient or another person, where required by

law, or where there are overwhelming societalinterests.


2/6

B Positive all you wanted to know about hepatitis B: a guide for primary care providers 91

In Australia, the protection o health-relatedinormation has attracted special treatment,partly as a response to many peopleconsidering health inormation to be extremelysensitive. This point cannot be overemphasised.Most enquiries to the Oce o the Privacy

Commissioner are rom the health sector, andthe health sector is second only to the nancesector in the number o complaints received.

While the terms privacy and condentialityare commonly used interchangeably, they arenot identical concepts. Privacy laws regulatethe handling o personal inormation (includinghealth inormation) through enorceableprivacy principles. On the other hand, the legal

duty o condentiality obliges health carepractitioners to protect their patients againstthe inappropriate disclosure o personal(health) inormation.

It is important to maintain privacy andcondentiality because: Patients are concerned about the stigma and

discrimination associated with their hepatitisB virus (HBV) status and related conditions

Patients want to know that they can choose

who has access to inormation about them Patients are ar more likely to seek medical

care and give ull and honest accounts otheir symptoms i they eel comortable,respected and secure

A health system with strong privacymechanisms will promote public condenceand trust in health care services generally.

Legal requirements

There are no nationally agreed laws orguidelines specically relating to the diagnosis,treatment and tracing o contacts o patientswith HBV or other notiable diseases. AustralianStates and Territories have approached theissue dierently. Some jurisdictions have goneto great lengths to develop specic, targetedlaws and policies, while others have reliedon more generic laws and processes. (Pleasereer to the ASHM Viral Hepatitis Models oCare database available on the ASHM websiteat www.ashm.org.au/hbv-moc/). However,issues relating to the management o privacyin the health sector are usually covered by the

Privacy Act, which applies to all private sectororganisations that provide health services andhold health inormation. In summary, a healthservice can be broadly dened as including anyactivity that involves: Assessing, recording, maintaining or

improving a persons health; or Diagnosing or treating a persons illness or

disability; or Dispensing a prescription drug or a medicinal

preparation by a pharmacist.

Consequently, health services includetraditional health service providers, such asprivate hospitals and day surgeries, medicalpractitioners, pharmacists and allied health

proessionals, as well as complementarytherapists, gyms, weight loss clinics and manyothers.

In general terms, the Privacy Act covers allthose in the health sector (such as medicalpractitioners, nurses, administrators, trainersand cleaners) not directly employed by Stateor Territory governments (as they are usuallycovered by State laws). Further inormationon the jurisdiction o the Act is available at

http://www.privacy.gov.au/publications/hg_01.html#a2.

The Privacy Act contains 10 National PrivacyPrinciples (NPPs) (available at http://www.privacy.gov.au/publications/npps01.html),which govern the minimum privacy standardsor handling personal inormation. Some NPPsstate that health service proessionals mustmeet certain obligations, while other NPPs

require that they take reasonable steps tomeet stated obligations. Practitioners shouldamiliarise themselves with the National PrivacyPrinciples (which are legally binding), and seekadvice i necessary.

The dierent layers o Federal, State andTerritory laws and regulations do, in someinstances, complicate privacy obligations. Inmost cases, the privacy protections requiredby Commonwealth and State or Territory

privacy laws are similar. Under the AustralianConstitution, when a State/Territory law isinconsistent with a Commonwealth law, the


3/6


Commonwealth law prevails. Consequently,across Australia, all private sector health serviceproviders are required to comply with theprovisions o the Commonwealth Privacy Actas well as any State/Territory laws.

In NSW, or example, State privacy legislation(the Health Records and Information Privacy

Act 2002) applies to public sector, and privatesector health care providers and holders ohealth records located in NSW. Consequently,private sector health service providers mustcomply with two sets o privacy legislation(Federal and NSW), which are largely, but notwholly, compatible. The two sets o legislationimpose similar obligations on private health

care providers. However, it could be argued thatthe NSW legislation has a higher compliancethreshold, so that i a health care practitionercomplies with the NSW Health Records andInformation Privacy Act, they will generally alsocomply with the Federal Act (although the twosets o legislation have dierent enorcementregimes).

Most States now have laws severely restrictingthe transer o inormation in the health sector,

and in some States, breaches o condentialityamount to a criminal oence. In addition tothese intersecting laws, many States also havemultiple layers o regulation. For example,Queensland Healths Privacy Plan points outthat in addition to any relevant Commonwealthand Queensland laws, Queensland Healthhas developed a number o policies related tothe management o inormation at CorporateOce, Directorate, District, acility and unit

levels.

A brie overview o State and Territory privacylaws (and their intersection with the FederalPrivacy Act) is provided by The Oce o thePrivacy Commissioner at http://www.privacy.gov.au/privacy_rights/laws/index.html#1, butor those wishing to seek specic advice (not tobe conused with legal advice), the ollowingagencies can be contacted:

All States obligations under the Privacy Act1988 (Commonwealth)

The Ofce o the Privacy CommissionerTel: 1300 363 992Email: [email protected]

State and Territory specifc obligations Australian Capital Territory

The Oce o the Privacy CommissionerTel: 1300 363 992Email: [email protected]

New South WalesPrivacy NSW (Oce o the NSW PrivacyCommissioner)

Tel: (02) 8688 8585

Email: [email protected]

Northern TerritoryThe Centre or Disease ControlTel: (08) 8922 8044

The Department o Health and CommunityServicesTel: (08) 8922 7049Email: [email protected].

QueenslandQueensland HealthTel: (07) 3235 9051Email: [email protected]

South AustraliaThe Privacy Committee o South AustraliaTel: (08) 8204 8786Email: [email protected]

TasmaniaThe Oce o the Ombudsman

Tel: 1800 001 170Email: [email protected]

VictoriaThe Oce o the Health ServicesCommissionerTel: 1800 136 066Email: [email protected]

Western AustraliaThe Oce o the Inormation Commissioner

Tel: 1800 621 244Email: [email protected]

12Privacy, condentiality and other legal responsibilities


4/6


Privacy issuesThere are a number o broad privacy-relatedissues that ace general practitioners and otherprimary health care providers. These include:

Collecting inormationNormally, general practitioners should onlycollect health inormation about patients withtheir consent. It is usually reasonable to assumethat consent is implied i the inormation isnoted rom details provided by the patientduring a consultation, as long as it is clear thatthe patient understands what inormation isbeing recorded and why. It is also vital to ensurethat record keeping is thorough and accurate:both to ensure the best-possible ongoing

treatment o a patient and, in the worst-casescenario, to be used as deence i a case is madeagainst a treating doctor.

Ensuring consent is inormedAll medical procedures require inormedconsent. Given that the consequences o beingtested may be substantial, it is important torealise that, while running tests may be standardor the health care practitioner, receiving theresults may be anything but routine or the

patient. The provision o inormation shouldallow the health care practitioner to discussthe risks and benets to the patient in theirparticular situation, thereby acilitating theirdecision-making process.

Advising usePatients are not able to consent to the use otheir inormation i they are unclear wherethe inormation will go and why. I possible,patients should be advised o the use o their

inormation when it is collected, which can occurthrough usual communication during a regularconsultation. This point also relates to instanceswhen personal inormation cannot be sharedor disclosed. In a recent legal case, a doctorailed to inorm two patients attending a jointconsultation that the results o each personstest could not be disclosed to the other person,and consequently ailed to seek either theirunderstanding o that situation or their consentor their test results to be shared. Please reer toASHM Viral Hepatitis Models o Care Models oCare database or a summary o relevant caselaw (available at www.ashm.org.au/hvb-moc/).

NoticationIt might be argued that reporting details o a

patients health status involves breaching his

or her privacy, however, this practice is legal

because there is no absolute right to privacy

under Australian or international law. The

Privacy Act provides exceptions to privacy

where use or disclosure is required by law. In

developing Australian privacy laws, the right

to individual privacy has been weighed against

the rights o others and against matters that

benet society as a whole.

HBV is a notiable disease in all Australian

States and Territories. Legal obligations around

notication are mandated by State laws, which

dene a doctors duty to notiy the respectiveHealth Department o a notiable disease. In

NSW, or example, the Public Health Act 1991

requires doctors to notiy their local Public

Health Unit by phone or mail o any cases o

acute viral hepatitis. Notications are not to be

made by acsimile, in order to protect patient

condentiality. Doctor and hospital notication

orms are available at http://www.health.nsw.

gov.au/public-health/orms.

Accessing personal recordsPatients are entitled to access their healthrecords, except or a limited number oimportant exceptions outlined under NPP6, or example i the request or access isrivolous or vexatious, or providing accesswould be likely to prejudice an investigationo possible unlawul activity. The ull list o NPP6 exceptions are listed at http://www.privacy.

gov.au/publications/npps01.html#npp6. TheOce o the Privacy Commissioners act sheetrelating to access is available at http://www.privacy.gov.au/publications/IS4_01.html.

Patients, including an index case (originalperson identied with an inection) or acontact, are not entitled to any inormation thatrelates to their contacts identity, behaviour ordiagnosis without that persons consent, eveni that inormation is in the patients records.

Should a patient wish to access their ownrecord, details o the identity o any contactscontained in their record should be deleted.


5/6


Security and storage o health

inormationA range o laws apply to the storage o healthinormation. Health agencies should have inplace: Procedures to give access to inormation

only to those people who are authorised tohave access in order to use or disclose theinormation

Security measures to prevent unauthorisedaccess to the records

Procedures or storing the inormation,where practical, in a way that the identityo the person is not readily apparent romthe ace o the record, e.g. by the use oidentication codes

Procedures or destroying the records thatprotect the privacy o the inormation.

Electronic records pose new challenges. Whilethey oer greater convenience o data retrievaland transer, electronic record systems alsocreate greater risks o data leakage, accessby unauthorised sta and browsing byunauthorised people. Agencies and businesses,including medical practices need to considerthe security o their data storage and transer

systems and the problem o sta intentionallyor inadvertently accessing prohibited electronicrecords. This issue is currently being addressedby the Commonwealth and a number o Statesin the development o their electronic healthrecords systems, and has proven enormouslycomplex to date.

Inormation or teamsMultidisciplinary treating teams are commonpractice in Australian health care. Healthcare practitioners work together and sharenecessary inormation to deliver optimumhealth care. All transers o inormation withoutthe knowledge o the patient require careulethical consideration.

Although the question has not yet been legallytested, private sector health service providersdo not always require a patients consent todisclose specic health inormation to another

member o a multidisciplinary team or a healthcare purpose, as long as the patient wouldreasonably expect that disclosure. Thereore, itis advisable to tell a patient being treated by a

multidisciplinary team how this will aect thehandling o their health inormation. It is alsoadvisable to gain patient consent to avoidrelying on implied consent. Other limitedexceptions under NPP 2 permit disclosurewithout consent in certain circumstances,

including to lessen a serious and imminentthreat to an individuals lie, health or saety; orwhere the disclosure is required or authorisedby law.

There is a need or doctors in group practicesto ormulate clear internal communicationprotocols in order to exercise reasonable care,or example, when communicating test resultsor considering contact tracing issues. Thecross-reerencing o les per se will generallynot breach statutory condentiality becauseresults need to be checked, though inormationshould not be disclosed without explicitpermission. It is vital that all sta are aware otheir obligations and that systems are in placeor protecting patient privacy.

Exemptions to privacy and

condentiality obligationsThe use and disclosure o health inormation

is dened in the Privacy Act under NPP 2(available at http://www.privacy.gov.au/publications/npps01.html#npp2), which statesthat an organisation must not use or disclosepersonal inormation about an individual ora purpose other than the primary purpose ocollection, except or a number o situations,including where an organisation reasonablybelieves that the use or disclosure is necessaryto lessen or prevent a serious and imminentthreat to a persons lie, health or saety, or aserious threat to public health or public saety.

In short, health care workers must not disclosea persons health inormation except in a verylimited number o circumstances. These maygenerally be summarised as: Communicating necessary inormation to

others directly involved in the treatment o apatient during a particular episode o care

Cases o needlestick injury where a

proessional is aware o a patients HBVpositive status, and a health care workerhas been exposed to circumstances wherethere is a real risk o transmission and it is

12Privacy, condentiality and other legal responsibilities


6/6


not possible to conceal the identity o thesource patient who has reused to consent todisclosure

Provision o medical services in a particularinstance o care where there is a need to knowthe patients inection status or treatment

purposes o benet to the patient (e.g. in anemergency or i the patient is unconscious).

This should not, however, detract rom theobservance o standard inection controlprecautions.

It is strongly recommended that practitionersamiliarise themselves with the National PrivacyPrinciples (which are legally binding) andcontact the Oce o the Privacy Commissioneri they wish to clariy the manner in whichthe National Privacy Principles might relateto specic situations. Legal advice should besought rom a legal practitioner.

Contact tracingThe practice o contact tracing raises thequestion o potential confict betweenbreaching a patients privacy andcondentiality, and alerting a third party to theact that they may be at risk o HBV inection.

Although a case on this specic point is yetto be heard in Australia, it seems likely that ahealth practitioner could be ound negligent toa third party i they did not warn the third partythat they were at risk. This potential confictmay be urther complicated by a statutoryobligation to counsel patients regardingsexually transmissible medical conditions.

Fortunately, public health services aordpractitioners expert guidance to resolve

the confict between the duties to maintaincondentiality and privacy, and a possibleduty o care owed to third parties. In instanceswhere practitioners suspect a person maybe putting others at risk, the practitionershould notiy the health department using themethods prescribed by the relevant State or

Territory. Public health authorities then becomeresponsible or making decisions aroundcontact tracing, including the management oprivacy issues. For a more detailed account o

the contact tracing responsibilities o healthcare providers, please consult the AustralasianContact Tracing Manual Ed 3, available at: http://www.ashm.org.au/contact-tracing/ .

Criminal lawThere are two types o criminal oencesassociated with HBV and other blood-borneviruses. The rst relates to the disclosure oinormation regarding a person who has aninection, or is suspected o having HBV or other

blood-borne virus inectionsas discussedabove. There are also laws in every State and

Territory making it an oence to transmit aninection to another person. As with other areaso legislation, specications around denitionand scope dier across jurisdictions. Themajority o these laws are not specic to blood-borne viruses, but instead reer to inectiousdiseases generally; more generic criminaloences, or example, causing grievous bodily

harm, may also be applied.

Anti-discriminationAnti-discrimination provisions exist acrossall Australian States and Territories, makingit illegal to discriminate against people onthe basis o their (perceived) HBV inection.Discrimination is prohibited on the basis odisability or impairment. It is important thathealth care practitioners consider behavioursthey must avoid when testing and managingpeople with HBV. Discrimination on thebasis o disability or impairment includestreating a person less avourably as a resulto their (perceived) disability or impairment.In a health care setting, this may includereusing to see a patient, oering dierent orinappropriate treatment, or placing a patientlast on a consultation or operating list. Asoutlined in Chapter 11: Inection control andoccupational health, standard precautions

ensure a high level o protection against thetransmission o inection in the health caresetting and represent the level o inectioncontrol required in the treatment and care oall patients to prevent transmission o blood-borne inections.

Health care workers with HBV

inectionPlease reer to Chapter 11: Inection control and

occupational health or obligations o healthcare practitioners who perorm exposure proneprocedures.

b positive-chapter 12

Documents