60.1 In 2004, the Australian Government Department of Health and Ageing (DOHA) stated that:

Privacy is a fundamental principle underpinning quality health care. Without an assurance that personal health information will remain private, people may not seek the health care they need which may in turn increase the risks to their own health and the health of others. Indeed consumers regard health information as different to other types of information and consider it to be deeply personal.[1]

60.2 The personal health information of health consumers was traditionally protected by the ethical and legal duties of confidentiality. These duties are owed by health service providers—such as doctors, dentists, nurses, physiotherapists and pharmacists—to health consumers and prevent the use of personal health information for a purpose that is inconsistent with the purpose for which the information was provided. A legal duty of confidentiality may arise in equity, at common law, or under contract. In addition, health service providers are often subject to confidentiality provisions in professional codes of conduct[2] and, if they are employed in the public sector, may be subject to legislative secrecy provisions.

60.3 Duties of confidentiality recognise the dignity and autonomy of the individual,[3] as well as the public interest in fostering a relationship of trust between health service providers and health consumers to ensure both individual and public health outcomes.[4] Such duties are not absolute and there are circumstances in which the law permits, and sometimes requires, the disclosure of confidential personal health information.[5]

60.4 Where legislation establishes health agencies or provides the basis for health-related functions to be carried out, officers of those agencies and others performing functions under the legislation frequently are subject to secrecy provisions that prohibit them from disclosing personal information about third parties except in the course of their duties.[6] There is also a range of disease-specific legislation that may include provisions intended to protect individuals’ health information. For example, legislation dealing with HIV/AIDS generally requires the use of codes to link test results with individuals rather than including personal details on test request forms.[7]

60.5 More recently, privacy legislation has been introduced in a number of Australian jurisdictions specifically to regulate the handling of personal health information.[8] An overview of privacy regulation in the states and territories, including health privacy regulation, is provided in Chapter 2. Health service providers continue to be subject to secrecy provisions and duties of confidentiality. Although the regimes exist side by side, Marilyn McMahon has suggested that:

In practice the less costly, more ‘user friendly’ complaint procedures offered under the privacy regimes may in fact mean that they increasingly ‘cover the field’ and that the traditional, common law remedies for protecting confidentiality become archaic.[9]

60.6 In its submission to ALRC Issues Paper 31, Review of Privacy (IP 31),[10] DOHA noted the following changes to health service delivery that may have implications for the way that health information is handled:

There is an increasing focus on coordinated multi-team care through a mix of public and private providers. In delivering healthcare services in this environment, a large volume of information about individuals moves frequently between the public and private sectors, and across State and Territory boundaries. To provide an indication of the volume and frequency of these communications, there were 4.2 million in-patient discharges from public hospitals in 2003/04, with about one-half of these being on the ‘same-day’. A number of information exchanges between providers in the public and private sectors may have been associated with each of these discharges, including for referral, discharge or enquiry with a patient’s GP, and with contracted pathology or radiology diagnostic services.[11]

60.7 Technology is developing to help deal with these challenges. DOHA went on to note that:

Australia is on the threshold of major developments in national e-health systems and the use of telehealth services. The aim of these systems is to enable health information to be shared more reliably, securely and efficiently between healthcare providers with the aim of delivering safe care and better health outcomes for individuals. The use of these systems will increase the volume and frequency of communications and may mean the individual whom the information concerns is located in a different State or Territory to the holder of the information. New work systems and practices will emerge as e-health systems are developed and implemented, and the use of telehealth services expand.[12]

60.8 In this and the following chapters, the ALRC considers how to meet these challenges, while ensuring that individuals’ health information is handled appropriately. In Chapter 61, the ALRC examines developments in electronic health records systems. This chapter considers the need for greater national consistency in health privacy regulation. This issue is closely related to the discussion of national consistency in privacy regulation more generally in Chapter 3.

[1] Australian Government Department of Health and Ageing, Submission to the Office of the Privacy Commissioner Review of the Private Sector Provisions of the Privacy Act 1988, December 2004.

[2] See, eg, Australian Medical Association, Code of Ethics (2004), s 1.1(l). Confidentiality is also discussed in Chs 8, 15 and 16.

[3] M McMahon, ‘Re-thinking Confidentiality’ in I Freckelton and K Petersen (eds), Disputes & Dilemmas in Health Law (2006) 563, 579.

[4] P Finn, ‘Confidentiality and the “Public Interest”’ (1984) 58 Australian Law Journal 497, 502.

[5] See, eg, Public Health Act 1991 (NSW) s 14; Health Act 1958 (Vic) s 138 in relation to notifiable diseases. See also the discussion of professional confidential relationship privilege in Australian Law Reform Commission, New South Wales Law Reform Commission and Victorian Law Reform Commission, Uniform Evidence Law, ALRC 102 (2005), [15.3]–[15.14], [15.31]–[15.44].

[6] See, eg, National Health Act 1953 (Cth) s 135A; Health Insurance Act 1973 (Cth) s 130; Health Administration Act 1982 (NSW) s 22; Health Services Act 1988 (Vic) s 141.

[7] R Magnusson, ‘Australian HIV/AIDS Legislation: A Review for Doctors’ (1996) 26 Australian & New Zealand Journal of Medicine 396.

[8]Privacy Act 1988 (Cth); Health Records and Information Privacy Act 2002 (NSW); Health Records Act 2001 (Vic); Personal Information Protection Act 2004 (Tas); Health Records (Privacy and Access) Act 1997 (ACT); Information Act 2002 (NT).

[9] M McMahon, ‘Re-thinking Confidentiality’ in I Freckelton and K Petersen (eds), Disputes & Dilemmas in Health Law (2006) 563, 583.

[10] Australian Law Reform Commission, Review of Privacy, IP 31 (2006).

[11] Australian Government Department of Health and Ageing, Submission PR 273, 30 March 2007.

[12] Ibid.