Health records: Confidentiality, privacy and access

by The FindLaw Team

We here at FindLaw aren’t probably stating anything too controversial when we say that most of us are probably quite sensitive when it comes to information relating to any aspect of our mental and physical well being, especially when it’s in regards to access of our health and medical records. So accordingly, notions of ‘confidentiality’ and ‘privacy’ will be of utmost importance, however, we should point out that while most of us would deem the terms as interchangeable, there are differences which exist when talking about our personal health records. Furthermore, the rights associated with access to our own health records are also limited in ways that would be surprising to many of us.

What is a health record?

Before delving deeper into a wider exploration of the laws surrounding health records, it would be useful for us to outline what exactly is meant by the term ‘health record’. Broadly speaking, a health record is the material form of health information that relates to us, and although some jurisdictions do not explicitly define what ‘health record’ means, we can turn to s 3 of the Health Records Act 2000 (Vic) which states that ‘health information’ can be information or an opinion about:

  • any physical, mental or psychological information about a person;
  • a person’s disability;
  • a person’s expressed wishes regarding future provisions of health services;
  • health services that have been provided, or are to be provided to a person;
  • other personal information collected to provide, or in providing, a health service;
  • personal information collected in connection with a donation, or intended donation of a person’s body parts, organs or body substances;
  • genetic information that is predictive of a person’s genetic status.

If you’re thinking to yourself that the categories of health information are rather broad, you’d be correct, because health information can include details associated with a person’s weight, eating or exercise habits, as well as post mortem reports in relation to a deceased person.

What is the difference between ‘confidentiality’ and ‘privacy’ when it comes to health records?

The difference between the two terms is that confidentiality relates to an ethical duty, whilst privacy is a common law or statutory right, which is reflected via legislative instruments such as the Privacy Act 1988 and the National Privacy Principles (NPP).

Confidentiality and health records

Most of us will probably be familiar with the Hippocratic Oath which formed part of the Hippocratic Corpus that was developed in Classical Greece. The Oath obliged medical students to keep any information they were privy to in the course of treatment of a patient to themselves – including medical records – and the Oath also further mandated that doctors not disclose information outside of their medical activities in relation to their patients.

The notion of confidentiality allows a patient to disclose information of a personal nature that they may be uncomfortable in revealing if such a duty did not exist, and furthermore, the duty in turn protects the health of the patient, and potentially, the wider community.

In a modern Australian context, medical confidentiality is enshrined within the Australian Medical Association (AMA) Code of Ethics (the Code). However, we should highlight that the Code also outlines a broad list of exceptions; which includes divulging information if there is a serious risk to the patient or another person, disclosure required under the law, and instances where confidentiality is superseded by overwhelming societal interests.

Privacy and health records

Privacy as a concept, is wider than the duty of confidentiality because privacy protects, and extends further to information that may not always be viewed as confidential, nor does privacy depend on the existence of a relationship where confidentiality will be reposed.

Naturally, information related to a person’s health can be an area of great sensitivity, so as a consequence, it is granted a special status within privacy legislation with a number of mechanisms used in the protection of such information.

The general aim of such laws is to restrict and prohibit disclosure of private information – subject to the various exemptions.

Access to health records

The common law has by and large not recognised a right to access our health records, however, the development of legislative instruments do provide for a right of access, but not ownership of our records.

Many jurisdictions also allows a person to correct information that may be “inaccurate, out of date, irrelevant, incomplete or misleading” as is the case in s 33(d) of the Health Records and Information Privacy Act 2002 (NSW), and that if the information is incomplete or out of date, then a person can submit a request for amendments to ensure that the information will be complete, or up to date (s 33(e) of the NSW Act) to a private sector person, body corporate, trust or any other unincorporated association or body.

It’s amazing to think that on some level our health records aren’t ‘ours’, and if you do have any issue or concerns regarding a health matter, please consult a legal practitioner who will be able to assist.


We welcome your feedback

Hi there! We want to make this site as good as it can for you, the user. Please tell us what you would like to do differently and we will do our best to accommodate!

Protected by FormShield

We've updated our Privacy Statement, before you continue. please read our new Privacy Statement and familiarise yourself with the terms.