Best Practices While Disclosing Patient Information

When are you able to disclose patient information?

Medical practitioners are in possession of patients’ private and confidential information, and at times are required to disclose this data.  There are ethical and legal responsibilities when sharing this information to a third party.  

Below we outline the difference for each type of request within a healthcare practice environment in New Zealand.  This is not intended as legal advice, but a guideline on some key, best practices when involving the release of patient information.

Disclosure of information in the following scenarios

With permission:

Patient information which directly relates to the individual can be disclosed, only if permission is given by the individual. This includes any information which can identify that person, their medical history, and contact details. Exceptions to this rule are covered below.

Without permission:

Anonymised data such as statistical information which has no trace to any individual can be given without consultation.

Patient has vetoed permission:

When a patient has refused for their details to be shared, it is the health practitioner’s responsibility to follow ‘Good Medical Practice’ and respect the wishes of that individual.

Hospitals:

Hospitals are able to disclose basic information such as the patient’s presence, location, and condition.  Anyone is able to make this request so long as the patient has not vetoed the disclosure

What permission is needed?

Requests for healthcare information can come from many sources. Find out who has access, and when the law allows for disclosure without the patient’s expressed consent.

Individuals:

When the patient is made aware when providing their details that it will be passed on to a third party, a request will therefore have no barriers.

Individuals have a right to their own information, with the following exclusions.  

  • Information that could cause harm or prejudice to mental and physical health. 
  • When the information may disclose another person’s affairs.

Family:

Parents or legal guardians are representatives of children up to 16 years of age.  After 16 years old, the parent or guardian has no special rights to information based on this status alone. However, a principle caregiver, relative or representative is able to receive disclosed information about a patient if the medical practitioner sees it sits within recognised professional practice.

Here is more information on the limitations of acting as a representative over an individual’s information:  Section 22F (Amended 01 AUG 2019) of the Health Act. 

Other clinicians:

In emergency situations, patient transfers and referrals, require medical information to be shared between health practitioners. Providers of health services are legally able to obtain the information required unless the holder of information believes it is against the individual’s wishes.

Threat to patient’s safety:

When patient information is required to prevent a serious health or safety threat, then the individual’s expressed permission is not required. This information can only be provided to a person able to alleviate the situation.

Government agencies:

Some government agencies have the power to obtain information. Requests should be within the scope of that agency’s powers. The statutory function of that agency must be the purpose of the request. See Section 22C(Amended 01 AUG 2019) as a reference for dealing with these type of enquiries.

"Think I.T. have looked after our computing needs since the year 2000. Solutions have been recommended and implemented to match our changing needs. We are supported with efficiency and a high level of expertise, allowing us to focus on our business backed up by solid and reliable technology."

Ben Seymour
Allpress Espresso
30-50 users, Think I.T. client since 2000

News

SCAM ALERT: COVID-19 Maps Used to Deploy Malware and Scrape Credentials

Scam linked to COVID-19 infographic map used to invade your computer and steal your data. Recently Cybersecurity company Reason labs released a threat analysis report, detailing a new attack that takes advantage of internet users’ increased appetite for information about the novel coronavirus, COVID-19, that has now been categorised as a pandemic worldwide. This...  more...