Best Practices While Disclosing Patient Information
When are you able to disclose patient information?
Below we outline the difference for each type of request within a healthcare practice environment in New Zealand. This is not intended as legal advice, but a guideline on some key, best practices when involving the release of patient information.
When are you able to disclose patient information?
Medical practitioners are in possession of patients’ private and confidential information, and at times are required to disclose this data. There are ethical and legal responsibilities when sharing this information to a third party.
Below we outline the difference for each type of request within a healthcare practice environment in New Zealand. This is not intended as legal advice, but a guideline on some key, best practices when involving the release of patient information.
Disclosure of information in the following scenarios
With permission:
Patient information which directly relates to the individual can be disclosed, only if permission is given by the individual. This includes any information which can identify that person, their medical history, and contact details. Exceptions to this rule are covered below.
Without permission:
Anonymised data such as statistical information which has no trace to any individual can be given without consultation.
Patient has vetoed permission:
When a patient has refused for their details to be shared, it is the health practitioner’s responsibility to follow ‘Good Medical Practice’ and respect the wishes of that individual.
Hospitals:
Hospitals are able to disclose basic information such as the patient’s presence, location, and condition. Anyone can make this request so long as the patient has not vetoed the disclosure.
What permission is needed?
Requests for healthcare information can come from many sources. Find out who has access, and when the law allows for disclosure without the patient’s expressed consent.
Individuals:
When the patient is made aware when providing their details that it will be passed on to a third party, a request will therefore have no barriers.
Individuals have a right to their own information, with the following exclusions.
Information that could cause harm or prejudice to mental and physical health.
When the information may disclose another person’s affairs.
Family:
Parents or legal guardians are representatives of children up to 16 years of age. After 16 years old, the parent or guardian has no special rights to information based on this status alone. However, a principal caregiver, relative or representative is able to receive disclosed information about a patient if the medical practitioner sees it sits within recognised professional practice.
Here is more information on the limitations of acting as a representative over an individual’s information: Section 22F of the Health Act.
Other clinicians:
In emergency situations, patient transfers and referrals, require medical information to be shared between health practitioners. Providers of health services are legally able to obtain the information required unless the holder of information believes it is against the individual’s wishes.
Threat to patient’s safety:
When patient information is required to prevent a serious health or safety threat, then the individual’s expressed permission is not required. This information can only be provided to a person able to alleviate the situation.
Government agencies:
Some government agencies have the power to obtain information. Requests should be within the scope of that agency’s powers. The statutory function of that agency must be the purpose of the request. See Section 22C as a reference for dealing with these types of enquiries.
