Medical practitioners and health service providers have privacy and confidentiality obligations inherent in their practice and procedure. Current media coverage surrounding the Princess of Wales reinforces the importance of privacy and confidentiality obligations.
An international lens: Kate Middleton
Kate Middleton has dominated global media coverage particularly in recent months, propelling increased public interest in the Princess’ private matters. New claims allege that the Princess’ medical records relating to her January stay in the London Clinic, were improperly accessed by staff, promoting the launch of an investigation.1 A 2021 Care Quality Commission Report on the London Clinic revealed that although patient records were securely stored, access to forms was easy.2
Absent of any explicit mention of the potential breach, the chief executive of the London Clinic, Al Russell, reinforced the importance of patient confidentiality in a press statement. He addressed current systems that monitor the management of patient information, adding that any intentional breach of trust will be met with appropriate investigatory and disciplinary action.
The Information Commissioner’s Office will likely consider the potential criminality of this alleged breach, as obtaining or disclosing personal data without consent is a federal crime.3 Through an international lens, this incident prompts a reflection and a reminder of contemporary domestic legislation and NSW health policies and codes of conduct relating to patient privacy and confidentiality.
Upholding privacy and confidentiality principles
An individual’s right to have their personal information kept private is critical. Moreover, adhering to privacy obligations is fundamental to the ethical and professional practice of medical practitioners.
The Privacy Act 1988 (Privacy Act) contains 13 Australian Privacy Principles, regulating how personal information is collected, stored, utilised, shared, and disclosed.4 Under the Privacy Act, patient medical documents must remain confidential with a few exceptions. However, there are no specific confidentiality laws in Australia and as a result, this issue will be governed by the common law. The preservation of patient confidentiality reinforces public trust in the medical profession, maximising the ability of health professionals in treating patients effectively.5
Zooming in: NSW privacy rules and laws
Exploring privacy issues relating to personal medical information through an international lens highlights the position in NSW. This incident involving Kate Middleton has reiterated the importance of an effective privacy framework that protects individuals and informs them of their rights.
The Health Records and Information Privacy Act 2002 (HRIP Act) outlines the framework of how NSW public agencies and health service providers, manage patient information.6 The 15 Health Privacy Principles are core to the HRIP Act, setting out the legal duties of NSW public and private entities when managing patient medical information. These principles underpin how health information must be collected, kept, used, and disclosed. Moreover, it details an individual’s rights in accessing their health information.7
Further, the NSW Health Code of Conduct sets out the ethical and professional standards required of everyone working for NSW Health. Maintaining the security of confidential and/or sensitive information is contained in this code,8 highlighting the regulation and protection of patient privacy.
NSW Health’s policy on access to health care records,9 reflects the State’s high standards of privacy and security measures. It requires that records should be available at the point of care or the delivery of service and prohibits them from being removed unless prior arrangements have been made with the health organisation. Further, it sets out who has access to health care records, recognising their sensitive nature. It requires that appropriate and diligent care should be taken when handling such records.
Taking a closer look at NSW’s privacy legislation, regulation, and policies in a healthcare context, provides insight into the standards that have been set out by the State. It’s a reminder to medical practitioners and healthcare services, that the privacy of patients is crucial. Moreover, it sets out the implications of any unethical mishandling of patient information.
Conclusion
A surge of interest in Kate Middleton’s health serves as a timely reminder to all health professionals that all patients have a right to confidentiality. Medical professionals are restricted from reviewing patient records, unless there is a clinical need to do so. Hospitals conduct audits, requiring the provision of a response if any breach has been identified. Any breach of patient privacy will be taken seriously by the respective body, and disciplinary action may be taken. Health professionals have a responsibility to uphold patient privacy and confidentiality in order to ensure the protection of individual rights.
Top Tips
- Recognise the scope of your access, ensuring you do not review unauthorised patient records.
- Remember to sign out of any electronic medical record system before you walk away from a computer to ensure improper access to records does not occur.
- For healthcare services, review security measures and staff training related to privacy rules and legislation.
- For patients, be aware of your rights to privacy and confidentiality, including consent to the disclosure of medical records.
- If you do receive any request for a response regarding a potential privacy breach contact your MDO for assistance.
1 Davey Winder, U.K. Authorities Investigate If Kate Middelton’s Medical Records Were Breached, Forbes (Online, 21 March 2024)
2 Care Quality Commission, The London Clinic Inspection Report (Report, 3 November 2021) 8.
3 Data Protection Act 2018 (UK) s 170.
4 Services Australia, Your right to privacy (Web Page)
5 Australian Medical Association, A Guide to Social Media & Medical Professionalism: The tips and traps every doctor and medical student should know (Guide, 31 December 2019) 8
6 Information and Privacy Commission, HRIP Act (Web Page, Last updated: September 2022)
7 Information and Privacy Commission, Health Privacy Principles (HPPs) explained for members of the public (Web Page, Last Updated: April 2023)
8 NSW Health, NSW Health Code of Conduct (Policy Directive, 16 December 2015) 8-9
9 Ibid 13.
