Are you allowed to look at that medical record?

Dr Mark Woodrow, MBBS, MBA, GDipAppLaw, GCertArts, EMCert(ACEM), MACLM, AFRACMA, General Manager – Medical Advisory Services, Avant

Sonya Black, LLB (Hons), B.Com, Legal Team Manager – Workplace Law Team, Avant Law, QLD

Wednesday, 5 June 2024

are-you-allowed-to-look-at-that-medical-record

Electronic medical records (eMRs) have improved the ability to find out about a patient and their care. They have made it much simpler to check how your patient in the ED got on after your initial treatment, or to assess the potential upcoming surgical workload. But is accessing records in this way allowed? Many public hospitals think not.

Avant has seen a significant increase in disciplinary processes involving inappropriate access to medical records in public hospitals. Doctors are facing disciplinary processes for accessing the medical records of:

  • themselves
  • family members, friends and staff
  • patients when there’s not a valid clinical need
  • patients when there is a clinical need to do so, but without making a record in the patient note
  • patients they are not treating for the purpose of training and learning

One member accessed the medical record of a patient she had treated in the Emergency Department to see the outcome and the impact of her treatment. Another member accessed medical records while on call to review test results and provide advice about them, but no note was made in the medical record. Both doctors received letters asking them to explain why they accessed the records in breach of hospital policy. Previously, the outcome of such indiscretions has been management action (for example, a requirement to undertake training), but now tougher sanctions are being applied (such as a reprimand).

Hospitals abiding by privacy legislation

As unfair as this seems, hospitals are responding to increased scrutiny of adherence to privacy laws. Personal information can only be used and disclosed for the purposes for which it was collected – in the context of a hospital, information is collected and included in records for the provision of healthcare to individual patients. Use of the information for other purposes requires explicit patient consent.

Following the widespread introduction of eMRs and tightening of privacy laws, hospitals have been updating and enforcing their policies more strictly.

Enforcement potentially compromises good care

While there are many circumstances where access to a medical record is clearly inappropriate (e.g. finding information for a journalist), there are other circumstances where the access is seen as valid by many doctors, but breaches hospital policy (e.g. a doctor accessing own medical record). 

Accessing records for the purposes of audit, review, individual and group clinical reflection, all have the potential to benefit patient care. Following up on patients you have cared for can be an extremely helpful way to obtain information on the accuracy of a diagnosis and presents a good educational opportunity. This access is likely to breach hospital policy but discouraging such activities is likely to deny doctors the opportunity to learn and improve. 

The law and hospital policies are slightly different across jurisdictions, with some permitting the review of patient information without consent for audit and other quality improvement activities. In other jurisdictions, use of information for such purposes requires patient consent, unless there is an exception, and there is generally no overriding exemption for educational purposes.

Policy inconsistency and obscurity

Privacy policies vary across hospitals. Although hospitals expect all doctors to be aware of the hospital’s policies and understand their obligations about access to medical records, this is not our experience. Doctors have many policies they need to be across, and few will be across all in detail.

Better training is needed, and having a checklist of what can and cannot be accessed would ensure it is clear to all staff in terms they can understand.

What you can do

When you want to access a patient's medical record for purposes other than providing healthcare, follow these guidelines to ensure compliance with legal and ethical standards:

  1. Familiarise yourself with hospital policy and procedure - Many of the policies are general in nature, so clarify with your line manager whether particular access is allowed (for example, access for education purposes).
  2. Comply with hospital process:  Policies and procedures will explain how you can lawfully access patient medical records where you do not have a direct clinical need to do so.  For example, access to a family member’s medical record or your own medical record may require a formal request to the medical records department, outlining the purpose and intended use of the information. Keep in mind requests should have a justifiable base. Many hospital departments have specific protocols about access for education purposes. 
  3. Policy amendments - Where your employer's policies do not currently allow access for the purposes you wish to access medical records, discuss the possibility of amending the policy or developing a department specific protocol that’s authorised by the hospital executive.
  4. Obtain explicit patient consent - Where policy amendments are not feasible, work with your employer or health services to gain explicit patient consent. This consent must be secured in writing or documented verbal form, clearly explaining the purpose for accessing the records and identifying who will access them and where the information will be used. Patients have the right to revoke consent at any point in time. It will likely remain a breach of hospital policy if you access your own medical records, or the records of family, friends and staff, even with their consent.
  5. Adhere to legal requirements - Always comply with both Commonwealth and state or territory privacy legislation when dealing with patients' health information. This ensures patient data is handled responsibly and legally.
  6. Use of the information you have accessed:  Access to the medical records is only one aspect of managing privacy. You should also ensure you only use and disclose that information in accordance with hospital policy and the law.
  7. Always document access: Ideally, the reason for any access to medical records should be recorded in the progress notes by the person who has accessed the record. Many hospital policies mandate this, which is an additional admin burden, so you may wish to discuss the issue with your hospital to find an appropriate solution.

Rather than checking the records, consider whether a brief discussion with another clinician, who is involved in the patient care, may negate the need to check the records, for example when you want to follow up on a patient’s condition.

By following these steps, you can access patient medical records appropriately, ensuring all actions are legal and ethical.

Disclaimers


IMPORTANT: This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published.

Topic
Career stage

Other resources

  1. Medical professional female looking thoughtfully out window

    Open disclosure: responding when things go wrong

  2. doctor and patient looking contemplative

    Ending the doctor patient relationship

  3. two people in conversation

    Dealing with conflict in the workplace

More ways we can help you

Indemnity insurance
Health insurance
Practice solutions
Finance
Legal services
Life & income protection
To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation, Avant acknowledges the Traditional Custodians of Country throughout Australia, and their connections to land, sea and community. As a national organisation, we pay our respects to Elders past and present, of the lands on which we gather and work, and extend that respect to all Aboriginal and Torres Strait Islander peoples.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Finance is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.


The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.