Providing medical records to a third party
Summary: Requests for medical records may come from the patient themselves, from another person or organisation, or via a court order such as a subpoena, summons or other court notice. We summarise your responsibilities in this factsheet.
Tuesday, 5 October 2021
- A valid authority must accompany a request for records from a third party.
- Authorities must be current, signed by the patient and specific enough for you to comply with – including which records should be released and to whom.
- There are times when you may be legally required to release patient information to a third party without consent, such as when you receive a subpoena, summons or when legislation requires it.
When to provide information to third parties
Patients often request their medical records themselves. However, you may receive a request for a patient's medical record from a third party.
You can provide copies of records to a third party if you have the patient’s consent to do so.
Requests can come in many forms, but the common ones include:
- a letter from a solicitor for the purpose of legal proceedings
- an insurer asking for medical records in relation to a patient’s workers’ compensation or life insurance claim
- a patient's employer asking you for information about their medical condition
Where a request is accompanied by a valid 'authority' (the patient's consent), it is generally appropriate to provide copies of the records to the requesting third party.
The requirements for an authority to be valid are that it should:
- clearly indicate to whom the records can be released
- clearly identify the records covered by the authority
- be reasonably current. Generally, you should query authorities older than 12 months.
Ideally, the authority should be in writing and signed by the patient. If you received verbal authority to release the records, take a detailed note (including about the details above) and store it in the patient’s medical record. If you have any doubt about the patient’s authority, you should contact the patient to clarify. Document this discussion in the patient’s medical record.
Recent changes from the Financial Services Council allow life insurers to request your patient's health information using two standard authorities. Authority 1 allows the insurer access to a patient's records, including imaging and tests, but excluding, importantly, a GP's consultation notes. Authority 2 allows a life insurer to request the entire file, including the notes, if the GP doesn't respond to Authority 1.
Compulsion by law
You have a legal obligation to provide a patient’s medical records to a third party (without the need to seek a patient's authority) in these circumstances:
- Legislation requires you to do so – such as public health requirements to report infectious diseases, or mandatory reporting of children at risk.
- You receive a summons or subpoena to produce medical records to a court or tribunal.
- You receive a notice of non-party disclosure (Queensland and the ACT).
- You receive a warrant from the police to produce documents. A verbal request from the police will not be enough for you to produce information or records.
If you are legally compelled to release records to a third party, we recommend you let your patient know.
What documents should you supply?
You should supply a copy of the record and keep the original in your possession.
You should read the request carefully to ensure you do not include or exclude documents captured by the request and the scope of the patient’s authority. For example, a request from an insurer may be for all the medical records but the authority signed by the patient may only authorise a release of records relevant to the claim.
Where a medical record contains sensitive information, for example about mental or sexual health issues, check the patient is aware that the authority they signed may extend to these documents and confirm they can be released. The patient may not have considered the implications of releasing all the information held within their record, particularly very sensitive information. Document any conversations you have with the patient in this regard.
Sometimes specialists write to general practitioners stating that their letters should not be supplied to third parties without their consent. These letters form part of the patient’s medical record and, like any other part of the record, such as personal notes or photographs, should be produced to the patient or third party whether or not the specialist has provided specific consent. It is important to keep in mind though, who may read letters or patient notes when you are documenting care. Ensure your notes remain professional.
Limited exceptions not to provide records
There may be situations in which you are concerned about providing records to a third party even though there is a valid authority or a legal requirement to do so. It may be possible to object to providing records in certain circumstances.
This could include a situation where supplying the records will, in your opinion, result in significant harm to an individual, or you think the request is unclear. Objections are rarely successful in a medical case; we recommend you contact Avant for advice if you are concerned about providing records.
Available at avant.org.au/avant-learning-centre:
For more information or immediate medico-legal advice, call us on 1800 128 268, 24/7 in emergencies.