The hidden cost of administration: patient privacy in practice

Everyday lapses in patient privacy can have serious consequences. From damaging patient trust to triggering legal action and reputational harm. The impact can be significant for you, your practice and your colleagues. This article highlights common breaches in healthcare and offers practical steps to protect patient information and reduce these risks.

Georgie Haysom, BSc, LLB (Hons) LLM (Bioethics), GAICD, General Manager, Advocacy, Education and Research, Avant

Thursday, 7 August 2025

It’s a typical Friday night in a busy emergency department. A patient is wheeled in on an ambulance stretcher, and during triage, the doctor discusses the patient’s past medical history, including sensitive details, in a raised voice. Several neighbouring patients, along with paramedics attending other cases, overhear the exchange. It’s a small moment, but one that could have serious consequences.

Scenarios like this are not uncommon. While privacy legislation provides a necessary framework to manage a patient’s health information, the real challenge lies in translating policy into consistent, everyday practice. In both public and private healthcare settings, breaches often arise not from malice, but from momentary lapses, systemic pressures, or a lack of awareness.

Common breaches: more than just cyber threats

While cyberattacks often make headlines, the most frequent privacy breaches in healthcare settings are far more routine and often preventable. These everyday lapses can occur in any clinical environment and typically stem from human error or oversight. Breaches of privacy can occur in many ways, from talking about a patient’s health information in a full waiting room, sending an email containing health information to the wrong person, losing a laptop containing patient information or the database being hacked. Unauthorised access or disclosure, or loss of personal information held in your practice is known as a “data breach”.  

These breaches, though often unintended, can have serious consequences. They may lead to patient distress, legal action and erosion of trust between the patient and doctor. For example, the accidental disclosure of a patient’s HIV status can result in significant emotional harm and social stigma. Similarly, unauthorised access to mental health records can damage the therapeutic relationship and deter patients from seeking future care.

Privacy starts with people: building a culture of responsibility

Staff responsibilities in maintaining privacy are paramount. Doctors must be vigilant in their daily routines, ensuring that patient information is protected at all times. This includes verifying the identity of individuals requesting information, documenting consent accurately, and using secure communication channels. Regular training sessions can help staff stay informed about the latest privacy regulations and best practices. Additionally, healthcare institutions should conduct periodic audits to identify potential vulnerabilities and address them proactively.

The impact of privacy breaches extends beyond individual patients. When trust in the healthcare system is compromised, patients may avoid seeking care or withhold critical information out of fear that their data could be exposed. This, in turn, can hinder the delivery of effective treatment and compromise patient outcomes. Doctors must prioritise privacy as a core value, fostering a culture of transparency and accountability. By doing so, the practice can ensure that patient trust is maintained, and the integrity of the healthcare system is upheld.

Best practice in action: practical tips to protect privacy

Privacy is not just a legal requirement; it’s a clinical responsibility. Best practice means:

  • Familiarising yourself with the policies to ensure you are not in breach. Hospitals and local health districts have their own policies and procedures about data management and access.
  • You should not access a medical record unless you have a legitimate reason to do so.
  • Documenting every time you access the medical record of a patient not in your care, and the reason, such as patient follow-up or for approved research.

Doctors should only access patient records where there is a genuine clinical need, or with specific authorisation. Accessing records out of personal interest, curiosity or for self-education is likely to breach legal, employment and professional obligations. Be sure that you understand your legal, professional and workplace obligations to maintain patient confidentiality and protect patient privacy.

By embedding privacy into daily routines and decision-making, doctors can protect not only patient information but also the trust that underpins every therapeutic relationship.

More information

For medico-legal advice, please contact us here, or call 1800 128 268, 24/7 in emergencies.

This article originally appeared in the BLMA newsletter Synapse, Issue 17 (2025).


IMPORTANT: This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published.

Topic

Other resources

  1. Mandatory reporting: still a barrier to treatment for mental health - Avant

    Mandatory reporting: still a barrier to treatment for mental health

  2. Historic case that set the standard for informed consent in Australia - Avant

    Historic case that set the standard for informed consent in Australia

  3. Avant Virtual Medical Receptionist Case Study - Avant

    Sydney practice regains patient facing time with Avant’s 'revolutionary' virtual medical receptionists

More ways we can help you

Indemnity insurance
Health insurance
Practice solutions
Finance
Legal services
Life & income protection
To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation, Avant acknowledges the Traditional Custodians of Country throughout Australia, and their connections to land, sea and community. As a national organisation, we pay our respects to Elders past and present, of the lands on which we gather and work, and extend that respect to all Aboriginal and Torres Strait Islander peoples.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Finance is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.



The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.