Mandatory Disclosure of Confidential Health Information a Load of Rubbish or a Legal Duty?
08 Jun 2012

Case history
A GP received a letter from a local council requesting the release of confidential patient information.
The council had discovered illegally dumped waste, which included a discarded medication packet. The medication packaging had a prescription label with a patient’s name, the prescribing doctor’s name, as well as the date and the name of the pharmacy that had dispensed the medication.
The council then wrote to the GP (who was the prescribing doctor) requesting the full name, address and date of birth of the patient. The request was made under an obscure piece of environmental legislation (the Protection of the Environment Operations Act 1997 (PEOA)) which carried a penalty in the form of an infringement notice if the GP did not comply.
The GP contacted MDA National’s 24/7 Medico-legal Advisory Service to seek advice on whether they should release the information.
Discussion
A doctor in private practice does not have an absolute duty to ensure the confidentiality of a patient’s health record. Disclosure is governed by the Privacy Act 1988 (Cth). Several broad categories exist where disclosure may be permitted:
- express or implied consent by the patient
- mandatory disclosure under compulsion of law
- an overriding duty in the “public interest” to disclose where there is a risk of harm or safety to the patient or others
This case concerned a duty to disclose under compulsion of law. Typically this will involve issues such as court orders (including subpoenas, summons and search warrants), mandatory reporting (e.g. child abuse and notifiable diseases) and administrative disclosure (births and deaths). However in this case, the law was somewhat more arcane.
After examining the PEOA legislation and the Australian Privacy Principles (to ensure that the request represented a valid interpretation of the law and that no specific exceptions applied), we advised the GP that the release of the requested information was appropriate. A letter was provided for the GP to submit to the council outlining why the information was being released and the relevant concerns the release of information raised. We also advised the GP to inform the patient that their name, address and date of birth had been released to the council after legal advice had been obtained in relation to the council’s request.
On this occasion, although the information requested by the council was still protected under privacy legislation, it was not particularly sensitive. However each case would be assessed on its merits – weighing up the sensitivity of the requested health information against the relevance and penalties of the legislation underlying the request.
Understanding changes to the Fair Work Act
What are the changes to the Fair Work Act and what is my role?
22 Jul 2025
Using AI tools for record management in doctor consultations
What are the considerations for using an AI scribe tool in your practice?
22 Jul 2025
A health practitioners guide to social media
What are the laws and guidelines that impact social media for practitioners?
22 Jul 2025
Understanding Voluntary Assisted Dying laws
What are the laws and processes in place for VAD and what is my role?
22 Jul 2025