Articles and Case Studies

Patient Information – Third Party Disclosure

28 Feb 2017

Dr Sara Bird

by Dr Sara Bird

third party disclosure

Consider this case history. A GP, Dr Z, was found to have breached a patient’s privacy and ordered to pay the patient $6,500 for injury to his feelings and distress.1

The privacy breach occurred when the GP answered a phone call from the police asking if she thought her patient was psychotic. Dr Z knew the patient well, having seen him on 26 occasions over the previous two years, but she had not seen him for two months. The GP replied to the police that it was possible, but further assessment was needed.

Professional obligations – confidentiality and privacy

According to Good Medical Practice: A Code of Conduct for Doctors in Australia, patients have a right to expect that doctors and their staff will hold information about them in confidence, unless the release of information is required by law or public interest considerations.2

The ethical and professional duty of confidentiality dates back to Hippocrates and forms the basis of trust in the doctor–patient relationship. It encourages patients to disclose information truthfully, without fear of harm, discrimination or embarrassment that may arise from the dissemination of the information. However, the duty of confidentiality is not absolute and there are exceptions.

A doctor will occasionally face a situation where they need to weigh up their obligation to protect patient confidentiality against acting in the “public interest” in trying to protect the health or safety of the general community.

Legal obligations – privacy

In what circumstances can you disclose information about one of your patients to a third party?

Under the Privacy Act 1988 (Cth), a patient’s health information can be disclosed to a third party in certain circumstances, including when:

  • the patient provides their consent for the information to be released to the third party
  • it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety, where it is unreasonable or impracticable to obtain the patient’s consent:
    • includes a threat to physical or mental health and safety
    • may include a threat of serious harm to the patient or to any other unspecified individual
  • it is required or authorised by or under an Australian law or a court/tribunal order (e.g. mandatory reporting of child abuse, a subpoena or search warrant)
  • it is reasonably expected by the patient and directly related to the primary purpose of providing health care (e.g. complaints handling, audit, disclosure to a medical defence organisation)
  • it is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body:
    • a written note of the disclosure must be made
    • enforcement-related activities include the prevention, detection, investigation and prosecution or punishment of criminal offences and intelligence-gathering activities
    • “enforcement body” includes bodies responsible for policing, criminal investigations and administering laws to protect public revenue or to impose penalties or sanctions.

Preventing a breach

What should Dr Z have done to prevent a breach of privacy when she was contacted by the police?

She could have asked the police whether any of the exceptions to her duty of confidentiality and privacy applied. Specifically, whether the patient had given his permission for the GP to discuss his health information with the police; if the information was needed to lessen or prevent a serious threat to life, health or safety; or whether the information was necessary for an enforcement-related activity by the police.

If Dr Z was not certain how to respond, she could have asked the police to put their request in writing to enable her to obtain advice from her medical defence organisation, and/or discuss the situation with the patient, if appropriate.

Summary points

  • If a patient provides you with consent to release their health information or medical records to a third party, you should do so.
  • In the absence of your patient’s consent, there are limited circumstances in which you can release their health information or medical records to a third party.

Dr Sara Bird
Manager, Medico-legal and Advisory Services
MDA National


  1. ‘EZ’ & ‘EY’ [2015] AICmr 23. Available at:
  2. Medical Board of Australia. Good Medical Practice: A Code of Conduct for Doctors in Australia. 2014. Section 3.4. Available at:
    Confidentiality and Privacy, Regulation and Legislation, Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Psychiatry, Radiology, Sports Medicine, Surgery, Physician, Geriatric Medicine, Cardiology, Plastic And Reconstructive Surgery, Radiation Oncology, Paediatrics, Independent Medical Assessor - IME


    Doctors Let's Talk: Get Yourself A Fricking GP

    Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.


    25 Oct 2022

    Systematic efforts to reduce harms due to prescribed opioids – webinar recording

    Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

    Diplomacy in a hierarchy: tips for approaching a difficult conversation

    Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.