A case of COVID-19 in a country town
25 May 2020
Jack was self-isolating at home following his return from a two-month road trip around the US when he received a call from a teammate from the local football team. “Hey! Just checking you’re still alive mate. I heard you’ve got coronavirus,” his friend said. “Facebook has gone right off!”
The patient
Jack was shocked. He hadn’t told anyone he had tested positive to coronavirus. Having seen some backlash on local social media about selfish travellers bringing COVID-19 back to Australia, he had decided to lay low until he recovered. As he lived in a small town in country Victoria, he was worried about his work prospects following his recovery if anyone knew about his diagnosis.
Jack told his friend he was fine and that he was self-isolating at home after his return from overseas. But Jack was concerned about how his friend knew about his diagnosis. Jack had avoided testing at his local practice and instead gone to a large multi-disciplinary clinic over 30km away, where he felt he would have greater anonymity.
As the Facebook posts escalated, Jack became increasingly concerned about how his results were made public. He rang the practice and asked to speak to the doctor who had performed the test and delivered the results.
“I’m sorry, but Dr Sharma is working at another practice today,” said the practice manager.
A quick Google search revealed that Dr Sharma mainly worked at the large clinic where Jack was tested, but he also worked one day a week at the practice located in Jack’s town.
Jack called the local practice and asked Dr Sharma to explain how his privacy had been breached.
The doctor
Dr Sharma was shocked and embarrassed when the young man he had seen at another practice asked him how his COVID-19 diagnosis had been made public.
“So much for patient privacy. I told no one about my diagnosis, and now my name is all over Facebook,” Jack said.
Although Dr Sharma had tested Jack at the large multidisciplinary clinic where he usually worked, he received the results on the one day he worked at the local practice. Surprised at seeing the positive result as the patient had very minor symptoms, he had commented to the practice nurse that coronavirus had even reached their small town, with a young local man testing positive after recently returning from the US.
The patient was adamant on the phone that he had not disclosed his positive COVID-19 result to anyone, so Dr Sharma asked the practice nurse if she had told anyone else about the test results.
“Only my flat mate, and I didn’t look at the patient’s results or give her a name – I just told her what you told me,” she said.
On reflection, both Dr Sharma and the nurse realised that a patient in a large rural centre wouldn’t be as easily identifiable as a young man returning from the US in a town with a population of 450 people.
Medico-legal discussion
Dr Sharma called Jack and apologised for the inadvertent breach of his privacy. He explained that while he hadn’t disclosed Jack’s name or discussed his personal health information outside of the practice, he hadn’t realised how easy it would be for the town locals to identify him by other means.
The practice considered its obligations under the Notifiable Data Breaches scheme, and determined that the breach wasn’t likely to result in serious harm to the patient and therefore didn’t need to be notified to the OAIC.
The importance of privacy was put on the agenda for the next practice meeting, where all staff watched and discussed the MDA National webinar on Privacy and Info Security in Private Medical Practice.
What can you do?
Some doctors are required to make a conscious decision to breach a patient’s privacy. Others might face criticism for not disclosing a risk to public safety when they should. While system failures and cyber-attacks can lead to significant multi-patient breaches, many of the privacy breaches we come across at MDA National are completely unintentional and involve only one patient.
Health professionals are acutely aware of their obligations to keep personal health information safe, and yet patient privacy can be breached in any number of ways.
Here are some handy hints for maintaining patient privacy in your practice:
- Have a good understanding of patient confidentiality.
- Ensure your privacy policy is up to date, and that all staff receive regular privacy training.
- Include information on the appropriate use of social media and online professionalism.
- Make sure your systems are secure.
- Understand your obligations under the Notifiable Data Breaches scheme in the event of a breach.
Doctors Let's Talk: Get Yourself A Fricking GP
Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.
25 Oct 2022
Systematic efforts to reduce harms due to prescribed opioids – webinar recording
Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme.
14 May 2021
Diplomacy in a hierarchy: tips for approaching a difficult conversation
Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.
05 Oct 2020
