Articles and Case Studies

A case of COVID-19 in a country town

25 May 2020

by Ms Nerissa Ferrie

Face mask emoji

Jack was self-isolating at home following his return from a two-month road trip around the US when he received a call from a teammate from the local football team. “Hey! Just checking you’re still alive mate. I heard you’ve got coronavirus,” his friend said. “Facebook has gone right off!”

The patient

Jack was shocked. He hadn’t told anyone he had tested positive to coronavirus. Having seen some backlash on local social media about selfish travellers bringing COVID-19 back to Australia, he had decided to lay low until he recovered. As he lived in a small town in country Victoria, he was worried about his work prospects following his recovery if anyone knew about his diagnosis.

 

Jack told his friend he was fine and that he was self-isolating at home after his return from overseas. But Jack was concerned about how his friend knew about his diagnosis. Jack had avoided testing at his local practice and instead gone to a large multi-disciplinary clinic over 30km away, where he felt he would have greater anonymity.

 

As the Facebook posts escalated, Jack became increasingly concerned about how his results were made public. He rang the practice and asked to speak to the doctor who had performed the test and delivered the results.

 

“I’m sorry, but Dr Sharma is working at another practice today,” said the practice manager.

A quick Google search revealed that Dr Sharma mainly worked at the large clinic where Jack was tested, but he also worked one day a week at the practice located in Jack’s town.

 

Jack called the local practice and asked Dr Sharma to explain how his privacy had been breached.

 

The doctor

Dr Sharma was shocked and embarrassed when the young man he had seen at another practice asked him how his COVID-19 diagnosis had been made public.

 

“So much for patient privacy. I told no one about my diagnosis, and now my name is all over Facebook,” Jack said.

 

Although Dr Sharma had tested Jack at the large multidisciplinary clinic where he usually worked, he received the results on the one day he worked at the local practice. Surprised at seeing the positive result as the patient had very minor symptoms, he had commented to the practice nurse that coronavirus had even reached their small town, with a young local man testing positive after recently returning from the US.

 

The patient was adamant on the phone that he had not disclosed his positive COVID-19 result to anyone, so Dr Sharma asked the practice nurse if she had told anyone else about the test results.

 

“Only my flat mate, and I didn’t look at the patient’s results or give her a name – I just told her what you told me,” she said.

 

On reflection, both Dr Sharma and the nurse realised that a patient in a large rural centre wouldn’t be as easily identifiable as a young man returning from the US in a town with a population of 450 people.

 

Medico-legal discussion

Dr Sharma called Jack and apologised for the inadvertent breach of his privacy. He explained that while he hadn’t disclosed Jack’s name or discussed his personal health information outside of the practice, he hadn’t realised how easy it would be for the town locals to identify him by other means.

 

The practice considered its obligations under the Notifiable Data Breaches scheme, and determined that the breach wasn’t likely to result in serious harm to the patient and therefore didn’t need to be notified to the OAIC.

 

The importance of privacy was put on the agenda for the next practice meeting, where all staff watched and discussed the MDA National webinar on Privacy and Info Security in Private Medical Practice.

 

What can you do? 

 

Some doctors are required to make a conscious decision to breach a patient’s privacy. Others might face criticism for not disclosing a risk to public safety when they should. While system failures and cyber-attacks can lead to significant multi-patient breaches, many of the privacy breaches we come across at MDA National are completely unintentional and involve only one patient.

 

Health professionals are acutely aware of their obligations to keep personal health information safe, and yet patient privacy can be breached in any number of ways.

 

Here are some handy hints for maintaining patient privacy in your practice: 

 

Communication with Patients, Confidentiality and Privacy, Practice Management, General Practice, Practice Manager Or Owner
 

Library

Telehealth Q&A

Learn from the telehealth questions hospital-based doctors asked MDA National earlier this year. From managing a procedure follow up, to what you need to consider when using a personal phone for a consultation.

Podcasts

27 Jun 2020