When curiosity kills professional conduct

The case

A well-known rock band cancelled their tour and left the country with a plan to self-isolate at home. Prior to their departure, the lead singer became acutely unwell requiring hospitalisation and treatment after testing positive to COVID-19.

No one knew the singer had remained in Australia – so when the star’s diagnosis was splashed across the front page of a gossip magazine, the hospital had no choice but to investigate the leak. The article included specific clinical information that could only have been known by accessing the patient’s medical record.

The investigation

Several doctors at the hospital were asked to explain why they had apparently accessed the famous musician’s medical records. Although the investigation was being conducted by the hospital, the doctors were advised that they could be referred to the Australian Health Practitioner Regulation Agency if they were found to have breached hospital policy in relation to privacy.

What if I accessed the record?

With so much personal health information being stored online, regular audits are conducted within hospitals to ensure there is accountability when it comes to patient privacy. At MDA National, we have assisted several doctors who have been investigated for looking at the medical records of their partners, other family members, or ‘celebrity’ patients.

Significant penalties can apply if you’re found to have accessed medical records without clinical justification. In addition, there can be serious consequences at work – including disciplinary action, and even dismissal.

Medical practitioners working in hospitals should ensure they only access records and other health information about a patient when involved in the care of that patient, or for a purpose approved under hospital policy.

Things to think about

• Ignorance is a poor defence if you knowingly breach a patient’s privacy. Ensure that you know your hospital’s policy on privacy, as it’s not enough to claim you were unaware of its existence.
• Make sure you log out after accessing your patient’s records so that your login credentials cannot be used inappropriately by anyone else. There are many good reasons to protect your electronic footprint, and patient privacy is certainly one of them.
• If there is a universal login ID, ensure that you only access records where you’re personally involved in a patient’s care, or you have been directed to do so by someone senior.
• If you believe there is a genuine educational or other reason for you to access patient information, discuss this with your supervisor and document the discussion before accessing the notes.
• Remember that the bigger the celebrity, the greater the risk that their personal health will be inappropriately accessed, and an electronic audit trail examined.