Keeping an eye on patient privacy

8th May 2022
MDA National recently warned one of their ophthalmologist Members about an unusual request from the police to breach patient confidentiality and privacy.

MDA National recently warned one of their ophthalmologist Members about an unusual request from the police to breach patient confidentiality and privacy. 

Case history

In January 2021, police sought information from optometrists and ophthalmologists about a fugitive who had failed to attend court in 2010 in relation to charges of conspiracy to murder. He had a prior conviction for murder. Interestingly, the police also offered a $100,000 reward to the optometrists and ophthalmologists for information leading to the fugitive’s capture.

The police asked the practitioners to search their records for a client with a date of birth of 17 October 1957 and listed several of his known aliases. They also provided details of a prescription (R -1.75 -0.75 x5, L -1.75 -0.50 x147) obtained from an optometrist in Queensland in 2010 for a pair of glasses that were ordered, but never collected by the patient/fugitive.

Would it be reasonable in this situation for you to provide information to the police?

Duty of confidentiality

Doctors have an ethical, professional and legal duty to protect the confidentiality of information obtained as a result of their management of patients. This duty forms the basis of trust and honesty in the doctor–patient relationship.

The obligation of medical confidentiality is long established. The Hippocratic Oath states:

What I see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself holding such things shameful to be spoken about.

However, the duty of confidentiality is not absolute. The Medical Board of Australia’s Code of Conduct confirms that patients have a right to expect that doctors and their staff will hold information about them in confidence, unless release of information is required or permitted by law.

Exceptions to the duty of confidentiality and privacy

Under the Privacy Act 1988 (Cth) (Privacy Act), there are limited and specific circumstances where health information can be disclosed to a third party, such as the police, without the patient’s consent to do so.

These include the following:

  1. Required or authorised by law: For example, mandatory reporting of child abuse, or mandatory reporting of notifiable conduct by a health practitioner, or a valid subpoena or search warrant.
  1. Serious threat: You can disclose health information where it is unreasonable or impracticable to obtain consent to the disclosure, and you reasonably believe the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety (in the ACT and NSW, the legislation states a “serious and imminent” risk or threat). You must have a reasonable basis for your belief and be able to justify it. The test is what a reasonable person, who is properly informed, would believe in the circumstances. 
  1. Enforcement related activities: You can disclose health information where you reasonably believe it is reasonably necessary for enforcement-related activities conducted by, or on behalf of, an enforcement body. If you do so, you must make a written note of the disclosure.

    Enforcement bodies include Commonwealth, state and territory bodies responsible for policing, criminal investigations, and administering laws to protect public revenue or to impose penalties or sanctions. Enforcement-related activities include the prevention, detection, investigation and prosecution or punishment of criminal offences, and intelligence gathering and monitoring activities.

    Importantly, while the Privacy Act allows disclosure in this situation, it does not require Other obligations, such as your duty of confidentiality, may affect whether you can disclose information to enforcement bodies.

“Public interest” disclosure

There are limited circumstances where confidentiality can be breached in “public interest”. For example, if a patient continues to drive despite advice that they are unfit to do so, and the doctor believes the patient is endangering the public, it is appropriate to report concerns directly to the Driver Licensing Authority (DLA).

This “public interest” disclosure is reflected in the legislation which states that health practitioners who make a report to the DLA about a patient who is unfit to drive, without the patient’s consent but in good faith, are protected from civil and criminal liability. In the NT and SA, legislation imposes on health practitioners a positive duty to notify the DLA in writing of their belief that a patient is physically or mentally unfit to drive.

What would you do in this fugitive case?

Based on the limited information provided by the police, it isn’t clear that there is a valid exception to the duty of confidentiality and privacy in this situation. In particular, concern would arise about the offer of a reward which may, of course, influence a practitioner’s decision to disclose information to the police without a clear legal or professional basis to do so.


More information

Office of the Australian Information Commissioner
Guide to health privacy, Sept 2019

This article is provided by MDA National. They recommend that you contact your indemnity provider if you need specific advice in relation to your insurance policy or medico-legal matters. Members can contact MDA National for specific advice on freecall 1800 011 255 or use the “contact us” form at

The case history used is based on actual requests for medico-legal advice; however certain facts have been omitted or changed by the author to ensure the anonymity of the parties involved.

<< Previous | Next >>