Become a student member today for free and be part of the RACGP community
2022.1 CCE results release: Thursday 4 August 2022.
Live and practise medicine in Australia
RACGP offer courses and events to further develop the knowledge you need to develop your GP career
Discover a world of educational opportunities to support your lifelong learning
The RACGP is working hard on transitioning to college-led general practice training
Become a provider with the CPD Program and be recognised for the quality education and training you offer GPs
The Abuse and violence: working with our patients in general practice provides the best-available current evidence for GPs
Stay up-to-date with the latest information and resources on the COVID-19 vaccine rollout.
Download the Standards for general practice (5th edition) - a benchmark for quality care and risk management in Australian general practices
Coronavirus (COVID-19) resources for general practitioners
Advice and guidelines for GPs and practice teams to help protect general practice information systems
Video consultations can provide convenient and accessible healthcare delivery
Read all of the RACGP reports and submissions on various healthcare topics
Read all of the RACGP position statements on various healthcare topics
Join our RACGP Facebook groups
GPs have access to comprehensive health records containing important information about a patient. Third parties (such as insurance companies, motor accident and workers’ compensation agencies, solicitors and welfare agencies) often request access to this information. The process for seeking patient consent and releasing medical information to life insurers is being updated following the introduction of a new Standard.
Under the new Standard No. 26: Consent for accessing health information, insurers will be required to ask for patient consent to access their health information in two standard ways (called an authority). Both authorities will be sought at the same time, but information can only be provided under the second authority under certain, limited conditions.
The authorities are only valid while a claim or application is being assessed, or while disclosures an individual is required to make under an insurance policy are verified. Under both authorities, an insurer must collect, use, store and disclose personal information in accordance with privacy laws and Australian Privacy Principles.
The first authority (called Authority 1) involves the patient consenting to their health provider(s) releasing their health information, except for the consultation notes held by their GP or practice. GPs should provide a medical report which contains relevant information (and may contain both statements of fact and medical opinion) only.
The second authority (called Authority 2) involves the patient consenting to their insurer having access to a full copy of their medical record, including consultation notes. This can only be released when their GP/practice will be unable to, or did not, provide the report within 4 weeks; or the report provided is incomplete, or contains inconsistencies or inaccuracies.
The deadline for insurers complying with the new standard is 1 July 2021. However, some insurers have already implemented these new processes.
GPs may receive a consent form via the previous consent process that has been signed before 1 July 2021. This is valid and can be accepted so long as it was signed before 1 July 2021.
The RACGP recommends that GPs provide medical reports as opposed to complete medical records where possible. Therefore, your default approach for releasing your patients’ health information should be a targeted medical report. We recommend this to prevent sharing of patient information which is not relevant to a third-party request.
As always, you must not release medical information to a third party without your patient’s consent, unless you are legally required in response to a subpoena, court order or summons. It is essential that this consent is documented. Similarly, you must have consent or authority to prepare a medical report prior to commencing the reporting process.
Our resource on writing medical reports contains more information, including a suggested report structure and things to consider when setting your fee for preparing a report.
Patients can give their consent by signing a paper copy of each Authority, by verbally consenting, for example when taking out a policy over the phone, or by using a digital signature on-line. These forms of consent are all legally acceptable and each Authority expressly allows GPs to accept digital or verbal consent.
If a patient has only consented to one authority (either Authority 1 or Authority 2), then their GP can only provide the health information set out under the respective authority.
On most occasions, we would expect both authorities will have been consented to, this is the intent. But there might be rare occasions where only one consent is given.
In 2018, following an inquiry into the life insurance industry, the Parliamentary Joint Committee on Corporations and Financial Services (the ‘Committee’) recommended that we work with the Financial Services Council (FSC) to develop a standard process for requesting and providing patient medical information. The Committee supported the view put forward by the RACGP that access to full history/notes was often inappropriate and a targeted medical report should be the default way to share information.
These changes have been designed to protect patient privacy and help ensure companies providing life insurance receive only relevant information from a health record to assess an application or claim.
Standard No. 26 can be accessed on the Financial Services Council website.
Who was involved in the development of Standard No. 26?
The Financial Services Council sets mandatory Standards for the financial services industry, which aim to make sure that companies operate openly, fairly and in your best interests.
A standard process was agreed by the RACGP and FSC in mid-2019. This process has been written into the FSC’s Standard No. 26.
If you have any questions regarding Standard No. 26, you can contact the Financial Services Council via their website.
GPs are advised to seek the advice of your medical defence organisation if you have any concerns about obligations to provide a report and/or avoid breaches of privacy.
Donate to the RACGP Foundation today and influence the future of general practice