In the practice setting, patients will generally expect their information to be used for a wide variety of activities that are directly related to the healthcare services they receive.
Case study: Primary purposes vs multidisciplinary care
Laura has been seeing her treating GP for many years. She suffered a stroke and now experiences stroke complications, some of which are likely to be permanent.
Laura’s healthcare now requires a coordinated effort between her treating healthcare professionals, including her neurologist, rehabilitation team and practice nurse.
In her distressed state, Laura might not expect her GP to organise this multidisciplinary team. Accordingly, her GP organises a consultation with Laura to discuss the benefits of multidisciplinary care, so that she can make an informed decision to allow disclosure of her health information to other health practitioners. Laura’s treating GP carefully notes the conversation and Laura’s express consent.
Laura’s GP has recognised that the primary purpose for using Laura’s health information is for the GP to treat and manage her stroke symptoms. Laura would expect this use as part of her regular healthcare. However, it is unclear whether Laura would expect her health information to be disclosed to other health practitioners. This disclosure by Laura’s GP might be considered a secondary purpose. Under the Privacy Act, the disclosure of the information necessary to treat and manage Laura’s stroke recovery is ordinarily prohibited, unless an exception applies; in this case, the two most applicable exceptions are consent and reasonable expectations.
It was therefore wise for Laura’s GP to seek Laura’s consent. Additionally, by discussing the care plan and the scope of involvement of the multidisciplinary team, Laura’s GP has managed her reasonable expectations regarding the use of her health information by the members of her team. This will allow greater flexibility in treating Laura and it is now reasonable to not require Laura’s consent to each exchange.