Explained: Health Records, Privacy and Confidentiality for Children in Australia

Minors have the legal capacity to make their own decisions regarding their health records, independently of their parents, in a variety of situations.

In general, if the patient is under the age of 14 years, the consent of the parent or guardian is necessary but from around 14 years of age, teenagers have the right to consent to simple health care treatment. From 16 years, they have the same right to consent as adults.

Teenagers have the right to confidentiality. But health professionals can contact a parent or guardian if his or her child is at serious risk or can’t manage a health issue on his or her own.

Teenagers also have health care responsibilities, including the responsibility to share information about their health openly and honestly.

Young people under 18 can exercise their own privacy choices (e.g., not allowing parents to see their records) once they are able to understand and make their own decisions.

Health Practitioner Confidentiality

All health practitioners have a duty of confidentiality that arises from the nature of the information provided in the course of the therapeutic relationship with the patient. A patient is entitled to expect that information discussed during a consultation will not be shared with other parties without their explicit permission.

If a child has the capacity to consent to medical treatment on their own behalf, they are generally also entitled to confidentiality. This includes the right for the child’s health information to be kept confidential from their parents.

If a child is not competent to consent to treatment, and a parent has consented to treatment on their behalf, the parent would be entitled to information about the child’s healthcare.

What are the Exemptions to Confidentiality?

The exemptions to the duty to maintain confidentiality are both legal and ethical.

Examples are:

• Where the patient consents to disclosure

• Where disclosure to a third party is necessary to treat a patient

• Where the provider is compelled by law to disclose

Privacy and Access to Health Records

Privacy and confidentiality are very similar concepts. As well as a common law right to confidentiality, patients have a statutory right to privacy over their health information and health records.

The Privacy Act 1988 (Commonwealth) applies throughout Australia and applies to personal and health information held by private sector providers. It does not cover state and territory public hospitals and clinics.

States and territories have their own laws covering privacy and health records. These apply to public sector agencies, and some apply also to the private sector (e.g., the NSW Health Records and Information Privacy Act 2002 applies to both)

In general, patients have a right of access to their health records, a right to demand that the records be corrected if inaccurate, and a right to ask for their health information not to be shared with other health providers or third parties.

There are exceptions to the right to privacy in certain circumstances, similar to the exemptions to confidentiality discussed above.

Young people under 18 can exercise their own privacy choices (e.g., not allowing parents to see their records) once they are able to understand and make their own decisions. Generally, this will go hand-in-hand with competence to consent to medical treatment (Australian Law Reform Commission 2006).

Minors and Medicare 

Children can apply for their own Medicare card (and number) when they turn 15, without parental consent. Those under 15 can apply with parental consent.

Young people do not necessarily have to have their own Medicare card to seek a health service that attracts a Medicare rebate independently of their parents. Health professionals may accept the Medicare number linked to the patient’s parents without physically seeing the card.

Medicare records include the identity and specialty of the provider of health service and the type of service received. If a young person has their own Medicare card, parents and guardians cannot access Medicare record information without the consent of the young person. If the young person is still on the family Medicare card and aged 14 or 15, generally their consent must be obtained before information about Medicare records is released to parents or guardians.

Parents and guardians have the right to request Medicare Australia to approach health providers about whether they will release information about their adolescent child.

Once a child is 16, Medicare can only give information to parents or guardians with the young person’s consent.

eHealth Records and Privacy

The eHealth system is designed to contain an electronic summary of a person’s key health information such as prescribed medications, allergies and treatments they have received. Health practitioners can upload health information to the eHealth record for individual patients and view the information in it uploaded by other practitioners.

Young people under 18 may have an eHealth record.

A person with parental responsibility for a person under 18 can register for an eHealth record on their child’s behalf. The parent can then access and control the eHealth record of that young person on their behalf as an “Authorised Representative” until the young person takes control of their eHealth record or turns 18.

If the young person has the capacity to consent to treatment and confidentiality in their own right, a parent cannot be their “Authorised Representative” unless the child consents to this.

When a young person turns 14, information from both the Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) will cease to be included in their eHealth record. This information will only be made available again if the young person takes control of their eHealth record and consents to the inclusion of MBS and/or PBS data.

If a young person is under 14 and would like to take control of their existing eHealth record or register for an eHealth record, they will need to prove to the System Operator that they can make decisions about their healthcare and can manage their eHealth record.

Child Protection and Mandatory Reporting

All states and territories in Australia have legislation pertaining to the care and protection of children and young people. All have mandatory reporting requirements for health professionals, and many extend the mandatory reporting requirements to a range of other people who work with children. Mandatory reporting refers to the legislative requirement imposed on certain people to report suspected cases of child abuse and neglect to government authorities.

Each state has its own laws concerning who has to report, what types of abuse and neglect need to be reported, and the threshold of concern of harm that triggers the obligation to report.

Questions?

If you have any questions about confidentiality, privacy and access to health records for children in Australia, you can contact us here.