7 minute read
SOURCE CODE
LUCY GIBBERD, MEDICAL PROTECTION SOCIETY
There are a range of special considerations when you receive unsolicited information from a third party in relation to the treatment of a patient.
Normally when you are working in medicine, you gather clinical information about a patient from the patient or from other clinicians involved in their care. But, every now and then, you receive an email or a phone call from a concerned neighbour or relative who wants to tell us something relevant about your patient. This can put a clinician in a tricky position, particularly if that person specifically ask you not to tell the patient what they have disclosed.
Defining the issue
Third party information is information you obtain about a patient which comes from a source other than the patient, another clinician involved in that patient’s care, or the clinical records made by another clinician about that patient. Unsolicited means the information has not been requested. The person who is providing the information is usually doing so on their own initiative.
Some examples of unsolicited third-party information might include:
• A daughter ringing up telling you that her father is drinking too much
• A neighbour emailing telling you that they believe a patient isn’t fit to drive
• A patient’s friend writing a letter telling you that the patient may be selling their medication.
Unsolicited third-party information would not include a letter from another clinician who is involved in the patient’s care or an email or phone call from the patient themselves, or someone who holds an activated enduring power of attorney for that patient.
Handling the information
The specific rules that govern how you should handle unsolicited thirdparty information are set out in the Health Information Privacy Code (HIPC). However, there are also ethical and professional considerations that clinicians should keep in mind.
Doctors must not lie to or deceive patients and you should never promise, or even suggest, to others that you will. Patients have a right to their own information, which includes information about them which their doctors are acting on. There are exceptions to this, but generally the above applies.
Third-party information needs to be handled differently from other health information. Under the HIPC there is an obligation to verify any information before adding it to a patient’s notes or acting on it. This normally (but not always) involves talking to the patient about the information you have received. But information should only be added to notes once it has been verified.
There are times when you have discretion not to release information about a patient to a patient, but this would be a rare exception and it is not something you can ever guarantee to someone who is providing you with third-party information.
You can refuse a patient access to their own health information (even if it is in their notes) if you believe that the disclosure would do one of two things:
• Be likely to pose a serious threat to the life, health, or safety of any individual, or to public health or public safety
• Create a significant likelihood of serious harassment of an individual.
The seriousness of the harm or harassment would have to be significant before refusing the patient access to their own information could be justified. If you believe this is the case, you should contact your privacy officer before proceeding (and they may choose to seek medicolegal advice). Just upsetting people would not normally be considered a serious threat.
You also need to ensure that the person providing the information understands that you will need to verify that information before acting on it – and that that may involve telling the patient about the information. Promising that person you will not tell the patient who shared the information with you would be a promise you may not be able to keep.
If the person providing the information will not allow you to verify it and wants the information to remain secret, you have the option of rejecting the information. You should tell the informant you are rejecting the information – because you are unable to collect information from third parties unless it can be verified. In this situation you will not add the information to the notes or otherwise retain it, and it will not be acted on.
Implications
In the first instance, if you receive unsolicited third-party information – whether via email, letter or a phone call – you should not record that information in the patient notes. This means those emails should not be added to the inbox, and points from the phone conversations should not immediately be added to the notes – either in the body of the notes or in addendums.
You should let the person providing the third-party information know that, if they wish you to save and act on the information, you cannot guarantee you will not tell the patient about the information or who provided it. You should explain that you have an obligation to verify any such information and normally this would involve discussing it with the patient.
If they want to proceed, and once the you verify the information, it will become clinical information and part of the patient’s health record.
If the informant does not give you permission to verify the information with the patient, you should let them know that you will talk to your privacy officer, but it is likely the information will be rejected, and you will not act on it.
If the informant chooses not to share the information, because they do not want it to be shared with the patient, but there is a serious risk of harm (such as a patient who is driving in an unsafe manner), then the informant should be advised that they can go to the Police with their concerns. The Police do not necessarily have to tell the patient who they have collected information from.
If the informant does give permission, then you can decide how best to approach verifying the information before you include it in the notes.
If release of the information could pose a serious threat to the patient’s or someone else’s life, health or safety, it can be marked as confidential. The clinician can then consider if it is safe to share it with the patient if they were to request it. This situation is likely to be rare and you should discuss it with your privacy officer before you add anything to the notes.
If you are not sure whether the situation would be considered unsolicited third-party information, discuss this with your indemnifier and, in the meantime, refrain from adding the information to the patient notes. Your computer system should have a file where unsolicited third-party information can be held before it is either verified or rejected.
A REAL-WORLD EXAMPLE
The wife of a patient emailed a psychiatrist with information about her husband. She was concerned about his mental health and described his actions and behaviours at home. She specifically asked that this information was not shared with the patient (her husband). The information was accepted and scanned onto the patient’s clinical record.
Some months later the patient asked for a copy of their hospital notes and the email from their wife was shared with them. This had a considerable and ongoing impact on the family.
In retrospect the psychiatrist wondered if they could have redacted this email from the notes before providing them to the patient, on the basis that release would be likely to pose a serious threat to the life, health, or safety of an individual. However, this is a very high bar and the Privacy Commissioner would potentially look at this and consider how serious that threat might be. Just upsetting people would not be considered a serious threat.
It may have been better to consider whether this information should have been accepted in the first place and whether it was appropriate to act on information which had not be verified with the patient.
