Today’s correspondent is concerned about patient privacy.  They say:

Paramedics are often very good at gathering information about their patients… but are we sometimes too good? Patients are often discharged with paperwork that is addressed to their GP, or, letters are written from their GP (or other health care worker) to the attending Doctor in the hospital. These letters are frequently read by paramedics attending patients as there is a wealth of information in them about the patient and their previous medical history… most of the time, more than what the patients can tell us!

I received a concern a few days ago, that paramedics reading these letters are in fact ‘breaching the Privacy act’… I would think not, we are directly involved in the care of the patient and would think that any and all information that we can ascertain would be of benefit towards caring for the patient. Interested to hear your thoughts especially relating to the Privacy Code of Practice etc.

The National Privacy Principles have been adopted in legislation throughout Australia.  I’ll refer to the Privacy Act 1988 (Cth) as my example.  The legislation is aimed at those that collect private information.  Information about a person’s medical history is not only ‘personal information’ (s 6) it is also ‘health information’ (s 6FA) and ‘sensitive information’ (s 6).   An agency that is bound by the Act (whether the Commonwealth Act or equivalent state or territory Act) must deal with personal and health information in accordance with the privacy principles.

First and foremost, where information is collected it should only be used for the purpose for which it was collected.  Paramedics collect personal and health information when they respond to an incident, collect information about the patient, record their observations, diagnosis and treatment.  All of that is personal and/or health information. Paramedics would breach the privacy laws if they used that material in a way that is inconsistent with the privacy principles.  But they collect that information in order to provide health care to the patient and the reasonable patient would expect them to share that information with those involved in their care, so there is no breach to share that information with the triage nurse and treating health care team at the hospital – see Privacy Act 1988 (Cth) ss 16A and 16B and Australian Privacy Principle 6–use or disclosure of personal information. See also Giving feedback to paramedics (April 1, 2017)).

That is not an answer to the question I was asked but gives a relevant context.  The question I was asked has the information going the other way, ie from the treating doctor to the paramedic.  Again the doctor has collected information about the patient, this information will be personal information, health information and sensitive information, all at the same time.   Without working out who exactly is bound by the legislation I will assume that the medical practitioner works for a health service (as defined in s 6FB) and the health service is bound by the Act.

That Act imposes obligations upon the health service to deal with that information in a way that is protects the patient’s privacy.  The obligation, and therefore breach (if there is a breach) lies with the health service/practitioner.  To give an example if I find a person’s medical file has been disposed of by being sold in a second hand filing cabinet then the person that failed to secure the file and dispose of it properly may be in breach of the Privacy Act but I, as the person who bought the filing cabinet and am not in breach by reading the file that I found in my new cabinet (and for the obvious parallel, see Ashlynne McGhee and Michael McKinnon ‘The Cabinet Files’ ABC News (Online) February 10, 2018)).

There are a variety of privacy codes of practice and I’m not sure which one (or which jurisdiction) my correspondent is referring to.  An example is the Privacy Code of Practice for NSW Health (30 June 2000), [3] for example, says:

3. Disclosure of information for the purposes of care and treatment

A health public sector agency is not required to comply with section 19 of the Act [that is the Privacy And Personal Information Protection Act 1988 (NSW)] if, in the case of health related information and in circumstances where the consent of the individual to whom the information relates cannot reasonably be obtained, the information is provided to a health service provider for the purposes of ensuring the continued care of the individual to whom the information relates.

In the situation described however the doctor is not providing information to the paramedic, he or she is providing a letter to travel with the patient for the purposes of giving information to the receiving health service. It is consistent with the privacy principles and this Code of Practice to pass the information between the doctors, but there is no indication that the doctor who wrote the letter intended to provide the information in the letter to the paramedics.

Discussion

The agency bound by the privacy legislation is the agency that collects the information. In context the agency that completes the ‘paperwork that is addressed to their GP, or, letters … from their GP (or other health care worker) to the attending Doctor in the hospital’ is responsible to ensure that information is used, and disclosed, only in accordance with the privacy principles.

That service may, reasonably, believe that handing the letter to the paramedics is acting to protect the patient’s privacy.  They are not giving the letter to an Uber driver.  Just as paramedics would, I imagine, be trusted to deliver with their patient the patient’s personal belongings without having looked through them, so to the sending health service may reasonably think that a letter addressed to the receiving health service will be respected so that giving it to the paramedics is consistent with their duty to manage the patient’s privacy.

Regardless of the Privacy Principles, there will be an exception if the information is necessary to save the person’s life (Privacy Act 1988 (Cth) s 16B).  If the patient’s condition deteriorates en-route and the paramedics need to take action that was unanticipated to save the patient’s life and health, it would be ok to open the sealed envelope to see if there is information there that would explain the patient’s deteriorating condition or affect the treatment provided by paramedics. Short of that a sealed envelope addressed to a health service should not be opened by paramedics.  The information is clearly not intended for them.

(At this point I do note that there are criminal offences involved in opening mail but that only relates to mail that is in the possession of Australia Post: Australian Postal Corporation Act 1989 (Cth) ss 90M and 90N).

If the letters are unsealed or not in an envelope the critical question is ‘did the doctor intend the paramedics to read the letter and is that for a legitimate therapeutic purpose?’  The issue would be why do the paramedics need to know?  If they are doing a patient transfer from one health service to another do the paramedics need that patient information?  If the patient does not require their intervention so they are being transported by ambulance because no other vehicle is appropriate then the information is likely to be irrelevant to the care provided by paramedics or non-emergency patient transport officers.

Even so, I cannot see that the paramedic commits a breach of the Privacy Act if he or she reads the document addressed to the third party.  It is the party that wrote the letter that has the obligation to deal with it in a way to protect the patient’s privacy.  Although I cannot identify a particular offence, I would suggest that paramedics who open letters that are being transported with their patient and that are not addressed to the paramedics could (now that paramedics are registered) be disciplined for inappropriate professional practice. Imagine for example that the patient is being transported back to a nursing home, but the letter addressed the receiving doctor raises concerns about the patient’s social situation and perhaps a long history of abuse by family members.  That history may be relevant to their future care but is irrelevant to the care by paramedics during transport.  It may cause great distress for the patient to realise that this information given to her GP has now been read by people who had no need to know.  It’s really no different to rifling through the patient’s private possessions. Again that could be justified if there’s a clinical reason – eg looking through a handbag to see if there are drugs or medicine that may explain the patient’s current presentation, but not if there is no good reason.

Conclusion

My conclusion really depends on what sort of document we’re talking about.  Printed pages of a discharge summary that are handed to the paramedic along with, but separate to, the patient’s personal belongings may be considered as information given to the paramedics to inform the patient’s care en-route and reading that would be appropriate if it is relevant to their ongoing care.

A letter addressed to a particular doctor and in a sealed envelope will contain sensitive information and the sender has gone to some lengths to protect the patient’s privacy. Opening the letter by the paramedic could well be a breach of professional standards and an invasion of the patient’s privacy.  Such an action would be hard if not impossible to justify in the absence of an unexpected life-threatening emergency.

There are other examples that sit along that spectrum.

The question that everyone should ask is ‘do the paramedics need to know?’  If yes they should be told; if no then documents should be sealed.  Paramedics should also ask the same question and if the answer is ‘we don’t need to know what’s in this document’ then they should not read it.  They certainly shouldn’t open sealed envelopes addressed to someone else unless the information is needed as a matter of urgency to inform clinical decision making.

POSTSCRIPT

In response to this post a commentator wrote (via Facebook)

I disagree here. Paramedics need to access available information on patient health care in order to provide safe treatment, regardless of life threat, we need to know allergies and sometimes the patient cannot tell them.

This is akin to saying a doctor cannot access past medical records because those records we not intended at the time of writing to be accessed.

A sealed envelope with a health record inside, is the same as a password protected medical record. The treating team should be protected by law to access necessary information to provide timely and more importantly safe care to the patient before them.

They continued:

Would we restrict nurses to strictly needs to know health information? Nurses really don’t make decisions about patient care, they operate under instructions of a doctor. Yet, nurses have full access to the patient’s health record. I would argue, anyone involved in the direct provision of healthcare to a patient has a right to “the password” to their medical record.

The treatment given en-route by paramedics is not under direct direction of a doctor, and if the patient is being transported in an emergency ambulance, we can assume the patient is sick and may require unexpected medical care while in transit.

A lot of the time the GP doesn’t even bother coming out of their rooms to hand over to paramedics, and thus, the only way to find out pertinent patient information is by reading the doctors letter, which is most often addressed to the doctor at the receiving hospital. Once the letter is received it gets scanned into the patients digital file and is there for any member of the team to read.

How can paramedics be treated any differently to the rest of the in-patient team?

I respond here as I thought these comments raised good points and I wanted to address them for the benefit of everyone who accesses this blog, not just the Facebook followers.

I actually don’t think we fundamentally disagree.  The problem with writing a blog or a comment on FaceBook is that there is neither the space nor time to explore everything in the sort of detail that might use if say, writing a journal article.    Where perhaps coming at this from different ends of the spectrum which will no doubt reflect our experience.

At one end of the spectrum is the patient who is critically ill, unconscious, connected to life supporting technology and for whom the paramedics will be actively involved in their transfer from wherever they have been to where ever they are going.  In that case I accept the paramedics need access to as much information as possible as it will be relevant to the care they provide. One would hope that a prudent and professional medical practitioner would recognise that and would give the appropriate information to the paramedics but perhaps it is accidentally sealed.

On the other end of the spectrum (and here I draw on my own experience in Ambulance – which I admit is a very long time ago –  when I, as a primary care ambulance officer, spent most of my work time doing transfers from the nursing home to hospital ‘for treatment’ and we didn’t do much beside drive the car).  Today much of the work that I used to do would be done by non-emergency patient transport officers – a service that did not exist ‘in my day’.  In that context the patient’s medical history was pretty irrelevant as there was not much we were going to do for anyone.  I assume at some times, in some ambulance services, in some parts of Australia, those sort of transfers still occur.

In between those two extremes, patients will have different care needs and paramedics will have different levels of intervention.    What they need to know will vary.

As noted there is an exception to the privacy rules when private information can be shared where necessary to save a life.  That deals, in my view, with the situation where ‘the patient is sick and may require unexpected medical care while in transit’.  If the paramedic is expecting a routine transfer and the patient’s condition deteriorates then fine open the letter to see if there is something of relevance.

In other cases, however, where the patient transfer is proceeding as expected (however that is expected) if there is a sealed letter addressed to another health professional – particularly if it’s addressed by name and not position, then one might infer that it is intended to be read by them and them alone. It may contain information that is relevant to the care they may provide but is not relevant to the task of the paramedics.  There has to be at least an inference that the author is trying to secure that letter behind the metaphorical password.  If he or she wanted the paramedics to have that information they would, we hope, give it to them. There may still be doctors who don’t appreciate what paramedics do and my not realise that information is important to paramedics.

As for nurses it is not necessarily the case that ‘nurses have full access to the patient’s health record’ and that’s because there is no single health record.  This is an issue the MyHealth Record is, as I understand it, meant to adjust but as a patient controlled record it too may not be complete.  For example a nurse may have access to a health service’s records but those records won’t contain information that is in the GPs record.  And just because a nurse can access the health institution’s records they should only do so when clinically necessary.  A nurse providing care in a particular area may have no legitimate need to look at records of the patient’s other treatment just because it happened in the same institution.

I started by saying “I actually don’t think we fundamentally disagree”.   I think what we are saying is that access to the documents has to be appropriate when its clinically necessary and that will require a judgment based on the patient’s condition and the interventions called for, and for the security attached to the document under discussion.

If there’s a discharge summary that is printed out and handed to the paramedic then there would seem no problem. If there is a letter in a sealed envelope, addressed to another health professional by name, then there has to be at least a question as whether the author of the letter is trying to secure it.  In that case the decision to open that letter would require clearer clinical need.  Between them is the document in an unsealed envelope (where the inference may be that this is needed to protect the document, not to secure it behind the metaphorical password) and the sealed envelope addressed to another health service or another professional by job rather than name (ie a letter addressed to ‘the Admitting Doctor’ may be different than one addressed to ‘Dr …’).

The two issues are ‘what are the author’s intention or expectations?’ and ‘what is the clinical need?’  The answer to ‘do I open this?’ is neither ‘yes, always’ or ‘no, never’.  I think that is what I said in the original post but my correspondent’s contribution has allowed further exploration of the issues.  Thank you.

POSTSCRIPT 2

Another Facebook comment is:

I still have some issues with some of the scenarios as presented in your blog. Your blog seems to imply that the paramedic is transporting a patient somewhere on request of a doctor. In the situation that a 000-emergency crew are responding then that doctor is now handing over care of that patient to that crew and their clinical judgement.

GPs calling often requests a destination, and this would be taken into consideration, but it does happen that the requested destination (and doctor the letter is addressed to) is inappropriate for whatever reason and the patient would instead be conveyed to the most appropriate destination. So from my viewpoint as a registered paramedic now entrusted to the care of this patient, anything that could be in that letter is relevant to my care of the patient and will therefore be read.

From opening sealed GP letters, I have discovered allergies the patient didn’t know about, medications the patient forgot about, medical history the patient thought was irrelevant but wasn’t and has very rarely caused a change in patient transport destination. I now teach undergraduate paramedics and one of the things I teach is open the GP letter it is a great source of patient history and relevant clinical information. This isn’t to suggest I am devaluing the clinical judgement of GPs, my main thoughts along these lines are that the ambulance services have far greater familiarity with current emergency triage practices e.g. STEMI destinations, stroke calls, on-call trauma and surgery, as usually any even up to the minute changes in availability are fed to the ambulance communication systems.

I suppose to summarise my ramblings, I as a registered paramedic do not often convey on request, I take handover and make my own clinical decisions.

Again that’s a very useful comment.  It’s also 100% true that I was assuming that ‘the paramedic is transporting a patient somewhere on request of a doctor’.  That is I had in mind situations where a patient was being transferred from one health institution to another whether they are an intensive care patient or going from hospital to nursing home, or back. I did not have in mind the situation where a patient presents at their doctor’s surgery, is diagnosed with an acute and urgent condition and a call is made to triple zero for an ambulance with the expectation that the paramedics will treat and transport to the most appropriate emergency department.

I think that is a critically different situation.

The scenario I had in mind may be for example, a patient being transported from hospital to hospice for palliative care.  The patient does not need critical intervention and the ‘Do Not Resuscitate’ order is documented and recognised.  In the paperwork handed over with the patient is a sealed letter from one doctor to another.  The patient is in the ambulance, in the care of paramedics, as they are not able to transferred by other vehicles.  Why would the paramedic need to open and read that letter?

I see it as an issue of respect for the patient and the other health professionals.  You don’t know the relationship between the patient and their doctor or between the other health professionals involved in their care. Respecting their right to share information with their practitioners but not with everyone is part of that respect.

Imagine if the doctor wrote a letter addressed the person responsible for making medical decisions (eg their appointed guardian, spouse or adult child).  That too may contain relevant medical intervention but would or should a paramedic open them? Do you rifle through the patient’s bag to see what’s in it on the assumption that you may find relevant information there?  If the patient’s condition deteriorates one might in order to understand what’s going on, but prima facie I would suggest you would respect the privacy of the patient.

Even with the acute emergency and the call to triple zero, I come to the same conclusion.  Reading an unsealed generic medical report/discharge summary seems unproblematic.  Opening a sealed envelope that’s addressed to someone else should cause a paramedic to pause and ask ‘do I need to know what’s in this document?’  They certainly should not open sealed envelopes addressed to someone else unless the information is needed to inform clinical decision making and that will, as I’ve argued above, depend on the patient’s presentation and the type of intervention the paramedics are required to make.

To repeat an earlier conclusion:

The two issues are ‘what are the author’s intention or expectations?’ and ‘what is the clinical need?’  The answer to ‘do I open this?’ is neither ‘yes, always’ or ‘no, never’.  I think that is what I said in the original post, but my correspondent’s contribution has allowed further exploration of the issues.  Thank you.