The broad wording of a new statutory tort covering serious invasions of privacy may ensnare doctors doing routine care.
New privacy laws may restrict the ability of doctors to do routine collections of family medical history and sharing of specialist reports, with the AMA calling for healthcare-specific carve-outs.
The government is looking at introducing a statutory tort for serious invasions of privacy as part of an update to the Privacy and Other Legislation Amendment Bill 2024, something which has been on the table since 2014.
Australia is a relative outlier in not having a tort law – that is, a recognised protection from wrongful conduct that gives claimants a right to sue for compensation – relating to breaches of privacy.
These already exist in the UK, Canada and New Zealand.
The proposed tort covers two types of privacy invasions: intrusion upon seclusion and misuse of private information.
It’s this second part, which includes the unauthorised collection or disclosure of personal information like health records, that has the AMA concerned.
“The Privacy Act provides quite a few exemptions that currently protect healthcare providers, but they don’t apply under this new tort,” AMA vice-president Associate Professor Julian Rait told Rheumatology Republic.
“We think there’s a need for further amendments, because otherwise doctors, other health practitioners and medical researchers could be unfairly involved in litigation or class actions as a result of quite routine sort of conduct.”
Crucially, the tort would operate independently of the rest of the Privacy Act, which itself specifically permits the handling of personal health information for health and medical research.
This opens up the risk of doctors being sued under the tort even though they have complied with the Privacy Act.
Specific examples cited by the AMA were collecting family history or reports from other specialists without express patient consent, disclosing health information to family members or authorities, raising concerns about colleagues with AHPRA and using personal data in medical research.
“GPs frequently receive information from other specialists about a patient without always obtaining consent,” Professor Rait said.
“That’s allowed under the privacy legislation and basically is a common practice that important in terms of how specialists interact and care for people, but it’s not protected under the new statutory tort.”
In order to sue, there has to have been a reasonable expectation of privacy and an intentional or reckless invasion of that privacy which was serious in nature.
Four groups are exempted: journalists, law enforcement bodies, intelligence agencies and minors.
QUT law researcher Dr Lisa Archbold, whose work aligns with the Australian Centre for Health Law Research, told RR that there were sufficient safeguards within the design of the tort to address some of the AMA’s concerns.
“There has to be a reasonable expectation of privacy … which would take contextual things [into account], which include where the information has been disclosed,” she said.
“The thinking around it would be different, obviously, in a medical setting [compared] to some other setting.”
There are also four statutory defences that defendants can use, one of which is that the defendant reasonable believed the invasion of privacy was necessary to prevent or reduce a serious threat to a person’s health, life or safety.
“There are lots of safeguards within the tort to protect those legitimate and necessary activities that would be occurring in the medical sector.”