Physiotherapists may be asked about a patient’s health information
at any time. If not handled correctly, it can have adverse
consequences for the physiotherapist and their practice.
Risk management and the prevention of claims is an important consideration for practitioners in any healthcare profession.
Insurance House supports APA members improve their practice.
what happens when things
Mark ran a physiotherapy practice in a small country town in
NSW. Mary had been one of his regular clients for over three
years. In 2014, Mary moved to Melbourne and requested
that her health information be transferred to a physiotherapy
practice closer to where she would be relocating. Mark
agreed to do this and proceeded to transfer her records via
email. Mark later realised that instead of transferring Mary’s
records, he had inadvertently transferred the records of one
of his other clients with the same surname.
After realising that he had transferred the wrong client’s
information, Mark agreed to have Mary’s records sent via
registered post. Because of the time it had taken, he rushed
through this at the end of the same day. Some months later,
it came to light that Mark had left out several entries relating
to his past treatment of Mary.
Mark’s errors include:
disclosing information without consent
disclosing health information without taking reasonable steps
to protect it from unauthorised access (ie, encryption)
not taking reasonable steps to ensure the health information he
was disclosing was accurate, complete and up-to-date
both Mary and the client whose information was accidentally sent
made a complaint to the health privacy regulator in their state.
Lessons for practitioners
Use and disclosure of health information
The practice should only use or disclose health information for the
primary purpose for which it was collected. Generally, the primary
purpose will be to provide quality healthcare. The practice may
use and disclose health information for directly-related secondary
purposes. For example, if a physiotherapist refers a client to a general
practitioner for necessary care, and discloses necessary parts of the
clinical history in doing so, this would be a ‘secondary purpose’.
Otherwise, the practice should only use and disclose health
information if the client gives consent (preferably express, written
consent) or if an exception applies. Exceptions include:
uses or disclosures required or authorised by the law
uses or disclosures necessary to manage a threat to
someone’s life, health or safety
uses or disclosures for research, provided certain conditions
Transfer of information to another health service provider
If care is transferred to another practice, the client should authorise
the disclosure of information from the original practice to a new
practice. The original practice needs to keep a copy of the records
as a safeguard should the patient later complain about the quality
of treatment or other matters.
A practice is required to take reasonable steps to keep personal
information, including health information, secure. This includes
during transfers. Best practice varies, but encryption of information
sent electronically is generally appropriate. Practices should check
that the recipient is capable of receiving this kind of information.
If the original practice declines to transfer a copy of the health