Who can access children's medical records?
The answer is not always straightforward. We look at issues that can arise where parents are divorced, families are separated and when the child’s views should be considered.
Parent’s rights generally
Generally speaking, a parent or guardian is entitled to access their child’s medical records. This is because they have parental responsibility provided by the common law and the Family Law Act 1975.
Denying access to their child’s records without a valid reason may lead to a complaint to the Office of the Australian Information Commissioner. This office administers the Privacy Act 1988. Together with corresponding State and Territory legislation, this act regulates the disclosure of information, including medical records.
Where a request for access is made from a divorced parent, consideration should be given to the terms of any parenting order issued by the Family Court. These orders set out the responsibilities and roles of each parent. Where there is no order, both parents retain parental responsibility and have a right to access the record.
If the parents are separated, or issues with child protection or custody are suspected, the consent of both parents should be sought (where practical).
Mature minors and consent
The Privacy Act 1988 does not set an age at which persons under 18 are considered capable of making decisions about their personal information.
The Guidelines to the National Privacy Principles assist:
As a general principle, a young person is able to give consent when he or she has sufficient understanding and maturity to understand what is being proposed. In some circumstances, it may be appropriate for a parent or guardian to consent on behalf of a young person; for example if the child is very young or lacks the maturity of understanding to do so themselves.
If the child is capable of making their own decision regarding access, they should be allowed to do so. If the child is not yet capable, it is still appropriate to take their views into account in deciding whether to give access.
The Australian Medical Association has stated that if a young person is able to make decisions regarding medical treatment and wishes the treatment to remain confidential, his or her doctor must respect and maintain that confidentiality.
It may be that the child does not want sensitive medical information shared with their parents. Many consider that the child’s right to confidentiality should be maintained in such circumstances.
Of course, there are exceptions to the duty of confidentiality and privacy that require disclosure of information. These circumstances include emergency situations, reporting of certain diseases, where required by court order or reporting of a risk of harm or neglect to a child.
Third party information and other considerations
Once you have the necessary consents, care must be taken to identify whether the release of information may adversely impact the parent’s or child’s physical or mental health or the privacy of another individual.
This process involves identifying any personal information in the records which does not relate to the patient. This ‘third party information’ should not be provided where:-
- Granting access would pose a serious threat to the life, health or safety of the public or an individual.
- Where access would unreasonably impact another’s privacy.
- When disclosure is not in the best interests of the child.
Examples where third party issues can arise.
- A child’s medical records contain information about their parent’s mental health in the postnatal records. The child might not otherwise be aware of this information. This third party information should only be provided to the child with the parent’s consent as access may unreasonably impact the parent’s privacy. This is despite the fact that the information is part of the child’s own medical record. If consent cannot be obtained, all references to that third party information should be redacted.
- Where a child’s medical records contains references to self-harm following a disagreement with their parents. Disclosure of this information to the parents could be considered to expose a risk of harm to their parents and/ or the child.
- A child’s relationship with their mother is strained but improving with counselling. The mother sought access to the child’s medical records and the practitioner is concerned that the child’s progress and her relationship with her mother may be negatively affected if she has access to the complete records.
It may be necessary to withhold some or all of the information in the medical records. This can usually be done by redaction.
In some circumstances, it will be reasonable to give access to the third party information. For instance:
- Where the information is already known to the patient requesting access.
- Where the third party has provided their consent.
- Where there is no reason to believe that disclosure of this additional information would unreasonably reveal another person’s personal information.
Policies and procedures
Any applicable policies or procedures specific to the organisation also need to be consulted and should be followed.
An example of such a policy is the My Health Records procedure, which provides:
- Authorised representatives – such as parents or guardians with parental responsibility for a person under 18 – can register and manage the child’s account and thus, access to their records.
- When a young person turns 14, they are presumed to have capacity to make decisions about their My Health Record. From this age the young person can register for a My Health Record or take control of their existing record.
- If a young person is under 14 and would like to take control of their existing My Health Record or register for a record, he or she will need to prove that they can make decisions about your healthcare and manage their record.
If in doubt, contact your Medical Defence Organisation or practice insurer. The Offices of the State and Commonwealth Privacy Commissioners should also be able to answer queries about access. And remember to document, document, document the process.
 Office of the Federal Privacy Commissioner, Guidelines to the National Privacy Principles (2001), 21.
 Submission to the Office of the Privacy Commissioner Review of the Private Sector Provisions of the Privacy Act 1988, 21 December 2004, 21.
 See, eg, New South Wales Commission for Children and Young People, Submission to the New South Wales Law Reform Commission on the Review of Laws Relating to the Consent of Minors to Medical Treatment, 15 August 2003. See also J Loughrey, ‘Medical Information, Confidentiality and a Child’s Right to Privacy’ (2003) 23 Legal Studies 510, 524–525.