Medical Students
Free insurance protection for medical students
Healthcare Businesses
Insurance cover for practices and group insurance for doctors
Interns
Free insurance protection for interns
Brokers
Professional indemnity cover for healthcare businesses, group arrangements and individual doctor cover
Doctors in Training
Insurance for Junior Medical Officers & Doctors in Training
Midwives
Protection for eligible privately practising midwives
Medical Practitioners
Insurance for GPs, GP Registrars, Specialists, Staff Specialists, Career Medical Officers, New Fellows & Overseas Trained Doctors
Medico-legal Services & Support
Legal support, claims management & 24 hour emergency support
Risk Education
Support & resources to help you reduce your risks in practise
Risk Management Program
Diverse and interesting activities that help reduce your day to day risk
Doctors' Health
Helping you prioritise and manage your own health
Resources
Find out what you need to do, before you do it
MIGA Qantas Rewards Program
Earn Qantas Points on your insurance with MIGA
MIGA Plus Business Insurance
Protection against the day-to-day risks of running your business, including business interruption, burglary and public liability
MIGA Plus Career Assistance
Coaching can help you to define your career goals and chart a course to achieving them
Our Ethos
‘Always’ captures our commitment to reliability, professionalism and being available to our clients
Governance
Managing MIGA’s operations and charting a course for the future
Our Team
Our talented and committed staff who deliver real value and support to our clients
Publications
Easy access to publications including Annual Reports, MIGA Bulletins and Policy Documents
Careers with MIGA
You too could join our team of passionate staff
Kate Hodgkinson Senior Solicitor - Claims & Legal Services
Many health practitioners understand that patients have the right to access their records. However, the full scope of their obligations including under the Australian Privacy Principles (APPs), as outlined in the Privacy Act 1988 (Cth), is often less familiar. In the recent case of AGX and AGY (Privacy) [2024] AlCmr 16, the Information Commissioner (the Commissioner) considered the obligations imposed by APP 12, which concerns an individual’s right to access their personal information, with certain exceptions specified in APP 12.3. This case highlights several key points:
The patient, AGX, had consulted a specialist health care practitioner AGY (‘the practitioner’) on one occasion. Six-months later the patient requested a copy of their full medical file. The practitioner’s administrative assistant responded by saying that the file had been reviewed, and only an imaging report and a letter to the GP had been identified, both of which the patient had been given by the GP, and therefore they had nothing further to provide. A second request was made by the patient who alleged that further information was held by the practitioner. Dissatisfied with the practitioner’s failure to respond to the second request, the patient complained to the Office of the Australian Information Commissioner (OAIC). In defending the complaint to the OAIC, the practitioner sought to assert that the patient already had copies of information held, and therefore the request was frivolous or vexatious. In support of this, it was also stated that the patient had harassed staff and had in fact wasted time in attending on the practitioner in the first place, as they were seeking treatment which the practitioner could not provide. The OAIC’s investigation identified two additional records held by the practitioner that had not previously been provided to the patient. The practitioner had sought to charge the patient $440 for time taken to research the APPs and respond to the OAIC. In correspondence to the patient, the practitioner stated that if the patient paid the invoice, they would provide access to the personal information.
In determining whether the practitioner had breached APP 12, the Commissioner considered whether the patient’s request was vexatious or frivolous, and therefore the practitioner had grounds to refuse the access request. The Commissioner ultimately dismissed the practitioner’s argument, referring to the APP Guidelines which state that there must be a clear and convincing basis to decide that an access request is frivolous or vexatious, and causing inconvenience or irritation is not sufficient. It was found that although the patient may have already obtained copies of some of their personal information from other sources, this did not discharge the practitioner from the obligation to provide access to the personal information it held. Given that two further records were found to exist during the investigation, the Commissioner found it was not unreasonable for the patient to dispute the practitioner’s decision to refuse to provide access or make a second access request. The Commissioner declared that the practitioner had interfered with the privacy of the patient by refusing to give the patient access to their personal information, and by attempting to charge the patient an excessive fee.
The fact a patient has accessed personal information held by a health care practitioner in some other way, does not in itself discharge the practitioner from the obligation to provide access to the personal information. Such a request will not necessarily be considered vexatious or frivolous. When an access request is received, it is important to undertake a thorough review to identify all records held containing personal information, which may be captured by the request. Fees charged to a patient for access to their personal information, must be reasonable and proportionate. Generally, your fee should be set based on the real cost of copying and providing records. Such costs may include the actual cost of staff retrieving, reproducing and sending the personal information, and the costs of postage. Normally fees should not involve any significant component for reviewing the records to determine if appropriate for release. It is not reasonable to charge a patient for the time taken responding to the OAIC. We recommend speaking to MIGA's Claims and Legal Services team before refusing a patient’s request to access their personal information. It is essential that any grounds to refuse access are considered carefully before being relied upon, and even if access is refused, that you comply with minimum access requirements.
Insurance policies are issued by Medical Insurance Australia Pty Ltd (AFSL 255906). MIGA has not taken into account your personal objectives or situation. Before you make any decisions about our policies, please review the relevant Product Disclosure Statement (which can be found here) and consider your own needs. Information on this site does not constitute legal or professional advice. If you have questions, or need advice please contact us for assistance.