Appendix 5: Medical students’ obligations under the NSW Health Records and Information Privacy Act

One of the main ethical obligations of a medical student is to maintain confidentiality of patients. The Health Records and Information Privacy Act (HRIP Act), which came into force in 2004, makes protection of a patient’s privacy a statutory requirement. This legislation reinforces your obligations with respect to confidentiality and sets out a patient’s rights and a health professional’s obligations.

The HRIPA lists 15 “health privacy principles (HPPs)” that you will need to understand. These are legal obligations describing what organisations (NSW public and private sector) must do when they collect, hold, use and disclose health information. These obligations apply to organisations where you will be undertaking clinical practice attachments.

The Act specifically requires that an ‘organisation’ is not permitted to use or disclose a patient’s health information for any purpose other than that for which it was collected, or a directly related purpose, without the patients consent. (HPPs 10 and 11). This means that usually, health professional students including medical students are not entitled to be privy to a patient’s medical information without the patient’s consent. The HRIPA does allow limited exceptions to this rule, described in the Statutory Guidelines for Training that accompany the Act, in order to allow trainees such as medical students to access health information in certain circumstances without the patient’s consent. To satisfy this ‘training exemption’ you must read this document and sign the undertaking that follows.