Today’s question is:

… a question in relation to privacy

Say a first aid organisation was providing Event Health Services coverage at an event small concert with primary school aged children singing.

The venue was the one who contracted the First Aid organisation not the schools of the participants.

Would it be a breach of privacy on the (schools behalf) for the first aid organisation to go around to each school group and ask what medical conditions their students have given that at this point in time no one is requiring medical attention.

I personally believe that they should only be provided with such information at the time that they become a patient and not beforehand.

It is not a breach of privacy for the first aid organisation to ask ‘what medical conditions their students have’; it may be a breach for the school to answer that question.  However one can’t answer that in the abstract.

Collecting information about a child’s medical history is certainly collecting information that must be protected in accordance with the National Privacy Principles (Privacy Act 1988 (Cth) s 6 definition of ‘personal information’ and s 6FA ‘Meaning of health information’).  Such information must only be used for the purpose for which it was collected (Australian Privacy Principle 6).

Would it be a breach of privacy? It would depend on what the person giving the information to the school consented to.  What was the school’s privacy policy – did it say information would be given in those circumstances? Was there permission given in the attendance note? Is the information de-identified that is “we have three kids with peanut allergy” or specific – “Little Johnny, Julie and Tracy have peanut allergies”.   Is the medical condition sufficiently serious and rare that the first aiders need to know in order to have specialised resources available?

One would need much more detail of the particular circumstances to answer that question.