Today’s question is:
… a question in relation to privacy
Say a first aid organisation was providing Event Health Services coverage at an event small concert with primary school aged children singing.
The venue was the one who contracted the First Aid organisation not the schools of the participants.
Would it be a breach of privacy on the (schools behalf) for the first aid organisation to go around to each school group and ask what medical conditions their students have given that at this point in time no one is requiring medical attention.
I personally believe that they should only be provided with such information at the time that they become a patient and not beforehand.
It is not a breach of privacy for the first aid organisation to ask ‘what medical conditions their students have’; it may be a breach for the school to answer that question. However one can’t answer that in the abstract.
Collecting information about a child’s medical history is certainly collecting information that must be protected in accordance with the National Privacy Principles (Privacy Act 1988 (Cth) s 6 definition of ‘personal information’ and s 6FA ‘Meaning of health information’). Such information must only be used for the purpose for which it was collected (Australian Privacy Principle 6).
Would it be a breach of privacy? It would depend on what the person giving the information to the school consented to. What was the school’s privacy policy – did it say information would be given in those circumstances? Was there permission given in the attendance note? Is the information de-identified that is “we have three kids with peanut allergy” or specific – “Little Johnny, Julie and Tracy have peanut allergies”. Is the medical condition sufficiently serious and rare that the first aiders need to know in order to have specialised resources available?
One would need much more detail of the particular circumstances to answer that question.
Australian Emergency Law 
Good morning Michael.
Thank you for your insightful blog which is always very interesting.
As a facilitator of First Aid & Mental Health First Aid training I often deal with the topics of “Privacy” & “Confidentiality”, both of which are very different.
MY understanding is that Privacy relates to any information you obtain from an individual, whereas, Confidentiality refers to the situation where the previously obtained information is passed on to another person. There seems to be a great deal of confusion in the general community regarding these significant differences.
I would appreciate any dissertation you could provide on this matter.
Thank you & keep up the good work.
A.J. Simon. BHSc.
I’m not sure I see the difference as being so clear cut. The National Privacy Principles deal with the collection, storage and use of private information. Privacy in terms of the Privacy Act 1988 (Cth) (and state and territory equivalents that adopt the privacy principles) relates to both obtaining the information and passing it on to others.
Confidentiality or more specifically a duty to keep information confidential can arise in much wider circumstances. A doctor, priest, paramedic, lawyer all have duties to keep confidential information that is given to them by their patient/parishioner or client even though they may not be bound by the Privacy laws and even though the information may not be recorded anywhere other than the person’s memory. I would see the difference more as two sides of the same coin – if I have a right to privacy then a person to whom I give private information has a duty to keep it confidential. Privacy relates to me as the person that the information is about, confidentiality or the duty to keep information confidential relates to the person who holds the information about me.
I don’t see that “Privacy” & “Confidentiality” are ‘very’ different but I’d be happy to hear back if you want to expand on that idea further?