Disclosure of information


Just as consent is required for medical treatment, consent may be required for disclosure of information. Consent is obtained if a patient has capacity to give consent and knows how and why their information will be used.  If a patient's record contains particularly sensitive information, for example, information concerning a sexual assault, it would be advisable to inform them about how their information will be handled and their consent obtained.

There are many exceptions to the general rule requiring consent for disclosure.  Practitioners often need to share information to deliver optimum health care.  However, only information required for the treatment of the patient should be shared. Group practices should formulate clear internal communication policies and procedures in order to exercise reasonable care, particularly in sensitive situations such as delivering test results.

There are other significant exceptions to this general rule. Disclosure is permissible during emergencies where neither the patient nor the patient's representative can provide consent. Disclosure of information may be required by law. For example, every state and territory has legislation mandating the notification of certain infectious diseases to health authorities. Notification requirements prescribed by law vary between jurisdictions. Depending on the state or territory, notifications may be required in code, or by name.

Disclosure of a person's health status without their consent is not justified where the observance of standard infection control precautions makes disclosure unnecessary. However, disclosure may be warranted to prevent or lessen a threat to life or wellbeing of a person, or to lessen a threat to public health or safety. A health care worker may have suffered a needle-stick injury in circumstances where there is a real risk of transmission and it is not possible to conceal the identity of the source patient who has refused to consent to disclosure. A practitioner may form the view that a third party may be at risk of contracting a notifiable disease because of their patient's actions. In such instances, law and/or policy may authorise or permit a practitioner to report this to their health department or take other action.

Section 56(4) of the NSW Public Health Act 2010 allows information to be disclosed to the Secretary if a medical practitioner has reasonable grounds to suspect that failure to disclose the information is likely to be a risk to public health.

Section 55 of the Victorian Public Health and Wellbeing Act 2008 allows a person to disclose information to the Department of Health if the person reasonably believes that the disclosure is necessary to assist the Secretary, Chief Health Officer or an authorised officer of the Department to exercise a power under the Act.

Under section 49 of the South Australian Public Health Act 2011, the Chief Public Health Officer may require a person to provide information reasonably required for the purpose of the Act.

In Western Australia, under s276A of the Health Act 1911, if a practitioner has reasonable grounds for believing that a patient may engage in behaviour that is likely to put other persons at risk of HIV transmission, he or she may provide that patient's name, address and telephone number to the Department. (Note: this is ONLY for HIV/AIDS and does not include other ‘notifiable conditions’ unlike other sections noted here.) The Executive Director Public Health may also require this information.

Under the Northern Territory Notifiable Diseases Act 1981, section 8 states that if a medical practitioner considers a person may be infected with a notifiable disease, they are to advise the Department. According to section 9, an infected person must provide the medical practitioner with the names and addresses of all persons from whom the notifiable diseases may have been contracted. A person suspected of being infected must provide the names and addresses of all persons with whom he or she has been in contact during a time specified by the medical practitioner.

In Tasmania, as per section 147(3) of the Public Health Act 1997, disclosure that a person has a notifiable condition is permissible where it is to a person authorised by the Director, or disclosure will help manage a threat to public health or a likely threat to public health. Under s147(3)(e) disclosure of personal information is authorized if the disclosure is for the purpose of the management, detection, notification, treatment or prevention of the spread of a notifiable disease or notifiable condition. This is a lower threshold than ‘managing a threat to public health or a likely threat to public health’.

In Queensland, the Public Health Act 2005, includes some noteworthy exemptions: Chapter 3 section 108 – Disclosure of confidential information may be authorized by the chief executive to protect the health of the person, or another person; section 109 – Disclosure of confidential information may be authorized by the chief executive if they believe, on reasonable grounds, that the disclosure is in the public’s interest and has authorised disclosure in writing. Under section 109, the department must include in an annual report if disclosure under s109 occurs.

Finally, under section 108 of the ACT Public Health 1977 responsible persons may advise the Chief Health Officer where a patient with a notifiable condition refuses to advise contacts and be authorized to inform contacts. Departments may also have protocols in place specifically addressing what is to happen when it is believed that a person living with HIV is placing others at risk.


The Office of the Australian Information Commissioner has guidelines about consent:

  • The individual is adequately informed before giving consent
  • The individual gives consent voluntarily
  • The consent is current and specific, and the individual has the capacity to understand and communicate their consent


Page last updated October 2022