With high profile data breaches, privacy has been in the headlines. But sometimes medical practices, including alternative health practitioners and pharmacies, overlook auditory privacy.
With patients and consumers more aware of their rights than ever before, practices need to be careful to comply with the law. Especially when fines and other sanctions can result.
What is auditory privacy?
Auditory privacy ensures that other people cannot overhear a consultation. (Criterion GP5.1, Royal Australian College of General Practitioner Standards 5th Ed. (RACGP Standards))
With modern design constraints, it is increasingly challenging to fulfil this legal obligation. In fact as medical and psychological practices switch to smaller rooms and ‘green’ fit-outs, the low ambient background sound levels make this even more problematic.
Why is it so important?
Breach of a patient’s privacy can result in significant medico-legal, reputational and commercial risk. There are both legal1 and ethical requirements to ensure that patients’ personal information is not available to others. Ensuring that auditory privacy is maintained will protect both patients and providers from the negative consequences of a lack of privacy.
If patients sitting in the waiting room can overhear health or other personal information being provided by the receptionist, they may be concerned that their own information is unsafe. Similarly, a patient who can overhear a conversation in an adjoining consulting room may be worried that their own consultation could be overheard.
This could result in patient complaints, medico-legal investigations or claims, and could see patients switch to another practice.
Case Study Example
Patient A telephones their GP clinic to ask whether the results of their blood tests have arrived. As part of the clinic’s usual process, the receptionist asks Patient A to confirm their identity by providing their full name and date of birth. The receptionist repeats the name and date of birth over the phone as that information is given to them. These details can be overheard by other patients in the waiting room, including Patient B who knows Patient A. The receptionist then proceeds to tell Patient A that their results have arrived, and that the conclusion on the report says that they have very low iron levels.
Later that day Patient B contacts Patient A and mentions Patient A’s blood test results. Patient A is confused how Patient A knows of the results, and Patient B explains that they overheard them at the GP clinic.
If Patient A commenced a complaint against the clinic, the clinic would be at risk of findings that the clinic had not complied with the obligations surrounding use or disclosure of personal information, and regarding security of information. Depending on the effects of the breaches and Patient A’s approach, potential steps to resolve the complaint may range from provision of an apology to payment of compensation.
How do I ensure privacy?
The RACGP guidelines suggest the following:
The auditory privacy of consultation rooms can be significantly enhanced by having solid doors (rather than doors with paper cores), using ‘draught proofing’ tape around door frames and a draught excluder at the base of the door. (Criterion GP5.1)
Unfortunately, these measures can be expensive. One cost effective solution is acoustic sound masking. This solves the problem of sound transference through air vents, via light fittings and over walls.
Integrating solutions at the design stage can help. For example, minimise reverberant shiny surfaces. If reverberation is already in place, offset the issue by adding soft furnishings. Designing the floor plan to allow for as much space between consultants can assist, as can the use of acoustic plaster. Reconfiguring furniture in an existing space can have a similar effect. Investing in an acoustic consultant’s advice can also ensure that a practice complies with its auditory privacy obligations.
- In Australia, the relevant federal legislation is the Privacy Act 1988 (Cth), which includes the Australian Privacy Principles (APPs). The Office of the Australian Information Commissioner (OAIC) administers the Act, including a range of penalties for non-compliance. Some states have their own health privacy legislation. For example, Victoria administers its health privacy through the Health Complaints Commissioner. The RACGP Standards also offer guidance on practices’ obligations to ensure auditory privacy is maintained (see Criterions 1.1, 4.2 and 5.1). ↩︎