Who can get access to your health history?

Fact Checked
Leon Della Bosca
Leon Della Bosca
Updated 30/10/2023
Who can get access to your health history?

The rules around who can access your health data have recently been tightened.

Time to read : 3 Minutes

Do you know who can access your medical history? Generally, the only person who can get your health history is your GP, but if you need to make a claim for your health or life insurance, your insurer may need to see this information as well.

The rules around who can get this information have recently been tightened. There's a data security standard called Standard 26 which deals with your personal data and how it's accessed.

What is Standard 26?

Standard 26 is a new standard for professionals regarding how they access your data. This applies to:

  • medical professionals (like your GP and dentist).

  • insurance companies.

  • motor accident and workers’ compensation agencies.

  • solicitors.

  • welfare agencies.

  • financial institutions.

The rules around gaining your consent for access to your health information were tightened from July 2021. The process covers the required authorities organisations and professionals must obtain before they can access your medical information - and this is a good move.

How do other people get access to your health records?

Your GP already has access to your comprehensive health records containing important - and highly personal - information about you.

Third parties, including insurance companies, motor accident and workers compensation agencies, as well as welfare agencies and solicitors, can request access to your medical information, but they won't automatically get it. The Standard for sharing this information has changed.

How has Standard 26 changed?

Firstly, health insurers need to ask for your authority to access your health information. They can do this in two standard ways. 

Authority 1: when you allow your health provider(s) to release your health information to your insurer/s.

Under this authority, your GP can provide a medical report to the third party (like your insurer or medical specialist). Their report may include statements of fact as well as medical opinion. (Note that this doesn’t include your GP’s consultation notes). 

Authority 2: involves you giving your insurer access to a full copy of your medical records, including any GP consultation notes.

GPs are not allowed to release your medical information to a third party without your consent, unless they are legally compelled to do so (e.g. by a subpoena, court order, or summons). Your consent must be obtained, and this consent must always be documented.

How do you give your insurer permission to access your medical information?

  • by signing a paper copy for each authority detailed above.

  • by verbally consenting (for example when taking out an insurance cover over the phone).

  • by using your digital signature on an online form.

A range of legal protections prevent third parties (such as employers or insurers) from accessing your medical records without your authority. 

What happens when I make a major claim on my life or health cover?

When you claim personal injury compensation or an insurance benefit, you generally waive these protections (note that these rules vary across states and territories, and by insurer). This is so insurers (and their lawyers) may verify any history of prior complaints or similar injuries.

If you make a claim based on a specific health condition and its impact on you, such as trauma insurance, your medical records can legally be shared and seen by others as part of the investigation into your claim. Any substantial insurance claim involves a detailed analysis of your medical records before and after sustaining your injury or disability.

If you have a claim for compensation that leads to a legal challenge, your doctor (or another allied health provider) can be legally compelled to hand over any health information relevant to your claim.

The bottom line:

Generally speaking, no one can access your health history without your recorded authority - at least not without the backing of the law. There are a couple of qualifiers to this:

  • A number of third parties may request access to your health records during your lifetime.

  • Refusing to authorise access to your medical records in support of your insurance claim may impact your outcome.

Disclaimer: This article is opinion only. Always check with a financial professional before making a decision. Compare Club does not compare all Income Protection policies from all insurers available in market.

Compare Club
  • linkedin-circle-white
  • instagram-circle-white
  • tiktok-circle-white
  • facebook-circle-white
  • youtube-circle-white

Compare Club Australia Pty Ltd (CCA) is a corporate authorised representative (AFS Representative number 001279036) of Alternative Media Pty Ltd (AFS License number 486326). CCA is a credit rep (Credit Representative Number 519886) of Alternative Media Pty Ltd (ACL Number 486326). The financial products compared on this website do not necessarily compare all features and products in the market that may be relevant to you.

Comparisons are made on the basis of price only and different products may have different features and different levels of coverage. Not all products are available to all customers. Information found on the Compare Club website is for general purposes only. Before using our website, you must review our Terms of Use, the Privacy Policy, Financial Services Guide (Life Insurance Products), Financial Services Guide (General Insurance) and Credit Guide (Home Loans).

© 2024 Compare Club. All Rights Reserved