MediCompare Patient Guide to Understanding Your Telehealth Rights: Consent, Data Privacy, and Recourse

The vast majority of Australians use telehealth providers, but user reviews show that we don’t always fully understand our rights as patients. This article provides helpful information on your rights as a telehealth patient, including data privacy, informed consent, and culturally sensitive services.

Before providing a service to you, telehealth providers must ensure they have received your informed consent. This could be presented as a disclaimer during the booking process or a box referring to the provider’s terms and conditions, as well as their privacy policy, for you to tick.

Prices and services must be presented transparently. This also means the provider should clearly state their billing arrangement, e.g. Medicare rebates and gap payments. While not all providers offer consultations covered by Medicare, certain populations, such as infants and patients experiencing homelessness, are covered under Medicare. It may be advisable to check for providers offering fully bulk-billed sessions in those cases or, indeed, opt for fully bulk-billed providers such as Abby Health. You can use the MediCompare tools to identify those service providers. Bottom line: If you have a Medicare card, you are entitled to fully bulk-billed telehealth services, where they are clinically appropriate and available. Private telehealth providers may not always offer bulk-billed services, however.

Additionally, and this is not widely known, telehealth patients have the right to have support persons present. This is particularly relevant in aged care settings or for patients requiring interpreters (which are also available free of charge and should be offered as part of culturally sensitive telehealth) [1].

One of the most important aspects is privacy and confidentiality. This reflects the same standards as in-person consultations, but does require additional measures due to the online nature of virtual consultations. Telehealth providers must ensure their platforms provide a secure, confidential environment.

Data privacy and security are key to safeguarding your personal and health data. The Privacy Act 1988 and the Australian Privacy Principles (APPs) guide these practices [2]. The Privacy Act requires telehealth providers to have a clear privacy policy that outlines how personal and health data are collected, used, stored, and shared.

When using a telehealth provider, you share sensitive information like contact details, medical records, and billing information, which the provider should only share with other health services. It requires explicit consent to share it with third parties [3].

In addition to providing a secure platform for your video or phone call, the telehealth provider must store your data safely and transmit it securely. The provider also requires your consent to share your health information with your primary care provider – except for specific circumstances requiring urgent intervention.

While it is not common practice, some telehealth providers share your information with overseas third parties. If this is the case, the provider must inform you explicitly, as different privacy laws apply. If you are concerned about your data, you may check directly with your telehealth provider or their privacy policy.

Also, the provider must inform you promptly if there is any kind of security breach involving your data.

The Privacy Act gives patients the right to access their health information – in a suitable format. Many providers directly enter your information into My Health Record, which gives patients control over who can view their data.

Beyond this, telehealth providers must also allow patients to view and, if necessary, correct their records. This process should be simple and user-friendly.

Any staff who access or handle patient data must be appropriately trained in privacy obligations to ensure data security [2].

Telehealth providers must have processes in place to inform patients of data breaches and handle privacy inquiries or complaints. This process should be clearly outlined in their privacy policy [3].

If a telehealth provider or a treating healthcare practitioner fails to comply with any of the obligations mentioned above, you can lodge a complaint with the AHPRA [4] via web form or by calling 1300 419 495. They can also guide you on further steps, including lodging a formal complaint with your state’s department of health or the national ombudsman. The Australian Commission on Safety and Quality in Health Care provides explainer videos and relevant state information [5].

This article is for informational purposes only and is no substitute for professional medical advice. Please choose your provider with care. Always consult your doctor or a qualified health professional regarding any health-related questions or concerns.

[1] Medical Board of Australia - Telehealth Consultations
[2] OAIC Guide to Health Privacy
[3] MediCompare Guide to Understanding Telehealth Providers' Privacy Policies
[4] AHPRA Complaints
[5] Australian Commission on Safety and Quality in Health