Consent and Confidentiality in Telehealth

Telehealth makes healthcare easier to access, but it also changes how care is delivered: you're interacting through a platform, sharing information digitally, and sometimes receiving documents like medical certificates, prescriptions, and referrals electronically. That naturally raises two important questions: “What am I consenting to?” and “Who can see my information?”

In Australia, telehealth should meet the same fundamental expectations as in-person care: informed consent, confidentiality, and respectful handling of sensitive health information. Telehealth providers and clinicians still have professional obligations to protect privacy, keep information confidential, and explain how your information will be used. But digital systems introduce extra steps like account setup, electronic communications, and third-party service providers, so consent and confidentiality must be handled carefully.

This article explains consent and confidentiality in telehealth in practical terms: what informed consent means, how confidentiality is protected, when information may be shared, exceptions to confidentiality, and what patients can do to protect their own privacy. This content is general information only and not legal advice.

What is consent in telehealth?

Consent means you agree to the consultation and the handling of your information after you understand what will happen. In telehealth, consent usually covers several things:

• Consent to receive care via telehealth rather than face-to-face.
• Consent to provide personal and health information needed for assessment and treatment.
• Consent to communications related to care (for example, messages, notifications, and document delivery).
• Consent for sharing information with third parties involved in your care (for example, pharmacies or referral providers) when necessary.

Consent is meaningful only if you understand what you're agreeing to. That's why good platforms explain the process clearly and give patients the chance to ask questions.

What “informed consent” means in an online consultation

Informed consent means you are given enough information to make a reasonable decision. In telehealth, this typically includes understanding:

• What the consultation involves and how it will be conducted.
• Any limitations of telehealth (for example, reduced ability to do a physical exam).
• What information will be collected and why.
• How your information will be stored and protected.
• How documents like prescriptions and referrals will be delivered.
• What happens if telehealth is not clinically appropriate and you need in-person care.

If you'd like a suitability guide, read When Telehealth Is Clinically Appropriate and When Telehealth Is Not Appropriate.

Can you withdraw consent?

In many situations, yes. For example, you can usually choose not to proceed with a telehealth consultation, and you can decide not to provide optional information. However, if the information is necessary for safe assessment, refusing to provide it may mean the clinician cannot safely proceed or cannot provide certain services (such as prescribing or issuing documents).

In practical terms, telehealth is a partnership: the clinician needs enough information to provide safe care, and patients should feel respected and informed throughout the process.

What is confidentiality in telehealth?

Confidentiality means your health information is private and is not shared without a valid reason. In telehealth, confidentiality covers the same clinical information as in-person care: your consultation details, medical history, prescriptions, referrals, certificates, and results.

Confidentiality is supported by:

• Professional obligations for clinicians.
• Privacy governance and policies.
• Technical security controls (secure accounts, encryption, access control).
• Operational controls (staff training and limited access to records).

For a platform-level explanation of protections, read How Telehealth Platforms Protect Patient Privacy.

Who can access your telehealth records?

In a privacy-first telehealth platform, access is limited to people who need it for care or essential operations. Typically:

• You can access your own information through your account.
• Your treating clinician can access the information needed to deliver your care.
• Support staff access is limited and controlled, usually focusing on account or technical support rather than clinical content.
• Any additional access should be logged and subject to oversight.

Audit logs and role-based access controls are key mechanisms that support confidentiality at scale. For storage controls, read How Patient Health Information Is Stored Securely.

When telehealth platforms may share your information

Confidentiality does not always mean “never shared”. Sharing can be appropriate and expected when it supports your care, but it should be limited to what is necessary and done securely.

Sharing with pharmacies

If you receive a prescription, information may be shared with a pharmacy to dispense the medicine. Often, electronic prescriptions are provided as tokens to reduce unnecessary disclosure. For more detail, read Electronic Prescriptions Explained.

Sharing for referrals and investigations

If you receive a referral to a specialist, pathology provider, or radiology provider, your referral will typically include clinical information relevant to the reason for the referral. This helps the receiving provider perform the right test or deliver the right care. For referral basics, read Can Telehealth Doctors Provide Specialist Referrals?, What Is a Pathology Referral?, and What Is a Radiology Referral?.

Sharing within the platform for operational reasons

Platforms may use third-party services for hosting, SMS delivery, payments, or video infrastructure. Privacy-first services minimise what is shared, use reputable providers, and apply strong security controls. Transparency is important, and patients should be able to understand these arrangements through privacy notices.

Exceptions to confidentiality

While confidentiality is a core expectation, there can be exceptions. The exact boundaries depend on circumstances, but in general, confidentiality may be limited where:

• There is a serious and immediate risk of harm that requires escalation.
• There are legal obligations to disclose information in specific circumstances.
• Disclosure is required to coordinate care safely (for example, emergency escalation pathways).

In most routine telehealth interactions, confidentiality applies strongly, and disclosures should be limited and purposeful.

Consent and confidentiality when issuing medical certificates

Medical certificates contain health information and should be handled carefully. Consent includes understanding what the certificate states and who you will share it with. Platforms should provide certificates securely, and patients should share them only with the intended party (such as an employer or educational institution) and only as required.

For privacy considerations in this area, read Medical Certificates and Patient Privacy and What Makes a Medical Certificate Valid.

Recordkeeping and why telehealth keeps notes

Patients sometimes worry, “Are my telehealth notes stored forever?” Telehealth services keep records to support continuity of care, quality and safety, and professional accountability. Retention practices should align with healthcare recordkeeping expectations, but privacy-first platforms also avoid keeping unnecessary information and apply secure retention and deletion controls where appropriate.

For the legal and principles overview, read Australian Privacy Laws in Digital Healthcare.

Practical privacy tips for patients during telehealth

Confidentiality is strongest when both the platform and the patient do their part. Simple patient steps include:

• Use a unique password and enable device lock (PIN/Face ID).
• Take consultations in a private room and use headphones if needed.
• Avoid public Wi-Fi for sensitive consultations where possible.
• Keep eScript tokens and documents private and don't forward unnecessarily.
• Use personal email accounts rather than shared inboxes.

If you need a broader preparation checklist, read Preparing for a Telehealth Appointment.

How Dociva supports consent and confidentiality

Dociva is designed around privacy-first telehealth, with clear consent-focused workflows and confidentiality protections such as controlled access, secure document delivery, and privacy-aware communication methods. The platform aims to minimise unnecessary data collection, restrict access based on role, and support secure clinical documentation. If you want updates during pre-launch, use pre-launch sign-up.

Frequently Asked Questions (FAQs)