Medical Data: Balancing Privacy and Legal Needs in Inheritance and Liability Cases

Medical Data: Balancing Privacy and Legal Needs in Inheritance and Liability Cases

In Thailand, the disclosure of medical records involves a delicate balance between protecting patient privacy and enabling access for legitimate purposes, such as legal proceedings. A landmark 2025 ruling by the Official Information Board’s Appeal Committee (Social Affairs, Public Administration, and Law Enforcement Branch) illustrates this principle: a public hospital initially refused to release a deceased patient’s treatment history, but the board overturned the decision, ordering disclosure to support a civil lawsuit.

Case Summary: Authorized Representative Seeking Records for Tort Claim

The appellant sought the medical treatment records of “Ms. K.” (a pseudonym), their full sibling who had passed away. The hospital denied the request, citing privacy concerns.

On appeal, the Committee found that:

• The appellant was acting under a power of attorney granted by “Mrs. B” (the mother of the deceased and a legal heir).
• The records were needed to support a tort lawsuit alleging medical negligence that contributed to Ms. K.’s death.
• Since the patient was deceased and unable to request the records herself, the authorized representative was exercising rights on her behalf.
• This was pursuant to the Ministerial Regulation No. 2 (B.E. 2541 (1998)) issued under the Official Information Act, B.E. 2540 (1997), which allows designated representatives to access information when the data subject is incapacitated or deceased.

The Committee explicitly ruled that this did not constitute a request for “another person’s health information” under Section 7 of the National Health Act, B.E. 2550 (2007). After weighing the agency’s legal duties, public interest, and private benefits, the board concluded that disclosure was justified, with appropriate redactions for unrelated personal data.

This decision reinforces that authorized heirs or representatives can access deceased patients’ records for legitimate legal purposes without violating core privacy protections.

Key Legislation Governing Medical Record Disclosure:

1. Official Information Act, B.E. 2540 (1997) Public agencies, including state hospitals, must disclose official information upon request (Section 11). Exceptions include personal data where disclosure would unreasonably invade privacy (Sections 14-15). Appeals against refusals are handled by the Official Information Board, whose rulings are binding. Ministerial Regulation No. 2 (B.E. 2541) specifically permits representatives to act for deceased or incapacitated individuals.
2. National Health Act, B.E. 2550 (2007) Section 7 protects health information privacy and restricts disclosure of “another person’s” data without consent. However, as clarified in this ruling, requests by authorized representatives of deceased patients fall outside this prohibition when tied to legal rights.
3. Personal Data Protection Act, B.E. 2562 (2019) (PDPA). Health data is sensitive personal data requiring strict protection. Exemptions apply for legal claims, compliance with law, or court processes. Disclosures mandated by the OIB under the OIA are generally permissible.
4. Medical Profession Act, B.E. 2525 (1982), and Hospital Regulations. These impose confidentiality on healthcare providers but allow exceptions for legal obligations or authorized requests.

How These Laws Interact:

The system operates through complementary layers:

• Patient/Representative Rights vs. Third-Party Requests: Direct access (by patients or proxies) is facilitated under the National Health Actม B.E. 2550 (2007)  and OIA regulations, while unrelated third-party requests face higher barriers.
• Privacy vs. Justice: Hospitals often invoke Section 7 of the National Health Act, B.E. 2550 (2007) or PDPA to refuse, but the OIB can override when disclosure serves legal accountability (e.g., malpractice suits) without undue harm.
• Deceased Persons’ Data: Post-mortem privacy persists, but heirs’ inheritance or liability claims create legitimate interests, resolved via representative powers under OIA regulations.
• Enforcement Mechanism: OIA appeals provide an administrative remedy, binding on public agencies. Parallel court subpoenas or PDPA complaints may arise in complex cases.

This ruling sets valuable precedent for families pursuing medical negligence claims after a relative’s death. Individuals facing similar denials should document authorization (e.g., power of attorney from heirs) and appeal through the Official Information Commission (oic.go.th). Consulting legal experts or the Ministry of Public Health can further clarify rights in such sensitive matters.

Author: Panisa Suwanmatajarn, Managing Partner.

Other Articles

• Employment: Supreme Court Judgment No. 9052/2559 Reinforces Protections for Older Workers in Thailand’s Private Sector
• Ride Sharing: Guidelines for Platforms and Drivers Under New Strict Regulations
• Asia IP – Lesson from Taylor Swift
• Digital Advertising: Enhanced Regulations on False and Misleading Advertisements
• Asia IP – Cartoons and characters on merchandise: All about character licensing and IP protection
• Thailand Tightens Trade and Transshipment Regulations Amid Global Pressure