SPECIFIC PRIVACY INFORMATION FOR:
- Federal Privacy Law
- About the Office
- Frequently Asked Questions
- IT and Internet Issues
- Media and Speeches
- Publications
- Privacy Links
- Contact us
August 2006
This report presents the findings of a major review of the Privacy Guidelines issued for the handling of Medicare and PBS claims information by Australian Government agencies.
This review has been a significant project for my Office since being announced in November 2004, and has included an extensive consultative process.
The report has drawn on information from a variety of sources including individuals, businesses, health sector professional bodies, interest groups, and government agencies across all jurisdictions.
The issue of how health information should be handled elicits a diverse range of views, and my Office has benefited from the thoughts and expertise provided during the consultations and through the submissions.
I also thank those who contributed to the Consultative Group and to the members of my Office's Health Privacy Forum.
I am grateful to my staff for their contribution to this review. I particularly acknowledge the major contributions of Andrew Solomon, Andrew Hayne, Robyn Longhurst, Nicholas Burrage and Douglas Barry to this review.
My Office will now proceed to write guidelines that reflect the findings detailed in this review.
Karen Curtis
Privacy Commissioner
July 2006
This report makes 25 findings on matters related to the Guidelines. Some of these findings will require new Guidelines to be made, while others describe the Office's interpretation of matters relevant to the Guidelines.
The key findings are:
An additional permitted linkage for claims information should be for the purpose of an individual accessing their record (see Finding 2)
A number of stakeholders advocated for a expansion in the purposes for which claims information may be linked. In some cases, some of these purposes can already be met under the Guidelines. Generally, the review found that a wide expansion in the permitted purposes would be inconsistent with the intent of the enabling legislation.
The review did find merit in linkages being permitted for the purpose of providing an individual with a single report of the Medicare and PBS claims history.
The prohibition against storing Medicare and PBS claims information should apply to all agencies. (see Finding 23)
It is fundamental to meet the requirements of the enabling legislation that the Guidelines must prohibit Australian Government agencies from storing Medicare and PBS claims information on the one database. The current Guidelines do not adequately ensure this and one or more further guidelines will be needed to meet this requirement.
Changes should be made to the periods for which Medicare Australia may retain claims information in linked and unlinked form (see Finding 6, 7 & 8)
A number of findings have been made concerning how Medicare Australia may handle claims information. The period of time for which it may retain linked datasets will not be prescribed as a set period. Rather, these datasets should be retained for as long as is necessary to meet the purpose for which they are made. Such an arrangement is only acceptable to the extent that Medicare Australia remains restricted in regard to the reasons for which it may link claims information.
It has also been found that the existing 5 year retention period for which Medicare Australia may retain claims information imposes an unnecessary administrative burden, without affording commensurate additional privacy protections. The review has found that this arrangement should be changed so that Medicare Australia may retain claims information permanently, but in a form in which individuals cannot routinely be identified.
In regard to these changes, Medicare Australia should have additional reporting obligations to the Privacy Commissioner.
Some changes are required in regard to how the Department of Health and Ageing may handle claims information (see Findings 14-21)
The review has found that the Guidelines should make clear that the Department of Health and Ageing, as an agency, is prohibited from storing claims information from both programs on the one database.
The review has also made findings intended to clarify other aspects of how the Guidelines apply to the Department, including in regard to the exercise of discretionary powers by the Secretary.
On 8 November 2004, the Privacy Commissioner announced that the Office of the Privacy Commissioner ('the Office') would conduct a Review of the Medicare and Pharmaceutical Benefits Programs Privacy Guidelines1 ('the Guidelines'). These Guidelines are issued by the Privacy Commissioner under section 135AA2 of the National Health Act 1953 ('National Health Act'). Issuing the Guidelines is a function of the Privacy Commissioner under section 27(1)(pa) of the Privacy Act 1988 (Privacy Act).3 The Guidelines and text of section 135AA are at Appendices A and B respectively.
The Guidelines were first issued by the Privacy Commissioner on 24 November 1993 and came into effect on 15 April 1994. The last comprehensive review of the Guidelines took place in 1995, and the last amendment to the Guidelines was made in 2000.
A number of factors point to the timeliness of this review, including:
The Review is a general review of all the provisions of the Guidelines.
The Office's purpose in reviewing the Guidelines is to ensure that the Guidelines, in their current form, achieve the intent of section 135AA of the National Health Act and are user-friendly in language, style and format.
The Review has been limited to the Guidelines and is not a review of section 135AA of the National Health Act. It is not within the scope of the Review to make findings regarding this legislation.
If stakeholders have views on the enabling legislation for the Guidelines, then an appropriate forum may be the Australian Law Reform Commission's (ALRC) current inquiry into the Privacy Act and related laws.
Further information on the ALRC's inquiry can be obtained from the ALRC at www.alrc.gov.au, or by phone (02) 8238 6333 or TTY (02) 8238 6379.
The Privacy Commissioner encouraged agencies, organisations and the general public to participate in the Review in a number of ways, including:
To assist stakeholders in contributing to the review, the Privacy Commissioner released an Issues Paper on 8 November 2004.6
The Issues Paper raised a number of topics concerning the Guidelines. These included the health environment, information linkage and secondary uses of health information, the retention of claims information, as well as issues surrounding consent and access, community attitudes and the ease of use of the Guidelines.
Those matters raised in the Issues Paper were not intended to be exhaustive, but were intended to encourage submissions on a broad range of issues which it was felt may help to inform the Office's considerations.
The Office conducted a series of open forums in all states and territories except Western Australia.7 Forums were held in 2004 in Brisbane (22 November), Darwin (25 November), Adelaide (29 November), Melbourne (7 December), Hobart (9 December), Canberra (14 December) and Sydney (15 December).
These forums were attended by representatives of the Australian, State and Territory governments, the private sector and individuals from the health sector, including, general practitioners, researchers, consumer advocates and members of the public.
The Privacy Commissioner received 35 written submissions to this review. Of these, three submitters requested that their names and or submission be treated confidentially. The remaining 32 submissions can be found on the Office's website.8 A list of submitters is at Appendix C.
At the end of the public consultation process, the Privacy Commissioner formed a consultative group to assist in considering issues raised in the review. This group consisted of the:
This report brings together the views of stakeholders expressed in submissions and public forums. The report's findings are drawn from an analysis of these views and from the Office's experience with the Guidelines.
Amendments to the Guidelines subsequent to this review would be given effect by way of an instrument lodged with the Federal Register of Legislative Instruments (FRLI). This Report does not alter the Guidelines as reviewed.
The Office will now proceed to write Guidelines that reflect the findings of this report. The Office will consult with Medicare Australia and the Department of Health and Ageing, which hold the information the Guidelines relate to, to ensure that there are no unintended consequences and to allow for any transitional arrangements.
This report is structured around those Guidelines identified as being of key concern to stakeholders during the review. These are:
The purpose of the Guidelines is to give effect to section 135AA of the National Health Act. The Guidelines provide specific standards and safeguards for the way individuals' Medicare and Pharmaceutical Benefits Scheme (PBS) claims information, when stored in computer databases, is handled by Australian Government agencies. These standards are in addition to any requirements that may be imposed by the Information Privacy Principles (IPPs) contained in section 14 of the Privacy Act.
The primary objectives met by the Guidelines concern ensuring the separation of claims information made under each of the Medicare and PBS benefits programs, as well as establishing the circumstances under which this information may be linked. The Guidelines also prescribe periods of time for which claims information may be retained in various forms.
Section 135AA(1) prescribes that the Guidelines apply to information that:
Significantly, the Guidelines apply to Medicare and PBS claims information whether or not an individual's identity is apparent or can be readily ascertained. This is discussed further under 'Meaning of claims information' at page 65.
The Guidelines prohibit the claims information from each of the Medicare and PBS benefits programs being stored on the same database. However, the Guidelines do not require that the Medicare and PBS claims information must be kept on separate computers.
The Guidelines are legally binding.
At the time they were made, the only relevant agencies to which the Guidelines applied were the Health Insurance Commission (HIC) (now Medicare Australia) and the Department of Health, Housing, Local Government and Community Services (now, the Department of Health and Ageing (DoHA)).
In 2005, the HIC became Medicare Australia. This was given effect by the Human Services Legislation Amendment Act 2005, which established Medicare Australia and amended other legislation accordingly. Section 717(1) of the Amendment Act provides that if an instrument is in force immediately before the commencement time and the instrument refers to the HIC, then the instrument continues to have effect from the commencement time as if the reference to the HIC is a reference to the Medicare CEO.
In its discussion of issues and in its findings, this report uses the agency's new nomenclature, Medicare Australia. However, when directly citing from the current Guidelines or quoting submissions, "HIC" is used.
Part A of the Guidelines regulates certain acts and practices regarding the handling of claims information by Medicare Australia.
Medicare Australia is a statutory authority responsible for administering many health programs, including Medicare, and for the processing, payment and recording of information associated with claims under the PBS and Medicare Programs (see, www.medicareaustralia.gov.au). Medicare Australia describes its functions as including monitoring possible fraud and over servicing practices.
Medicare Australia provides copies of Medicare and PBS claims information to DoHA on a daily basis. Importantly, this information does not contain information that would allow the identification of the individual about whom the information relates. This is sometimes referred to as 'de-identified' data (the meaning of 'de-identified' is discussed further at page 63).
The Office understands that Medicare claims information held by Medicare Australia includes:
PBS claims information held by Medicare Australia includes:
Medicare claims information is not stored by the individual's name or Medicare card number, but by a Medicare PIN (Personal Information Number) generated internally by Medicare Australia. The creation of this PIN is permitted by the Guidelines for the purpose of handling claims information. Under the Guidelines, the PIN is a unique number for each individual, and is not generated from the individual's Medicare card number, address or date of birth.
Key Guidelines that apply to Medicare Australia include:
Part B of the Guidelines apply to DoHA, which holds copies of Medicare and the PBS claims information that has been stripped of "personal identification components".11 This information includes, for example, the type of consultation service and the provider's name, as well as an encrypted form of the Medicare Australia PIN.
Medicare Australia provides regular updates of this information to DoHA. This information is described as "de-identified" in the Guidelines, a term not defined in either the Guidelines or section 135AA.
DoHA uses the claims information to assist with policy development, to review programs, for research purposes, to report on health system performances and to survey health trends.
DoHA discloses this claims information in aggregated form (the combined statistics about many individuals brought together for a particular purpose but which do not identify any particular individual) unless otherwise authorised by the secrecy provisions of the National Health Act, including where disclosure is considered "necessary in the public interest".12
DoHA's practices in regard to claims information stored without Personal Identification Components are not covered by the IPPs. This is because such information would not fall within the definition of 'personal information' provided in section 6 of the Privacy Act. However, for reasons explained later in this report, the handling of claims information held by DoHA is regulated by the Guidelines.13
Key Guidelines that apply to DoHA are:
Section 135AA(2) expressly excludes from the Guidelines, information that:
Guidelines issued under section 135AA must give effect to the provisions of section 135AA.
As part of this review, it has been necessary to reflect on the legislative intention of section135AA that underpin the Guidelines and the policy objectives of that section.
In 1989, HIC set out a "Strategy Proposal for the Management of the Pharmaceutical Benefits Program". The strategy proposed that all pharmacists be connected on-line to the Medicare Australia computer system and that Pharmacists' claims for reimbursement be assessed at the time of dispensing. Some patient identification would be necessary to permit checking of a patient's eligibility for a full or part concessional payment. This meant that a person applying for concessional benefit would need to produce the entitlement card issued by the Department of Social Security (as it was at that time).
Amongst other issues, a number of privacy concerns were raised by health providers, the Privacy Commissioner and the public. These concerns included:
In light of these and other concerns, the Government decided that the proposal would not proceed and that privacy concerns would be considered before re-visiting any similar proposal.
In 1990, the Government announced new proposals for changes to the Pharmaceutical Benefits Scheme (PBS) including a system of on-line interactive checking of eligibility for pharmaceutical benefits, changes to the safety net threshold, the use of the Medicare card as a primary means of identifying entitlement, and the introduction of electronic lodgement for Pharmaceutical Benefits claims by pharmacists.
The Health Legislation (Pharmaceutical Benefits) Amendment Bill 1991 was introduced to Parliament to implement the Government's 1990 PBS on-line proposal.
Following debate, the Bill was amended during parliamentary consideration to provide that:
The last of these amendments led to the enactment of sections 135AA and 135AB of the National Health Act.
In his second reading speech for this bill, the then Minister for Aged, Family and Health Services noted that it was the right of the Government to protect taxpayers' money by "providing that only those eligible to receive benefits do in fact receive them".16
The Minister went on to respond to privacy concerns raised by the proposals:
"This Government is committed to ensuring that Australians are protected from misuse of personal data collected in the course of the administration of Government programs."
The report produced by the Auditor-General and the Department of Finance17 concluded that the original cost savings estimates for the online checking proposal were significantly overstated and the review could not identify an alternative means of making those savings. The proposals surrounding the PBS and entitlement checking did not proceed.
However, in recognition of the inherently sensitive nature of the Medicare and PBS claims information, the provisions for the Medicare and PBS Guidelines remained.18 While the online checking system did not proceed, sections 135AA and 135AB were enacted in recognition of the need to protect the large quantity of sensitive information held in the two databases of PBS and Medicare claims information.
The intent of these sections was to ensure that Government did not retain complete and identified Medicare and PBS claims histories in a single database and that any linkage of that information was very restricted.
Once enabling legislation was enacted, the issuing of the Guidelines was delayed pending amendments to section 135AA.19
These amendments were made in response to a 1992 report to Parliament from the then Privacy Commissioner, Kevin O'Connor, which noted that section 135AA (as enacted in 1991) may have had the unintended consequence of requiring the permanent "de-identification" of claims information in a way which made it impossible to later establish the identity of any particular person to whom the information related.20 Commissioner O'Connor specifically argued that permanent de-identification may unreasonably:
Accordingly, the Commissioner explained that he was "…persuaded by the argument that a capacity to re-identify data can be valuable in undertaking a variety of inquiries and public health projects".
In response to the Commissioner's report, the National Health Amendment Act 1993 (No. 28) was enacted to:
"…to clarify doubts concerning the interpretation of the existing provision identified by the Privacy Commissioner in his report to Parliament dated 28 May 1992."21
One aim of the Act was also to restrict the scope of the Guidelines to information held in databases, as it was determined that the privacy concerns were primarily related to information held electronically, and to exclude information concerning providers of health services.
In the second reading speech for the National Health Amendment Bill 1993, Dr Andrew Theophanous (then Parliamentary Secretary to the Minister for Health) explained that the function of the section is to require:
"…that information obtained from claims for medical benefits must be stored in a separate database from information obtained from claims for pharmaceutical benefits, and prohibits linkage of such information except in the way specified in the guidelines."22
Mr Christopher Haviland, the former member for Macarthur, during debate on the same bill, pointed to the need:
"…to ensure that legitimate privacy principles are balanced against the public interest, particularly in relation to the possible misuse of public money".
Mr Haviland went on to argue that the purpose of the amendment was:
"…to clarify privacy provisions to ensure that legitimate privacy concerns of individuals are protected while enabling government agencies, in this case, the Health Insurance Commission, to adequately safeguard against fraud and misuse of taxpayers' money".23
It is noteworthy this bill generally received bipartisan support, with members from both the Government and opposition speaking to the importance of ensuring the privacy of this information.24
Any amendments to the Guidelines must comply with the requirements of the legislation and be consistent with Parliament's underlying intention.
Accordingly, to be consistent with this intent, the Guidelines must ensure a functional separation of the two databases, with linkages of the data permitted only in exceptional circumstances. This principle is codified in Guideline 1.1, which establishes that:
Medicare claims information and Pharmaceutical Benefits claims information must not be held on the same database. Procedures must not be established which permit claims information from either of these programs to be linked, merged or combined, other than in the exceptional circumstances listed in Guideline 1.4.
It is notable that debates and the second reading speech point to a narrow range of purposes for which it was envisaged the information would be used, primarily to do with reducing fraudulent claims and other forms of overpayment against the Medicare and PBS programs. Uses beyond this would require clear and compelling justifications.
The fact that it is the Privacy Commissioner who issues statutory guidelines underlines a Parliamentary concern to ensure the protection of the privacy of individuals who make claims under the Medicare or PBS programs.
The Privacy Act regulates the handling of personal information by most Australian government agencies including the personal information collected by Medicare Australia and DoHA.25 Personal information is defined in section 6 of the Privacy Act as meaning:
"…information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."
Regulation of agencies' personal information handling practices is primarily provided by 11 Information Privacy Principles (IPPs) in section 14 of the Privacy Act. The IPPs regulate the way Australian government agencies collect, use and disclose personal information, as well as how records containing personal information are stored and secured. The IPPs also provide individuals with rights to access and, where necessary, correct personal information held about them by agencies.26
The IPPs co-exist with the Guidelines, with the Guidelines providing additional, specific rules for the handling of Medicare and PBS data. For example, unlike the Guidelines, the IPPs do not expressly regulate the linking, comparing or combining of records or information from databases, nor do they prescribe the length of time personal information can be retained by agencies.
In addition, as discussed at page 65, the meaning of information for the purposes of the Guidelines is broader than the meaning of "personal information" under the Privacy Act. Accordingly, in certain circumstances, the Guidelines regulate acts and practices that cannot be regulated by the IPPs.
Where Parliament requires additional privacy regulation, such as statutory guidelines, to address specific privacy concerns, such regulation will almost invariably be more restrictive than the general Information Privacy Principles that apply to all personal information held by most Australian Government agencies.
As well as the obligations under the Privacy Act and the Guidelines, Medicare and PBS claims information is subject to other legislative provisions which limit how they may be handled.
The secrecy provisions of the Health Insurance Act 1973 (Health Insurance Act) and the National Health Act prescribe the handling of personal information collected in the course of the activities of both Medicare Australia and DOHA.
Under these provisions, section 130 of the Health Insurance Act and section 135A of the National Health Act, staff of the two agencies are generally prohibited from disclosing personal information to a third party, except under prescribed circumstances and with the permission of a delegated person who has the authority to release the information. Such circumstances include where the release of personal information is deemed as being necessary in the public interest.
The Guidelines act to limit the scope of the disclosures that are permitted under the secrecy provisions. Section 130 of the Health Insurance Act and section 135A of the National Health Act permit specific disclosures of information subject to certain exceptions. The Guidelines can limit the permissible disclosures under the secrecy provisions, however the Guidelines do not act as a source of power to permit disclosures that would not be permitted under the secrecy provisions.
This Review has also considered the evolution of regulatory standards around health information privacy and disclosures. In particular, the National Privacy Principles (NPPs) in the Privacy Act and to a lesser extent, the provisions of the proposed National Health Privacy Code (NHPC).27 These developments address the special issues that arise when personal health information is collected and used in various ways. While it may be desirable in some respects, to better align the protections afforded to claims data with other law, such as the NPPs, or potential law, such as the proposed NHPC; it is important to note that the intent of the Guidelines is to provide specific protections to information held in a particular context. Principle-based regulation, such as under the proposed NHPC may not achieve this. It is also important to note that the proposed NHPC has not been implemented by jurisdictions.
The issue of alignment is considered in greater detail on page 34.
It is an express requirement of section 135AA of the National Health Act that the Guidelines be made to ensure the separation of the Medicare and PBS claims databases.
Sections 135AA(5)(d) states:
(5) So far as practicable, the Guidelines must
…
(d) prohibit agencies from storing in the same database:
- information that was obtained under the Medicare Benefits Program; and
- information that was obtained under the Pharmaceutical Benefits Program;
…
Guideline 1.1 gives effect to this legislative direction by providing that:
Medicare claims information and Pharmaceutical Benefits claims information must not be held on the same database. Procedures must not be established which permit claims information from either of these programs to be linked, merged or combined, other than in the exceptional circumstances listed in Guideline 1.4.
Guideline 1.1 only applies to Medicare Australia. The Review has considered whether a guideline should be made giving general effect to section 135AA(5)(d) to all agencies, and this is discussed later in this report at page .
In its submissions, the Department of Health and Ageing (DoHA) recognises that the Review is not intended to examine the enabling legislation. It submits that consideration, nonetheless, could be given to whether the expression "so far as practicable" in section 135AA(5) allows scope for the Guidelines to widen the present circumstances under which Medicare and PBS claims information can be held on the one database. For example, DoHA has offered the view that the linking of claims information could be adequately and practicably dealt with by simply incorporating the requirements of the Privacy Act into the Guidelines.
The Office is of the view that the term "so far as practicable" refers to the feasibility of using the Guidelines to achieve the objectives set out by the legislation, rather than what "is practicable" for any party affected by the Guidelines. For example, it may not be practicable to draft Guidelines that prescriptively regulate the minutiae of various processes that occur when claims information is linked.
In regard to Guideline 1.1, however, it is practicable for the Guideline to give effect to the clear and express requirement of section 135AA(5)(d). Further, as the provision is drafted without allowance for any exceptions, there would appear to be no discretion to alter the requirement that claims information be kept on separate databases.
Medicare Australia has sought to distinguish between forms of databases by submitting that the Privacy Commissioner clarify that the Guidelines "do not apply to subsidiary databases that are used to protect privacy and security". The clarification, suggests Medicare Australia, "…would have the effect of limiting the operation of the section to the claims database (that contains the patient history) but still allow essential administrative functions (some of which are aimed at ensuring information security anyway) to be performed using transactional information in log files and payment files that record e-business transactions."
Section 135AA(11) of the National Health Act defines database as "a discrete body of information stored by means of a computer". It does not seem possible to draw a distinction between 'primary' and 'subsidiary' databases.
As the separation of the databases is a legislative requirement, this Guideline cannot be amended to change its effect.
Submissions on datalinking are discussed in subsequent chapters.
It is a requirement of section 135AA that the Privacy Commissioner make Guidelines that prohibit the linkage of Medicare and PBS claims information.
Section 135AA(5)(e) says:
(5) So far as practicable, the guidelines must:
…
(e) prohibit linkage of:
- information that is held in a database maintained for the purposes of the Medicare Benefits Program; and
- information that is held in a database maintained for the purposes of the Pharmaceutical Benefits Program;
unless the linkage is authorised in the way specified in the guidelines.
Section 135AA(5)(e) should be read in context with section 135AA(5)(d) which prohibits agencies from storing Medicare and PBS claims information in the same database.
The distinction between 'linking' information and 'storing' information in a single database is significant. The Office interprets the concept of linkage, for the purposes of section 135AA, as being the creation of a relationship between information on an episodic and impermanent basis. In contrast, to combine information for a long or permanent period of time can be seen as storage of information in a single source, something that section 135AA requires to be proscribed.
Guideline 1.4 specifies the ways in which the Medicare and PBS claims information can be linked by Medicare Australia:
1.4 The HIC may link, compare or combine records or information from either database relating, or expected to relate, to the same patient in the following circumstances:
for internal use where that use is:
authorised or required by law, and is reasonably necessary, in a specific case or in a specific set of circumstances, for the discharge of HIC's statutory responsibilities in relation to the enforcement of the criminal law or of a law imposing a pecuniary penalty or for the protection of the public revenue; or
for the purpose of external disclosure:
in a specific case or specific set of circumstances where that disclosure is required by law; or
in the specific circumstance of Coordinated Care Trials conducted by the Department between October 2000 and April 2004, where the individual who is the subject of the information has given his/her express and informed consent in writing; or
for the purpose of determining an individual's eligibility for a benefit under one program, where eligibility for that benefit is dependent upon services provided under the other program; or
where the HIC believes on reasonable grounds that the linkage is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person.
A number of submissions cited examples of linkage activities that could benefit either individuals or the community in general. Such submissions point to the potential value of linked claims information, while also recognising the need for the protection of the privacy of personal information (including, the Australian Institute of Health and Welfare (AIHW) (28) and National Prescribing Service Ltd (NPS) (21)).
NPS (21) submits that the linking of claims information, and other datasets, could facilitate the creation of a large pharmaco-epidemiological database and that "[t]his type of surveillance has important public health and safety consequences for the community".
The South Australian Department of Health (3) argues for the importance of using de-identified health information for research and evaluation, though also submits that the community may have concerns about such uses. It says that community awareness and education campaigns may have value in addressing such concerns. This is a view shared by others, including the Australasian Epidemiology Association (AEA) (8).
GlaxoSmithKline (4) agrees that the linkage of de-identified information would be of considerable use to researchers and industry, which, it argues, have the same interest in improving health outcomes as Government health departments.
The Council for Pharmacy Registering Authorities (COPRA) (10) argues that the linkage of information from the Medicare and PBS claims databases "…potentially provides a uniquely powerful database for statistical research linking the incidence of medical treatment with changes in medicine and supply". It further argues that this research would benefit public health and Government expenditure on pharmaceuticals and the health system.
It is not always clear from submissions whether it is the Guidelines, or some other factor or combination of factors, which is responsible for inhibiting various proposed linkages. It is not always clear whether Guideline 1.4 alone is an obstacle to realising possible benefits to the community.
Consumer groups such as the Australian Federation of AIDS Organisations (AFAO) (12) and the HIV/AIDS Peer Advisory Network (HAPAN) (33) have submitted that it is necessary to strengthen the protections afforded to sensitive health information, including by limiting the uses to which it may be put.
Submissions which saw no need for change included those from the Australian Attorney-General's Department (AGD) (16), which submits:
"If the number of circumstances in which linkages are authorised by the Guidelines increased, it may render paragraph 135AA(5)(d) ineffective. The purpose of paragraph 135AA(5), to minimise the chances of data being cross-matched, would be nullified if the Guidelines allowed linkages to be made in an expanded number of situations."
The Australian Medical Association (AMA) (11) questions whether claims information is fit for many of the proposed purposes. For example, it submits that claims information would not provide adequate or reliable information for the purposes of assessing the effectiveness of a particular drug, or for monitoring treatment or equipment. This view is supported by the Caroline Chisholm Centre for Health Ethics (CCCHE) (2) and the Australian Nursing Federation (ANF) (12).
The AMA (11) also submits that the information is not required for adverse drug monitoring, which is currently the responsibility of the Adverse Drug Reactions Monitoring Advisory Committee, an argument also offered by the CCCHE (2), which submits that Medicare and PBS claims information "…would lack detail to make causal claims".
The ANF (12) expresses similar doubts regarding a range of secondary uses:
"It is difficult to see how the Medicare data would contribute meaningfully (even with linkage to the PBS data) to the secondary uses suggested in the discussion paper. In addition to the concerns above, the Medicare data is not qualitative, contains no diagnostic information, and has limited clinical value. In some instances eg adverse drug reactions and drug effectiveness, other, more accurate means are available to collect the data in a more timely manner."
Both the AMA (11) and the APF (29) submit that many of the proposed uses or linkages are currently achievable under the Guidelines, including the disclosure of identified claims information under Guideline 4A for medical research, and the disclosure of de-identified information under Guideline 5. The ANF concurs with this view, arguing:
"It is also apparent that the Guidelines in their current form do allow for the use of linked data for specific purposes."
A number of submissions responded to the Issues Paper in discussing whether an individual should be able to consent to the linking of their own claims information. Under the current Guidelines, an individual cannot consent to their Medicare and PBS information being linked and provided to them in a single report. Rather, when an individual requests information from the databases, it is provided in two separate reports.
Medicare Australia (7), DoHA (35), Australian Divisions of General Practice (ADGP) (26), and the AMA (11) submitted that the individual may benefit from having access to their claims information by means of a single report or printout from the PBS and Medicare databases. The South Australian Department of Health (3) provided qualified support to the individual being able to consent to the linking of their own claims information for the purpose of their own access.
The AFAO (12) says that it would be desirable if the Guidelines could be altered to enable consumers to consent to the linking of their own information so that they could receive a single summary. AFAO says this should occur with the fully informed consent of the consumer and the summary information should not be stored or distributed to third parties except as agreed to by the consumer.
In contrast to these views, the Australian Privacy Foundation (APF) (29) considers that the suggestion that an individual cannot consent to their Medicare and PBS information being linked and provided to them in a single report and that this hinders their ability to easily and conveniently access their full claims information "a complete furphy". There is no reason, says the APF, why Medicare Australia cannot design its processes for responding to access requests to give the "results" of the two enquires in one combined response.
This is considered further at Option 2.
An individual may benefit in terms of their treatment, if their health service provider has access to their linked data. For example, Pharmaceutical Health and Rational Use of Medicines (PHARM) (6) has strongly advocated the value of linked datasets for the individual's treatment, arguing that in a clinical context, separating "…medical and prescription databases is like separating treatment notes from diagnostic information within a hospital record". According to PHARM (6), this would enable the health service provider to gain an accurate picture of the individual's treatment and prescription history. It could also ensure that quality health outcomes were not denied to people with disabilities.
This is considered further at Option 3.
Giving consent to the way personal health information is handled is one way in which individuals maintain a degree of control over their privacy. The key elements to consent are that it must be voluntary, the individual giving consent must be adequately informed and they must have the capacity to understand, provide and communicate their consent.28
In 2000, the Office considered the implications of the Guidelines incorporating a consent mechanism when reviewing Guideline 1.4 for the purpose of the Coordinated Care Trials. A broad consent mechanism may create a heightened risk that individuals may not be fully informed as to what it is they are consenting to. Alternatively, such a model may introduce a risk of "bundled consent", that is the bundling together of consent to a wide range of uses and disclosures of personal information without giving the individual an opportunity to choose which uses and disclosures they agree to and which they do not. Accordingly, the Office declined such a consent mechanism.
Guideline 1.4(b) was amended in 2000 to insert a second exception for Coordinated Care Trials. This exception permitted Medicare Australia to disclose linked information from the Medicare and PBS databases with the individual's "express and informed consent". The exception was limited to "the specific circumstance of Coordinated Care Trials conducted by the Department between October 2000 and April 2004".
The disclosures of linked information were necessary to obtain an individual's complete health picture for the purposes of testing a new system of managing health care for people with multiple or complex care needs.
The AMA (11) submitted that as the Trials were to be completed by the end of 2005, this Guideline should be deleted.
The views of the Consultation Group were sought to obtain further information about the Trials and any further need for the second exception to Guideline 1.4(b). Both Medicare Australia and DoHA advised that the Trials were to conclude in 2005, but that for evaluation purposes and for contractual reasons the linked participant information would be retained for a further two years.
This matter is discussed further at Option 4.
Medicare Australia submits that, in the interests of ensuring privacy protection, 'clear principles' should be used which require either the provision of consent or the use of 'unidentifiable data wherever possible'.
Medicare Australia (7) recommends that:
"Linkage, comparison or combination of Medicare and PBS claims data should be allowed in accordance with principles similar to those incorporated in proposed National Health Privacy Principle 2 (NHPP2) of the proposed National Health Privacy Code and the National Privacy Principles included in the Privacy Act. These allow for the secondary use of information:
- with the individual's consent;
- if the output from the linkage is reliably de-identified; or
- in other cases only when the use of identifiable information is necessary, restricted to a minimum, and justified in public safety terms, or when specifically sanctioned by other law; and
- with the approval of an appropriate governance process."
This proposal is considered as Option 5.
In regard to the linking of claims information, DoHA (35) supports linkage by Medicare Australia for the purpose of facilitating an individual's access to claims information. Further, DoHA submits that Medicare Australia should be permitted to use and disclose identified Medicare and PBS claims information for secondary purposes "in accordance with arrangements agreed with DoHA" and only undertaken with:
In the course of its discussion on the secondary uses of the Medicare and PBS claims data, DoHA refers to the information sets held by Australian, State and Territory governments and to the potential richness of the information that would emerge if these sets are linked. DoHA envisages the creation of a "…longitudinal whole of treatment view …of the health services received by each individual, available for productive analysis by researchers."
This proposal is considered as Option 6.
The submission from the Australian Bureau of Statistics (ABS) (32) limits itself to "…issues covered by the ABS role, namely the use of the data for statistical purposes."
The ABS describes two examples of how Medicare and/or PBS claims information can be linked with ABS survey unit record data. It goes on to argue:
"The opportunity for richer datasets and statistical output of increased analytical value without imposing additional reporting workload on the community is the key driver for such change."
The ABS submits that the Guidelines prevent it from obtaining identified claims information in either unit or linked form. The ABS notes that Guideline 1.4(b) does not include a provision that would permit Medicare Australia to provide it with linked claims information. Further, Guideline 4A limits the release of identified information to medical research, whereas the ABS may seek to the use the claims information for social and other forms of research.
As an alternative to legislation, the ABS recommends the extension of Guidelines 1.4(b) and 4A to include statistical research, subject to the general constraints that underpin the Guidelines. These would include a reference group to determine the public interest in disclosures for statistical research, legislative secrecy constraints and an emphasis upon transparency.
This is considered further at Option 7.
The intent of Parliament in enacting section 135AA was that claims information should not be linked by agencies other than in exceptional circumstances. There is a lack of consensus in the submissions regarding whether the Guideline should permit greater information linkage for uses other than the reason the information is collected and stored. While there may be useful purposes for which claims information could be linked, it is not clear that permitting these linkages would be consistent with the intent of the section to maintain the functional separation of the Medicare and PBS data.
The Office also notes that at least some of the suggested linkages could be performed under the current Guidelines. However, the Office sees merit in some amendments being made as discussed in the options below.
The Office recognises possible merit in the Guidelines allowing an individual to obtain a copy of their linked Medicare and PBS claims information from Medicare Australia, even though individuals currently have a right of access to this information in unlinked form. While submissions do not provide strong evidence of the benefits of this, it may be convenient for the consumer to receive a single consolidated record.
Overall, this option has received support during the review. The only concern has been whether the option could be abused. The AMA points to a risk of insurance companies requiring individuals to supply copies of their linked claims information as a condition of providing the individuals with insurance cover.29 However, the risk would be marginal, as insurance companies (or any party) could equally require the individual to supply copies of Medicare and PBS records in unlinked form.
While the benefits to the individual are marginal (that is, individuals can already access their information separately), the risks of such a provision do not appear to be significant. The Office sees merit in this Option.
The Office recognises that there may be merit in the individual being able to give express consent to the linking of their claims information for purposes which are directly related to the provision of specific health services. However, it is not clear whether, on balance, such a provision is warranted or necessary given the risks that such an option may entail and given a health service provider may already access health information and perform such linkage themselves if it is required.
The Office was informed by a number of submissions that pointed to the risks of a broad-based consent mechanism. In general, allowing an individual to consent to linkage for a wide range of purposes could promote routine linkages in a way which departs from the legislative intention to limit linkages to exceptional circumstances. Further, there are potential risks surrounding limited consent options, in that it is possible that an individual may be subject to "bundled consent" or other pressures which could be inconsistent with giving voluntary consent.
As individuals already have access to claims information, on balance, the benefits of being able to consent to linkage for provision of a health service, do not appear to outweigh the risks that a broad consent mechanism could be misused in the ways suggested above and would depart from the legislative intention to limit linkages.
DoHA has advised the Office that this Guideline has not been drawn upon, as any linkage has been done by private sector providers, rather than by an agency. In the Office's view, a guideline should only be made where it serves a clear regulatory function either by imposing additional regulation or by clarifying or consolidating obligations established elsewhere.
As the Guideline has not been necessary, its retention is not required. Therefore, the second exception to Guideline 1.4(b) will be deleted.
It has been submitted that the linkage of Medicare and PBS claims information by Medicare Australia should be allowed in accordance with principles similar to those incorporated in National Health Privacy Principle 2 (NHPP 2) of the proposed National Health Privacy Code (NHPC) and the National Privacy Principles included in the Privacy Act. It is noticeable that both the NPPs and proposed NHPPs provide for a wider range of uses and disclosures than the current guidelines.
In considering this view, it should also be noted that the proposed NHPC has not been implemented.30 In this regard, it would be inappropriate for the Office to give legal effect to the proposed NHPC before it has been implemented in either the Commonwealth or any state or territory jurisdiction.
More significantly, the Office notes that the purposes for which health information may be used or disclosed under the proposed NHPP 2 include:
The relevant equivalent principle in the Privacy Act is National Privacy Principle (NPP) 2, which is similar, though not identical, to proposed NHPP 2.
An alignment between the Guidelines and either the NHPPs or NPPs would increase the permitted uses and disclosures of linked claims information beyond what is currently permitted. For example, provision d) above would seem to impose a lower test than that in Guideline 1.4(b) (where a disclosure must be required by law), or Guideline 1.4(a) where a use may be authorised by law, though not impliedly.
Section 135AA(1)(e) prohibits linkage of the claims information unless it is authorised in the way specified in the Guidelines. Medicare Australia is proposing that the Privacy Commissioner's discretion be exercised so as to authorise a much broader range of permitted linkages than currently exists.
The range of linkages envisaged by this option does not sit comfortably with the intent of section 135AA, including that the information in question should be afforded protections in addition to those offered in the Privacy Act.
Further, the scope of the discretion available under section 135AA(5)(e) to permit information to be linked, should be read in conjunction with the express (though not absolute) prohibition against linkages contained in that paragraph and with the clear legislative intent to keep separate the databases, as required by section 135AA(5)(d). As to the appropriate standard of protection to be observed when authorising information linkages under the Guidelines, there is no reason to depart from the reasoning provided by a previous Privacy Commissioner in a report made to Parliament on the implementation of section 135AA.31
"[The Guidelines] will almost invariably be more restrictive than the general Information Privacy Principles that apply to all personal information held by Federal agencies".
It is reasonable to infer then, that linkages of claims information for purposes not directly related to the purpose of collection ('secondary purposes') should be authorised under the Guidelines only in special or exceptional circumstances.
Further, it should be noted that section 29 of the Privacy Act requires the Privacy Commissioner, in the performance of his or her functions, and the exercise of his or her powers, to amongst other things:
(d) ensure that his or her directions and guidelines are consistent with whichever of the following (if any) are relevant:
- the Information Privacy Principles;
- the National Privacy Principles;
- the Code of Conduct and Part IIIA.
As the handling of personal information by agencies is regulated by the Information Privacy Principles, it is arguable that making Guidelines that regulate agencies in a manner less restrictive than the IPPs (for example, by importing the provisions of the NPPs or proposed NHPC) would result in an inconsistency with section 29. As such, the Office is not inclined to pursue this Option.
DoHA has submitted that Medicare Australia should be permitted to use and disclose linked identified Medicare and PBS claims information for secondary purposes "in accordance with arrangements agreed with DoHA" and only undertaken with:
This option could provide a framework for broader secondary uses of linked claims information which would be in the public interest, while also respecting the individual's interest and providing a form of supervision of the release of the data. It could also allow greater regulatory flexibility.
However, this option involves consideration of the legislative restrictions that exist regarding incorporating other matters (in this case, the proposed "arrangements agreed with DoHA") into legislative instruments, such as the Guidelines, that are imposed by section 14 of the Legislative Instruments Act 2003 (Cth). Section 14 would appear to preclude the Guidelines from incorporating or adopting arrangements entered into from time to time between DoHA and Medicare Australia.
In considering this option, the Office believes that it would not be lawful to make statutory Guidelines which purport to allow the exercise of authority on the grounds of an independent review process, unless that process itself has some basis in law. Similarly, it does not seem that the Guidelines which the Privacy Commissioner must make may incorporate "agreements with DoHA" that may exist from time to time and in an unspecified form.
Such an arrangement seems unlikely to promote regulatory stability, predictability and transparency, in that the process of forming such agreements would not be subject to the same scrutiny (most significantly, by Parliament) as the Guidelines. Further, such an approach would be inconsistent with section 14(2) of the Legislative Instruments Act 2003 (Cth), which prescribes when one instrument may refer to, and incorporate, another.32
The Office's understanding is that section 95A of the Privacy Act, which applies to private sector organisations, does not apply to an Australian Government agency, to which section 95 ordinarily applies.
More generally though, this Option would seem to envisage a range of uses and disclosures inconsistent with the Parliamentary intent underlying section 135AA, and therefore the Office does not support this option.
The question of applying the section 95A guidelines to agencies is discussed further at page .
See Chapter 6, Option 3 for further discussion on amending Guideline 4A.1.
The Office notes that the introductory words of Guideline 1.4 are:
"The HIC may link, compare or combine records of information…".
Only the word "link" (or "linkage") is used in section 135AA. In the interests of clarity, there is merit in using terminology that is consistent with the enabling legislation and, accordingly, "compare or combine" will be deleted from Guideline 1.4.
DoHA (35) questions whether the usage of the word "may" in various places in the Guidelines, including in the introductory words of Guideline 1.4 is "permissive or restrictive".
Consistent with the legislative intention of section 135AA, a narrow interpretation of section 135AA(5) should generally be adopted. Accordingly, the Office takes the view that a clarifying amendment to Guideline 1.4 could usefully be made by the appropriate insertion of the word "only".
The introductory words of Guideline 1.4 would read as follows (with the adoption of Option 8 above):
"1.4 Medicare Australia may only link records or information from…".
Guideline 3.1 requires Medicare Australia to destroy Medicare and PBS claims information:
Guidelines 3.1(c) and (d) provide limited exceptions to this destruction requirement, including where there is an unresolved investigation, prosecution, compensation matter or action for recovery of debt, or where the information affects an individual's entitlement to a related service which could be rendered after the expiry of the time limit in either 3.1(a) or (b).
Guideline 3.1(a) gives effect to sections 135AA(5)(a) (specifying the ways information may be stored) and 135AA(5)(e) (specifying the ways in which datalinking must occur to be authorised). This Guideline is intended to ensure that the policy intent of maintaining separate databases is not undermined through the creation and indefinite retention of linked information sets, the effect of which, overtime, would be the de facto merging of the databases.
Guideline 3.1(b) gives effect to section 135AA(5)(a) and section 135AA(5)(f)(ii). Section 135AA(5)(f) states in its entirety that 'so far as practicable', the Guidelines must:
(f) specify the requirements with which agencies must comply in relation to old information, in particular requirements that:
- require the information to be stored in such a way that the personal identification components of the information are not linked with the rest of the information; and
- provide for the longer term storage and retrieval of the information; and
- specify the circumstances in which, and the conditions subject to which, the personal identification components of the information may later be re-linked with the rest of the information.
Section 135AA(11) defines 'old information' as:
Information to which this section applies that has been held by one or more agencies for at least the preceding 5 years.
The effect of Guideline 3.1(b) is to prevent Medicare Australia from retaining claims information in an identified form for longer than five years (that is, once the information becomes "old information"). Medicare Australia is able to retrieve this old information from DoHA for purposes specified in Guideline 4.1, including where requested by the individual.
In 1995, Medicare Australia informed the Office that a retention period of three months applied to linked datasets. During the 1994/95 review of the Guidelines, the matter was raised by the Consumers' Health Forum (CHF) which noted that Guideline 1.4 "…does not clarify the nature of holding/storage/life of linked or combined records". The Australian Medical Association (AMA) also raised this issue and proposed that the 3 month period be codified. Medicare Australia advised the Office that the AMA's proposed amendment would not unreasonably impact on the efficient operation of its services. Subsequently, a Guideline codifying this three month period was made in 1996.
A number of submissions discussed Guideline 3.1(a) and whether the three month period should be amended. Almost all these submissions cast their discussion in regard to the needs of medical research, noting that three months may be inadequate for research implementation or thorough analysis. In this regard, it is essential to clarify the application of the Guideline.
Guideline 3.1(a) applies to linked claims information held by Medicare Australia. It does not apply to linked claims information held by other parties. The only linkages that Medicare Australia may establish are prescribed in Guideline 1.4. There is no provision for Medicare Australia to link claims information for the purpose of medical research.
Any disclosure by Medicare Australia of identified Medicare or PBS information for medical research would be made according to Guideline 4A. This Guideline permits for the disclosure of claims information, though not for its linkage. The linkage may then be done by the data recipient.
Accordingly, it is important to clarify that the three month retention period only applies to Medicare Australia's authorised linkages under Guideline 1.4, these being:
Both Medicare Australia (7) and DoHA (35) submit that Medicare Australia should be able to retain linked information sets for as long as necessary to fulfil administrative functions.
However, the Office notes that Guideline 3.1(c) provides that where a linked information set relates to an "investigation, prosecution, unresolved compensation matter or action for recovery of debt pending", then this linked claims information may be retained until that matter is concluded.
Medicare Australia submits that:
"The requirement to destroy data sets made up of linked Medicare and PBS data after three months will also need review if greater use were made of linked data in the public interest. It is proper to ensure that such data sets and, indeed, any subsets of data prepared for secondary uses by HIC, were destroyed once their purpose has been met."
It is arguable that extending the retention periods for linked datasets runs against the intention that the two claims databases be kept separate. The retention of linked datasets for long periods of time could be viewed as a de facto method of combining the databases. Given the clear prohibition in the National Health Act against combining the databases (section 135AA(5)(d)), any practice which is inconsistent with this would require clear and compelling support.
In absence of there being a clear and compelling argument to extend the period, it could be a sound regulatory response to maintain the 3 month period. The Office notes that the Guidelines already provide for linked information to be retained for longer periods if it is necessary to resolve an incomplete matter. However, as there is evidence to support a change in the retention period (see discussion below), the Office believes some amendment is necessary
One submission advocates a reduction in retention periods. Caroline Chisholm Centre for Health Ethics (CCCHE) (2) argued that:
"The arbitrary nature of this period of time is questionable. It should certainly not be extended. It should be substantially reduced and preferably, not maintained beyond allowing initial linking and extracting of information."
In supporting its view, CCCHE pointed to the NHMRC Human Research Ethics Handbook: Commentary on the National Statement on Ethical Conduct in Research Involving Humans, which states that:
"In research based on linkages between records, an HREC may permit personal information to be used to enable the record linkage without consent it if is satisfied that:
the identity of participants is not disclosed except for the purposes of record linkage and is not retained once record linkage has been completed; [italics added]"
The Office notes that if the period were reduced, Medicare Australia would still be permitted under Guideline 3.1(c) to retain prescribed linked datasets until incomplete matters have been resolved. Accordingly, a reduced retention period promotes the principle that the databases not be combined, while still allowing certain necessary administrative functions to be undertaken.
However, it is questionable whether there is sufficient evidence available to support reducing the default retention period. While CCCHE's argument is not without merit, it should be kept in mind that the datalinkages currently performed by Medicare Australia are not for research purposes, hence the provision may not be directly analogous. The Office does not favour this Option, particularly insomuch as it may impose a greater administrative burden, without significantly improving the privacy of individuals.
This option would allow Medicare Australia to retain linked datasets for as long as it is necessary to meet the purpose for which it is linked. Such linkages would be limited to those prescribed in Guideline 1.4. This may benefit Medicare Australia significantly by providing flexibility as to the creation and handling of linked datasets for the purpose of its statutory functions.
This option would likely result in different datasets having different retention periods, potentially resulting in a more complex regulatory environment, where it may be difficult to assess compliance. However, provided that the permitted purposes for which claims information is linked are kept clearly prescribed, then it should be possible where necessary to determine whether a specific purpose has been met.
This option raises the prospect of function creep, whereby information is linked and then used for a range of purposes increasingly more distantly related to why it was collected. However, this risk is mitigated by the permitted linkages being clearly and narrowly prescribed. Such an approach should ensure that all linked datasets have a clearly defined purpose and that it can be objectively determined when that purpose has been fulfilled.
So long as the permitted purposes for which information may be linked are kept relatively narrow, a "for purpose" approach is not inconsistent with the current Guidelines, which allow, in particular, for linked information sets to be retained until an outstanding "investigation, prosecution, unresolved compensation matter or action for recovery of debt" is resolved.
It should also be noted that under such an approach the purpose for some linkages may be shorter than the current three month period. For example, linkages for disclosure should be deleted as soon as the disclosure has been effected.
The Office recognises that, notwithstanding the assurances offered by retaining a narrow range of permitted linkages, some stakeholders may have concerns that Medicare Australia will be able to retain linked data for longer periods than is currently the case, and without appropriate justification. Left unaddressed, concerns of this type may undermine community trust and confidence in how Medicare Australia handles claims information.
To meet such concerns, a "retention for purpose" regime for linked claims information should be accompanied by a reporting obligation that provides appropriate transparency in regard to Medicare Australia's datalinking activities. Such reporting could include the number of records linked under each authority established by Guideline 1.4 and the average period for which each class of linkage is retained.
The Office sees merit in this Option as an effective way to balance the necessary functions of the agency and the protection of individuals' privacy.
The Office notes that most submissions calling for an extension to the fixed period were for the purpose of retention for research. However, the Guideline does not allow for Medicare Australia to link for the purposes of research, nor does the Guideline apply to researchers retaining information. As such, the office does not see merit in extending the retention period for these reasons. Any such extension would have been somewhat arbitrary and may not satisfy the matters raised in submissions.
On balance, Option 3 is seen as the preferred regulatory intervention, offering flexibility to the regulated agency, while maintaining appropriate privacy safeguards.
When first introduced in 1991, section 135AA included a provision (then subsection 6(c)) that all claims information be permanently and irreversibly 'de-identified' after five years. The intention underlying section 135AA(6)(c) was to ensure that Medicare Australia did not become a central repository of health information on almost all Australians.
In the initial 1992 draft Guidelines, section 135AA(6)(c) was given effect by Guideline 3.1, which required that Medicare Australia destroy claims information within five years of receipt. An explanatory note prepared at the time explained that the draft Guideline sought "… to ensure that the long-term retention of information in identified form is avoided" and goes on to confirm that "This Guideline addresses the requirement under section 135AA(6)(c)…".
This explanatory note remains in the current Guidelines, though the section cited has been amended to135AA(5)(f), which imposes obligations that differ from the original and repealed section 135AA(6)(c).
In regard to section 135AA(6)(c), former Commissioner Kevin O'Connor reported to Parliament in 1992 that permanent de-identification may unreasonably:
In response to this 1992 report, Parliament enacted the National Health Amendment Act 1993 to address this and other perceived problems with the operation of section 135AA. This amendment Act repealed section 135AA(6)(c) and enacted the current section 135AA(5)(f).
The effect of the existing section 135AA(5)(f) is twofold:
Thus, it can be seen that the existing five year period reflects the original Parliamentary intent of ensuring that identified claims information should not general be available to agencies after five years. The current Guidelines, in Guideline 3.1(b), provide a method of giving effect to this intent.
The Australian Privacy Foundation (APF) (29) submits that there is a lack of argument to support any change to the Guidelines. The argument submitted by DoHA and Medicare Australia that an extended retention period would expedite the processing of requests for records is described by the APF as a "mere furphy".33 The APF states that Medicare Australia and DoHA should be able to "…devise procedures for responding to such requests that do not involve unacceptable delays."34