Talking points for Privacy Commissioner at National Health Online Summit Adelaide, 3 August 2000

Session 3 - Enhancing Privacy & Confidentiality in the World of E-Health

This Session & the Session led by Geraldine Doogue tomorrow are the 2 most important sessions of this Summit.

• If the people of Australia don't trust you with their health information and have good reason to do so, the rest of this Summit is academic

Need to get privacy right for e-health to take off.

• Survey in the US by the California HealthCare Foundation survey:
  • Over 50% of respondents said the shift from paper to electronic record keeping systems makes it more difficult to keep personal medical information private and confidential.
  • 15% of adults said they had done something out of the ordinary to keep their medical information private. This includes:
    • Paying out of pocket when insured to avoid disclosure;
    • Not seeking care to avoid disclosure to an employer
    • Giving inaccurate or incomplete health information on medical history.
• Privacy is daily becoming a more sensitive issue
  • See newspaper clippings

Starting point for discussion on privacy in the electronic world should be that the community has as much right to privacy in the e-world as elsewhere.

• There is potential for the move to e-health systems to do more than this, and actually improve the privacy of personal health information (eg by codifying rules for information use and access and by individuals being more involved and better informed about how information can be used and who can access it.)
• Very pleased to see the Canadians taking the same approach, as presented earlier in this Summit - improvement

A Health Information Network for Australia makes very welcome statements about privacy.

• But Translating those high level statements into practice will be a big job
• Realising the potential of an e-health system that improves patient privacy will not come easily or automatically

Getting privacy right for e-health means careful listening to the consumer and ensuring consumer representation in the development and implementation of proposals.

• Getting privacy right also means people having a right to access their health information. The Privacy Amendment Bill will provide such a right.

The most significant development from privacy perspective is the introduction of the federal Private Sector Privacy Bill, with its special provisions for the protection of health information:

• Provides baseline regulation of all health information wherever held - health clubs, alternative medicine, insurance companies or anywhere else
  • Note - this protection based on what it is, not on who holds it
• Also provides for codes to be developed
• Update on House of Representatives committee report
  • Recommended health remains part of the Bill
    • However report says legislation should be explicitly recognised as interim and Government should establish process to resolve a consensus view for the health sector in the review of the legislation after 2 years.
  • Recommended amendments to individual rights of access to reduce range of reasons for which access to health information can be denied.
• The principles in the Privacy Bill provide a baseline protection for personal information and personal health information.

Within this framework, enforceable codes can provide cover more specific circumstances Last week, A Health Information Network for Australia indicated that this approach would be taken to the privacy protection of health information in the proposed electronic health record system

• Efforts are already under way to develop a health code
• Foreshadows that the code will have stricter privacy protection provisions
• Health providers etc will only be able to join HealthConnect if they have subscribed to the code
• More powerful tools, such as EHR must have corresponding health protection, but within a unified privacy framework
• Have always supported this approach
  • See May 1999 Issues paper issued soon after I was appointed

Unclear how the Victorian Draft Health Records Bill would fit in this framework

• Press reports indicate it is intended to regulate use of health information by health providers as well as health insurance companies, schools, gyms etc.
• Not clear yet how this legislation will interact with the federal Bill.
• Released this week; yet to look at it myself

The future

• Will the HealthConnect code form the basis of a single health code covering the health system - federal, state & private sectors?
• But such a code unlikely to cover all health information held in the private sector in the near future, including because so much of it is held outside the health system
  • Life insurers may in fact have some of the largest holdings in the country
  • Will all health providers join HealthConnect?
• Hence Guidelines will be needed to elaborate on how the principles in the Bill apply, to be developed along side of any code development.
  • OFPC will be developing guidelines on how the national principles apply to personal health information.
  • This will be done in close consultation with stakeholders.
• Guidelines & any code will require a lot work, seeing from others' perspective & even more goodwill.
• OFPC will be fostering the development of a network of partners interested in developing privacy solutions. Anyone interested in joining up should e-mail/contact the office (privacy@privacy.gov.au)

But to conclude - there must be genuine consumer involvement in the translation of these high level statements into the way health information is used online

• Without it, you will not give the people of Australia good reason to trust you with this information

Back to Top