Protecting Information Rights – Advancing Information Policy

Phone iconCONTACT US: 1300 363 992
 
We're now a part of the Office of the Information Commissioner. Go to www.oaic.gov.au to find out more.

Site Changes

Types

Topic(s): Health | Law reform | Sensitive information
 

Submission to the Senate Standing Committee on Community Affairs; Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010 (March 2010)

document icon pdf (473.18 KB)


Key Recommendations

The Office of the Privacy Commissioner considers that the Healthcare Identifiers Bill 2010 and the Healthcare Identifiers (Consequential Amendments) Bill 2010 set out an appropriate privacy framework to support the establishment of the Healthcare Identifier Service and the use of unique healthcare identifiers by:

  • i. clearly setting out the purposes for which healthcare identifiers can be collected, used and disclosed, and limiting those purposes to activities related to managing or communicating health information in a healthcare context;
  • ii. imposing obligations on healthcare providers, the HI Service Operator and other entities to keep healthcare identifiers and the information associated with them secure and the other measures to provide secure messaging services
  • iii. providing choice and control for individuals
  • iv. providing our Office with proactive oversight powers and providing for a review of the operation of the legislation within a short period

In addition the Office suggests a public education campaign would assist to build trust and confidence in the scheme to ensure the effectiveness of the scheme for individuals and the community.

Office of the Privacy Commissioner

1. The Office of the Privacy Commissioner (the Office) is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth) (the Privacy Act), has responsibilities for the protection of individuals' personal information that is handled by Australian and ACT Government agencies, and personal information held by all large private sector organisations, all health service providers and some small businesses.

Preliminary

2. The Office welcomes the opportunity to provide a submission to the Senate Standing Committee on Community Affairs in relation to its inquiry into the Healthcare Identifiers Bill 2010 (the HI Bill) and Healthcare Identifiers (Consequential Amendments) Bill 2010 (the Consequential Bill).[1]

3. The Office understands that the purpose of the HI Bill is to ensure that there is a way of uniquely identifying and matching individuals receiving healthcare to the information created about them when healthcare is provided.[2] The HI Bill will achieve this purpose by establishing a Healthcare Identifier (HI) Service to assign a unique identifier to healthcare providers and organisations and all individuals who receive healthcare in Australia. The Consequential Bill clarifies how the Office's compliance functions and oversight role in terms of the HI Service will operate.

4. By establishing the HI Service and issuing unique identifiers for healthcare purposes, the HI Bill will create one of the building blocks for a more efficient health system throughout Australia. The Office notes that the key policy proposals, including the need for a governance framework and comprehensive privacy laws to support the development of the HI Service, were set out in the paper issued by the Australian Health Minister' Conference in November 2009 (the AHMC paper).[3]

5. The Office has been actively involved in electronic health record developments for a number of years including in relation to this proposal. In particular, the Office notes that it commented on AHMC's paper in August 2009[4] and to the exposure draft of the HI Bill in January 2010.[5]

6. In all its submissions on electronic health record related initiatives the Office has consistently said that the development of these initiatives must be supported by strong privacy safeguards. These include defining the purposes of the initiative clearly and having sanctions for misuse of personal information, keeping the information accurate and secure, providing choice and control and having appropriate oversight. Our specific comments on these safeguards in relation to the health identifiers legislation are set out below. Overall, the Office considers that the HI and Consequential Bills, as they now stand, provide an appropriate privacy framework to support the establishment of the HI Service and the handling of individual healthcare identifiers.[6]

Purposes for which health identifiers can be used  

7. We welcome that the provisions in section 24 of the Bill make clear the limited purposes for which healthcare identifiers can be used. The Bill also expressly prohibits the use and disclosure of healthcare identifiers for other purposes under subsection 24(4).

8. Further, under section 26 of the Bill, it is an offence to use or disclose a healthcare identifier for an unauthorised purpose and criminal and civil sanctions for unauthorised use of a healthcare identifier can be imposed. These offences capture acts by individuals as well as organisations.

9. The Office believes the HI Bill provides significant privacy safeguards by clearly setting out the purposes for which healthcare identifiers can be collected, used and disclosed, and limiting those purposes to activities related to managing or communicating health information.

Security of health identifiers and associated demographic data

10. Our submission on the exposure draft HI Bill recommended that a specific data security obligation be included in the Bill. While recognising that the exposure draft Bill imposed penalties and included remedies for misuse of a healthcare identifier, we suggested that such a data security obligation would place a positive obligation on entities handling healthcare identifiers.

11. In our view, such an obligation would impose consistent data security obligations on any entity handling healthcare identifiers and may avoid a situation where inadequate data security measures lead to systemic misuse or loss of healthcare identifiers.

12. The Office welcomes that the HI Bill now imposes data security obligations on any entity holding healthcare identifiers. Consistent with the obligations imposed on agencies and organisations to keep information they handle secure[7], section 27 of the HI Bill requires that any entity holding healthcare identifiers must take reasonable steps to protect them from misuse, loss and unauthorised access. As well, section 27(2) enables regulations to be made in relation to data security. The regulations can impose a penalty on entities that fail to comply with those regulations.[8]

13. For the HI Service to provide a secure messaging service the information it holds about healthcare provider organisations must be accurate, complete and up to date. To achieve this end, section 14 of the HI Bill requires healthcare providers to ensure that the information the service operator holds about them remains accurate and up to date. The Office suggests that the regulations require healthcare provider organisations to maintain a record of the employees within the organisation who have responsibility for handling healthcare identifiers.

14. By imposing obligations on healthcare providers, the HI Service Operator and other entities to keep healthcare identifiers and the information associated with them secure and the other measures to provide secure messaging services the HI Bill has addressed the privacy issues we raised in our submission on the exposure draft in an appropriate manner.

Choice and Control

15. The Office believes that, as far as possible, the use of healthcare identifiers should not limit the choice and control individuals have over the handling of their health information and should not reduce individuals' access to healthcare services, including specialised services.

16. In the Office's view, the HI Bill generally fulfils these requirements by ensuring that

  • While it will be mandatory for every individual receiving healthcare in Australia to be assigned a healthcare identifier, the identifying information that will be associated with an individual's healthcare identifier in the HI Service's records will be limited to what is necessary to uniquely identify them[9]
  • The HI Service will not prevent individuals from seeking services anonymously or pseudonymously[10]
  • Individuals will not be refused treatment because their healthcare provider cannot access their healthcare identifier[11]
  • Individuals will be able to get access to their healthcare identifier either from their healthcare provider[12] or the service operator[13]
  • Where the individual requests access to the personal information held by the HI Service Operator, sections 10 and 22 of the HI Bill provides that this information will be accurate complete and up to date, including details of who has accessed the individual's healthcare identifier and
  • A person responsible for individual[14] can act for the individual and get access to their healthcare identifier and associated information.

Oversight

17. The range of oversight mechanisms in the HI Bill provides a solid compliance framework for the HI Service. In particular, individuals will be able to complain to our Office about the handling of their healthcare identifier, including where this involves state or territory authority, and the Office will also be able to carry out proactive compliance activities including own motion investigations and audits.[15] To support this commitment the Office has been allocated funding of $500,000 for each of the next two financial years.

18. In its response to the exposure draft HI Bill, the Office made some suggestions for improving the operation and clarity of the provisions in the exposure draft. Specifically, we proposed that the offence and compliance sections in the HI Bill should be set out in a separate section and consequential amendments be made to the Privacy Act to clarify how the offence and compliance provisions in the HI Bill will interact with the Privacy Act. The Office welcomes the changes that have been made in response to our suggestions in the HI Bill[16] and through the Consequential Bill provisions.

19. In addition to the compliance mechanism aimed towards protecting individuals, the HI Bill provides that there will be parliamentary oversight of the HI Service. Under section 30, the Privacy Commissioner is required to lodge an annual report about compliance issues that arise under the HI Bill with the Minister who will table the report in Parliament[17] and under section 34 the HI Service operator is similarly required to report on its activities, finances and operations. In addition the Office supports the review of the operation of the legislation and the associated report to be tabled in Parliament by 30 June 2013.[18]

Public Education Campaign

20. Our Office notes community concern as to the uses of healthcare identifiers and privacy implications. There is concern as to how secure the information kept on identifiers will be, who will be able to access information and whether identifiers will be a means to introduce a broader national identity system.

21. Our Office suggests thatit would be beneficial to raise public awareness through an appropriate educational campaign as to the uses of healthcare identifiers and the consideration that has been given to privacy in developing the scheme. A well-informed public will help to build trust and confidence in the scheme and ensure the effectiveness of the scheme for individuals and the community.

[1] For information about the inquiry and for the text of the Bills and their explanatory memorandum: www.aph.gov.au/senate/committee/clac_ctte/healthcare_identifier/index.htm

[2] Section 3 of the Healthcare Identifiers Bill 2010 

[3] Building the foundation for an e-health future...update on legislative proposals for healthcare identifiers', Australian Health Ministers' Conference, November 2009, p14  http://www.health.gov.au/internet/main/publishing.nsf/Content/7EB863F2246F5A72CA2575ED00817A5B/$File/FINAL%20Update%20Proposals%20HI%20Service%20Nov%2009.pdf

[4]Healthcare Identifiers and privacy: Discussion paper on proposals for legislative support, Submission to Australian health Ministers' Conference, August 2009 http://www.privacy.gov.au/materials/types/download/9387/6925

[5] http://www.privacy.gov.au/materials/types/download/9460/7027

[6] Primarily our comments in this submission relate to the handling of healthcare identifiers issued to individuals (IHIs) rather than healthcare identifiers issued to individual healthcare providers (HPI-Is) or healthcare provider organisations (HPI-Os)

[7] As set out in the Privacy Act under Information Privacy Principle (IPP) 4 and National Privacy Principle (NPP)4

[8] Section 27(b)

[9] Section s7(3) of the Bill

[10] Explanatory Memorandum to the Bill, p5, Note 6 p 13  

[11] Explanatory Memorandum to the Bill, p5

[12] Section 23

[13] Section 18

[14] National Privacy Principle (NPP) 2.5 defines a responsible person to whom information can be disclosed in certain healthcare circumstances.   

[15] Section 29 of the Bill.  While the Bill prescribes a healthcare identifier to be personal information for the purposes of section 27(1)(h) of the Privacy Act - thus enabling the Office to audit the handling of healthcare identifiers by private sector organisations - the Privacy Act does not allow us to audit organisations unless we receive a request from an organisation to do so. 

[16] Section 29

[17] Section 30

[18] See sections 35(1) and 35(2)