– Parliament of Australia

Senate Community Affairs Committees

REPORT ON ACCESS TO MEDICAL RECORDS

Navigation: Previous Page | Index | Next Page

CHAPTER 4 - PRIVACY ISSUES

Privacy and the private sector

4.1 The Privacy Act 1988 (the Privacy Act) has been in operation for almost a decade in Australia. The scope of the current Act covers data protection standards for personal information for the federal Government, and the Act's Information Privacy Principles (IPP's), cover collection, storage and security, individual access and correcting, use and disclosure. With some limited exceptions such as credit reporting (which is also covered by the Privacy Act), and telecommunications carriers and suppliers (covered in part by the Telecommunications Act), [1] there are no legislative standards applying to the private sector. [2]

4.2 As noted, it has been announced that the Commonwealth will not be implementing a privacy regime in the private sector. The argument advanced is that, `[a]t a time when all heads of government acknowledge the need to reduce the regulatory burden, proposals for new compulsory regimes would be counter productive. On those grounds, the Commonwealth will not be implementing privacy legislation for the private sector'. [3] In reality, the application of privacy legislation already extends into specific areas of the private sector.

4.3 In the area of credit reporting, the Federal Privacy Commissioner plays a monitoring role in the private finance and banking sector and, more recently, the Federal Privacy Commissioner's monitoring role has extended into the arena of public and private telecommunications. The recently enacted Telecommunications Act incorporates the Federal Privacy Commissioner's function of monitoring compliance with record-keeping requirements. The Federal Privacy Commission will have access to the records of `the carrier, provider or operator as the Federal Privacy Commissioner requires for the performance of the function conferred by subsection (1)', that is, the functions conferred on the Federal Privacy Commissioner by the Privacy Act 1988. [4]

4.4 In light of the Federal Privacy Commissioner's monitoring role which currently extends into credit reporting and telecommunications, the Commonwealth is now de jure extending important elements of privacy legislation directly into key areas of the private sector.

4.5 The necessity to extend privacy legislation into the private sector has been widely acknowledged. The former Federal Privacy Commissioner (Mr Kevin O'Connor) advocated over a number of years extending privacy rules into the private sector. The Federal Privacy Commissioner commissioned four surveys from 1990 to 1995 to explore public opinion on privacy issues. In August 1995, an information paper on privacy issues was published. The major findings, presented in Community Attitudes to Privacy, [5] left no doubt that privacy is an issue of considerable concern to most Australians. The Federal Privacy Commissioner reported that:

Nine in ten people think that when personal information is collected they should be told exactly what it is used for.

A similar proportion believe they should be asked permission before their personal information can be passed from one organisation to another.

Only one in ten people thinks information kept on computer is adequately safeguarded.

More than eight in ten Australians believe that governments should pass legislation to protect privacy and that privacy laws should apply to both government and business. [6]

4.6 In 1996 the Federal Privacy Commissioner received positive support from some of Australia's largest companies in favour of the introduction of a national Privacy Act to regulate the private sector and/or oversee specific industry privacy codes. The results of a survey commissioned by the Federal Privacy Commissioner conducted by Price Waterhouse among 120 of Australia's biggest companies indicated that two thirds favoured the introduction of privacy legislation in the private sector. [7] Pro-privacy groups, [8] Federal Privacy Commissioners and State Privacy Committees, [9] and members of the legal profession [10] have all urged the introduction of a privacy regime into the private sector.

4.7 Ms Moira Scollay, recently appointed as Federal Privacy Commissioner, confirmed that the Privacy Commissioner's office has, for some years, `argued that uniform privacy legislation is the best way to implement a scheme of privacy protection which will meet the needs of both business and consumers'. In a background paper on privacy protection in Australia, the Federal Privacy Commissioner contended:

Protecting privacy is more than guaranteeing confidentiality. The aim of privacy protection in Australia should be to ensure that individuals are informed about what is happening to their information, and are able to participate in decisions about what is being collected, who collects it, and why. [11]

4.8 Among the issues raised, three key points were identified which can be directly related to access to medical records and the fair and responsible handling of personal information.

Allowing people to access information about them which has been collected, and to correct it if it is inaccurate or out-of-date;

Making sure that the information is securely held and cannot be tampered with, stolen or improperly used; and

Limiting the use and disclosure of personal information for other purposes without the consent of the person affected. [12]

4.9 In relation to the Committee's inquiry into access to medical records, the Federal Privacy Commissioner presented compelling arguments in favour of extending privacy legislation into the private health sector:

I come from the view that patients' access to their own health records is a very strong and significant matter of principle. However, I do not argue just for access and correction rights. These are a necessary part of a wider privacy regime but they are not sufficient on their own.

I also believe that without access and correction rights we cannot properly address any other privacy issues. To imagine that people can be asked who should have access to their records, and who can be allowed to have secondary disclosures, without they themselves knowing what is in those records, is extremely problematic.

As we approach the twenty-first century, the handling of health information cannot any longer be seen simply as a doctor's handwritten card with patient information on it. This committee has already had evidence of the rapidly expanding technologies and the different approaches to health care which require many more people to be accessing health data, most of it in identified form. As technology and new approaches sweep over the health sector, consumers are becoming legitimately concerned about what happens to their information. [13]

4.10 The Federal Privacy Commissioner recently announced an initiative which, in its intent, aims at eliminating the risk of a network of inconsistent State-based privacy laws. In a background paper released in April 1997, Privacy Protection in Australia, the new Commissioner outlined her view on uniform national legislation:

My office has, for some years, argued that the uniform national privacy legislation is the best way to implement a scheme of privacy protection which will meet the needs of both business and consumers, and it remains my view that a legislatively-based “co-regulatory” approach would best achieve this result. I believe it should be possible to devise a statutory regime which is neither onerous nor costly for business. [14]

4.11 Only the Northern Territory and Queensland have agreed with a recent Government request not to proceed with extending privacy legislation within their own jurisdictions. The main pro-privacy States, NSW and Victoria, have only agreed to review their position in relation to privacy legislation for the private sector. [15]

4.12 The Australian Law Reform Commission (ALRC) supports the extension of privacy legislation into the private sector. The ALRC confirmed that:

[t]he commission's view would be that the best way to approach privacy protection in the private sector, including access to health and medical records, would be to institute an extension of the Privacy Act into the private sector.

Other countries have already extended privacy into the health care area. On an international level, I think we will find greater and greater pressure for this, not only through the commitment that we have to privacy rights under the International Covenant on Civil and Political Rights but also through the OECD's guidelines in 1980 on not only public but also private sector records and access, use and storage of those records. [16]

Retention and storage of records

4.17 At present, there are limited legal requirements for private medical practitioners to store medical records. Doctors are required to retain records relating to the prescription of certain drugs and relating to public health notifiable diseases. Evidence emerging from the Committee's inquiry revealed that there are significant variations in the way medical records held in private general practice are handled in the States and Territories. The Committee was concerned to learn that there is no statutory national legislation which prescribes the way records should be retained, transferred or destroyed.

4.18 Medical practitioners are advised by professional bodies on methods of record keeping. The AMA and the Medical Defence Union (MDU), for example, provide regular advice to members, and there are legal and ethical considerations which guide practitioners. [23]

4.19 Queensland is the only Australian state which has legislated, by Part 9B of the Medical Act of 1939, to grant to the Queensland Medical Board extensive powers in relation to clinical records:

Such records and those of retired practitioners or records that are abandoned, may be taken into the safekeeping of the Board or it may order they be held on the Board's behalf or transferred to another person. The Queensland Medical Board also has the power to destroy records in its possession when it is satisfied that their retention is no longer necessary. [24]

4.20 The ACT Commissioner for Health Complaints (ACTCHC), advised the Committee that in the ACT there is no legislation providing guidance about the period of retention of health records or statutory archiving procedures. Institutions such as Canberra Hospital have their own procedures. The Commissioner advised the Committee that the proposed ACT legislation relating to access to medical records will not incorporate specific standards or procedures:

The complex questions in the area require separate policy development ... However, a regulation-making power will be included in the legislation to allow development by the [ACT] Government of a schedule for periods of retention of health records, in cooperation with health service providers, medical defence organisation and other insurers involved in professional indemnity matters, and health service consumers. [25]

4.21 The ALRC advised the Committee that ethical principles require that a doctor `should retain medical information about a patient which allows them to adequately treat that patient for as long as is necessary'. Furthermore, the `legal consequences of not keeping medical records offer an even more compelling reason why doctors are advised to retain records'. The ALRC noted that:

Doctors are ... advised to retain medical records for as long as it is possible for a patient to bring an action against them. In negligence actions the limitation period is generally three to six years, which begins from the time a minor reaches the age of eighteen. [26]

4.22 The Health Information Management Association of Australia (HIMAA) advised the Committee that currently there is little overall direction to health professionals regarding the retention of records. HIMAA indicated that any patient access to records scheme should consider carefully any provisions regarding the retention and destruction of records to avoid records `being pre-emptively destroyed so that access cannot be granted'. [27]

4.23 Australian Archives advised the Committee that there were real risks that medical records could be vulnerable to destruction:

The length of time medical records are retained may be dictated by financial or auditing requirements, the medical needs of the patient, legal considerations, and professional reasons. Health care providers may well retain the same kind of medical records for differing periods because there is no single authority that provides guidelines about for how long medical records of different types should be kept.

[Senator Neal's] proposed amendment provides right of access to the medical records held by health care providers. It does not indicate how long records are to be retained nor that destruction for the purpose of avoiding or deliberately obstructing access is illegal. ... Unless there is some position on the retention of medical records there is a real risk that they will be vulnerable to destruction which constitutes the ultimate denial of access. [28]

4.24 The Committee raised the issue of the retention, transfer and storage of records following the sale of a medical practice. The question related to on the sale of a medical practice. The Australian Association of Surgeons (AAS) informed the Committee that records are normally sold with the practice, although they are not `worth anything and remain part of the practice'. (Records, however, do have a `good-will' value). According to Mr John Buntine, Past President of AAS, when a younger practitioner moves into a practice and takes over records:

the normal thing is then that the younger doctor disposes of them [the records] after a period that they think is appropriate. However, there aren't any hard and fast rules. It is most difficult with respect to children, and with respect to children it is normally considered that the records should be kept for 10 years at least after the time when the child becomes 18. That means if you treat somebody when they are two, you have to keep the records for 26 years.

Another situation that happens at times is that the records just pass on as part of the doctor's estate. There are many doctors' wives who are the custodians of records who hunt around in garages and things like this looking for them at times when patients want them. [29]

4.25 The Committee pursued its questioning on the issue of retention, transfer and storage of records in order to obtain a clearer perspective on the management of records. HIMAA was asked about the retention of records in the public and private health sectors. HIMAA advised the Committee that records were usually retained for seven years, that is, the statute of limitations, plus one year:

In the public sector, in hospitals it varies from state to state. In Victoria, for instance, it is 15 years since last attendance or 10 years after decease, unless it is a paediatric case in which case it is the number of years at which they would have reached a certain age ... Queensland has just recently changed its retention schedule from seven to ten years since last attendance. [30]

4.26 In relation to the destruction of records, HIMAA advised the Committee that routines varied:

In the public sector, there are reasonably strict guidelines, certainly in the hospital sector ... it is not always ideally carried out ... In terms of destruction, there are fairly clear guidelines on what you can and cannot do and how you must notify a government council that is the terminology in Victoria as to what records you are proposing to destroy and they actually fall outside the time frames that have been recommended in your retention schedules. As for destruction, it is fairly clear that they may not be pulped, they should be shredded or destroyed completely rather than them blow down the street as loose leaf papers. [31]

4.27 The New Zealand Health Information Privacy Code 1994 does incorporate safeguards in Rule 5 of the Code Storage and Safeguards of Health Information. The Code covers physical, operational, and technical security, as well as security of transmission, disposal and/or destruction of health records. Under the disposal or destruction of health records, record-keepers are provided with clear guidelines on disposal. Records may be returned to the individual concerned, controlled physical destruction by shredding or incineration may occur, computerised records may be rendered unreadable, methods of transferring of records is set out, and retiring practitioners are compelled to `take proper steps to ensure that relevant records are left with another competent practitioner'. [32]

4.28 From evidence gathered by the Committee, it was clear that in Australia there is no comprehensive national policy or agreement on the retention, storage, transfer and destruction of records. A piecemeal range of systems are in place, dependent upon protocols developed within professions, various State regulations, institutional schedules and certain legal requirements. There is no clear-cut consensus on what is the `right' way of dealing with records or defining the role of the record-keeper.

4.29 A record-keeper under the Privacy Act, Information Privacy Principle 4 Storage and Security of Personal Information, is the individual who has possession or control of a record that contains personal information. As such the record-keeper shall ensure:

(a) that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against, unauthorised access, use, modification or disclosure, and against other misuse; and

(b) that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use of disclosure of information contained in the record. [33]

4.30 These responsibilities only apply to record-keepers in the public health system. No such definition or set of responsibilities are laid out specifically for record-keepers in the private health sector. The Committee was aware from evidence that, under certain circumstances, the record-keeper is sometimes the spouse of a deceased medical practitioner; records may also be held by a group practice company and thus not directly by one medical practitioner. While such record-keepers may be responsible, there is no onus on a person such as a spouse who inherits medical records, to maintain, retain, or correctly store personal records, and there is little in the way of consistent advice as to the appropriate or legal ways in which records may be destroyed. As submissions have indicated, individuals have been dismayed to discover that their records have been destroyed without their knowledge and that information contained in their records was irrecoverable.

Information Privacy Principles and Industry Codes of Practice

4.31 The Privacy Act 1988 contains eleven Information Privacy Principles (IPPs) set out in Section 14 of the Privacy Act. IPPs are statutory principles relating to the collection, storage and security, individual access and correction, use and disclosure of personal information. [34]

4.32 The Attorney-General's Discussion Paper, Privacy Protection in the Private Sector, outlined a possible way ahead and suggested that if the privacy regime was extended, the application of IPPs would take effect immediately. It was anticipated that there would be delayed implementation in the operation of the enforcement provisions in relation to all IPPs, other than for those concerned with storage and security of personal information, and access to and correction of personal information. This delay was to allow Industry Codes of Practice to be developed if `considered desirable'. [35]

4.33 It was anticipated that in extending privacy protection, the Commonwealth Government would work with the States and industry to adopt a co-regulatory approach to privacy within the private sector in Australia, comparable with best international practice. [36] The desirability and necessity of extending privacy protection into the private sector was not in question, only the development of industry-specific Codes of Practice which would be tailored to meet the needs of a particular part of the private sector.

4.34 Codes of Practice are essential to the extension of privacy legislation into the private sector and are intended to serve two separate but complementary purposes. They may `prescribe how any one or more of the IPPs are to be applied or complied with by the record-keepers ... they may also be used to modify the application of any one or more of the IPPs by imposing standards that are either more or less stringent, subject to a prohibition against any limitation or restriction of rights of access or correction'. [37] The intention is for the development of Codes of Practice `which allow for the principles to be tailored to meet the needs of a particular part of the private sector'. [38] For the private health sector, a working party to be established by the Minister for Health and Family Services, will provide advice for the development of a separate code. (See Paragraph 4.54).

4.35 According to the Attorney-General's Discussion Paper:

A Code would be able to elaborate upon the IPPs.

It would be used to provide concrete details on issues of relevance to a part of the private sector.

A Code would also be able to modify the IPPs.

Where a Code was not issued the IPPs would apply.

The [privacy] regime would ... provide a consistent framework for the entire private sector while at the same time providing flexibility to the private sector. [39]

Voluntary codes

4.40 The AMA claimed that its voluntary code relating to access to medical records worked reasonably well. In its submission, the AMA submitted that patients already have access to medical records:

Neither the AMA's policies nor the common law prohibit a doctor from allowing a patient to view documents in a medical file, make copies, if that is appropriate, obtain a summary or an explanation, or even make corrections. This is achieved through cooperative access where the rights of each party is respected. [44]

4.41 `Cooperative access' was the AMA's major point. In the spirit of cooperation, and in the spirit of the AMA's ethics, patients should have access to their medical records. In reality, some patients (including Ms Julie Breen) have been denied access, not because a medical practitioner claimed `therapeutic privilege', that is, withholding information contained in the record which might harm or alarm the patient, but because a doctor claimed the right of ownership of the record and chose not to allow access.

4.42 In the AMA's view, however, the number of patients denied access to their medical records who have pursued their claims is small too small to warrant legislation. The Committee's view is that patients have a right to access to their record and that right must be protected through legislation. The number of patients who claim access to their records is largely immaterial if legislation is in place.

4.43 United Medical Defence (UMD), the largest single professional indemnity provider for doctors in Australia, supported a voluntary code and suggested that a voluntary code should `include a suitable dispute procedure'. UMD had indemnified Dr Williams in Breen v Williams to establish the doctor's property. In its submission, UMD noted that it had indemnified Dr Williams `to ensure that change in the right of access would not be retrospective and to ensure that any access was not a common law right but occurred only with the controls possible with legislation'. [45] In its evidence to the Committee, UMD agreed that legislation was desirable and referred to the United Kingdom's access to medical records legislation which it regarded as `a useful starting point'. [46] Referring to the efficacy of voluntary codes or legislation, UMD was equivocal:

The position ... since recently is that the United Medical Defence supports a voluntary code and an alternative legislative response. The effectiveness of it can be judged by having an effective disputes procedure whether it is in the voluntary code or in the legislation. [47]

4.44 The RACGP also stated their views in regard to voluntary codes or, as they put it, `voluntary access and voluntary agreement to access'. Dr Bollen, Secretary General, RACGP, put the College's case thus:

This whole issue is about effective communication between two people to make certain that the best outcome occurs in relation to that particular person's health. Once you legislate something, you change that relationship. [48]

4.45 Others did not hold much faith in the ability of any voluntary code. The Chairman of the NSW Privacy Committee, expressed his general views on voluntary codes:

I think voluntary codes are excellent for people in organisations of integrity. They are not worth the paper they are written on for people who wish to rort the system or who have no intention of obeying the voluntary code. I do not think any voluntary code is much good unless it has some significant legislative underpinning. [49]

4.46 In relation to voluntary codes, the Federal Privacy Commissioner stated:

From my perspective there are privacy principles which cannot be compromised in either a legislated or a voluntary outcome ... There is enormous scope for different approaches to these issues ... while a scheme could be developed for voluntary application in the first instance, in my view it must still be of a standard equivalent to international best practice and be able to be given statutory effect, if not now, then in the future. [50]

4.47 Questioned as to whether a voluntary regime or a legislation regime was preferable, the Federal Privacy Commissioner was adamant:

My preference is clearly for legislation. In the broader sense of the private sector generally, I have been interested in the way the Canadian experience has gone. This is not in relation to the health sphere particularly, but in the Canadian experience the Canadian Standards Association has developed a voluntary code for privacy for Canada which has been developed as a result of consultation with all the interest groups around the table and they have come up with an agreed voluntary code. That code is now going to be legislated because in a sense the opposition to it, in terms of the way it has been developed, has basically fallen away. The industry minister in Canada is saying, although it was starting off as a voluntary process, that it is now going into legislation.

There is no question in my mind that a legislative approach is the one that guarantees the best rights of access and rights of privacy in the health area. If there is going to be a legislated or a voluntary outcome, there will need to be the development of a code, a bit like the New Zealand one, which is more specific to the health sector, and which deals with many of the issues that you, as a committee, have been grappling with.

4.48 The Committee was anxious to clarify the difference between a voluntary code of ethics such as that prescribed by the AMA, a code which would operate within extended privacy legislation, and a code like that already in operation in New Zealand. Referring to the Attorney-General's Discussion Paper, the Federal Privacy Commissioner differentiated clearly between extended privacy legislation with Information Privacy Principles (IPP's) with legislated voluntary codes developed for specific industries as disallowable instruments, and voluntary industry codes developed and overseen by industry and/or professional bodies separate from legislation.

4.49 The Federal Privacy Commissioner argued that whether a voluntary regime or a legislated regime was in place, certain basic standards were essential:

My view is that, whether you go down a voluntary route or a legislated route, in even a voluntary scheme, you will still have to have basic standards of privacy, basic standards of access and correction. You would have to have a complaints mechanism and you would have to have sanctions. There would be choices in either scheme as to who would take responsibility for those things. The issue then becomes the enforceability of that. Clearly, the enforceability falls on the side of requiring legislation.

4.50 Questioned on the effectiveness of voluntary codes, the Federal Privacy Commissioner expressed the view that the success of a voluntary system depended upon the extent to which people in any particular industry or profession committed themselves to a voluntary process. If individuals or organisations went outside a voluntary code, the industry (or profession) would place penalties for bring the industry into disrepute. In the Commissioner's view, however, such actions do not `carry the same weight as legislation'. [51]

4.51 Referring to complaints mechanisms within a voluntary code, the Federal Privacy Commissioner observed that it was necessary to ensure access to a dispute resolution. It was also essential to know whether the person or organisation that is being complained about has `signed up' to the voluntary code. If not, then a complainant has no recourse. According to the Commissioner, voluntary codes depend upon `who is in and who is not in':

In a voluntary system, it is possible to have a complaint mechanism that might be run by the professional body, and the individual concerned can go to that professional body and have a complaint resolved in the way that that industry has decided to set itself up. That happens now across other industries that have their own internal complaint mechanisms. If the person has not signed up, they have got nothing. If they have signed up, there are various ways in which the profession has sanctions on its own members. Sometimes they can enforce that and sometimes they cannot. [52]

4.52 Others also expressed their concerns regarding voluntary codes. The ACT Health Complaints Commissioner referred to the AMA's voluntary code and access to medical records. Although the AMA had a clear policy in relation to the provision of information, he noticed that from his experience, this `had not really affected the practice of members of the medical profession'. [53]

4.53 DHFS confirmed that they had considered the scope of a voluntary code which, in their view, would address more than patient access to medical records. DHFS advised that a voluntary code should:

... provide more comprehensive protection of personal health information contained in medical records. It should establish a framework for setting tailored standards for security of storage and transfer of personal health information; the collection, use and disposal of personal health information; processes for approving additional use and disclosure of information beyond the original agreed purpose; patient access to records and to mechanisms for correction of information on the record; exemptions from the provision of patient access to the record; a dispute resolution process that can be used by patients and practitioners in relation to the implementation of the standards; fees that may be charged under the code; and recommended periods for retention and disposal of records. [54]

4.54 DHFS advised the Committee that all the issues above were on the agenda of a working party to be charged with the development of a voluntary code. DHFS indicated that the voluntary code, when developed, would build upon the work of the Attorney-General's portfolio to assist the private sector generally to develop and meet privacy standards. Accordingly, a joint working party charged with developing the voluntary code would established by the Minister for Health and Family Services, and the working party would develop and effective system for implementing the voluntary code. (The working party was due to commence work in May 1997 with a view to having recommendations by the end of 1997). [55] DHFS advised that the working party will be responsible for developing an effective system for implementing the voluntary code. [56]

4.55 The Committee queried the proposed constitution of the working party. Following the Committee's public hearing held in Canberra on 17 April, the AMA indicated in a press article released on 21 April that they envisaged the working party to include DHFS, Attorney-General's Department, the Federal Privacy Commissioner, the profession (that is, the medical profession) and consultation with consumers. [57] At the hearing, however, DHFS agreed that the working party would need to consult more broadly. At the time of writing, the membership of this joint working party is still to be finalised.

4.56 In addition to the groups identified, the Committee indicated to DHFS that consumer interest groups, Health Complaints Commissioners, in addition to other professional health care providers including physiotherapists, dietitians, occupational therapists, the nursing colleges, social workers, and others in fields of professional health as well as the AMA, should be consulted and have input into a code. If other professional health care providers were to be consulted, and the Committee considered this to be essential, it begged the question as to what records needed to be covered under a code, whether the code was voluntary or legislated.

4.57 DHFS concurred that the issue was complex and confirmed that the definition of what constituted a medical record had not yet been finalised. [58] The Committee is of the view that there would have to be a very wide definition of medical records to incorporate all the types of record which would contain personal health information. [59]

4.58 Following from this consideration, questions were raised regarding DHFS's expertise and in monitoring any future code. DHFS admitted to the Committee that monitoring a voluntary code was an activity which the Department had little or no experience. The Committee was informed that it was not possible to recall whether the portfolio had been involved in either developing or implementing voluntary codes. [60] DHFS suggested, however, that it was a `question of cooperation and involvement':

Clearly, even with voluntary codes, at the practitioner level there will always be variations in adherence to the code, the interpretation of the code, et cetera. It is our view that in an area like this, which is not just a question of the strict letter of the law, but is more about doctor-patient interaction et cetera, a voluntary code, if combined with the proper educational arrangements and that sort of thing, is more likely to succeed than simply imposing a new set of rules on doctors. That is just a perspective. [61]

4.59 DHFS did not comment upon what educational arrangements were envisaged. The Health Insurance Commission (HIC) briefly described to the Committee its `Better Practice' program. (See below). The reference DHFS made to the issue of the imposition of a `new set of rules on doctors' was considered. The Committee was of the view that doctors practising in the public health system were apparently able to cope with the idea that their medical records could be accessed if a patient requested access. Evidence also suggested that many GPs working in both the public and private health sectors, were aware of access to medical provisions under FOI.

4.60 The HIC told the Committee that it might be possible to establish a regime whereby the HIC was in a position to determine whether patients' access to medical records was granted, or on reported cases of non-compliance. HIC suggested that to ensure compliance, more general medical practitioners might be encouraged to participate in the `Better Practice' program administered by the HIC which offered financial incentives to general medical practitioners who provide comprehensive `whole patient care'. HIC suggested that `possible access to medical records by patients is a factor which could be included in the eligibility criteria to participate in such a regime'. [62]

4.61 The Prime Minister's press statement on privacy legislation noted that the Federal Privacy Commissioner would `assist business in the development of voluntary codes of conduct and to meet privacy standards'. [63] The Federal Privacy Commissioner's role, whether a legislative or voluntary code approach is adopted, will be of vital importance. The Federal Privacy Commissioner, however, expressed the following view:

I have reservations about the effectiveness of a voluntary scheme in the health sector. In particular, a voluntary code may not provide people with adequate opportunity to complain about and be compensated for breaches. I think it would be unsatisfactory if a code were attached to a disciplinary structure which could lead to a health professional being admonished or excluded from the profession, but which would not deal directly with the harm done to an individual and nor would it promote systemic change. Moreover, people would still not have any legal right to gain access to information held by health care providers in the private sector. [64]

4.62 In the light of the negative views expressed to the Committee on the effectiveness of voluntary codes in general, and variations in voluntary codes relating to access to medical records in the private health sector in particular, the Committee remained unconvinced that voluntary codes would be observed consistently. It would appear that if voluntary codes are not complied with in terms of providing access to medical records, patients will have to go to a Health Complaints Commissioner or Medical Boards for assistance. If these procedures fail, then a patient may be faced with entering litigation. The question of sanctions or penalties for failure to comply with a voluntary code were raised briefly, and these are discussed below. (See Paragraph 4.88ff).

Privacy and confidentiality: electronic records and telemedicine

4.63 What is an electronic health record as it relates to the individual patient? One definition suggests that an electronic health record of the future will be `a collection of all the personal information, clinical and non-clinical, relating to [their] health provided by and about a particular health consumer to their health care providers, stored in electronic format'. An electronic health record would be a `lifelong record containing details of childhood immunisations, public and private hospital visits throughout the consumer's lifetime as well as contacts with GPs, specialists, community health services, nursing homes and psychiatric facilities'. [65]

4.64 In his keynote address to participants at a recent conference, `Whose Health Records', which took place in Sydney in March 1997, the Attorney-General, The Hon Daryl Williams AM QC MP, spoke on the issue of privacy protection and information technology (IT). The Attorney-General made the following points:

Privacy protection in the health sector also raises issues about the growing use of health information for research purposes, and the increasing value of health information to business such as pharmaceutical companies and private health insurers. New technology and sophisticated telecommunications networks increase the capacity for information sharing and raise new questions about how to balance the competing interests involved. There are other developments in information technology with the potential to affect privacy within the health sector. These include telemedicine, which I understand involves the electronic transmission of radiological and other images, genetic testing, and smart cards. All of these new technologies raise issues of practical importance to the health sector. [66]

4.65 The Committee took evidence from a number of witnesses on the subject of privacy, security, electronic records and information technology. Among the privacy implications which the Committee considered, the issue of patient access to electronically-stored records, and the transmission of personal health information held in electronic records was canvassed.

4.66 Electronically-stored records are no longer regarded as new technology, although in general medical practice many in the profession are seeking guidance. In 1993, the RACGP issued to its members an Interim Code of Practice for Computerised Medical Records in General Practice. The Interim Code is currently being revised for endorsement by the College's Council for more general use. [67] In an article in Australian Medicine, it was suggested that for GPs, `a two to three year period was needed to create an informed environment in general practice in terms of both the population health model of service provision and the uptake and appropriate use of IT' (Information Technology). [68]

4.67 Large and small businesses use sophisticated IT to create databanks capable of storing and providing detailed statistical and profile data. In the health sector, health information stored in this way is generally used in `de-identified' form, that is, with all personal information removed from access. Such data is used, for example, to provide specific epidemiological information. The National Health and Medical Research Council (NHMRC) and other medical research institutions make increasing use of electronically-stored information and have guidelines and protocols for the use of massed de-identified data. The NHMRC guidelines were issued in 1991 following approval under s. 95 of the Privacy Act. [69]

4.68 The former Federal Privacy Commissioner had spoken extensively on the matter of electronic technology and privacy issues. In a paper delivered in 1996 entitled, `Privacy Issues Arising As “I.T. Happens”', the Federal Privacy Commissioner made the point that, traditionally, in the health sector, `individuals have assumed that their information is only accessed by their doctor/health care provider'. [70] IT and electronic records have enabled far greater access to personal health information although, ironically, not necessarily for patients in the private health sector:

Increasingly, numerous demands are being made on health data. It is useful to draw a distinction between demands for access to data for primary purposes (the provision of health care to the individual) and demands for secondary uses (such as research, public health and outcome monitoring. The use of identified information for purposes other than the direct health care is a major area of growth and requires careful management to ensure that the privacy of health information is not eroded. [71]

4.69 The Federal Privacy Commissioner observed that there are `numerous public health pressures to use personal health information', and referred specifically to medical and epidemiological researchers, and to public health initiatives such as recall systems, screening programs, registers of immunisations, regional databases recording people with certain conditions. [72] These requirements for personal health information are legitimate as long as the individual patients involved know what information is held about them, and who wishes to access that information, beyond themselves. The important point made in the (then) Privacy Commissioner's paper was that it is a fundamental privacy principle that individuals have a right to know what information an organisation [or medical practitioners and other health professionals] holds about them. [73]

4.70 Referring to the UK Access to Health Records Act 1990, and to the subsequent guidelines issued by the UK Department of Health on the protection and use of patient information in an electronic environment, it was noted that the guidelines were prepared after wide consultation with patients as well as professional representatives. The UK Health Service Guidelines `The Protection and Use of Patient Information' (1996) sets out patients' right of access to their own records which are established in the Patient's Charter. There are also rights of access under the Data Protection Act 1984, the Access to Personal Files Act 1988, and the Access to Medical Reports Act 1988.

4.71 In summary, the UK Guidelines provide specific guidance on the circumstances in which patient information may be passed on, the need to keep patients informed about the uses to which information on them is put, and patients right of access to their own records. It also sets out when and how personal information may be used for the creation of aggregated and `anonymised' [de-identified] statistics for health service planning, monitoring of public health, and medical research.

4.72 Acknowledging the growth of information technology, the UK Data Protection Act 1984 specifies that all `personal data' (including patient information) relating to living individuals that are held on a computer system are subject to the Act. The Act establishes eight principles which may be compared with IPPs in the Australian Privacy Act. Principle 7 states that: an individual shall be entitled (a) at reasonable intervals and without undue delay or expense: (i) to be informed by any data user whether he holds personal data of which the individual is subject; and (ii) to access any such data held by a data user; and (b) where appropriate, to have such data corrected or erased. Principle 8 of the Act establishes that: appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure or destruction of, personal data and against accidental loss or destruction of personal data.

4.73 On the issue of security in an electronic environment, the Committee was informed by HIC (Vic) that lack of patient access to their records has been identified as a major barrier to public acceptance of the use of electronic means of communications in the health sector:

Patient access itself has been identified as a means of increasing patient comfort through electronic dissemination of their records. Basically, you cannot have absolute security in an electronic environment. There are a much broader range of players interested in the much broader range of information that can be collated, manipulated and disseminated in an electronic environment. Security is not something that can be achieved absolutely. The accuracy of the record is, therefore, a second-best to absolute security. Patient access to their records is obviously a critical way to achieve accurate records. [74]

4.74 HIC (Vic) informed the Committee that in the UK, legislation to enable patient access to electronic records occurred before legislation enabling patient access to manually created records an indication of general community concern about electronically created and maintained files about people. [75]

4.75 The Chairman, NSW Privacy Committee, expressed a lack of confidence in current practices relating to electronic records:

I do not think that one can have any degree of confidence at the moment that medical records held in electronic form can be regarded as anywhere near as secure as the old fashioned handwritten record stored in a locked cupboard at the end of the day. One of the few things that one can say about them is that the right of people to look at those records is more likely to be able to keep them up to the mark than the denial of access. After all, if you have information on a screen that you can show people when they come into your medical practice on a regular basis, you can say, “Just check this; is this in fact you”? I think there is much more security and value in that than many of the other forms. For example, I do not think in major hospitals or very busy surgeries that, unless people have the most elaborate and expensive security connected with their electronic records, they can be properly maintained in the way in which one would like. After all, if teenage hackers can get into NASA and the American defence department, it is not going to take them very much to get into Royal Prince Alfred Hospital. [76]

4.76 The Chairman, NSW Privacy Committee, also referred to the beneficial uses of electronic records:

People are extraordinarily mobile these days around Australia, particularly with electronic records. If people have an accident in one state and somebody needs to get access to sensitive medical information about them which is stored in electronic form and they have the capacity to get into that, that is beneficial to the patient, but it needs to be on the basis that there are some nationally acceptable rules about it. [77]

4.77 The Chairman, NSW Privacy Committee, made reference to the wide range of people who already have access to medical records. The point was made that while an individual may be denied access to his/her record, others may have access:

[W]e are talking about tens of thousands of people who have access to the information, yet there are some people quibbling about whether the person about whom the information is held should be the last in the queue and actually find out that information information which lots of other people have access to with sometimes very few safeguards.

Everybody else has access to it [patient information]. I do not know how many people these days work for the Health Insurance Commission, but people are going around and doing spot checks on procedures and how many were done. Registers are being established all the time. The Commonwealth is proposing proper registers in relation to child immunisation. We have registers in relation to types of cancers. We have registers in relation to pap smears. We have registers in relation to HIV status. All of them are accessible to hundreds if not thousands of people throughout bureaucratic departments and any of these larger organisations. [78]

4.78 Referring to the privacy requirements demanded by the European Union under the Organisation for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flow of Personal Data, [79] the Chairman, NSW Privacy Committee, argued strongly that privacy was a an issue of major importance and was clearly the Commonwealth Parliament's responsibility:

I think that privacy is such an issue, and the nature of the exchange of information around the country is such a major issue that, unless there is a uniform national approach to these matters, it will be largely a self-defeating exercise. This is one of the clear areas where the Commonwealth parliament should legislate, and I think there are obligations contained in section 17 of the international covenant in this regard. Guarantees of privacy and access to information which flow from that means this is a Commonwealth parliamentary responsibility. [80]

4.79 The Committee was aware that European privacy requirements will soon impinge directly upon Australia. The Committee was concerned that by not ensuring extension of privacy legislation into the private sector, including the private health sector, Australia may be excluded from vital exchanges of information.

4.80 Telemedicine was an issue which the Committee raised with witnesses. Currently, the House of Representatives Standing Committee on Family and Community Affairs is conducting its own inquiry into Health Information Management and Telemedicine. The inquiry's terms of reference sought evidence on the ways to maximise developments in information management and information technology in the health sector to improve health care delivery and to increase Australia's international competitiveness. The House of Representatives inquiry focuses on a range of issues relating to health information management and differs significantly from the Senate's inquiry which, at its focus, has inquired into the appropriate scope of Commonwealth legislation ensuring access to medical records.

4.81 One term of reference of the House of Representatives inquiry does, however, have importance in relation to access to medical records held in electronic form. This reference deals with the `ethical, privacy and legal issues which may arise with wide application of [this] technology and transfer of confidential patient information'. The House of Representatives Committee report is expected in the last quarter of 1997.

4.82 The Attorney-General spoke about telemedicine in his keynote address referred to earlier in Paragraph 4.64. Telemedicine has been defined by DHFS to mean `the direct use of electronic communication as part of clinical practice, the actual hands on diagnosis'. Further differentiated it means, `using technology when you are trying to make a clinical step, a diagnosis, actually treat somebody, as opposed to information management which is just the moving of information and data around, and IT being the vehicle for moving those sorts of things around, be it by phone lines, multi-media cables, satellites, faxes or whatever'. [81]

4.83 The Committee was interested to know more about the use of telemedicine in general medical practice and hospitals, and the appropriate sorts of computer programs that would be needed to ensure that, (a) privacy aspects were considered, (b) that documents could not be altered when they should not be altered, and (c) the security of transmission of those documents transmitted through electronic means, such as remote hospitals sending down ECGs to teaching hospitals. It was noted that while medical practitioners are able to freely transmit patient information for diagnostic purposes down telephone lines through modems, or by other means, patients may not have access to that same information. [82]

4.84 The Committee was assured to learn that hospitals in the private sector were aware of the potential problems associated with telemedicine and electronic records. The Australian Private Hospitals Association (APHA) advised that in terms of record keeping, most records were still done by pen and paper because of its convenience when walking around a ward. There is investigation into tablet style computers but, to date, APHA was unaware of any hospitals in Australia where they are common practice. APHA advised that some hospitals are performing trials with what data can be collected in that computerised form. [83] While acknowledging that such technology had great advantages, the Committee expressed some concerns that possibilities for information leakages, security breaches and interference with patient data might arise.

4.85 APHA advised the Committee that in their experience, hospitals are `data security aware' and that as new information technology is implemented, security processes are integral to the process of implementation:

For example, there are currently investigations into electronic data interchange for the hospital case mix protocol that is required by legislation to be sent from hospitals to insurance funds. [84] There is quite a lot of work going on in designing message structures and so on. Encryption is a very large part of the deliberations of the committee that is looking at the EDI message structures. They tend to go hand in hand as the technology is used. The security is also investigated and assessed and protection measures are put in place. [85]

Privacy and access: appeals and sanctions

4.88 Under the content of agreement set out in the amendment proposed by Senator Neal, medical practitioners were, with certain exceptions, to provide patient access to medical records. Such provision was mandatory and Medicare payments would not be payable in respect of a professional service rendered if the provider failed to comply with conditions of the agreement. [89] Review of decisions in relation to access matters were to be referred to the Administrative Appeals Tribunal or the Federal Court. The amendment made no provision for penalties or sanctions for breaches in privacy.

4.89 The Human Rights and Equal Opportunity Commission (HREOC) recently noted in its submission made to the House of Representatives inquiry into Health Information Management and Telemedicine, that:

Protection of the privacy of personal health information is a particularly significant issue due to the sensitivity of this information; the potential for unlawful or unfair discrimination if it is used or disclosed inappropriately; high community expectations of confidentiality; and the value in terms of accurate diagnosis and treatment in people having confidence that they can reveal anything to a health care provider and that it will go no further. [90]

4.90 The HREOC, while not commenting upon the imposition of specific sanctions or penalties for breaches in privacy and confidentiality, recommended that:

Personal health information should ideally be subject to more stringent standards of protection than is currently provided by the current Information Privacy Principles. [91]

4.91 In its submission to the Senate's inquiry into access to medical records, the ALRC suggested to the Committee that in its deliberations on an access to medical records regime, it should consider the imposition of criminal sanctions for unauthorised disclosure of patient information. Referring to the ALRC's various inquiries, the ALRC informed the Committee that it had become aware of a great deal of unauthorised disclosure, not necessarily from doctors, but from health care providers in general. ALRC advised that the problem was particularly acute, for example, in rural regions in small communities where patients deal with health care providers. Leakages of information occurred and information often became known in a small community. [92]

4.92 Particular reference was made to health information relating to individuals with an intellectual or psychiatric disability. The ALRC's reasoning for recommending sanctions was that there were high costs to individuals who had their personal medical information disclosed. The results of unauthorised disclosure could have deleterious effects upon an individual in employment, in relationships and elsewhere. [93] Criminal sanctions might better ensure privacy protection because, `the cost to individuals can be so very serious'. [94]

4.93 DHFS was in favour of educational measures and a tight system of industry self-regulation rather than what it termed, `more coercive measures'. DHFS pointed to precedents in the private sector where voluntary codes for consumer protection (including privacy protection) had been developed, facilitated by the Australian Consumer and Competition Commission, for example, through the Telecommunications Industry Ombudsman. Reference was made to the finance sector codes of practice and conduct which had `well developed dispute resolution mechanisms enforced by independent ombudsmen or dispute reference centres'. DHFS suggested that schemes such as this provide a `model for ensuring a process of review of compliance with industry standards'. [95]

4.94 Complaints handling mechanisms in the private health sector have improved considerably since the establishment of Health Care Complaints Commissions. [96] Commissioners are able to investigate complaints and negotiate on behalf of patients in matters related to access to medical records. However, Commissioners are given no powers of sanction by way of imposition of penalties, or other enforceable mechanisms for resolving disputes about access, or for breaches of patient confidentiality. These matters are generally referred to medical and allied registration boards for investigation and adjudication.

4.95 The New Zealand Health Information Privacy Code 1994, a code of practice which applies specific rules to agencies in the health sector to better ensure the protection of individual privacy, derives its powers from the Privacy Act 1993 (NZ). [97]

4.96 Under the UK Access to Health Records Act 1990, applications may be made to the courts if it is found that the holder of a health record has failed to comply with any requirements of the Act. [98]

4.97 The ACT Government is currently considering legislation for health records held in the public and private sector and will apply to all health services. According to the ACT Government's Position Paper released in May 1997, the ACT legislation will, if passed, include all the Information Privacy Principles (IPPs) contained in the Commonwealth's Privacy Act. Under the proposed legislation there will be offences under the legislation, although it is stressed that `generally, this legislation is not seen as punitive, but rather as establishing a framework for good relations and certainly so far as privacy of and consumer access to their health records is concerned'. [99]

4.98 Offences under the ACT legislation will cover:

destruction of health records to avoid access;
failure to produce a record on the request of a consumer without an appropriate reason;
obstruction or failing to provide access once a determination is made that access is appropriate; and
inappropriate breach of confidentiality in relation to personal information on a health record. [100]

4.99 The ACT Government appears mindful that there are a number of possible options for determining whether a record-keeper's decision to deny an applicant's access to their health record was appropriate. The Position Paper suggests that may be a role for the Federal Privacy Commissioner, or using various professional registration boards, or the magistrate's court to enforce the legislation. Whether any sanctions or penalties are to be considered is not canvassed in the Position Paper.

4.100 It is proposed, however, that the ACT Commissioner for Health Complaints will be given statutory powers to make findings about appeals by consumers or health service providers on access and privacy questions under the proposed legislation, and to make binding determinations in relation to decisions under the legislation. Any appeal against the Commissioner's determinations would then go to the ACT's Administrative Appeals Tribunal (AAT). The AAT would have power to hear matters afresh, and make its own decision, which would stand in place of any previous determination by the Commissioner. [101]

4.101 In any national legislative regime providing patient access to medical and/or health records, it is likely that the Commonwealth's Administrative Appeals Tribunal would take on a review role and, when necessary, would refer certain matters to the Federal Court on questions of law arising from any decision of the Tribunal. Under an access regime which involved Industry Codes of Practice under the extension of privacy legislation, the Federal Privacy Commissioner would also have a role. Currently, under the Commonwealth's Privacy Act, where a matter cannot be resolved by the Privacy Commissioner's internal processes, parties have a right to a fresh hearing, although not upon the Privacy Commissioner's determination.

4.102 Under the amendment proposed by Senator Neal, the consequences of breaches of agreement would result in the withholding of Medicare benefits, not more than $1000 for an individual provider, and not more than $5000 for an incorporated provider. [102]

4.103 The imposition of penalties for refusal to give a patient access to their medical records, or for breaches in privacy and unauthorised disclosure is a significant step to take, and concerns were duly expressed. In New Zealand, compensation of up to $200 000 (NZ) has been set in legislation in the Privacy Code to ensure compliance.

4.104 Another approach which could be adopted is one already in operation, that is through Health Care Complaints Commissions which reports on cases which have reached the `tribunal' stage. Such reports reveal the names of medical practitioners and other health care providers who have breached codes of practice. This exposure is undoubtedly a professionally damaging sanction, but it may have a salutary effect upon other professional health care providers.

4.105 The Federal Privacy Commissioner suggested that the provisions of any scheme should be able to encourage systemic change in practices where experience suggests this is warranted.

Fostering individual disputes is inefficient if the same sort of preventable disputes arise again and again. There needs to be feedback from individual cases to the provisions of the scheme ... This would assist in bring about the systemic and cultural change necessary to ensure easy access to records where appropriate ... Education has an equally important role to play in promoting such change. [103]

4.106 The Committee has taken account of the wide range of views expressed on the matter of sanctions and penalties as well as on appeal mechanisms and breaches, and recommends a legally binding scheme with sanctions.

Recommendation 4: The Committee recommends that any access to medical and other health records legislation should be capable of imposing penalties and sanctions on medical and health care providers who fail to comply with the provisions of the legislation.

Recommendation 5: The Committee recommends that the Federal Privacy Commissioner investigates the privacy implications of record keeping in the private sector, including the obligations of the `record-keeper', retention, storage, transfer and destruction of medical and health records. This investigation to be conducted without delay as an essential adjunct to the drafting of access to medical and other health records legislation.

Recommendation 6: The Committee recommends that the Commonwealth moves expeditiously to draft legislation for national access to medical and other health records legislation through the creation of extended privacy legislation to cover the private health sector, to avoid conflicting State and Territory access to medical and other health records legislation.

Recommendation 7: The Committee recommends that industry regulations be drafted for inclusion in extended privacy legislation to cover the private health sector.

Recommendation 8: The Committee recommends that research be conducted on the potential for interference to medical and other health records in the advent of electronic records and telemedicine, and that privacy legislation Information Privacy Principles and Codes of Practice take this into account and include the necessary safeguards.

Recommendation 9: The Committee recommends, in line with a recommendation made by the Federal Privacy Commissioner, that a phase-in period should apply to allow providers and consumers to become familiar with the legally-binding scheme, before any party faces enforceable sanctions or is charged under the provisions of the scheme.

Recommendation 10: The Committee recommends that the Federal Privacy Commissioner should have power to investigate and conciliate complaints and seek enforceable assurances against repetition of breaches of a health privacy code, the Privacy Act, and national legislation granting access to medical and other health records. Where a breach is found to have occurred, the Federal Court should be able to award compensation, issue restraint orders and impose penalties for serious breaches of privacy obligations. [104]

Navigation: Previous Page | Index | Next Page

FOOTNOTES

[1] Telecommunications Act 1997, Part 6, Div. 5 s 134: Part 13, Div.5 s 309.

[2] Privacy Protection in the Private Sector, Discussion Paper, Attorney-General's Department, September 1996, p.3.

[3] `Privacy Legislation', Press Release, Prime Minister, 21 March 1997.

[4] The specific section of the Telecommunications Act 1997 - Division 5 Part 13 s 309 Record-keeping requirements, refers to the Privacy Commissioner's role.

[5] Community Attitudes to Privacy: Information Paper Number 3, (HREOC), August 1995 [Ref. No. IP.3].

[6] Eighth Annual Report on the Operation of the Privacy Act: for the period 1 July 1995 to 30 June 1996, HREOC, AGPS, 1996, p.2.

[7] ibid, p.1.

[8] `Privacy Groups Slam U-turn', The Australian, 8 April 1997, citing groups including the Australian Privacy Charter Council, American Express, Australian Computer Society, Australian Consumers' Association, Australian Privacy Foundation, Communications Law Centre, Electronic Frontiers Association, Consumers' Telecommunications Network.

[9] Public statements have been issued by Ms Moira Scollay, Federal Privacy Commissioner, and Mr Chris Puplick, Chairman, NSW Privacy Committee, in April 1997 putting forward their views on the extension of privacy protection into the private sector.

[10] `Privacy plan for private sector urged', Press Release, The Law Society of New South Wales, 26 March 1997.

[11] `Privacy protection in Australia': Background information from the Federal Privacy Commissioner, April 1997, p.1.

[12] ibid, p.2.

[13] Transcript of Evidence, pp.178-9 (Federal Privacy Commissioner, HREOC).

[14] `Privacy protection in Australia': Background information from the Federal Privacy Commissioner, April 1997, p.1.

[15] `Privacy Groups slam U-turn', Australian, 8 April 1997.

[16] Transcript of Evidence, pp. 22-3 (ALRC).

[17] Submission No.59, p.1 (South Australian Government).

[18] ibid.

[19] ibid, p.2.

[20] Transcript of Evidence, p.2 (PIAC).

[21] See, Submission No.55, p.2 (Chronic Illness Alliance).

[22] Transcript of Evidence, p.6 (HIC Vic).

[23] See, for example, Australian Medical Association (NSW Branch), The art of maintaining good records. A more recent article by Dr Craig Lilienthal, Medico-Legal Consultant to the MDU, entitled `Medical Records - the Eleven Commandments', appeared in The Journal of the Medical Defence Union, January 1997, pp.7-8.

[24] Dr Hugh Aders, Professional Services Division, The MDU, `Ownership of Medical Records', Journal of the MDU, January 1997, p.14.

[25] ACTCHC, Additional Information, 9 April 1997, p.35.

[26] ALRC, Additional Information.

[27] Submission No.16, p.3 (HIMAA).

[28] Submission No.43, p.6 (Australian Archives).

[29] Transcript of Evidence, pp.41-42 (AAS).

[30] Transcript of Evidence, p.98 (HIMAA).

[31] Transcript of Evidence, pp.98-99 (HIMAA).

[32] Health Information Privacy Code 1994 (NZ), Rule 5: Storage and security of health information, pp.17-18.

[33] See Appendix 3: Information Privacy Principles The Privacy Act 1988.

[34] ibid.

[35] Privacy Protection in the Private Sector, Discussion Paper, Attorney-General's Department, September 1996, p.12.

[36] ibid, p.1.

[37] Moira Paterson, `Privacy Protection in the Private Sector: The Federal Government's Discussion Paper', AIAL Forum, No. 12, 1997, p.7.

[38] ibid.

[39] Privacy Protection in the Private Sector, Discussion Paper, Attorney-General's Department, September 1996, p.13.

[40] ibid, pp.14-15.

[41] In the Telecommunications Act 1997, non-compliance with an industry code may result in the person being issued with a direction to comply by the Australian Communications Authority (ACA). Part 6 Industry codes and industry standards, Division 1 Simplified outline. Telecommunications Act 1997. The ACA is to monitor, and report each year to the Minister on significant matters relating to the performance of carriers and carriage service providers). Part 1 Introduction, section 5, Telecommunications Act 1997.

[42] New South Wales has a Privacy Committee Act 1975. The committee performs an Ombudsman-type role but does not enforce specific privacy legislation. Queensland has no privacy legislation. The Queensland Privacy Committee Act 1984, lapsed when the sunset clause of the Act took effect in 1991. Victoria has had no privacy legislation. There have been various attempts at legislation, the most recent was a recommendation in 1991. Tasmania has no privacy legislation. A bill was introduced in 1974. South Australia has no privacy legislation. Attempts were made in the 1970s and a new bill, introduced in 1991, failed to pass. Western Australia and Northern Territory have no privacy legislation. The Australian Capital Territory has no privacy legislation, other than the provisions noted above.

[43] `Privacy Chief to take hands-on role', Financial Review, 18 April 1997.

[44] Submission No.34, p.15 (AMA).

[45] Submission No.31, p.2 (UMD).

[46] Transcript of Evidence, p.58 (UMD).

[47] ibid, p.59.

[48] Transcript of Evidence, p.64 (RACGP).

[49] Transcript of Evidence, p.51 (NSW Privacy Committee).

[50] Transcript of Evidence, p.179 (Federal Privacy Commissioner, HREOC).

[51] ibid, p.189.

[52] ibid, pp.188-190.

[53] Transcript of Evidence, p.191.

[54] Transcript of Evidence, p.206.

[55] Transcript of Evidence, p.213.

[56] ibid, p.207.

[57] `Voluntary records code', Australian Medicine, 21 April 1997, p.4.

[58] Transcript of Evidence, p.216 (DHFS).

[59] ibid, p.217.

[60] Transcript of Evidence, p.218 (DHFS).

[61] ibid, p.219.

[62] Transcript of Evidence, p.209 (HIC).

[63] `Privacy Legislation', Prime Minister's Press Statement, 21 March 1997.

[64] Submission No.25A, p.11 (Federal Privacy Commissioner, HREOC).

[65] Josephine Raw, `What is an Electronic Health Record?', Health Issues, 49, December 1996, p.16.

[66] Attorney-General, Keynote Address, Whose Health Records?, Sydney, 7 March 1997, p.7.

[67] RACGP, Additional Information.

[68] `IT training needed', Australian Medicine, March 1997, p.3.

[69] NHMRC guidelines relating to the protection of privacy in the conduct of medical research enables Commonwealth agencies to lawfully disclose personal information to a third party for the purpose of medical research where the research protocol has been approved an Institutional Ethics Committee. Mr K O'Connor, Federal Privacy Commissioner, `Information Privacy Issues in Health Care and Administration', Inaugural National Health Informatics Conference, Brisbane 1993, p.4.

[70] Privacy Issues Arising As `I.T. Happens', Kevin O'Connor, Federal Privacy Commissioner, 19-21 August 1996, Melbourne, p.1.

[71] ibid, p.3.

[72] ibid, p.4

[73] ibid, p.5.

[74] Transcript of Evidence, pp. 5-6 (HIC Vic).

[75] ibid.

[76] Transcript of Evidence, p.50 (NSW Privacy Committee).

[77] ibid, pp.51-2.

[78] ibid, p.52.

[79] OECD, Paris, 1980.

[80] Transcript of Evidence, pp.51-2 (NSW Privacy Committee).

[81] Dr Ian Heath (First Assistant Secretary, Information Services Division, Department of Health and Family Services), House of Representatives Standing Committee on Family and Community Affairs, Inquiry: Health Information Management and Telemedicine, Canberra, 4 September 1996, Official Hansard Report, pp.8-9.

[82] Transcript of Evidence, p.52 (NSW Privacy Committee).

[83] Transcript of Evidence, p.163 (APHA).

[84] The Hospital Casemix Protocol (HCP) data collection, required by health insurance changes contained in the Health Legislation (Private Health Insurance Reform) Amendment Act 1995, is becoming well established. Registered health funds are required to give DHFS specified de-identified data in respect of every episode of hospital inpatient treatment for which a charge is billed to a fund. The HCP data collection provides a means of monitoring the effect of health reforms. Australian Casemix Bulletin, Vol 8, No. 4, March 1997, p.3, (Commonwealth Department of Health and Family Services).

[85] Transcript of Evidence, pp.164-5 (APHA).

[86] Transcript of Evidence, p.50 (NSW Privacy Committee).

[87] `Telemedicine and Crime', Trends and Issues, Australian Institute of Criminology, No. 69, April 1997.

[88] ibid, p.5.

[89] Proposed amendment, 19AD Content of agreement (5), Health Insurance Amendment Bill (No 2 ) 1996.

[90] Submission No.118, p.489, Human Rights and Equal Opportunity Commission, (September 1996), made to the House of Representatives Standing Committee on Family and Community Affairs, Inquiry into Health Information Management and Telemedicine.

[91] ibid.

[92] Transcript of Evidence, p.25 (ALRC).

[93] ibid, p.26.

[94] ibid.

[95] Transcript of Evidence, p.207 (DHFS).

[96] South Australia has no Health Care Complaints Commissioner but complaints are dealt with through the South Australian Ombudsman. Northern Territory is in the process of establishing a Health Care Complaints Commission.

[97] Privacy Act 1993 (NZ), Part 3, (8) Complaints of breach of code, Part VIII applies: This enables individuals to complain to the Privacy Commission if they believe their privacy has been infringed; provides that civil proceedings may be brought before the Complaints Review Tribunal where complaints have not been resolved; empowers the Tribunal to grant a range of remedies, such as; damages up to $200,000 (NZ); restraining orders; orders requiring certain actions to be taken to put things right; declarations.

[98] The court may order the holder to comply. The jurisdiction is conferred by Section 8 (Supplemental) of the Act - Applications to the court are exercisable by the High Court, or a county court or, in Scotland, by the Court of Session or the sheriff. No penalties are described in the Act.

[99] Health Records Privacy and Access: An ACT Government Position Paper, Department of Health and Community Care, Australian Capital Territory Government, May 1997, p.42.

[100] ibid, pp.41-2.

[101] ibid.

[102] Proposed amendment, 19AD (8). Consequences of breach of agreement, Health Insurance Amendment Bill (No. 2 ) 1996.

[103] Submission No.25A, p.8 (Federal Privacy Commissioner HREOC).

[104] This recommendation is based upon Recommendation 23 put forward by the Public Interest Advocacy Centre (PIAC) in its report, Whose Health Records? op. cit, p.6.