HEALTHCARE IDENTIFIERS BILL 2010
AND HEALTHCARE IDENTIFIERS (CONSEQUENTIAL AMENDMENTS) BILL 2010

THE INQUIRY

1.1        On 24 February 2010 the Senate, on the recommendation of the Selection of Bills Committee (Report No.2 of 2010), referred the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010 to the Community Affairs Legislation Committee for inquiry and report by 15 March 2010.

1.2        The committee received 61 submissions relating to the bills and these are listed at Appendix 1. The committee considered the bills at public hearings in Canberra on 9 and 10 March 2010. Details of the public hearings are referred to in Appendix 2. The submissions and Hansard transcript of evidence may be accessed through the committee's website at https://www.aph.gov.au/senate_ca.

Acknowledgements

1.3        The committee thanks those organisations, government departments and individuals who made submissions and gave evidence at the committee's public hearings. The committee particularly notes the short time frames provided to those who gave evidence.

Note on references

1.4        References in this report are to individual submissions as received by the committee, not to a bound volume. References to the committee Hansard relate to the proof Hansard: page numbers may vary between the proof and the official Hansard transcript.

THE BILLS

Healthcare Identifiers Bill 2010

1.5        The purpose of the bill is to implement a national system for consistently identifying healthcare consumers and healthcare providers, and clearly establish the purposes for which healthcare identifiers can be used.[1]

1.6        The bill will establish a national Healthcare Identifiers Service which will:

• provide a consistent identifier that will allow secure electronic communication between healthcare providers;
• establish a Healthcare Provider Directory showing the professional and business details of all healthcare providers who have agreed to provide their details; and
• create a secure environment for healthcare providers to access national e-health infrastructure.[2]

1.7        The purposes for which healthcare identifiers may be used or disclosed by the Health Identifiers Service provider and by healthcare providers are set out in the bill. The bill also describes penalties for unauthorised use and disclosure of healthcare identifiers.[3]

1.8        The bill provides clarification about the interaction between the Healthcare Identifier Service and the Privacy Act 1988 (Privacy Act). The Privacy Commissioner will hold responsibility for providing independent oversight of the Healthcare Identifiers Service according to their existing responsibilities under the Privacy Act.[4]

1.9        The Privacy Commissioner is required by the bill to prepare by 30 September each year an annual report for the Minister for Health on compliance and enforcement activities undertaken in relation to the Healthcare Identifiers Service.  The minister is required to table that report in each house of parliament within 15 days of receiving it.[5]

1.10      The minister commented in her second reading speech that:

The development of a national e-health system will improve safety and quality and patient convenience by ensuring that the right people have access to the right information at the right time...The implementation of a healthcare identifiers system for patients and healthcare providers is an important step towards building an effective national e-health system.[6]

Healthcare Identifiers (Consequential Amendments) Bill 2010

1.11      The purpose of the bill is to ensure the Healthcare Identifiers Bill 2010, once enacted, operates effectively and appropriately. The bill proposes minor amendments to the Health Insurance Act 1973 to authorise the Chief Executive Officer of Medicare Australia to delegate functions to officers to support the day-to-day running of the Healthcare Identifiers Service.[7]

1.12      The bill also proposes minor amendments to the Privacy Act to provide for the Privacy Commissioner's role as the independent regulator of the Healthcare Identifiers Service.[8]  

1.13      The minister noted in her second reading speech on this bill that:

Inclusion of the provision in the Privacy Act 1988 supports the strong privacy framework which has been established for the Healthcare Identifiers Service and provides patients and healthcare providers with confidence in the compliance and enforcement arrangements [of the bill].[9]

BACKGROUND

1.14      E-Health has been described as:

...the means of ensuring that the right health information has been provided to the person at the right place and time in a secure, electronic form for the purpose of optimising the quality of and efficiency of health care delivery. E-Health should be viewed as both the essential infrastructure underpinning information exchange between all participants in the Australian healthcare system and as a key enabler and driver of improved health outcomes for all Australians.[10]

1.15      A unique electronic patient identifier, in conjunction with an electronic health card, was first advocated by the House of Representatives Standing Committee on Family and Community Affairs in 1997.[11]

1.16      In 1998 Australian health ministers agreed to establish a National Health Information Management Advisory Council (NHIMAC) to deal with general issues relating to the use of information technology in the health sector.  NHIMAC developed the Health Online project which identified personal health identifiers to transfer health information electronically as a high priority issue.[12]

1.17      A sub committee of the NHIMAC, the National Electronic Health Records Taskforce, recommended in its 2000 report to health ministers that a national health information network be developed.[13] The report cited the benefits of national health identifiers as:

• increased consumer safety through fewer preventable errors;
• more informed consumers making better healthcare choices;
• better healthcare provider access to healthcare information (with consumer consent);
• fewer diagnostic tests through the elimination of redundant tests;
• improved system of warnings and alerts to counter avoidable errors in healthcare provision; and
• better planned and coordinated healthcare provision.[14]

1.18      In 2004, a National E-Health Transition Authority (NEHTA) was endorsed by health ministers to work on national e-health priorities. One of these priorities was development of an electronic patient identification system which, when combined with a product and medicines database and a national healthcare provider index, was to form a national shared e-health record (EHR).[15]

1.19      NEHTA is jointly funded by the Commonwealth and the states and territories on a 50/50 basis. COAG provided $130m to NEHTA in 2006 to accelerate development of a national electronic health records system, and a further $218m in 2007.[16]

1.20      In November 2007 a contract was signed between NEHTA and Medicare Australia for the development, construction and testing of a Unique Healthcare Identifier (UHI) service[17] (now known as the Healthcare Identifiers Service).

1.21      A National E-Health Strategy was released in December 2008. The Strategy leveraged existing e-health strategies and allowed for future technology developments. It reinforced the collaboration of Commonwealth, state and territory governments over this issue, and made suggestions where it might be improved. It provided flexibility for states and territories to work within an agreed framework to a common set of priorities.[18]

1.22      In June 2009, the government's National Health and Hospital Reform Commission (NHHRC) endorsed the directions proposed in the National E-Health Strategy on the understanding that personal health records remain at all times owned and controlled by individuals, who must approve access to those records by others.[19] The NHHRC report further recommended that an electronic health record should be in place for all Australians by 1 July 2012, and unique health identifiers for personal, professional and organisations set up by 1 July 2010.[20]

1.23      On 7 December 2009 the Council of Australian Governments (COAG) signed a National Partnership Agreement for E-Health, which provides a framework for cooperative arrangements between jurisdictions, objectives and scope for the Healthcare Identifiers Service. The National Partnership also established governance, legislative, administrative and financial arrangements for the service.[21]

ISSUES

1.24      The prevailing tone of evidence to this inquiry was supportive of the introduction of healthcare identifiers. Whilst supportive of the introduction of healthcare identifiers, concerns were expressed around three themes. 

1.25      Specifically:

(a) protecting the privacy of healthcare consumers from unauthorised access to their medical records;

(b) 'function creep', whereby Healthcare Identifiers start to be used for purposes other than those that were originally intended; and

(c) implementation of healthcare identifiers by 1 July 2010.

1.26      A number of submitters commented that the time available for public consideration of the bills through this inquiry was very short, which may have impacted on the ability of some individuals or organisations to engage their stakeholders and make submissions.[22]

The need for healthcare identifiers

1.27      It was widely acknowledged by witnesses and submissions to the inquiry that there is a need for a single healthcare identifier as proposed in the bills. In the words of one witness, 'This is a fundamental building block that we know has direct payback, immediate payback, in terms of patient safety and cost reduction'.[23]

1.28      The Consumers Health Forum provided in their testimony a sense of the efficiency gains that a single healthcare identifier could bring for healthcare consumers:

...many consumers we consulted expressed great frustration at the number of times that they had to retell their medical history and recount the medications and the dosages they were on and their recent tests every time they saw a different health provider. Furthermore, the lack of information held by any particular health provider often leads to repeated tests...As one consumer said to us, ‘Every time a doctor listens to my heart, I end up having an ECG, even when I tell them I had one last week.[24]  

1.29      Similarly, the Royal College of Pathologists of Australasia reported that there are around 150,000 to 200,000 patient identification errors each year involving pathology, the consequences of which potentially compromise patient safety. They also stated that:

...the Royal College of Pathologists of Australasia and, I believe, the pathology profession generally strongly support the government’s initiative to introduce national healthcare identifiers. Accurate identification of patients’ samples is absolutely crucial in pathology because they are tested remote from the patient. Misidentification can result in life-threatening or serious outcomes for patients.[25]

1.30      The Australian Nursing Federation expressed the support of their members for  healthcare identifiers, noting that:

...I and my members strongly support the introduction of an electronic system within all health and aged-care facilities across the country. We absolutely believe that access to healthcare information through these systems will vastly improve timeliness and quality of communications flows, leading to enhanced care outcomes for individuals. We think [the introduction of healthcare identifiers] is an absolutely essential initial first step in the implementation of any e-health system, and we are very eager to see it get on its way.[26]

1.31      The Australian Medical Association, which represents 27,000 medical practitioners[27], was also supportive of the bills:

...the AMA is very keen to see these bills passed. Healthcare identifiers are a fundamental building block for sharing health information electronically, and as a result we want to go forward with this.[28]

1.32      GPpartners and Brisbane Division of General Practice, which supports around 1,000 General Practitioners in the Brisbane area was unequivocal in its support for the goals of the bills, stating that 'The current lack of a unique and universal Identifier is holding back patient safety and quality projects that are ready to proceed'.[29]

1.33      Few witnesses or submissions disputed that the concepts of healthcare identifiers and e-health were likely to improve the delivery and administration of healthcare in Australia. However there were some concerns expressed about the proposal as described in the bills, and its implementation.

A note on the scope of this inquiry

1.34      Several witnesses commented that there seemed to be some confusion between the bills under consideration and broader e-health initiatives, including e-health records, which had the effect of confusing the privacy issues surrounding healthcare identifiers. This issue was identified by the Consumers Health Forum, which noted that 'Many privacy concerns that were raised with us are valid...but they relate mostly to e-health records as opposed to individual health identifiers'.[30]

1.35      Confusion among stakeholders between healthcare identifiers and e-health records was also noted by the Australian Medical Association[31] and the Medical Software Industry Association.[32]

1.36      The committee notes that the scope of this inquiry is to investigate the bills before it, which cover only the creation of a national system to accurately identify healthcare consumers and healthcare providers.[33] The effect of this system will be to accurately identify consumers by using specified demographic information[34] in order to improve the efficiency of healthcare delivery.

1.37      The bills do not allow for any medical or clinical information to be attached to an individual healthcare identifier.[35] The Privacy Commissioner also emphasised this distinction, noting that:

Different privacy issues will arise if healthcare identifiers are to be used for expanded purposes within the national health system and if clinical information is to be associated, or held, with a healthcare identifier. In particular we would be concerned if healthcare identifiers could be used for expanded purposes without further consultation and Parliamentary scrutiny being required.[36]

Privacy and Healthcare Identifiers

1.38      Privacy was the most common concern cited, and was raised by nearly all submitters.

1.39      The committee agrees with the view expressed by the Office of the Victorian Privacy Commissioner that 'The primary challenge of this development is to maximise both the protection of individual privacy and positive health outcomes.'[37]

1.40      The Australian Privacy Foundation, which strongly opposed the bills, claimed that whilst benefits to some patients were likely from the introduction of healthcare identifiers, the risks to individual privacy are great. The foundation asserted that security of electronic information is difficult to guarantee, and suggested that clinical staff may share secure information:

In fact, when you talk to doctors, nurses and allied healthcare workers they are quite frank about the fact that they share logon details...People share logon details, passwords and patient records.[38]

1.41      Some witnesses commented on privacy issues that currently exist in the healthcare system. For example, Dr Vince McCauley made an observation on his experience of privacy breaches in a clinical environment:

In my clinical setting the only breaches of privacy that I have ever come across are where there have been patient mismatches: where you are reading through a patient record and you come across pages from other patients; or you come across records that are clearly not part of this patient’s record for one reason or another but are labelled with this patient’s identifiers because there has been a misidentification of the patient, or even in the grossest case where people hand you the wrong record because they have misidentified the patient. I believe those breaches are much more serious breaches of privacy than anything we have heard discussed in this committee that could be caused by the identifier program.[39]

1.42      The Australian Nursing Federation also highlighted some current privacy issues:

At the moment, as some of you will know, the lack of privacy around paper records is a huge concern to us as health professionals, particularly in the public health system and the aged-care system. We are actually looking forward to the extra safeguards that we think an electronic system could provide for our patients.

...

Right now, with the paper system, files get carried from pillar to post, dropped on desks and dropped in lifts—nobody knows who has looked at a file or what information has been gleaned from it. So we are looking forward to, if anything, more safeguards.[40]

1.43      The Public Interest Advocacy Centre (PIAC) noted their concern that 'this legislation is being progressed out of step with the reforms to the federal Privacy Act, particularly the reforms in the area of health privacy.'[41] The PIAC recommended that amendments to the Privacy Act should only be made in the context of the broader reform.

1.44      The Department of Health and Ageing acknowledged the likelihood that the Privacy Act will be amended later in 2010, and noted in its submission that:

Until uniform national privacy arrangements for health information are in place, healthcare identifiers will be supported by existing privacy arrangements and specific privacy protections contained in the Healthcare Identifiers Bill.[42]

1.45      Professor Graham Greenleaf argued that the risks to privacy and security of information lie in the fact that the healthcare identifiers bills are being considered in isolation from possible future legislation which may be connected to the introduction of e-health in Australia, such as e-health records. Professor Greenleaf claimed that without knowing the full extent of any national e-health system it is not possible to understand what the implications of healthcare identifiers are, and believes that asking the parliament to consider the bills as they are is '...an unreasonable request, and the Bill should be rejected until the full [e-health] package is presented to the Parliament'.[43]

1.46      Other witnesses also spoke of the desirability of seeing an entire legislative package for e-health reform, but noted the need to start somewhere. For example, the Australian Medical Association stated:

We would be happy for it all [i.e. a national e-health strategy] to be ready tomorrow, but it is not. You have to start somewhere; what is that famous saying? ‘How do you eat an elephant? You take one bite at a time.’[44]

1.47      Dr McCauley of the Medical Software Industry Association commented that even if healthcare identifiers were implemented and never followed up by more broad reaching e-health reforms:

...then the cost and effort would have been worth while. I have a sincere belief that the benefits for clinical medicine of such an identification system are clear cut and incontrovertible.[45]

1.48      Widespread concerns about privacy were noted by the Department of Health and Ageing after public consultations on healthcare identifiers undertaken during July and August 2009.[46] In response to these concerns the privacy provisions in the present bills were strengthened. Specifically, the privacy provisions consist of the following elements:

(a) information connected to Healthcare Identifiers will be subject to existing Commonwealth and, where applicable, state and territory privacy arrangements. Where no such arrangements are in place, complaints will be handled by the Privacy Commissioner;

(b) the Privacy Commissioner will also oversee the regulation of the Healthcare Identifier Service with regard to privacy, both under existing provisions of the Privacy Act, and under additional functions specifically designed to support healthcare identifiers, contained in the Healthcare Identifiers (Consequential Amendments) Bill 2010; and

(c) the bills set out specific limits on the use and disclosure of healthcare identifiers, including details of offences and penalties for their misuse.[47]

1.49      There are also technical aspects to the privacy protection elements of the Healthcare Identifiers Service. The NEHTA state in their submission to this inquiry that:

The [Healthcare Identifiers] Service will be able to keep track of everyone who asks for a healthcare identifier by keeping an audit log of who has accessed it and when they accessed it. This effectively leaves a "fingerprint" of those who have accessed [the Healthcare Identifiers ...Individuals will be able to access the audit log online, by phoning Medicare Australia or by visiting a Medicare office.[48]

1.50      Witnesses from GPpartners and Brisbane Division of General Practice, an organisation that already has healthcare identifiers operating for public patients with chronic conditions in their region, testified that the audit logs have increased privacy and that they had identified no privacy breaches at all in the five years the system had been operating.[49] Mr Gibson stated:

Our view is that once you have a system like this your privacy transparency—the ability to test and validate that privacy is being maintained: who is looking at records and what activity there is on the records—is increased. In a paper world it is not—you do not know who has read a piece of paper.[50]

1.51      The Australian Nursing Federation also commented that the creation of audit logs for healthcare identifiers means they are therefore inherently more secure than current practices, as this is not an option for paper based files.[51]

1.52      The Privacy Commissioner stated that:

...we consider the current bills include appropriate privacy safeguards. In particular, I note that the bills clearly set out the purposes for which healthcare identifiers can be collected, used and disclosed and limit those purposes to activities related to managing or communicating health information in a healthcare context. They impose obligations on healthcare providers, the [Healthcare Identifiers Service] operator and other entities to keep healthcare identifiers and the information associated with them secure. They provide choice and control for individuals. The bills also give the Office of the Privacy Commissioner proactive oversight powers and they provide for a review of the legislation within a few years. So there are a number of reasons for us thinking there are sufficient privacy safeguards.[52]

1.53      The Australian Medical Association also stated that they believe the privacy guards in the bills are adequate, and added that:

...the use of healthcare identifiers will, in certain circumstances, enhance patient privacy by ensuring that electronic patient information is shared securely and appropriately between healthcare providers, that is, by ensuring patients and healthcare providers are correctly identified when patient information is transmitted electronically between healthcare providers.[53]

1.54      The bills' approach to addressing privacy concerns was also endorsed by the Consumers Health Forum of Australia:

We have outlined the need...to ensure that privacy concerns are addressed by the legislation, and we have supported the measures that are outlined in the bill as being sufficient, we think, to protect consumers’ interests.[54]

Function creep

1.55      Several submitters and witnesses expressed concerns about the possibility of 'function creep', whereby the healthcare identifier is used for purposes other than those for which it was intended.[55]

1.56      Liberty Victoria was critical about what it saw as the strong possibility of 'function creep' from healthcare identifiers, and in particular the:

Lack of guarantees regarding the future linkage of personal medical data to other government and corporate records, and to the storage of that data within a known regulatory environment with respect to client rights and privacy.[56]

1.57      This criticism was echoed by the Victorian Privacy Commissioner:

To a large extent, the [healthcare identifiers implementation] process guarantees "function creep", in that the specific e-health functions to which the [healthcare identifier] will be put and the way in which the e-health system will be operated and managed are not being defined [in the bills] at this stage...This makes it difficult to adequately assess whether the safeguards being instituted will ultimately be sufficient or effective.[57]

1.58      In a discussion paper prepared for the Australian Health Minister's Conference in August 2009, the Privacy Commissioner noted a 'cautionary example' of function creep from Canada, whereby the Social Identification Number began to be seen as:

...a piece of identification and property owners asked for it on apartment rental applications, video stores required it as security for movie rentals, universities and colleges requested it on their application forms and pizza places even used it as a customer number for their delivery system.[58]

1.59      PIAC also raised the issue of how the identifier may be used in the future:

...because we do not have all of the details, it is very open to that risk of further uses of the healthcare identifier beyond its core purpose. That is very much a possibility.[59]

1.60      The Law Council of Australia identified an issue with clause 15(2)(b), commenting that:

The use of the expression "another law" has the potential for allowing disclosure for any other lawful purpose not just a purpose related to the use of [healthcare identifiers] for the management of health information.[60]

1.61      The Department of Health and Ageing responded to the concerns raised with respect to clause 15(2)(b), stating:

Provision for other uses or disclosures of personal information (including health information) to be authorised by law is a standard feature of privacy laws. 

Clauses 15(2)(b), and 26(2)(b) in the [Healthcare Identifiers] Bill adopt this approach in relation to healthcare identifiers.  Given that the identifiers will be associated with health information it is appropriate that the same approach is adopted for identifiers as applies to that health information.[61]

1.62      The Privacy Commissioner specifically commented that the bills contain appropriate privacy safeguards, and:

...clearly set out the purposes for which healthcare identifiers can be collected, used and disclosed, and limit those purposes to activities related to managing or communicating health information in a healthcare context.[62]

1.63      The Commissioner went on to note that 'In particular, [the bills provide] for appropriate privacy protections for the specific and limited objective of managing the creating and use and disclosure of individual health identifiers'.[63]

Aspects of the Healthcare Identifiers Service subject to regulations

1.64      Several witnesses testified to their concern about aspects of the Healthcare Identifiers Services being covered in regulations rather than in the bills. Concerns centred on the fact that regulations are not subject to the same scrutiny by parliament as bills. [64] Professor Greenleaf specifically noted his concern that the bills permit the service provider of the Healthcare Identifiers Service to be altered under regulation.[65]

1.65      The Department of Health and Ageing responded to these concerns by noting that:

Regulations are proposed to provide flexibility to deal with changed circumstances more readily than might be possible through legislation. At the same time there are other requirements that the Bill imposes that ensure any regulatory proposals are constrained.[66]

1.66      The department also noted that the bills:

...[impose] an obligation on the Minister responsible for the legislation to consult with the Ministerial Council prior to making regulations to support the operation of the [Healthcare Identifiers Service]. This would include any decision to change the Service Operator from Medicare to another entity. Regulations would be tabled in both Houses of Parliament and would be subject by disallowance.[67]

1.67      The committee notes that draft Healthcare Identifiers Regulations 2010 and an accompanying consultation paper were released on 12 March 2010, and that the department is undertaking a public consultation process.

Implementation of the Healthcare Identifiers Service

1.68      The committee heard evidence from a number of individuals and organisations which revealed a general apprehensiveness about the possible commencement of the Healthcare Identifiers Service on 1 July 2010. Concerns were largely around three areas:

(a) a perception by several key stakeholders that they are not being engaged in planning for the rollout of the Healthcare Identifiers Service;

(b) the amount of time available to healthcare providers to prepare their administration systems to manage healthcare identifiers; and

(c) a poor understanding among healthcare providers, healthcare consumers and the public at large of healthcare identifiers, their function, and the way they will be assigned.

1.69      The Australian Medical Association noted that it had earlier called on the government to engage the healthcare industry in developing an implementation plan for the Healthcare Identifiers Service.[68] The Australian Medical Association further noted that:

...the committee consider making recommendations about the development of an implementation plan. The AMA has looked but cannot find any details that inform medical practices of how they will be advised of their identifiers and what they need to do to obtain patient identifiers.[69]

1.70      In its submission to the inquiry, the Australian Medical Association was explicit about  the dimensions of an implementation plan:

More information needs to be provided to the healthcare sector to clarify:

• How healthcare providers and organisations will be advised of their healthcare identifiers?
• Whether medical practice software packages will be upgraded to accommodate healthcare identifiers, and at what cost to medical practices?
• Whether software has been developed that will enable medical practices to automatically populate their medical practice records with patient healthcare identifiers from the Healthcare Identifier Service;
• If there will be alternative arrangements for medical practitioners to acquire patient healthcare identifiers, such as swiping a patient's Medicare card or contacting the Healthcare Identifiers Service?[70]

1.71      Similarly, the Optometrists Association of Australia remarked in its submission that 'There currently is little information available for health practitioners about the use of healthcare identifiers after 1 July 2010'.[71]

1.72      On the issue of software requirements, GPpartners and Brisbane South Division of General Practice, who have undertaken software and systems development work on healthcare identifiers in the past, testified that it may be very difficult for healthcare providers to prepare their systems and their staff to incorporate healthcare identifiers by 1 July 2010.[72]

1.73      Several witnesses testified that there are no software packages currently available to healthcare providers that can operate a national healthcare identifiers system, for example:

We expect that medical practices will need to upgrade their practice software so that there is a place for the identifier number in the electronic patient file, but we understand that software vendors have not been given specifications to make changes to medical practice software to incorporate the identifiers...We think there needs to be an implementation plan so that medical practices are clear about what they need to do and when. [73]

1.74      GPpartners and Brisbane South Division of General Practice also cautioned  NEHTA not to be too optimistic about the results achieved in system testing laboratories, noting that in their experience of rolling out a regional healthcare identifier in Brisbane, commenting that 'the test data works perfectly; it was when we started to use live data that we really had the problems'.[74]

1.75      NEHTA noted in its submission the practical issues surrounding software and information systems as they relate to the rollout of healthcare identifiers. In particular they have adopted a staged approach to implementation, acknowledging the risks inherent in a rapid implementation schedule. Therefore NEHTA expect that, subject to the bills being passed 'the uptake and adoption of healthcare identifiers across the healthcare sector will occur over a number of years'.[75]

1.76      Similarly, acknowledging the work yet to be done on software, NEHTA stated that:

We expect the early stages of our implementation plan to take up to 18 months, as software vendors work with their customers and NEHTA to undertake the necessary software changes.[76]

1.77      Several witnesses remarked that they perceived a low level of awareness among the general public about the introduction of healthcare identifiers, and that people were therefore largely unaware of either the potential benefits or risks for healthcare consumers. Ms Carol Bennett of the Consumers Health Forum summed up this issue in her testimony:

I think people are confused. They do not know what this means. They do not understand the difference between an [individual healthcare identifier] and an e-health record. We attended a Medicare seminar recently, where it was quite clear to us that even people who were involved in this area did not necessarily distinguish the difference between the two, so it is very confusing for people who are not involved in this area to really understand the implications that this might have for them and some of the ways that this information will be managed. We think it is really important that people are made aware of what this information is and how it will affect them. Some sort of public campaign that explains what an [individual healthcare identifier] does and the fact that it is not even as extensive as a Medicare number in terms of invading people’s privacy is important.[77]

1.78      The importance of effectively engaging all stakeholders, including healthcare consumers, is that if people are not engaged then the system may not work. According to Dr Andrew Pesce of the Australian Medical Association ...so often you can see the potential for really good policy to get sort of washed up on the rocks of poor public education'.[78]

1.79      This issue was also commented upon by the Consumers Health Forum:

I think it is fair to say that people are confused about what this all means, so there is that potential for people to be concerned and therefore for the process to be derailed.[79]

1.80      The Privacy Commissioner also emphasised the need to engage the Australian public in this policy, and offered some specific advice as to what that may mean:

...in recognising that there is some community concern about the use of healthcare identifiers, I ask that there is a targeted, educational campaign by all Australian governments which includes information on the limited uses for healthcare identifiers and the privacy safeguards that are being put in place. A well informed public will help to build trust and confidence in the scheme and ensure the effectiveness for the community.[80]  

1.81      The explanatory memorandum to the bills acknowledges the importance of supporting stakeholders during the implementation of healthcare identifiers:

Healthcare providers will be provided with supporting materials and appropriate sources to refer consumers to for more information. A public awareness program on the [Healthcare Identifier] Service will provide information to consumers via a range of methods.[81]

1.82      The Department of Health and Ageing anticipated that it would have a central role in assisting healthcare providers prepare for the new system, remarking in its submission that it has undertaken to assist healthcare providers to educate their staff to understand their privacy obligations in regard to healthcare identifiers by providing training resources and materials.[82]

1.83      Furthermore, the department was cognisant of the need for greater community understanding about healthcare identifiers, noting in their submission that:

Individuals will be notified about the [Healthcare Identifier] Service, including the assignment of healthcare identifiers through a communications campaign. A range of communications activities will be undertaken by NEHTA, in conjunction with all jurisdictions to promote eHealth more broadly as well as the [Healthcare Identifier] Service.[83]

1.84      The committee notes that NEHTA and the department are aware of the main issues associated with implementing the Healthcare Identifiers Service from 1 July 2010, and that their submission and testimony reflect that awareness. The committee also acknowledges that the department has conducted two national consultation processes.[84]  

1.85      However the committee acknowledges the evidence before it that key healthcare stakeholders do not fully understand the implications of the proposed Healthcare Identifiers Service, and do not believe they have been effectively engaged in the implementation process. Furthermore the committee believes that there is a need to improve the level of knowledge and understanding among the wider Australian community of the proposed service, of what information healthcare identifiers will and will not contain, and the implications for their healthcare management.

Recommendation 1

1.86      The committee recommends that NEHTA, in partnership with the Department of Health and Ageing and Medicare Australia, take steps to more effectively engage all healthcare stakeholders in the establishment of the Healthcare Identifiers Service.  These steps should include at least the following elements:

(a) involvement of key healthcare stakeholder groups, including state and territory governments, private and community health providers, and healthcare consumer groups, in the development of a Healthcare Identifiers Service implementation plan which covers the period from the successful passage of the bills to 30 June 2012;

(b) the publication of this plan for public comment prior to its finalisation; and

(c) the development and implementation of a targeted education and communication strategy which targets both healthcare providers and healthcare consumers, and which clearly lays out the facts behind healthcare identifiers and provides contacts for people to access further detailed information. This strategy should be implemented prior to the Healthcare Identifiers Service coming into effect on 1 July 2010.

CONCLUSIONS

1.87      The committee is of the view that the introduction of universal healthcare identifiers has the potential to greatly improve the delivery and administration of healthcare in Australia.

1.88      The committee is also very conscious of its responsibility to safeguard the privacy interests of healthcare consumers. The committee is mindful of the significant number of submissions to this inquiry which counselled caution about any initiative which may put highly sensitive and personal information at jeopardy of being inappropriately accessed as a result of healthcare identifiers and possible subsequent e-health initiatives.

1.89      The committee would like to reiterate that the scope of these bills does not include linking healthcare identifiers to any clinical or medical information through e health records. In the event that future bills do seek to link healthcare identifiers with medical and clinical information, privacy and other issues will need to be considered again.

1.90      Having heard from a number of witnesses on the issue of privacy, including the Privacy Commissioner, the committee is satisfied that the privacy protection arrangements proposed in these bills are comprehensive, and that they will adequately protect healthcare consumers.

1.91      The committee recognises that 'function creep', as it relates to healthcare identifiers, is a concern for many people. In particular, that co-opting healthcare identifiers for purposes other than those for which they are intended may compromise both the integrity of the healthcare identifiers themselves, and the security of personal information.

1.92      Having considered the evidence before it, the committee is satisfied that the bills provide adequate protection from 'function creep'.

1.93      The committee acknowledges the widespread concerns that emerged from the evidence about the implementation of the Healthcare Identifiers Service, in particular the concerns around timing and inadequate preparation of healthcare information technology and administration systems. The committee recognises that the department and other responsible agencies are conscious of the issues, and that they have planned a phased implementation over a considerable period of time. The committee believes this to be a sensible approach.

1.94      The committee has addressed the concerns raised with respect to the engagement and education of key stakeholders by making a specific recommendation to address these issues.

Recommendation 2

1.95      The committee recommends that the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010 be passed.

 

Senator Claire Moore
Chair

March 2010

Navigation: Previous Page | Contents | Next Page