MINORITY REPORT
BY COALITION SENATORS

Senate Inquiry into Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010

Coalition members of the Committee support the implementation of e-health in Australia and share the concerns of all Committee members in relation to these Bills to underpin that implementation.

These concerns include:

• Protecting the privacy of Australian healthcare consumers;
• 'Function creep', the potential for the use of Healthcare Identifiers  to be extended to other purposes;
• The possibility of the scheme not being ready for implementation by July 1, 2010, in less than four months.

However, Coalition members feel very strongly that assurances from the Government alone that these matters have, and will be, addressed are insufficient to allay those concerns.

We contend that the Bills require amendment to ensure that the privacy of healthcare consumers is maintained and that individual Healthcare Identifiers cannot become de facto Australia Cards.

Coalition Committee members contend that stronger Parliamentary scrutiny of this legislation is needed to overcome these very significant concerns.

Stand alone provisions

During the course of the inquiry, the Department of Health and Ageing indicated that this legislation was intended to stand alone as purely establishing the Health Identifiers and not for any future purposes.

The Bill does not achieve this given the various provisions that defer provisions for inclusion in regulation, for example; clauses 9, 21 and 22.

In relation to clause 9 (1) - It is recommended that the classes of healthcare providers be included in the Bill as a schedule.

In relation to Clause 9 (5) - The Bill should prescribe the requirements for assigning a healthcare identifier.

In evidence, Mr Lou Andreatta, Acting First Assistant Secretary, Primary and Ambulatory Care, Department of Health and Ageing said: "The e-health strategy is a sequential strategy. The building blocks need to be in place before we look at what products or functionality can be rolled out in the future. The emphasis has been on getting those building blocks in place – the secure messaging, the identifier service." (Hansard, March 10, 2010 CA22)

These comments are surprising given the staggering amount of funding that have been allocated to e-health since its inception. Indeed, it reaffirms the concerns raised by Coalition Senators during the hearing as to the Department's ability to deliver such a major project.

Furthermore, while implementers may have a clear view of the extent of the intended roll-out, the proposed legislation, with its "building block" strategy, could be used as the basis for the roll-out of further products or functionality.  This serves as a warning that, when implemented, this strategy could be used for other purposes.

Parliamentary scrutiny to address ‘function creep’

Under the Healthcare Identifiers Bill, health information may be disclosed for other purposes not detailed in the Bill, where that disclosure is ‘authorised under another law.’  This means that it might be authorised by other commonwealth, state or territory legislation, or even by any regulations or other legislative instruments made under such laws.

The Coalition believes that where other agencies seek access to the Individual Healthcare Identifier (IHI) or any information attached to it, the access to such information should not be granted automatically by virtue of other commonwealth legislation, regulations or state or territory legislation, but only if authorised by express amendments made to the principal Bills.  This will ensure that the Commonwealth Parliament retains direct oversight and responsibility for any increase in the entitlement to access information by government agencies.

To that end the Coalition proposes that clause 15 (2)(b) and clause 26 (2)(b) of the Healthcare Identifiers Bill be deleted.  On that basis, the provisions of Clause 19 (2) (b) (ii) should be reviewed.

Coalition Senators note that this view is consistent with the Privacy Impact Assessments (PIAs) undertaken into the Bills and the view of the Australian Privacy Foundation.

In evidence, Dr Juanita Fernando, Chair of the Health Subcommittee of the Foundation said the proposed new system was "worse than the current system, because the health identifier is going to provide a way to index all of that ([personal health care) information. So whereas previously I might have breached information security at some hospital somewhere and I then had to find out how I could get that person's individual records from all the various departments – their tax records, their surgical records, their outpatient records and so on and so forth – with the HI I have got the key to all of that information."  (Hansard, March 10, 2010 CA2)

Dr Fernando also said: "So it is important that there be penalties or some ways of ensuring that information security breaches are slated home to the people who created the environment in which patient care is operating. The health identifier bill actually indemnifies servants of the Crown. If the health identifier bill is such a robust bill, then it is interesting that servants of the Crown are indemnified...Although the legislation contains penalties for individuals who commit information fraud or who use information for purposes other than those intended by the health identifier bill, because consumers do not have direct access to that health identifier how are they going to know that their information has been breached?"(Hansard, March 19, 2010 CA3)

Patient control of Individual Healthcare Identifier

Under the Bills the allocation of the Individual Healthcare Identifier (IHI) is compulsory.  The health care recipient neither requests nor agrees to its provision, and may not even be aware that an IHI has been allocated to them.  Moreover, there is nothing in the bills to prevent access to health services being made conditional upon the allocation of a number or its use.

The Coalition appreciates the importance of ensuring that the benefits of modern health care are available to as many citizens as possible.  It thus supports the Bill’s intention to provide an IHI to all Australians.  However, the Coalition also recognises that to better safeguard privacy, patients should control their health records. 

In balancing these concerns the Coalition believes, therefore, that while providing an IHI, Australian citizens should have the right to ‘opt out’ and not be required to possess an IHI or have their IHI linked to the Department, other Departments or functions within those Departments.

However, importantly, the Coalition believes that the provision of healthcare services must not be made conditional (or de-facto conditional) upon possessing an IHI.

The Coalition notes that the Privacy Impact Assessments (PIAs) conducted into the Bills opposed the compulsory provision of an IHI to Australian citizens.

In evidence, Dr Fernando of the Australian Privacy Foundation said: "..this is going to be the most-up-to-date, well-maintained database of Australians' names, addresses and ages that is in existence at the moment. So this is going to be the richest source of data that exists in Australia at the moment." (Hansard, March 10, 2010 CA2)

Dr Roger Clarke, also of the Australian Privacy Foundation, said the database "represents a honey pot. If you are in organised crime or if you are a kid in a back bedroom with considerable skills who is looking for interesting things to break into, you look for the honey pots that have got substantial amounts of data that could be interesting." (Hansard, March 10, 2010 CA4)

Parliamentary scrutiny to address ‘service operator’

The 'service operator' managing the Healthcare Identification system can currently be changed by regulation (clause 6 of the Healthcare Identifiers Bill). 

The Coalition believes that given the possibility under the legislation that a future 'service operator' could be a private operator, the Act should require amendment and not simply amendment by way of regulation in order to choose or change the ‘service operator’.

The task of the ‘service operator’ is vital in the management of health information – perhaps the most sensitive of all personal information.  The choice of ‘service operator’ warrants the full scrutiny of the Australian Parliament.

In evidence, Ms Sheila Bird, General Manager, eBusiness Division, Medicare Australia stated: "The information that is contained in Medicare Australia's database for the Health Identifiers Service is essentially owned by the government but access is strictly regulated." (Hansard March 10, 2010)

Bill should specify data matches

The Coalition believes that the Healthcare Identifiers Bill should specify exhaustively who Medicare can data match from to build its data base.  Clause 12 (2) (c) should therefore be deleted.

Right of Review should be guaranteed

At present there is no guaranteed right of appeal or review (clause 9 (5) of the Healthcare Identifiers Bill).  The Coalition believes this should be provided for in the Bill.

Concern about readiness of the system on 1 July, 2010

Coalition Senators are very concerned that the there is, as yet, no developed software whatsoever for health identifiers. We have a major concern that there is insufficient time to develop and test the software to meet that deadline and of the possibility that it will not be ready for a seamless implementation by the due date.

In evidence, Mr Ian Fleming, Chief Executive Officer, National E-Health Transition Authority said of "real time testing": "We cannot because we do not have the legislation in place to use the real data. We cannot test real data until the legislation is enacted."  (Hansard, March 9, 2010, CA3)

Mr Mark Gibson, Manager E-health Services, GP Partners and Brisbane South Division of General Practice, who strongly supports e-health implementation, said the lack of developed software "does represent a concern to us and we are certainly keen to see activity that would cause that momentum."  (Hansard, March 10 CA 32)

Representatives of the Medical Software Industry Association, Drs Vincent    McCauley and Geoffrey Sayer noted that the software development process adopted by NEHTA had been "unusual" and "probably ... not optimal". (Hansard, March 9, 2010, CA47)

Dr McCauley commented: "... it is quite usual in the software development industry, because of the long time frames to develop software, that you would receive a specification long before there is any intention to actually roll software out. This process has been handled unusually from that point of view. If the intention is to have any software out there on 1 July then the specifications should have been released some time ago." (Hansard, March 9, 2010, CA47)

RECOMMENDATIONS

Coalition members of the Committee support the intent of the Bills but recommend very significant strengthening as outlined in this report to protect Australian healthcare consumers.

 

Senator Judith Adams Senator for Western Australia	Senator Sue Boyce Senator for Queensland
Senator Concetta Fierravanti-Wells Senator for New South Wales	Senator the Hon Brett Mason Senator for Queensland

Navigation: Previous Page | Contents | Next Page