Chapter 2 - Key Provisions and Issues

2.1 An integral aspect of the Bill is the flow of personal information between agencies within the Human Services portfolio. This chapter discusses two types of provisions relevant to the way in which information will be handled within the restructured Department: program secrecy provisions; and search and seizure provisions.

Program Secrecy Provisions

2.2 Secrecy provisions are clauses in government agencies' enabling legislation, which limit the way in which agencies can treat information held by them. This information is sometimes called 'protected information' and can include personal information, for example, individuals' clinical records.

2.3 The Second Reading Speech described how the Bill preserves existing program secrecy provisions:

[These] will continue to operate in essentially the same way under the new governance arrangements for the portfolio. To bring this about, the consequential amendments include changes to various provisions in program legislation, for example the Health Insurance Act 1973 and the Social Security (Administration) Act 1999.[1]

2.4 The Bill also addresses how the secrecy provisions will apply if the Department holds the same piece of information about an individual under more than one program. In such instances, more than one secrecy provision might apply (the multiple secrecy provisions).[2]

The effect of the multiple secrecy provisions is that where [the Department] holds the same piece of information about a person under more than one program Act (such as family assistance and Medicare), [the Department] is able to use and disclose that information if it complies with one of the secrecy provisions applicable to that information.

The multiple secrecy provisions will apply to information that has been obtained by two programs delivered by [the Department] independently, and to information that has been transferred from one program to another as an authorised use or disclosure of that information.[3]

2.5 Since February 2010, the Department has progressed the development and design of service delivery reform in close consultation with the Office of the Australian Information Commissioner (OAIC) under a Memorandum of Understanding. In its submission, the Department acknowledged that it is critical to instil confidence in Australian consumers with respect to the protection of their personal information.[4]

2.6 The Department advised the Committee that a privacy framework has been developed to ensure that privacy considerations are consistently managed across the reform process. The framework is supplemented by ongoing Preliminary Privacy Impact Assessments, which analyse privacy risks generated by the reform. According to the Department, these risks have to date been low due to the reform being based on informed customer consent in relation to the use and disclosure of personal information.[5]

2.7 As further evidence of its commitment to protecting personal information, the Department advised that it is currently developing a consent model to ensure that information is appropriately managed and shared. The Department's submission did not describe the model itself but stated that the model 'emphasises adequate levels of notice, control and choice for individuals.'[6]

2.8 The Department further noted pending reforms to Australian privacy law and in the interim has undertaken to handle health information as indicated in the draft Australian Privacy Principles released in June 2010.[7] Specifically:

The portfolio will:

protect people's Individual Health Identifiers and any associated Individual Electronic Health Records; and
protect people's clinical health information held by the portfolio in a way that reflects its sensitivity and continue to keep it separated from other personal information.[8]

2.9 The OAIC approved the Department's internal protocols for the handling of personal information, commenting that they were 'appropriate' and remarking:

Such protocols should continue to ensure that personal information is only collected, used and disclosed:

as required or authorised by law;
with appropriate sensitivity (for example, ensuring protections for health and other sensitive information; and for personal circumstances that require additional information security, such as for victims of domestic violence);
in accordance with customers' reasonable expectations; and
in accordance [with] the government's policy to seek consent to 'any new sharing of customer data...'.[9]

2.10 Changeling Aspects challenged the manner in which Medicare and Centrelink currently obtain, store and access personal information relating to members of the Transgender community. Its submission described the difficulties of amending personal information, as well as the unfettered access Medicare and Centrelink staff has to sensitive personal information.[10]

2.11 The Committee notes that such issues are longstanding and considers that the Department should hold meaningful discussions with relevant groups to ensure that their concerns are fully considered and addressed when next considering changes to the legislation.

Search and seizure provisions

Background

2.12 The Bill amends specific provisions in Divisions 5 and 6 of Part IID (Investigative Powers of Chief Executive Officer) of the MA Act.[11] The amendments align the MA Act with the equivalent provisions in the Crimes Act (sections 3, 3L, 3LAA, 3LA and 3LB), thereby providing statutory clarification, flexibility, certainty and strength.[12] The Department submitted:

[T]he investigative powers will not be extended in scope and there will be no equivalent investigative powers introduced into the [Centrelink Act] to cover social security and family assistance related investigations.[13]

2.13 However, one proposed provision—an amendment to section 8ZN of the MA Act—elicited particular comment from submitters. Proposed section 8ZN provides that the Chief Executive Medicare be required to notify a patient of the seizure of records only if an authorised officer, or an officer assisting, examines a record containing clinical details relating to that individual patient.[14] However, this obligation will not apply if the authorised officer, or the officer assisting, does not obtain any knowledge of a patient's clinical details.[15]

2.14 At present, the Chief Executive Officer of Medicare Australia is required to provide written notification to a patient if Part IID investigatory powers have been used in respect of a record containing the patient's clinical details. The proposed amendment therefore reduces the statutory obligation based on an examiner's subjective assessment. The Department submitted:

[I]n many investigations, a large number of patient records are seized, particularly in cases where the records are stored electronically. Only some of those records may be relevant to the investigation. Examining officers usually do not scrutinise clinical details of all patients, and in some cases no clinical details are scrutinised...It is expected that [the proposed] amendment would reduce unnecessary notifications to patients whose medical records are seized but not scrutinised in an investigation, minimising:

needless worry for customers whose clinical details have not been scrutinised; and
the administrative burden on Medicare Australia of notifying customers on a broad scale.[16]

Issues related to the protection of personal information

2.15 The Consumers Health Forum of Australia (Consumers Health Forum) raised concerns over the Bill's proposal to reduce notification obligations and remarked on the need for consumers to have confidence in the safe storage, access and use of their personal information:

[Consumers Health Forum] is concerned that, if Medicare is to have the power to seize and examine records without being required to notify patients, there will be more opportunities for inappropriate access to patient information.[17]

2.16 The Consumers Health Forum acknowledged existing Medicare processes to monitor and act on inappropriate access to records but drew attention to the application of these processes to seized records. In its view, it is not clear whether these processes are sufficiently refined to determine whether clinical data has been viewed.[18]

2.17 The Senate Standing Committee for the Scrutiny of Bills similarly raised privacy concerns, effectively querying how it is to be determined that there is no obligation to notify a patient that their clinical records have been seized:

The Committee is concerned that these items will impact on the privacy of individuals and is particularly interested to understand who will determine whether clinical knowledge was obtained, what training they will have and whether any safeguards are in place to protect patients.[19]

2.18 In its submission, the OAIC informed the Committee that the Commissioner has been briefed on Medicare Australia's existing investigations process and the intended operation of the amended provisions. In the Commissioner's view, and from information provided to the Commissioner by the Department:

[Proposed section 8ZN] appropriately balances privacy protection and the efficient and effective conduct of relevant investigations. In particular the OAIC notes the extensive security arrangements that apply to such investigations—including legal (eg search warrants), technical (IT safeguards), physical (storage) and operational (eg training and certification).[20]

2.19 The Committee sought additional advice from the Department regarding the scope of the term 'clinical details' and who will determine whether an officer, or officer assisting, has obtained knowledge of a patient's clinical details. In response, the Department advised:

The phrase 'clinical details' broadly covers information in a particular patient's records about that patient's health, but not other patient details. This includes information about any medical condition reported by the patient or diagnosed by the practitioner, and any treatment recommended or prescribed by the practitioner.[21]

2.20 The Department noted that Medicare Australia already collects and maintains claiming data against Medicare Benefits Schedule (MBS) item numbers, which, by their nature, reveal clinical details about the patients in relation to whom the items are claimed.[22]

2.21 The Department's written response also detailed safeguards within the amended MA Act to protect patient privacy. For example, the destruction or return of data not used in evidence (new sections 8ZF, 8ZG, 8ZGA, and 8ZM). The Department also described existing internal mechanisms, as referred to by the OAIC (see paragraph 2.9 above), which will continue to protect the privacy of individuals' information:

The type of investigation will determine whether a patient's clinical details need to be examined. For example, where an investigation centres on fraudulent claiming by a doctor for a specific MBS item, the records of patients who received that particular MBS item from the doctor may need to be examined for evidential purposes. The case for investigation must be strong enough for a magistrate to approve a warrant to enable Medicare Australia to seize records.

Currently, safeguards exist to protect patient's privacy when exercising search and seizure powers and these will continue after the integration of the Human Services portfolio. If the Bill is passed, the powers and functions under Part IID will be exercised by officers of the [Department], rather than Medicare Australia, and the existing controls outlined below will be continued by DHS.

The examination of patient records containing clinical details is undertaken by appropriately trained and qualified Medical Advisers employed by the portfolio or, where necessary, by Compliance Officers who are overseen by the Medical Advisers.

Officers are also subject to the secrecy provisions set out in the Health Insurance Act 1973 and the National Health Act 1953 which set penalties for the unauthorised disclosure of information, including fines and imprisonment. In addition, the portfolio is subject to the requirements of the Privacy Act 1988 which restricts and regulates the collection, use and disclosure of personal information.

When patient records are seized, DHS will review the outcome of the seizure and examination, and determine which patients require notification. The review process, which involves both Medical Advisers and Compliance Officers, will operate on the basis of a prima facie assumption that clinical knowledge has been obtained following each seizure and examination. The relevant Medical Adviser or Compliance Officer will need to demonstrate that the notification requirement should not be triggered and a Senior Executive Officer will be responsible for approving every instance of seizure and examination without notification.[23]

2.22 The Standing Committee for the Scrutiny of Bills has received a response from the Minister in relation to concerns raised in its Alert Digest No. 1 of 2011. The response remains subject to consideration by that committee. However the Committee notes the following similar comments:

Medicare Australia's Medical Advisers are appropriately qualified medical practitioners with current and unrestricted registration. Medicare Australia's Compliance Officers who undertake investigations into fraud allegations are required at a minimum to hold a Certificate IV in Government Investigations.

Further to these accreditations, Compliance Officers and Medical Advisers are also required to undergo privacy training as a part of their induction into Medicare Australia and receive annual privacy refresher training.

Medicare Australia has robust IT security infrastructure and physical security measures in place to ensure all patient records and other information obtained in the course of compliance activities is protected from unauthorised access. Only officers with a requirement to access these records are granted access to systems containing patient records and other information relevant to compliance activities. There have been no recorded instances of unauthorised access by Medicare Australia officers to patient records seized under warrant for compliance purposes.[24]

2.23 Three additional matters were examined by the Committee for the purposes of the inquiry: employee transition arrangements; the power to make retrospective regulations; and the operational impact of policy changes.

Employee transition arrangements

Background

2.24 Part 2 of Schedules 1 and 2 of the Bill deal with transitional matters, including matters arising from the abolition of the statutory agencies and statutory offices. The Explanatory Memorandum states that these provisions concern internal matters in relation to financial accountability and the transfer of employees.[25]

2.25 More specifically, Division 5 of Part 2 of Schedules 1 and 2 concern the movement of employees from Medicare Australia and Centrelink to the Department. This topic concerned the Community and Public Sector Union (CPSU). For Australian Public Service (APS) employees, the movement will be in accordance with a determination under the machinery of government provision in section 72 of the Public Service Act 1999.[26]

2.26 According to the Explanatory Memorandum:

It is intended that a single enterprise agreement will be negotiated for all Department employees to take effect from the transition date. If a single enterprise agreement is not successfully negotiated before the transition date, the Medicare Australia Collective Agreement 2008‑2011 or Medicare Australia (Medical Officers) Collective Agreement 2008‑2011 [or Centrelink Agreement 2009‑2011] will cover the Department and the relevant transferring Medicare [or Centrelink] employee in relation to Department work until a single enterprise agreement is successfully negotiated.

If a person becomes a new employee, as defined by subitem 67(6), before a single enterprise agreement is successfully negotiated, the Secretary may determine that the Centrelink Agreement 2009‑2011 or the Medicare Australia Collective Agreement 2008‑2011 or the Medicare Australia (Medical Officers) Collective Agreement 2008‑2011 applies to the new employee until a single enterprise agreement is successfully negotiated.[27]

2.27 Provisions in the Bill give effect to these intentions for a wide range of transferring employees: non‑SES employees covered by a designated agreement; employees covered by an Australian Workplace Agreement or pre‑reform Australian Workplace Agreement; and employees whose employment is covered by a determination under subsection 24(1) of the Public Service Act 1999.[28]

Issues related to employee transition arrangements

2.28 The CPSU stated that new employees should be properly classified in accordance with the APS Classification Rules and Work Level Standards, thereby ensuring that new employees are appropriately paid. In this regard, its submission cited Public Service Regulations 1999, Regulation 8.1(2) which provides that the annual salary of an APS employee on the day that employee moves to another agency in accordance with a determination must be the greater of the annual salary that applied to the APS employee immediately before the move and the annual salary that would, apart from the regulation, apply to the APS employee after the move.

2.29 In addition, the CPSU emphasised that the departmental restructure should not effect a loss of entitlements for any employees:

The employment of new employees being engaged by the Department after the cessation time and before a single enterprise agreement for [the Department] has been successfully negotiated with employees and their representatives, including CPSU, must not result in any undermining of the salary, classification and terms and conditions of employment for any group of employees.[29]

2.30 The CPSU argued that the integration of back office support services and some customer contact areas, including co‑located shopfronts has obfuscated to which agency—Medicare Australia or Centrelink—an employee belongs and this confusion has the potential for new employees to be improperly remunerated under the 'wrong' collective agreement:

To prevent this confusion, and to ensure that employees are appropriated remunerated, CPSU suggests that there be consultation by the Secretary with CPSU, as the representative of the class of persons who are to be or have become engaged as APS employee, on which is the most appropriate designated agreement to apply to that class of employees. Consultation should before any new employees are commenced after the cessation time and occur for any vacancies that are advertised after cessation time.[30]

2.31 The Committee sought advice from the Department on the processes that will be used to determine a new employee's classification, salary and conditions in circumstances where that employee is engaged by the Department before the formulation and implementation of a single enterprise agreement.

2.32 The Department told the Committee that it is working closely with both the Australian Public Service Commission and the CPSU to prepare a portfolio enterprise agreement to support the restructured Department as from 1 July 2011. This will align employment terms and conditions for employees across the portfolio. In relation to new employees:

The portfolio has exchanged correspondence with the CPSU to confirm the process of determining which agreement applies to employees recruited to the portfolio whilst the transitional provisions are in place.

New employees will be subject to a determination of which collective agreement is the most applicable to their new employment. This determination will be made by the Secretary of the Department of Human Services (or delegate).

Where the work that a new employee is engaged to perform is clearly identifiable as belonging to one of the former Human Services agencies (for example, Customer Service Adviser for Centrelink), the Secretary/delegate will place the new employee on the agreement relating to that function (in this example the Centrelink Agreement).

Where the employee is to perform duties in an enabling service that has been integrated (for example, HR, IT, Legal, Communications), the employee will be placed on the collective agreement of the former agency that had 'the lead' for that service. For example, new HR employees would be placed on the Medicare CA, new Legal employees on the DHS CA.[31]

Power to make retrospective regulations

2.33 Item 1 of Schedule 5 of the Bill gives the Governor-General power to make regulations in relation to transitional matters arising under the Bill. Regulations may be made within six months of the commencement of the Bill but to take effect as from 1 July 2011 (that is, retrospective regulations for transitional matters).

2.34 The Committee is concerned to ensure that any retrospective regulations made by the Governor—General do not have a detrimental impact. The Committee agrees with the Senate Standing Committee for the Scrutiny of Bills:

A bill such as this involves many and complex technical issues relating to moving from one set of administrative and governance arrangements to another. Nevertheless it would have been helpful for the explanatory memorandum to explain the need for the making of regulations which may have retrospective effect and whether it is envisaged that this may have any potential adverse consequences on affected persons.[32]

2.35 The Committee wrote to the Department seeking clarification of the need for retrospective regulations and the circumstances in which the Department anticipates that such regulations might be necessary.

2.36 In its response, the Department cited the limited retrospective operation of the regulation making power (transitional matters made before 31 December 2011) as a safeguard built into the MA Act. As to the necessity of the proposed provisions, the Department stated:

While every effort was made in preparing the transitional provisions to ensure they would operate correctly, it is possible that the transitional provisions will not adequately cover every circumstance. Accordingly it is considered prudent to have the ability to make regulations in relation to transitional matters. As a practical matter, the need for transitional regulations may become apparent after a transitional issue is identified.[33]

Operational impact of policy changes

2.37 The Bill focuses upon the policy objective of transforming the Department's service delivery to provide better outcomes for generations of Australians.[34] However, the Department indicated that internal consultations have been a feature of the reform process:

Staff have been consulted and involved throughout the reform and the portfolio has been meeting with the Community and Public Sector Union to ensure that staff and employment impacts across the portfolio are appropriately considered.

Where staff are impacted by the changes, or relocated to different offices, they are advised well in advance and supported by a structured change process.[35]

2.38 The Committee queried what specific processes are in place to ensure that the Bill does not adversely impact on employees and customers. The Department advised the Committee that, in 2010, the Department held forums with people who use government services (including community, staff and stakeholder groups) and work is currently underway to map out the future phases of the reform. The Department emphasised:

[T]he Human Services portfolio has adopted a co–design approach to understanding our customers and working with them, as well as our staff, to design, shape and deliver better services for the community.

...

Importantly, the reform program is being structured in such a way so that essential services and business as usual activities will not be disrupted. The staged approach being taken allows for close monitoring and assessment, and consideration of customer and community needs throughout the changes.[36]

Committee View

2.41 The Committee has carefully considered the evidence it received and sought further information from the Department in relation to concerns raised by submitters regarding the Bill. On balance the Committee is satisfied that there are appropriate safeguards in place to address concerns raised during the inquiry.

Recommendation 1

2.39 The Committee recommends that the Bill be passed.

Senator Claire Moore

Chair

March 2011

Navigation: Previous Page | Contents | Next Page