Chapter 2 - Key Provisions and Issues
2.1
An integral aspect of the Bill is the flow of personal information
between agencies within the Human Services portfolio. This chapter discusses
two types of provisions relevant to the way in which information will be
handled within the restructured Department: program secrecy provisions; and
search and seizure provisions.
Program Secrecy Provisions
2.2
Secrecy provisions are clauses in government agencies' enabling
legislation, which limit the way in which agencies can treat information held
by them. This information is sometimes called 'protected information' and can include
personal information, for example, individuals' clinical records.
2.3
The Second Reading Speech described how the Bill preserves existing
program secrecy provisions:
[These] will continue to operate in essentially the same way
under the new governance arrangements for the portfolio. To bring this about,
the consequential amendments include changes to various provisions in program
legislation, for example the Health Insurance Act 1973 and the Social Security
(Administration) Act 1999.[1]
2.4
The Bill also addresses how the secrecy provisions will apply if the
Department holds the same piece of information about an individual under more
than one program. In such instances, more than one secrecy provision might
apply (the multiple secrecy provisions).[2]
The effect of the multiple secrecy provisions is that where [the
Department] holds the same piece of information about a person under more than
one program Act (such as family assistance and Medicare), [the Department] is
able to use and disclose that information if it complies with one of the
secrecy provisions applicable to that information.
The multiple secrecy provisions will apply to information
that has been obtained by two programs delivered by [the Department] independently,
and to information that has been transferred from one program to another as an
authorised use or disclosure of that information.[3]
2.5
Since February 2010, the Department has progressed the development and
design of service delivery reform in close consultation with the Office of the
Australian Information Commissioner (OAIC) under a Memorandum of Understanding.
In its submission, the Department acknowledged that it is critical to instil
confidence in Australian consumers with respect to the protection of their
personal information.[4]
2.6
The Department advised the Committee that a privacy framework has been
developed to ensure that privacy considerations are consistently managed across
the reform process. The framework is supplemented by ongoing Preliminary
Privacy Impact Assessments, which analyse privacy risks generated by the reform.
According to the Department, these risks have to date been low due to the
reform being based on informed customer consent in relation to the use and
disclosure of personal information.[5]
2.7
As further evidence of its commitment to protecting personal
information, the Department advised that it is currently developing a consent
model to ensure that information is appropriately managed and shared. The
Department's submission did not describe the model itself but stated that the
model 'emphasises adequate levels of notice, control and choice for individuals.'[6]
2.8
The Department further noted pending reforms to Australian privacy law
and in the interim has undertaken to handle health information as indicated in
the draft Australian Privacy Principles released in June 2010.[7]
Specifically:
The portfolio will:
-
protect people's Individual Health Identifiers and any associated
Individual Electronic Health Records; and
- protect people's clinical health information held by the
portfolio in a way that reflects its sensitivity and continue to keep it
separated from other personal information.[8]
2.9
The OAIC approved the Department's internal protocols for the handling
of personal information, commenting that they were 'appropriate' and remarking:
Such protocols should continue to ensure that personal information
is only collected, used and disclosed:
- as required or authorised by law;
- with appropriate sensitivity (for example, ensuring protections for
health and other sensitive information; and for personal circumstances that
require additional information security, such as for victims of domestic
violence);
-
in accordance with customers' reasonable expectations; and
- in accordance [with] the government's policy to seek consent to 'any
new sharing of customer data...'.[9]
2.10
Changeling Aspects challenged the manner in which Medicare and
Centrelink currently obtain, store and access personal information relating to
members of the Transgender community. Its submission described the difficulties
of amending personal information, as well as the unfettered access Medicare and
Centrelink staff has to sensitive personal information.[10]
2.11
The Committee notes that such issues are longstanding and considers that
the Department should hold meaningful discussions with relevant groups to
ensure that their concerns are fully considered and addressed when next
considering changes to the legislation.
Search and seizure provisions
Background
2.12
The Bill amends specific provisions in Divisions 5 and 6 of Part IID
(Investigative Powers of Chief Executive Officer) of the MA Act.[11]
The amendments align the MA Act with the equivalent provisions in the Crimes
Act (sections 3, 3L, 3LAA, 3LA and 3LB), thereby providing statutory
clarification, flexibility, certainty and strength.[12]
The Department submitted:
[T]he investigative powers will not be extended in scope and
there will be no equivalent investigative powers introduced into the [Centrelink
Act] to cover social security and family assistance related investigations.[13]
2.13
However, one proposed provision—an amendment to section 8ZN of the MA
Act—elicited particular comment from submitters. Proposed section 8ZN provides
that the Chief Executive Medicare be required to notify a patient of the
seizure of records only if an authorised officer, or an officer assisting,
examines a record containing clinical details relating to that individual
patient.[14]
However, this obligation will not apply if the authorised officer, or the
officer assisting, does not obtain any knowledge of a patient's clinical details.[15]
2.14
At present, the Chief Executive Officer of Medicare Australia is
required to provide written notification to a patient if Part IID investigatory
powers have been used in respect of a record containing the patient's clinical
details. The proposed amendment therefore reduces the statutory obligation
based on an examiner's subjective assessment. The Department submitted:
[I]n many investigations, a large number of patient records
are seized, particularly in cases where the records are stored electronically.
Only some of those records may be relevant to the investigation. Examining
officers usually do not scrutinise clinical details of all patients, and in
some cases no clinical details are scrutinised...It is expected that [the
proposed] amendment would reduce unnecessary notifications to patients whose
medical records are seized but not scrutinised in an investigation, minimising:
- needless worry for customers whose clinical details have not been
scrutinised; and
-
the administrative burden on Medicare Australia of notifying
customers on a broad scale.[16]
Issues related to the protection of
personal information
2.15
The Consumers Health Forum of Australia (Consumers Health Forum) raised
concerns over the Bill's proposal to reduce notification obligations and
remarked on the need for consumers to have confidence in the safe storage,
access and use of their personal information:
[Consumers Health Forum] is concerned that, if Medicare is to
have the power to seize and examine records without being required to notify
patients, there will be more opportunities for inappropriate access to patient
information.[17]
2.16
The Consumers Health Forum acknowledged existing Medicare processes to
monitor and act on inappropriate access to records but drew attention to the
application of these processes to seized records. In its view, it is not clear
whether these processes are sufficiently refined to determine whether clinical
data has been viewed.[18]
2.17
The Senate Standing Committee for the Scrutiny of Bills similarly raised
privacy concerns, effectively querying how it is to be determined that there is
no obligation to notify a patient that their clinical records have been seized:
The Committee is concerned that these items will impact on
the privacy of individuals and is particularly interested to understand who
will determine whether clinical knowledge was obtained, what training they will
have and whether any safeguards are in place to protect patients.[19]
2.18
In its submission, the OAIC informed the Committee that the Commissioner
has been briefed on Medicare Australia's existing investigations process and
the intended operation of the amended provisions. In the Commissioner's view,
and from information provided to the Commissioner by the Department:
[Proposed section 8ZN] appropriately balances privacy
protection and the efficient and effective conduct of relevant investigations.
In particular the OAIC notes the extensive security arrangements that apply to
such investigations—including legal (eg search warrants), technical (IT
safeguards), physical (storage) and operational (eg training and
certification).[20]
2.19
The Committee sought additional advice from the Department regarding the
scope of the term 'clinical details' and who will determine whether an officer,
or officer assisting, has obtained knowledge of a patient's clinical details. In
response, the Department advised:
The phrase 'clinical details' broadly covers information in a
particular patient's records about that patient's health, but not other patient
details. This includes information about any medical condition reported by the
patient or diagnosed by the practitioner, and any treatment recommended or
prescribed by the practitioner.[21]
2.20
The Department noted that Medicare Australia already collects and
maintains claiming data against Medicare Benefits Schedule (MBS) item numbers,
which, by their nature, reveal clinical details about the patients in relation
to whom the items are claimed.[22]
2.21
The Department's written response also detailed safeguards within the
amended MA Act to protect patient privacy. For example, the destruction or
return of data not used in evidence (new sections 8ZF, 8ZG, 8ZGA, and 8ZM). The
Department also described existing internal mechanisms, as referred to by the
OAIC (see paragraph 2.9 above), which will continue to protect the privacy of
individuals' information:
The type of investigation will determine whether a patient's
clinical details need to be examined. For example, where an investigation centres
on fraudulent claiming by a doctor for a specific MBS item, the records of
patients who received that particular MBS item from the doctor may need to be
examined for evidential purposes. The case for investigation must be strong
enough for a magistrate to approve a warrant to enable Medicare Australia to
seize records.
Currently, safeguards exist to protect patient's privacy when
exercising search and seizure powers and these will continue after the
integration of the Human Services portfolio. If the Bill is passed, the powers
and functions under Part IID will be exercised by officers of the [Department],
rather than Medicare Australia, and the existing controls outlined below will
be continued by DHS.
The examination of patient records containing clinical
details is undertaken by appropriately trained and qualified Medical Advisers
employed by the portfolio or, where necessary, by Compliance Officers who are
overseen by the Medical Advisers.
Officers are also subject to the secrecy provisions set out
in the Health Insurance Act 1973 and the National Health Act 1953
which set penalties for the unauthorised disclosure of information, including
fines and imprisonment. In addition, the portfolio is subject to the
requirements of the Privacy Act 1988 which restricts and regulates the
collection, use and disclosure of personal information.
When patient records are seized, DHS will review the outcome
of the seizure and examination, and determine which patients require
notification. The review process, which involves both Medical Advisers and
Compliance Officers, will operate on the basis of a prima facie assumption that
clinical knowledge has been obtained following each seizure and examination.
The relevant Medical Adviser or Compliance Officer will need to demonstrate
that the notification requirement should not be triggered and a Senior
Executive Officer will be responsible for approving every instance of seizure
and examination without notification.[23]
2.22
The Standing Committee for the Scrutiny of Bills has received a response
from the Minister in relation to concerns raised in its Alert Digest No. 1 of
2011. The response remains subject to consideration by that committee. However
the Committee notes the following similar comments:
Medicare Australia's Medical Advisers are appropriately
qualified medical practitioners with current and unrestricted registration.
Medicare Australia's Compliance Officers who undertake investigations into
fraud allegations are required at a minimum to hold a Certificate IV in
Government Investigations.
Further to these accreditations, Compliance Officers and
Medical Advisers are also required to undergo privacy training as a part of
their induction into Medicare Australia and receive annual privacy refresher
training.
Medicare Australia has robust IT security infrastructure and
physical security measures in place to ensure all patient records and other
information obtained in the course of compliance activities is protected from
unauthorised access. Only officers with a requirement to access these records
are granted access to systems containing patient records and other information
relevant to compliance activities. There have been no recorded instances of
unauthorised access by Medicare Australia officers to patient records seized
under warrant for compliance purposes.[24]
2.23
Three additional matters were examined by the Committee for the purposes
of the inquiry: employee transition arrangements; the power to make
retrospective regulations; and the operational impact of policy changes.
Employee transition arrangements
Background
2.24
Part 2 of Schedules 1 and 2 of the Bill deal with transitional matters,
including matters arising from the abolition of the statutory agencies and
statutory offices. The Explanatory Memorandum states that these provisions
concern internal matters in relation to financial accountability and the
transfer of employees.[25]
2.25
More specifically, Division 5 of Part 2 of Schedules 1 and 2 concern the
movement of employees from Medicare Australia and Centrelink to the Department.
This topic concerned the Community and Public Sector Union (CPSU). For
Australian Public Service (APS) employees, the movement will be in accordance
with a determination under the machinery of government provision in section 72
of the Public Service Act 1999.[26]
2.26
According to the Explanatory Memorandum:
It is intended that a single enterprise agreement will be
negotiated for all Department employees to take effect from the transition
date. If a single enterprise agreement is not successfully negotiated before
the transition date, the Medicare Australia Collective Agreement 2008‑2011
or Medicare Australia (Medical Officers) Collective Agreement 2008‑2011
[or Centrelink Agreement 2009‑2011] will cover the Department and
the relevant transferring Medicare [or Centrelink] employee in relation to
Department work until a single enterprise agreement is successfully negotiated.
If a person becomes a new employee, as defined by subitem
67(6), before a single enterprise agreement is successfully negotiated, the Secretary
may determine that the Centrelink Agreement 2009‑2011 or the Medicare
Australia Collective Agreement 2008‑2011 or the Medicare Australia
(Medical Officers) Collective Agreement 2008‑2011 applies to the new
employee until a single enterprise agreement is successfully negotiated.[27]
2.27
Provisions in the Bill give effect to these intentions for a wide range
of transferring employees: non‑SES employees covered by a designated
agreement; employees covered by an Australian Workplace Agreement or pre‑reform
Australian Workplace Agreement; and employees whose employment is covered by a
determination under subsection 24(1) of the Public Service Act 1999.[28]
Issues related to employee
transition arrangements
2.28
The CPSU stated that new employees should be properly classified in
accordance with the APS Classification Rules and Work Level Standards, thereby
ensuring that new employees are appropriately paid. In this regard, its
submission cited Public Service Regulations 1999, Regulation 8.1(2) which
provides that the annual salary of an APS employee on the day that employee
moves to another agency in accordance with a determination must be the greater
of the annual salary that applied to the APS employee immediately before the
move and the annual salary that would, apart from the regulation, apply to the
APS employee after the move.
2.29
In addition, the CPSU emphasised that the departmental restructure
should not effect a loss of entitlements for any employees:
The employment of new employees being engaged by the
Department after the cessation time and before a single enterprise agreement
for [the Department] has been successfully negotiated with employees and their
representatives, including CPSU, must not result in any undermining of the
salary, classification and terms and conditions of employment for any group of
employees.[29]
2.30
The CPSU argued that the integration of back office support services and
some customer contact areas, including co‑located shopfronts has
obfuscated to which agency—Medicare Australia or Centrelink—an employee belongs
and this confusion has the potential for new employees to be improperly
remunerated under the 'wrong' collective agreement:
To prevent this confusion, and to ensure that employees are
appropriated remunerated, CPSU suggests that there be consultation by the
Secretary with CPSU, as the representative of the class of persons who are to
be or have become engaged as APS employee, on which is the most appropriate
designated agreement to apply to that class of employees. Consultation should before
any new employees are commenced after the cessation time and occur for any
vacancies that are advertised after cessation time.[30]
2.31
The Committee sought advice from the Department on the processes that
will be used to determine a new employee's classification, salary and
conditions in circumstances where that employee is engaged by the Department
before the formulation and implementation of a single enterprise agreement.
2.32
The Department told the Committee that it is working closely with both
the Australian Public Service Commission and the CPSU to prepare a portfolio
enterprise agreement to support the restructured Department as from 1 July
2011. This will align employment terms and conditions for employees across the
portfolio. In relation to new employees:
The portfolio has exchanged correspondence with the CPSU to
confirm the process of determining which agreement applies to employees
recruited to the portfolio whilst the transitional provisions are in place.
New employees will be subject to a determination of which
collective agreement is the most applicable to their new employment. This
determination will be made by the Secretary of the Department of Human Services
(or delegate).
- Where the work that a new employee is engaged to perform is
clearly identifiable as belonging to one of the former Human Services agencies
(for example, Customer Service Adviser for Centrelink), the Secretary/delegate
will place the new employee on the agreement relating to that function (in this
example the Centrelink Agreement).
- Where the employee is to perform duties in an enabling service
that has been integrated (for example, HR, IT, Legal, Communications), the
employee will be placed on the collective agreement of the former agency that
had 'the lead' for that service. For example, new HR employees would be placed
on the Medicare CA, new Legal employees on the DHS CA.[31]
Power to make retrospective regulations
2.33
Item 1 of Schedule 5 of the Bill gives the Governor-General power to
make regulations in relation to transitional matters arising under the Bill.
Regulations may be made within six months of the commencement of the Bill but
to take effect as from 1 July 2011 (that is, retrospective regulations for
transitional matters).
2.34
The Committee is concerned to ensure that any retrospective regulations
made by the Governor—General do not have a detrimental impact. The Committee
agrees with the Senate Standing Committee for the Scrutiny of Bills:
A bill such as this involves many and complex technical
issues relating to moving from one set of administrative and governance
arrangements to another. Nevertheless it would have been helpful for the
explanatory memorandum to explain the need for the making of regulations which
may have retrospective effect and whether it is envisaged that this may have
any potential adverse consequences on affected persons.[32]
2.35
The Committee wrote to the Department seeking clarification of the need
for retrospective regulations and the circumstances in which the Department
anticipates that such regulations might be necessary.
2.36
In its response, the Department cited the limited retrospective
operation of the regulation making power (transitional matters made before 31
December 2011) as a safeguard built into the MA Act. As to the necessity of the
proposed provisions, the Department stated:
While every effort was made in preparing the transitional
provisions to ensure they would operate correctly, it is possible that the
transitional provisions will not adequately cover every circumstance. Accordingly
it is considered prudent to have the ability to make regulations in relation to
transitional matters. As a practical matter, the need for transitional
regulations may become apparent after a transitional issue is identified.[33]
Operational impact of policy changes
2.37
The Bill focuses upon the policy objective of transforming the
Department's service delivery to provide better outcomes for generations of
Australians.[34]
However, the Department indicated that internal consultations have been a
feature of the reform process:
Staff have been consulted and involved throughout the reform
and the portfolio has been meeting with the Community and Public Sector Union
to ensure that staff and employment impacts across the portfolio are
appropriately considered.
Where staff are impacted by the changes, or relocated to
different offices, they are advised well in advance and supported by a
structured change process.[35]
2.38
The Committee queried what specific processes are in place to ensure that
the Bill does not adversely impact on employees and customers. The Department advised
the Committee that, in 2010, the Department held forums with people who use
government services (including community, staff and stakeholder groups) and
work is currently underway to map out the future phases of the reform. The
Department emphasised:
[T]he Human Services portfolio has adopted a co–design
approach to understanding our customers and working with them, as well as our
staff, to design, shape and deliver better services for the community.
...
Importantly, the reform program is being structured in such a
way so that essential services and business as usual activities will not be
disrupted. The staged approach being taken allows for close monitoring and
assessment, and consideration of customer and community needs throughout the
changes.[36]
Committee View
2.41 The Committee has carefully considered the evidence
it received and sought further information from the Department in relation to
concerns raised by submitters regarding the Bill. On balance the Committee is satisfied
that there are appropriate safeguards in place to address concerns raised
during the inquiry.
Recommendation 1
2.39
The Committee recommends that the Bill be passed.
Senator Claire Moore
Chair
March 2011
Navigation: Previous Page | Contents | Next Page