Chapter 1


My Health Records Amendments (Strengthening Privacy) Bill 2018

Purpose of the Bill

1.1        The My Health Records Amendment (Strengthening Privacy) Bill 2018 (Bill) proposes amendments to the My Health Records Act 2012 (MHR Act) to strengthen the privacy provisions of the My Health Record (MHR) system.[1]

1.2        During the MHR system opt-out period, concerns were raised by some healthcare recipients, peak health bodies and privacy organisations that the MHR Act included provisions for the disclosure of health information to law enforcement agencies and other government bodies. Concerns were also raised that health information contained in MHRs would be retained by the MHR System Operator (System Operator) after healthcare recipients requested their MHR registration be cancelled.[2]

1.3        In response to this concern, the Minister for Health, the Hon. Greg Hunt MP, announced the Australian Government would strengthen the privacy provisions in the MHR Act, specifically in relation to disclosure and retention of information.[3] The proposed amendments in the Bill give legislative effect to the Minister's announcement by:

  • removing the current capacity of the System Operator to disclose information contained in a MHR to a law enforcement or government agency without an order from an eligible judicial officer, or consent from the healthcare recipient; and
  • requiring the System Operator to permanently delete the health information stored in the National Repositories Service should the person for whom the MHR is made cancel their MHR registration.[4]

Background

1.4        The concept of a national digital health record has been progressed in public policy over the past decade and was formally agreed by Australian governments through the National eHealth Strategy in 2008. The strategy recognised the need to consolidate individuals' health information, and for that information to be accessible by individuals and healthcare providers to improve communication and continuity of individuals' care across health services.[5]

1.5        In 2012, the Australian Parliament legislated for a national digital health record system and established the Personally Controlled Electronic Health Records (PCEHR) system. The PCEHR system was implemented to, in part, overcome issues in healthcare resulting from fragmented health information, and to enable healthcare recipients to manage their own health data.[6]

1.6        In 2013, the Australian Government commissioned a review of the PCEHR system. The review's report made 38 recommendations, including moving the PCEHR system to an opt-out model.[7] In the 2015–16 Budget, the Australian Government announced in the 'My Health Record—a new direction for electronic health records in Australia' measure that:

  • $485.1 million over four years would be provided to continue the operation of the eHealth system;
  • trials would be implemented to test opt-out arrangements;
  • PCEHRs would be renamed to MHRs; and
  • an agency would be established to provide national coordination for eHealth.[8]

1.7        The Australian Digital Health Agency (ADHA) was established on 30 January 2016,[9] and is the prescribed System Operator.[10]

1.8        Following agreement of the Council of Australian Governments Health Council, the Australian Government confirmed, through the 2017–18 Budget, that the MHR system would transition to an opt-out model.[11] The opt-out period for the MHR system commenced on 16 July 2018 and ends on 15 November 2018.[12]

1.9        The privacy framework for the MHR system is established through the provisions of the MHR Act, Privacy Act 1988, and the Healthcare Identifiers Act 2010.[13] The amendments proposed in the Bill build on this established privacy framework.

Provisions of the Bill

1.10      The Bill is comprised of one schedule, inclusive of 17 items. The key proposed amendments to the MHR Act are:

  • Item 5—adds a requirement to subsection 17(2) to require the System Operator to permanently destroy a MHR should a healthcare recipient cancel their MHR registration. Currently, the System Operator is required to retain all MHR information for healthcare recipients until 30 years after their death, or, if the date of death is unknown, 130 years after the date of the healthcare recipient's birth.
  • Item 6—inserts a new subsection 17(3) to require the System Operator to destroy any health information that is included in a MHR when a healthcare recipient cancels their MHR registration, excluding certain administrative information, such as the name and healthcare identifier of the person making the cancellation request, and the date of cancellation. Item 6 also inserts subsection 17(4) which requires the System Operator to destroy MHR information, in accordance with subsection 17(3), as soon as practicable after a cancellation request is made, unless there is court order for the System Operator not to destroy a MHR, or there are particular legal requirements for the System Operator to disclose a MHR.
  • Item 10—inserts a new subsection 65(3) that limits the laws that authorise the collection, use and disclosure of MHR information. In effect, subsection 65(3) limits the collection, use and disclosure of MHR information to the Auditor-General, the Ombudsman and the Information Commissioner in fulling their legislated functions. Other entities seeking to access MHR data would need to do so under section 69 or proposed section 69A, which would require a court order.
  • Item 12—inserts new section 69A to limit the disclosure of information to designated law enforcement and government agencies only by order of a specified judicial officer, and the process by which a designated entity may apply for such an order to be made and the administrative requirements the order must meet. Item 12 also inserts new section 69B, which specifies the judicial officers who can make an order to disclose MHR information under new section 69A.
  • Item 14—repeals subsections 70(1) and 70(2) which currently enable the System Operator to use or disclose health information included in MHRs for law enforcement and revenue protection related activities.
  • Item 16—inserts new subsection 70(3A) which enables the System Operator , under specified conditions, to release limited information to a relevant person or agency where the System Operator reasonably believes there may be unlawful activity occurring in connection with its functions to enable initial consideration of the matter.[14]

1.11      If enacted, the Bill's proposed amendments to the MHR Act would commence the day after the Bill receives Royal Assent.[15]

Financial impact

1.12      There will not be any net financial impact arising from the Bill.[16]

Legislative scrutiny

1.13      The Senate Standing Committee on the Scrutiny of Bills reported it did not have any comments on the Bill.[17]

1.14      The Joint Committee on Human Rights reported that the Bill did not raise any human rights concerns.[18]

Conduct of the inquiry

1.15      On 22 August 2018, the Bill was introduced in the House of Representatives and read a first time.[19]

1.16      On 23 August 2018, the Senate, referred the provisions of the Bill to the Senate Community Affairs Legislation Committee (committee) for inquiry and report by 12 October 2018.[20]

1.17      On 19 September 2018, the Senate granted the committee an extension of time to report to 12 October 2018.[21]

1.18      At the time of referral, the Senate Community Affairs References Committee (references committee) was conducting a related inquiry into the MHR system.[22] The two Senate Standing Committees on Community Affairs have agreed to share relevant evidence received across the inquiries. Only matters directly relevant to the provisions of the Bill are considered in this report. Matters related to the broader operation of the MHR system are considered in the references committee's report.

1.19      The committee wrote to 57 individuals and organisations inviting submissions by 14 September 2018. The committee received 31 submissions to the inquiry, which were published on the committee's inquiry webpage.

1.20      The committee thanks the witnesses and submitters for their contributions to the inquiry.

Notes on references

1.21      In this report, references to the Committee Hansard are to proof transcripts. Page numbers may vary between proof and official transcripts.

Navigation: Previous Page | Contents | Next Page