key recommendations for health information privacy reform
DESCRIPTION
Speech by Professor Rosalind Croucher* at the Managing Patient Confidentiality & Information Governance Forum, 22 August 2011, Melbourne.TRANSCRIPT
![Page 1: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/1.jpg)
For Your Information: Australian Privacy Law and Practice – key
recommendations for health information privacy reform
Professor Rosalind CroucherPresident, ALRC
1
![Page 2: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/2.jpg)
Time line
• 1982 – FOI Act (Cth)• 1983 – Archives Act (Cth)• 1988 – Privacy Act (Cth)• 2000 – Privacy (Private Sector)
2
![Page 3: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/3.jpg)
Time line
• 2004 – Privacy Commissioner review of private sector provisions
• 2005 – Senate Legal and Constitutional Affairs Committee inquiry into Privacy Act
• 2006 – Privacy Act amendments to include ‘genetic information’
3
![Page 4: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/4.jpg)
Time line
• 2006 – January referral to ALRC• 2006 – COAG agrees to national approach• 2008 – May, ALRC report• 2009 – October, Government response• 2009 – Dec, COAG agreement re e-health
4
![Page 5: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/5.jpg)
Time line
• 2010 – Privacy Commissioner into Office of the Australian Information Commissioner
• 2010 – Health Identifiers Bill• 2011 – June, Draft Australian Privacy
Principles
5
![Page 6: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/6.jpg)
6
![Page 7: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/7.jpg)
Terms of Reference
• the effectiveness of privacy laws in Australia given:– rapid advances in information,
communication, storage, surveillance and other technology
– possible changing community perceptions around privacy
– expansion of state & territory activity in this area
![Page 8: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/8.jpg)
Terms of Reference
8
The need of individuals for privacy protection in an evolving technological environment
The desirability of minimising the regulatory burden on business in this area
![Page 9: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/9.jpg)
Competing tensions
9
autonomy public interests
![Page 10: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/10.jpg)
Spectrum
protection openness
10
![Page 11: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/11.jpg)
Secrecy obligations?
11
![Page 12: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/12.jpg)
Federal interest in privacy
12
![Page 13: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/13.jpg)
Part A – Introduction Part B – Developing Technology Part C – Interaction, Inconsistency
and Fragmentation Part D – The Privacy Principles Part E – Exemptions Part F – Office of the Privacy
Commissioner Part G – Credit Reporting Provisions Part H – Health Services and
Research Part I – Children, Young People and
Adults Requiring Assistance
Part J – Telecommunications Part K – Protecting a Right to Personal
Privacy3 volumes, 74 chapters, 295 recommendations
![Page 14: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/14.jpg)
Key Recommendations
• Rationalisation of the Privacy Principles
• Greater national harmonisation – same privacy principles to apply across Australia
• Fewer exemptions
• Greater enforcement powers for the OPC
• Mandatory data breach notification
• Cause of action for serious invasions of privacy
![Page 15: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/15.jpg)
Health information
15
Privacy of health information and e-health strategies
Ensuring that the Privacy Act is not an impediment to appropriate information sharing among health care professionals
What constitutes appropriate consent in particular contexts
Development of nationally consistent rules for handling all health information
![Page 16: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/16.jpg)
New Regulatory FrameworkOne Set of (High Level) Privacy Principles
1 Anonymity and Pseudonymity2 Collection3 Notification4 Openness5 Use and Disclosure6 Direct Marketing (org only)7 Data Quality8 Data Security9 Access and Correction10 Identifiers (org only)11 Cross-border Data Flows
Regulations- can impose more specific - and more or
less stringent - requirements
Industry codes - to deal with operational matters
OPCGuidance
![Page 17: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/17.jpg)
Achieving National Consistency
Privacy Act 1988 (Cth) – apply to Cth public sector and private sector
State and territory privacy laws - not apply to private sector organisations
Major impact on health privacy legislation by excluding state and territory privacy laws applying to organisations - eg:
- Health Records and Information Privacy Act 2002 (NSW)
- Health Records Act 2001 (Vic)
- Health Records (Privacy and Access Act) 1997 (ACT)
![Page 18: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/18.jpg)
Government response• Stage 1 (legislation within 12 to 18 mths of 11 Aug 08)
– one set of privacy principles – credit reporting and health regulations– Education/legislation concerning issues of new technology– work with states and territories towards harmonisation
• Stage 2– removal of exemptions– data breach notification– statutory cause of action
• Concurrent– Powers of OPC– OPC guidance
![Page 19: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/19.jpg)
Health Identifiers
• National shared system• Underpinned by enabling legislation• Build on Medicare infrastructure• Consent of individual not required to
assign UHI (unique healthcare identifier)
19
![Page 20: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/20.jpg)
Health Identifiers
• Control use • Subject to privacy principles• Sanctions – criminal offences• Purpose – sharing of healthcare info for
management of patients
20
![Page 21: Key Recommendations for Health Information Privacy Reform](https://reader034.vdocuments.mx/reader034/viewer/2022042521/547cae66b47959c0508b4719/html5/thumbnails/21.jpg)
For information about ALRC work, copies of speeches and presentations
ALRC website – all papers available online (free):
www.alrc.gov.au
Email: [email protected]
GPO Box 3708, Sydney 2001
21