Amendments to the My Health (Strengthening Privacy) Bill 2018 introduced and read for a first time
August 22, 2018 |
The Federal Government introduced the My Health Records Amendment (Strengthening Privacy) Bill 2018 today.
It is very much a patch like amendment to the Act, inserting a long and detailed section 69A and 69B to require an order from a judge or magistrate for access to data and providing for deletion of data.
The proposed amendments are:
1 Section 5 (definition of enforcement body)
Repeal the definition.
2 Section 17 (heading)
After “Retention”, insert “and destruction”.
3 Before subsection 17(1)
Insert:
Records
4 Before subsection 17(2)
Insert:
Retention of records
5 At the end of paragraph 17(2)(b)
Add:
; or (iii) if, under subsection (3), the record is required to be destroyed because of the cancellation of registration of the healthcare recipient—when the System Operator is required to destroy the record under subsection (4).
6 At the end of section 17
Add:
Destruction of records after cancellation on request
(3) If the System Operator is required to cancel the registration of the healthcare recipient under subsection 51(1) (cancellation on request), the System Operator must destroy any record that includes health information that is included in the My Health Record of the healthcare recipient, other than the following information:
(a) the name and healthcare identifier of the healthcare recipient;
(b) the name and healthcare identifier of the person who requested the cancellation, if different from the healthcare recipient;
(c) the day the cancellation decision takes effect under subsection 51(7).
(4) The System Operator must comply with subsection (3):
(a) as soon as practicable after the cancellation decision takes effect under subsection 51(7); or
(b) if any of the following requirements apply before the records are destroyed under paragraph (a)—as soon as practicable after the conclusion of the matter to which the requirement relates:
(i) a court order requires the System Operator not to destroy records of the healthcare recipient;
(ii) the System Operator is required to disclose records of the healthcare recipient under section 69 or 69A;
(iii) the System Operator is required to disclose records of the healthcare recipient under a law covered by subsection 65(3).
7 Section 63 (note)
After “69”, insert “, 69A”.
8 Subsection 65(1)
Omit “Commonwealth, State or Territory law”, substitute “a Commonwealth, State or Territory law covered by subsection (3)”.
9 At the end of subsection 65(1)
Add:
Note: No State or Territory laws are covered by subsection (3).
10 At the end of section 65
Add:
(3) This subsection covers the following laws:
(a) this Act;
(b) the Auditor?General Act 1997;
(c) the Ombudsman Act 1976;
(d) a law of the Commonwealth to the extent that the law requires or authorises the collection, use or disclosure of information for the purposes of performing the Information Commissioner’s functions in relation to the My Health Record system.
11 Section 67 (note)
Omit “may be limited”, substitute “on request may be limited because of the retention and destruction requirements under section 17”.
12 After section 69
Insert:
69A Disclosure to designated entity under order by judicial officer
Disclosure to designated entity under order by judicial officer
(1) If an entity that is:
(a) an agency, or a State or Territory authority, within the meaning of the Privacy Act 1988; and
(b) not a court, tribunal or coroner;
(a designated entity) presents to the System Operator an order made under this section, the System Operator must comply with the order.
(2) Except as mentioned in subsection (1) or in accordance with a law covered by subsection 65(3), a participant in the My Health Record system, or a healthcare recipient, cannot be required to disclose health information included in a healthcare recipient’s My Health Record to a designated entity.
(3) This section does not authorise the System Operator to use or disclose healthcare recipient?only notes.
(4) If the System Operator uses or discloses personal information under this section, it must make a written note of the use or disclosure.
Application for and making of order
(5) A designated entity may apply to any of the following judicial officers:
(a) a magistrate of a State or Territory;
(b) a judge who is eligible under subsection 69B(2);
for an order under this section in relation to the disclosure, to the entity, of health information included in a healthcare recipient’s My Health Record.
(6) The judicial officer may make the order if:
(a) the designated entity satisfies the judicial officer, by information on oath or affirmation, that:
(i) the designated entity has powers or duties of the kind mentioned in subsection (7); and
(ii) if the designated entity has powers of the kind mentioned in paragraph (7)(a)—the designated entity has exercised or purported to exercise its power to require the System Operator to disclose information to which the order will relate; and
(iii) in all the circumstances, the particular disclosure of the particular information to the designated entity is reasonably necessary for the purposes of a thing done by, or on behalf of, the designated entity; and
(iv) there is no effective means for the designated entity to obtain the particular information, other than an order under this section; and
(b) the judicial officer is satisfied that, having regard to the matter mentioned in subparagraph (a)(iii) and the privacy of the healthcare recipient, the disclosure of the information would not, on balance, unreasonably interfere with the privacy of the healthcare recipient.
(7) A designated entity has powers or duties of the kind mentioned in this subsection if:
(a) the designated entity has power under a law of the Commonwealth or a State or Territory (other than a law covered by subsection 65(3)) to require persons to give information to the designated entity; or
(b) officers of the designated entity are, in the ordinary course of their duties, authorised to execute warrants to enter premises and seize things found, including documents.
(8) The judicial officer must not make the order unless the designated entity or some other person has given the judicial officer, either orally or by affidavit, such further information (if any) as the judicial officer requires concerning the grounds on which the order is being sought.
(9) The order must:
(a) identify the healthcare recipient; and
(b) specify the particular information to be disclosed; and
(c) authorise one or more officers of the designated entity (whether or not named in the order) to obtain the information from the System Operator and require the System Operator to disclose the information to the designated entity; and
(d) specify the day (not more than 6 months after the making of the order) on which the order ceases to have effect; and
(e) state the purpose for which the order is made.
69B Judicial officers for orders under section 69A
Eligible judge of a court created by the Parliament
(1) A judge of a court created by the Parliament may, by writing, consent to be nominated by the Attorney?General under subsection (2).
(2) The Attorney?General may, by writing, nominate a judge of a court created by the Parliament in relation to whom a consent is in force under subsection (1) to be eligible for the purposes of paragraph 69A(5)(b).
(3) A nomination under subsection (2) is not a legislative instrument.
Magistrates
(4) A magistrate need not accept the functions conferred by section 69A.
(5) The Governor?General may:
(a) arrange with the Governor of a State for the performance, by all or any of the persons who from time to time hold office as magistrates of that State, of the functions of a magistrate conferred by section 69A; or
(b) arrange with the Chief Minister of the Australian Capital Territory for the performance, by all or any of the persons who from time to time hold office as magistrates of the Australian Capital Territory, of the functions of a magistrate conferred by section 69A; or
(c) arrange with the Administrator of the Northern Territory for the performance, by all or any of the persons who from time to time hold office as Judges of the Local Court of the Northern Territory, of the functions of a magistrate conferred by section 69A.
Judicial officers exercising powers in personal capacity
(6) The functions conferred on a judicial officer by section 69A are conferred on the judicial officer:
(a) in a personal capacity; and
(b) not as a court or a member of a court.
(7) A judicial officer performing a function conferred by section 69A has the same protection and immunity as if the judicial officer were performing the function:
(a) as the court of which the judicial officer is a member; or
(b) as a member of the court of which the judicial officer is a member.
13 Section 70 (heading)
Omit “for law enforcement purposes, etc.”, substitute “in relation to unlawful activity”.
14 Subsections 70(1) and (2)
Repeal the subsections.
15 Subsection 70(3)
After “to use or”, insert “(subject to subsection (3A))”.
16 After subsection 70(3)
Insert:
(3A) The System Operator is authorised to disclose under subsection (3) only the information the relevant person or authority mentioned in paragraph (3)(b) needs to identify the matter or concerns mentioned in that paragraph with sufficient certainty to:
(a) initiate consideration of the matter or concerns; and
(b) if necessary, apply for an order under section 69A in relation to the matter or concerns.
17 Application of amendments
(1) The amendments of section 17 of the My Health Records Act 2012 made by this Schedule apply in relation to a cancellation of registration of a healthcare recipient on request, whether the cancellation takes effect before or after the commencement of this Schedule.
(2) However, the amendments do not apply in relation to a cancellation that took effect before the commencement of this Schedule if, after the cancellation took effect and before the commencement of this Schedule, the healthcare recipient applied for registration.
The Explanatory Memorandum relevantly provides:
OUTLINE
The My Health Records Amendment (Strengthening Privacy) Bill 2018 (the Bill) will amend the My Health Records Act 2012 (MHR Act) to strengthen the privacy framework of the My Health Record system.
The Bill will specifically:
- remove the ability of the My Health Record System Operator to disclose health information in My Health Records to law enforcement agencies and government agencies without an order by a judicial officer or the healthcare recipient’s consent; and
- require the System Operator to permanently delete health information stored in the National Repositories Service for a person if they have cancelled their registration with the My Health Record system – that is, they have cancelled their My Health Record.
Background
The My Health Record system was implemented in July 2012 – known as the personally controlled electronic health record or PCEHR system – as a first step towards overcoming some of the issues facing healthcare arising from the fragmentation of health information and enabling Australians to manage their own health information. Health information is spread across a vast number of different locations and systems. In many healthcare situations, quick access to key health information about an individual is not always possible. Limited access to health information at the point of care can result in a greater risk to patient safety, less than optimal health outcomes, avoidable adverse events, increased costs of care and time wasted in collecting or finding information, unnecessary or duplicated investigations, additional pressure on the health workforce, and reduced participation by individuals in their own healthcare management.
A review of the PCEHR system was undertaken in 2013. It found there was overwhelming support for continuing implementation of a consistent electronic health record system for all Australians, but a change in approach was needed to correct early implementation issues. This review made thirty-eight recommendations aimed at making the system more useable and able to deliver the expected benefits in a shorter period. The recommendations included establishing new governance arrangements, moving to an opt-out system for individual participation and improving system usability and the clinical content of records.
The Government’s response to these recommendations was announced in the 2015-16 Budget and included strengthening digital health governance and operations by establishing the Australian Digital Health Agency (then referred to as the Australian Commission for eHealth) to manage governance, operation and ongoing delivery for digital health, trialling new participation arrangements including opt-out, improving system usability and the clinical content of records, revising incentives and providing education and training to healthcare providers. The Government also announced that the PCEHR system would be renamed the My Health Record system.
Amendments to the MHR Act were subsequently proposed in Parliament to enable the My Health Record system to operate on an opt-out basis, and to provide that the Minister, in consultation with health ministers, could apply the opt-out model through trials and nationally. These amendments were passed unanimously in November 2015.
Trials of participation arrangements (including opt-out trials) were undertaken in 2016 to inform future strategies for maximising the benefits of the My Health Record system. The opt-out trials occurred in Nepean Blue Mountains and North Queensland, and involved about one million people. An evaluation of those trials found a high level of support by individuals and healthcare providers for the automatic creation of My Health Records, and recommended that Government proceed to a national opt-out approach.
The My Health Record system opt-out process was unanimously agreed by all state and territory governments in March 2017 at the Council of Australian Governments (COAG) Health Council. This was reaffirmed unanimously at the August 2018 COAG Health Council. As part of the 2017-18 Budget, the Government confirmed that the My Health Record system would transition to an opt-out system and that all Australians would have a My Health Record by the end of 2018, unless they opt-out.
On 30 November 2017 the Minister for Health made the My Health Records (National Application) Rules 2017 to apply the opt-out model of registration to everyone in Australia, and to specify the period in which individuals could opt-out. The opt-out period commenced on 16 July 2018 (pursuant to the My Health Records (National Application) Commencement Instrument 2018) and will end on 15 November 2018.
Since the opt-out period began concerns have been expressed by some healthcare recipients, privacy advocates and some peak healthcare bodies that the MHR Act authorises the release of information to law enforcement agencies and other government bodies. Division 2 of Part 4 of the MHR Act authorises, among other things, the System Operator to use and disclose My Health Record information to enforcement bodies for certain purposes, such as for the investigation of a criminal offence. The Australian Digital Health Agency – the My Health Record System Operator – issued a policy statement that it had not and would not release any information to such bodies without a court order.
Concern has also been expressed that information would continue to be stored in the National Repositories Service for people who have cancelled their My Health Record. An obligation of the System Operator is to operate the National Repositories Service which contains some of the information available through the My Health Record system, and section 17 of the MHR Act requires the System Operator to retain this information until 30 years after the person’s death. Information is held for various reasons, including to provide for medico-legal needs and to reflect Commonwealth record-keeping requirements.
On 31 July 2018 the Minister for Health announced his intention to strengthen the MHR Act to make clear that information will not be released without a court order, and that My Health Record information held by the System Operator would be permanently deleted if someone cancels their My Health Record.
The Bill
The Bill will amend the MHR Act to strengthen the already robust privacy framework of the My Health Record system.
The Bill will remove the ability for the System Operator to disclose health information to law enforcement agencies and government agencies without an order by a judicial officer or the healthcare recipient’s consent. The Bill will also require the System Operator to permanently delete from the National Repositories Service any health information about a healthcare recipient who has cancelled their My Health Record.
The safeguards that apply to a healthcare recipient’s My Health Record will be strengthened by this Bill, effectively providing that health information can only be collected, used or disclosed for healthcare purposes, with the healthcare recipient’s consent, in response to a court order or an order by a judicial officer, to respond to public health or safety threats, for medical indemnity claims, or in order to operate the My Health Record system.
Any unauthorised collection, use or disclosure of this information will continue to be subject to criminal and civil penalties – up to two years’ imprisonment and/or up to $126,000 for an individual (up to $630,000 for bodies corporate).
FINANCIAL IMPACT STATEMENT
There will be no net cost to implement the changes made by this Bill.
……..
Clause 1 – Short title
Clause 1 provides that the My Health Records Amendment (Strengthening Privacy) Bill (the Bill), once enacted, will be cited as the My Health Records Amendment (Strengthening Privacy) Act 2018.
Clause 2 – Commencement
This clause specifies that the amendments made by the Bill will commence the day after Royal Assent of the Bill.
Clause 3 – Schedule
Each Act that is specified in a Schedule to this Bill is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item has effect according to its terms.
SCHEDULE 1 – AMENDMENTS
Schedule 1 amends the My Health Records Act 2012 (MHR Act).
Item 1 Section 5 (definition of enforcement body)
As a result of changes made by items 13 to 16, the term enforcement body is no longer used in the MHR Act so item 1 removes the definition.
Item 2 Section 17 (heading)
One of the functions of the System Operator is to operate the National Repositories Service to store key records that form part of a healthcare recipient’s My Health Record (paragraph 15(i) refers).
Given the distributed nature of the My Health Record system – that is, to draw information from participating repositories – the National Repositories Service ensures that there is capacity to store a minimum critical set of a healthcare recipient’s health information. This includes shared health summaries, event summaries, discharge summaries, specialist letters and healthcare recipient-only notes.
Section 17 currently requires that the System Operator retain any record uploaded to the National Repositories Service, which includes health information that is included in a healthcare recipient’s My Health Record, until 30 years after the healthcare recipient dies. If the date of death is unknown, the System Operator is required to retain the record until 130 years after the healthcare recipient’s date of birth.
The operation of subsection 17(1) ensures that registered repositories are not required to comply with the retention requirement. Those entities are already subject to Commonwealth or state or territory laws regarding the retention of health information.
As a result of the changes made by items 5 and 6, item 2 amends the heading of section 17 to recognise that it now deals with the destruction as well as retention of records in the National Repositories Service.
Items 3 to 4 Section 17
As a result of changes made by items 5 and 6, items 3 and 4 will insert subheadings into section 17 to distinguish between the requirement to retain records and the requirement to permanently destroy records.
Item 5 At the end of paragraph 17(2)(b)
Subsection 17(2) currently specifies the length of time a record uploaded to the National Repositories Service, which includes health information that is included in a healthcare recipient’s My Health Record, must be retained – either until 30 years after the healthcare recipient’s death or, if that date is unknown, until 130 years after the healthcare recipient’s date of birth.
Section 17 does not currently distinguish between whether a healthcare recipient is registered or not – that is, it currently sets out retention requirements regardless of whether a healthcare recipient is still registered with the My Health Record system, or has cancelled their registration.
Item 5 means that if a healthcare recipient has requested that the System Operator cancel their registration with the My Health Record system, the System Operator must permanently destroy the record in accordance with the time frames in new subsection 17(4).
Item 6 At the end of section 17
Item 6 inserts new subsections 17(3) and (4) which impose a requirement on the System Operator to permanently destroy any record uploaded to the National Repositories Service, which includes health information that is included in a healthcare recipient’s My Health Record, if that healthcare recipient has requested that the System Operator cancel their My Health Record.
Subsection 51(1) provides that a healthcare recipient who has been registered for a My Health Record under section 44 or subclause 3(1) of Schedule 1 can request that the System Operator cancel their registration (i.e. cancel their My Health Record). The System Operator is required to cancel the healthcare recipient’s registration if such a request is made.
In some circumstances – primarily for legal proceedings or investigation by a statutory body where a court order or an order by a judicial officer has been issued, or is otherwise authorised by the MHR Act to collect the information – it would not be permitted to destroy relevant records. For this reason, new subsection 17(4) specifies that the System Operator will be required to permanently destroy a healthcare recipient’s record as soon as practicable after:
- the decision to cancel the healthcare recipient’s registration with the My Health Record system – in practice, permanent deletion of a record will occur in 24 to 48 hours, depending on when the request is made to cancel the registration and when processes to remove data from across the system are scheduled to occur; or
- if one of the things in new paragraph 4(b)(i) to (iii) applies, the conclusion of the matter referenced in those paragraphs.
New paragraphs 17(3)(a) to (c) enable the System Operator to retain some identifying and administrative information – namely, the name and healthcare identifier of the healthcare recipient, and name and healthcare identifier of the person who requested cancellation of the healthcare recipient’s registration if applicable (for example, an authorised representative may manage the healthcare recipient’s My Health Record for them) and the date of cancellation. This is not health information. Retaining this information is necessary for the System Operator to fulfil its functions and, among other things, assure healthcare recipients that their request to cancel their registration in the My Health Record system has been actioned.
The requirement to permanently destroy health information held in the National Repositories Service will apply to the health information of any healthcare recipient who has cancelled their My Health Record since the system began operating on 1 July 2012, unless they have re?registered by the time these amendments take effect (item 17 refers).
This requirement will not affect health information about a healthcare recipient that is held in other repositories – for example, Medicare claims information would continue to be held by the Chief Executive Medicare in accordance with their responsibilities.
Item 7 Section 63 (note)
Section 63 currently authorises participants in the My Health Record system to collect, use and disclose health information in a healthcare recipient’s My Health Record for the purpose of operating the My Health Record system. A prime example of the use of this authorisation is where the System Operator, in order to compile information and present a My Health Record to a healthcare recipient at a point in time, requests registered repository operators to disclose the healthcare recipient’s information to the System Operator.
The note to this section informs readers that the System Operator may request information from participants for the purposes of section 69 or 70.
Item 7 inserts into this note a reference to new section 69A (item 12 refers) to inform readers that the System Operator may also request information from participants for the purposes of section 69A.
Item 8 Subsection 65(1)
Section 65 currently authorises participants in the My Health Record system to collect, use and disclose health information in a healthcare recipient’s My Health Record if that action is authorised or required by another Australian law.
To reduce the scope of other laws that may authorise or require a participant to collect, use or disclose health information in a healthcare recipient’s My Health Record, and therefore strengthen privacy, item 8 amends section 65 to provide that only those laws specified by new subsection 65(3) (item 10 refers) may authorise collection, use and disclosure of My Health Record information.
Item 9 After subsection 65(1)
Item 9 inserts a note to section 65 to inform readers that no state or territory laws are specified by new subsection 65(3) (item 10 refers). This means that no state or territory laws can authorise or require a participant to collect, use or disclose health information in a healthcare recipient’s My Health Record.
Item 10 At the end of section 65
Item 10 inserts new subsection 65(3) which specifies the laws that may authorise or require a participant to collect, use or disclose health information in a healthcare recipient’s My Health Record. This effectively limits the laws that can affect the operation of the My Health Record system.
It allows the Auditor-General, the Ombudsman and the Information Commissioner to carry out their respective obligations to ensure the System Operator has not breached the privacy of an individual’s My Health Record or failed to action an individual’s request to cancel and therefore delete their My Health Record.
Any other entity that seeks to obtain health information in a healthcare recipient’s My Health Record would need to do so under section 69 or 69A – that is, they would require a court order or an order from a judicial officer.
If other laws are identified in future that should be recognised by section 65 – that is, that should authorise or require an entity to collect, use or disclose health information in a healthcare recipient’s My Health Record – the new subsection does not provide a regulation?making power so amendments to the MHR Act would be required.
All other laws currently in force that may authorise or require the collection, use or disclosure health information in a healthcare recipient’s My Health Record will no longer have effect insofar as they relate to the collection, use or disclosure of My Health Record information.
Item 11 Section 67 (note)
Section 67 currently authorises a healthcare recipient to collect, use and disclose health information in their My Health Record for any purpose.
The note to this section informs the reader that if their My Health Record is cancelled, their access to this information (through the My Health Record) will be limited. This reflects that although a healthcare recipient would no longer have a My Health Record through which to view their information, some limited information would be retained by the System Operator in accordance with section 17.
Item 11 amends this note to reflect the changes made by items 5 and 6 to reference the amended requirements of section 17. In effect, if a healthcare recipient has requested to cancel their registration in the My Health Record system, their My Health Record will be permanently deleted and, as a result, there will be no health information in the system for them to collect.
Item 12 After section 69
Item 12 inserts new sections 69A and 69B to reflect the announced policy of the Australian Government that no My Health Record information will be released to law enforcement agencies or government bodies without a court order.
The use and disclosure of health information in a healthcare recipient’s My Health Record by the System Operator to an enforcement body (as defined by the Privacy Act 1988) for certain enforcement-related activities is currently authorised under section 70. However, as a result of item 13, that specific authorisation has been removed.
In its place, new section 69A expressly requires an order by a judicial officer in order for the System Operator to disclose health information in a healthcare recipient’s My Health Record to certain bodies.
New subsection 69A(5) enables an agency or state or territory authority (as defined by the Privacy Act 1988) to apply to a judicial officer (a magistrate of a state or territory, or a judge of a court created by the Parliament) for an order for the disclosure of health information in a healthcare recipient’s My Health Record.
New subsection 69A(6) specifies the conditions in which a judicial officer may make such an order – that is, the body (referred to as a “designated entity”) must satisfy the judicial officer (by oath or affirmation) that:
- the body has power under a Commonwealth, state or territory law to require a person to provide information or its officers are authorised to execute warrants (new subsection 69A(7) refers);
- the body has exercised or purported to exercise that power – this takes account of the operation of amended section 65;
- the disclosure of the requested information to the body is reasonably necessary for the body to carry out its functions, such as to enable the body to “investigate”, “assess” or “audit” a matter or circumstances in accordance with its duties;
- the body cannot otherwise obtain the requested information – this recognises that most of the information in a healthcare recipient’s My Health Record is sourced from other repositories so could be sought from those other sources; and
the disclosure of the information would not, on balance, unreasonably interfere with the healthcare recipient’s privacy.
New subsection 69A(7) provides that the judicial officer must not make the order unless the body requesting the information has provided any further information requested by the judicial officer concerning the grounds on which the order is being sought.
If the judicial officer makes an order for the System Operator to disclose health information in a healthcare recipient’s My Health Record, the order must identify the healthcare recipient, describe the information to be disclosed, authorise officers of the designated entity to obtain the information from the System Operator, specify the date the order ceases to have effect (no more than six months), and specify the purpose of the order.
If the System Operator receives such an order it must disclose health information in a healthcare recipient’s My Health Record to the specified body.
In accordance with other authorisations under Division 2 of Part 1, the System Operator must make a record of any disclosure, and cannot use or disclose healthcare recipient-only notes.
Section 69A does not relate to the disclosure of information to a court, tribunal or coroner – such disclosures are already authorised by section 69. Section 69A does not authorise other participants in the My Health Record system to disclose My Health Record information.
While this authorisation is no longer limited to enforcement bodies, it removes any doubt that government bodies (except the Auditor-General, Ombudsman or Information Commissioner which are authorised under section 65) and law enforcement agencies can only obtain My Health Record information using an order by a judicial officer.
New section 69B sets out the arrangements for state and territory magistrates, and judges of a court created by the Parliament, to perform this function.
- In the case of a judge of a court created by Parliament, the judge must give consent to be nominated, and be nominated by the Attorney-General. New subsection 69B(3) makes clear that a nomination of this kind is not a legislative instrument for the purposes of the Legislation Act 2003.
- In the case of a state or territory magistrate, the Governor-General may make arrangements with the Governor of a state, with the Chief Minister of the Australian Capital Territory and with the Administrator of the Northern Territory in respect of the performance of the function by a magistrate of that state or territory.
Item 13 Section 70 (heading)
As a result of changes made by items 14, 15 and 16, section 70 will no longer relate to the use and disclosure of My Health Record information for law enforcement purposes and will only relate to use and disclosure of this information in relation to unlawful activity. Item 13 therefore amends the heading of section 70 to recognise this.
Item 14 Subsections 70(1)(and (2)
Subsections 70(1) and (2) currently authorise the System Operator to use and disclose health information in a healthcare recipient’s My Health Record to an enforcement body (as defined by the Privacy Act 1988) for certain enforcement-related activities. Item 14 repeals these subsections and new section 69A provides a significantly reduced form of this authorisation, with significantly strengthened privacy protections.
Item 15 Subsection 70(3)
No health information will be released to a law enforcement agency or government body without a court order or an order by a judicial officer.
Subsection 70(3) currently authorises the System Operator to use and disclose health information in a healthcare recipient’s My Health Record if:
- the System Operator suspects that unlawful activity relating to the System Operator’s functions may have occurred, is occurring or may occur; and
- the System Operator believes the use or disclosure of this information is needed in order to investigate that unlawful activity or report it to the relevant persons or authorities. Since the unlawful activity must relate to the functions of the System Operator (such as operating a system of registration of healthcare recipients and participants), any investigation or reporting is limited to that activity.
Item 15 makes changes to provide that the System Operator remains authorised to use health information in a healthcare recipient’s My Health Record if the System Operator suspects unlawful activity relating specifically to the System Operator’s functions is occurring.
Item 16 After subsection 70(3)
No health information will be released to a law enforcement agency or government body without a court order or an order by a judicial officer.
This item inserts new subsection 70(3A) to provide that if the conditions specified in subsection 70(3) are satisfied (i.e. that there may be unlawful activity occurring specifically relating to the System Operator’s functions and information is necessary for investigation or reporting purposes), the System Operator is authorised to disclose to the relevant persons or authorities a minimal amount of information to enable the person or authority to identify the matter or concerns in order to take action. This information would only be on the substance of any suspected breach of privacy, not health information.
Allowing such a disclosure ensures the System Operator can continue to meet its obligations to protect the privacy and integrity of the My Health Record system and individual record holders.
If the person or authority seeks to obtain health information in a healthcare recipient’s My Health Record, they would need to do so under section 69 or 69A.
This reflects the announced policy of the Australian Government that no My Health Record information will be released to law enforcement agencies or government bodies without a court order.
An example in which the System Operator may rely upon this authority is if the System Operator suspects that an employee is using their access to the My Health Record system to blackmail someone with knowledge of information contained in that person’s My Health Record. The System Operator would notify the Australian Federal Police (AFP) of the suspected activity and the name of the person being blackmailed to allow the AFP to investigate the matter. Were the AFP to form a view that My Health Record information was necessary, they would need to apply for an order under new section 69A (item 12 refers).
Item 17 Application of amendments
The amendments made by items 4 and 5 – to require the System Operator to permanently destroy health information held in the National Repositories Service if a healthcare recipient has cancelled their My Health Record – will apply to the health information of any healthcare recipient who has cancelled their My Health Record since the system began operating on 1 July 2012, unless the healthcare recipient re-registered before the amendments in the Bill commenced.
Problems are already being highlighted with the deletion provisions to the effect that as an individual’s health record will be spread over multiple files to safely delete data from a backup would probably require downloading the back-up to another version of the operational system, restoring the data, deleting the data all the while ensuring the balance of the back up data retains its integrity. In deleting a complete record if there is an accidental deletion then it can’t be retrieved.