Our reference: D2017/001310
Strategic Policy Branch
Health Systems Policy Division
Department of Health
Via email: email@example.com
Dear Genomics Secretariat
National Health Genomics Policy Framework
Thank you for the opportunity to comment on the Department of Health’s consultation draft of the National Health Genomics Policy Framework (draft framework).
The draft framework aims to provide a consistent, national and strategic view for integrating genomics into the Australian healthcare system. It acknowledges a number of policy issues and challenges, including privacy, which need to be addressed in order to realise the benefits of genomic research and analysis.
My comments below consider the placement of ethical social and legal issues as an overarching priority in the draft framework. I also outline our experience and role in regulating the use of personal information, including health information, for the purposes of research, innovation and big data activities.
Ethical, social and legal issues as an overarching priority in the draft framework
The draft framework recognises that the need to balance confidentiality with access to data is fundamental to building and maintaining public trust and confidence. The consideration of ethical, social and legal issues – including privacy – is therefore identified as an overarching priority in the draft framework.
As genomics necessarily involves the management and analysis of large amounts of sensitive health information, privacy must be a central consideration. Good privacy practice and governance are increasingly recognised as essential elements for the success of new data-related activities and I appreciate the careful consideration that has been given to privacy issues in the draft framework.
Ensuring that privacy concerns, risks and mitigation strategies are meaningfully considered, prioritised and addressed in the design of policies and frameworks from the outset means that community expectations are more likely to be met. This can help establish a social licence for using and sharing data in innovative and publicly beneficial ways, such as to provide more ‘person-centred healthcare’ and empower patients to make informed healthcare decisions. The draft framework recognises this and provides that ‘the framework is an important step towards building assurance that appropriate safeguards exist to support individual and population level engagement in the system.’
In response to the question raised, I consider the placement of ethical, social and legal issues as an overarching priority in the draft framework essential to establishing public trust and confidence in the way genomic and other health data is used and handled.
Promoting a balance between access to data and privacy
As the national privacy regulator, my Office has a wealth of experience in providing advice and guidance to enable government agencies and organisations to facilitate access to and innovate with data, while minimising the risks to privacy. This includes balancing the privacy protection of health information, while ensuring its availability and use for medical research and clinical decision making.
My Office continues to emphasise the need for good privacy management and a privacy-by-design approach to innovative use of data and is developing and continuing to update resources in the area of data analytics. For example, in 2017 we will publish our Guide to big data in the context of the Australian Privacy Principles, which aims to facilitate big data activities while protecting personal information. In addition, we are revisiting our guidance on de-identification in coming months. De-identification has the potential to be a privacy enhancing tool that facilitates access to data and data sharing, unlocks the potential of big data, and supports the Internet of Things. While these resources are not specific to health and medical research, they suggest an approach that can assist entities involved in the field of genomics to facilitate access to and innovate with data, while minimising the risks to privacy.
I trust that these comments are useful to the Department of Health and we would be pleased to provide further information. If you have any questions, please contact Sarah Ghali, Acting Director, Regulation and Strategy Branch, on [contact details removed].
Timothy Pilgrim PSM
Australian Information Commissioner
Australian Privacy Commissioner
9 March 2017
 As outlined in the draft framework under the Overarching Priority and Priority Area 6.
 One tool which can help ensure that privacy issues are meaningfully addressed from the beginning of a project or policy is a Privacy Impact Assessment (PIA). A PIA is a systematic assessment of a project that identifies the impact that a project might have on the privacy of individuals and sets out recommendations for managing, minimising or eliminating that impact.
 Question 19 of the draft framework.
 Over the last year, the Office of the Australian Information Commissioner has been involved in a number of government reviews and initiatives relating to the use of data. This includes, for example, the Productivity Commission’s Data Availability and Use Inquiry, which is investigating ways to improve the availability and use of public and private sector data.
 For example, under sections 95 and 95A of the Privacy Act 1988 (Privacy Act), the Information Commissioner has approved two sets of legally binding guidelines, issued by the National Health and Medical Research Council, which relate to the handling of health information for research purposes without individuals’ consent. The Information Commissioner has also approved the section 95AA guidelines, which specify the requirements that must be met by health practitioners if they choose to use or disclose genetic information without patient consent.
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org