Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Consultation on the Draft Principles for Australia''s Health System; Submission to the National Health and Hospitals Reform Commission (May 2008)

May 2008 Summary a) The reform agenda for the health system is being developed at the same time as the Australian Law Reform Commission is finalising its inquiry into privacy laws in Australia. The Office of the Privacy Commissioner notes that each agenda shares the common concern of examining the importance of national consistency. This...

pdfConsultation on the Draft Principles for Australia's Health System; Submission to the National Health and Hospitals Reform Commission (May 2008)

May 2008

Summary

a) The reform agenda for the health system is being developed at the same time as the Australian Law Reform Commission is finalising its inquiry into privacy laws in Australia. The Office of the Privacy Commissioner notes that each agenda shares the common concern of examining the importance of national consistency. This submission highlights the essential place for national consistent health privacy regulation in an effective and efficient health system.

b) The Office notes that many of the draft Principles align with, and in some cases may be underpinned by, good health privacy practice and regulation. This includes principles such as a respectful, ethical system, and shared responsibility, and shows that a key building block to an effective and efficient health system is the existence of robust and consistent privacy protections.

c) Individuals view their health information as particularly sensitive, and expect that it will be handled carefully. This is supported by the Office's own community attitude research, which is cited in this submission. The inappropriate handling of health information could lead to individuals being discriminated against, including for employment, housing and insurance purposes.

d) Similarly, individuals may suffer hurt and embarrassment if the mishandling of their personal health information leads to marginalisation or stigmatisation. Personal and familial relationship could be damaged by the disclosure of health information that the individual understood would remain private.

e) As a consequence, if individuals do not believe that their personal health information will be treated privately, they may avoid treatment or withhold information that may be crucial to their clinical care.

f) As well as affecting the health of the individual, this absence of trust could also have broader public health consequences, particularly where a condition is contagious or could be linked to causal environmental factors that may otherwise be able to be mitigated.

g) Similarly, the efficient delivery of health services may be hindered where individuals are hesitant to seek treatment at early stages of their condition before their symptoms require more intensive or chronic care.

h) Since privacy regulation was introduced into the Privacy Act 1988 for the private health care sector in 2001, the Office has noted the effectiveness with which the sector has met its obligations under this regulation. This strong compliance record is reflective of the longstanding traditions of confidentiality and ethical practice in the sector.

i) The role of health privacy regulation is to build upon such values to ensure that evolving community expectations remain fulfilled, particularly in an environment where information is increasingly and routinely collected and stored in electronic form.

j) Currently, there are multiple sources of health privacy regulation across jurisdictions, which has resulted in uncertainty for providers and patients, as well as inconsistent protections across state and territory borders, and between the public and private sectors. A key requirement for health privacy regulation is national consistency between jurisdictions.

k) The Office submits that the important role of privacy should be explicitly noted in the proposed principles.

Office of the Privacy Commissioner

1. The Office of the Privacy Commissioner (the Office) is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth) (the Privacy Act), has responsibilities for the protection of individuals' personal information that is handled by Australian and ACT Government agencies, and personal information held by all large private sector organisations, health service providers and some small businesses. The Office also has responsibilities under the Privacy Act in relation to credit worthiness information held by credit reporting agencies and credit providers, and personal tax file numbers used by individuals and organisations.

About this submission

2. The Office welcomes the opportunity to comment on the National Health and Hospitals Reform Commission ('NHHRC') Terms of Reference[1]and Draft Principles for Australia's Health System ('the Draft Principles') (Attachment A).[2] The terms of reference were agreed to by the Council of Australian Governments.

3. The Office notes that the NHHRC was established in February 2008 by the Australian Government to provide advice on the design of Australia's future health system. The Office further notes that the NHHRC is seeking to address the challenges facing the health of Australians by identifying ideas, opportunities, innovations and possibilities for strengthening Australia's health system.

4. This submission will highlight that strong protections for personal health information, applied consistently across the sector, are integral to the effectiveness of the health system.

5. This submission draws on the views expressed previously by the Office, particularly in its submissions to the Australian Law Reform Commission's review of privacy laws in Australia ('the ALRC review'). The report from this review was provided to the Government on 30 May 2008. As part of the ALRC review, the Office made two major submissions, with health privacy regulation featuring prominently in the Office's responses to both its Issues Paper and Discussion Paper.

Privacy Commissioner's responsibilities regarding health information

Privacy principles

6. The Privacy Act regulates how personal information is handled by all private sector organisations with a turnover greater than $3 million, as well as all private sector health service providers, regardless of their size. This regulation is codified in 10 National Privacy Principles ('NPPs').

7. Under the NPPs, health information is classed as sensitive information, carrying higher levels of privacy protection than is the case for other types of personal information.[3]

8. Regulation is also established for most Australian and ACT Government agencies, through 11 Information Privacy Principles ('IPPs'). The IPPs and NPPs establish similar, though not identical, rights and obligations regarding the handling of individuals' personal information.

9. In general, both sets of privacy principles require agencies and organisations to:

  • collect only the information that is necessary for a function or activity;
  • collect the information lawfully, fairly and not intrusively;
  • make the individual aware of how their information will handled;
  • only use or disclose health information for the purpose for which it was collected, unless a specified exception applies, such as where an individual consents, where authorised by law, or where a serious and imminent threat exists to any individual's life or health;
  • take reasonable steps to keep the information secure;
  • take reasonable steps to ensure that information that is collected, used or disclosed is accurate, complete and up-to-date; and
  • afford individuals the right to access and, where necessary, have corrected personal information that is held about them.

10. If an individual believes that a health service provider has breached an NPP in handling their personal information, or that an Australian Government agency has breached an IPP, they can complain to the Privacy Commissioner. In regard to the private health sector, the Commissioner received 113 complaints about private sector health service providers in 2006-07, with the majority of these complaints relating to individuals' requests to access their medical records, or improper use or disclosure of health information.

Guidelines for handling Medicare and PBS claims information

11. In addition to functions concerning compliance with the NPPs and the IPPs, the Privacy Commissioner has a statutory obligation to make legally binding guidelines for how Australian Government agencies may handle personal information collected from claims on the Medicare Benefits Scheme (MBS) and Pharmaceutical Benefits Scheme (PBS).[4] These Guidelines ensure that MBS and PBS claims information is only used and disclosed for limited purposes and in particular circumstances.[5]

12. The Guidelines do not apply to private sector health service providers or researchers.

13. These Guidelines have been revised following a substantial public consultation process, with new Guidelines scheduled to come into effect from 1 July 2008.[6]

Guidelines under sections 95, 95A and 95AA of the Privacy Act

14. The Privacy Commissioner has statutory responsibility to approve guidelines made by the National Health and Medical Research Council under sections 95, 95A and 95AA of the Privacy Act. These guidelines relate to the non-consensual handling of personal information for health-related research (sections 95 and 95A),[7] and the non-consensual disclosure of a patient's genetic information by health service providers to an at-risk relative (section 95AA).[8]

Privacy guidance and advice to the health sector

15. The Office also has a role in providing guidance and advice on the application of the Privacy Act and on health privacy matters generally. In doing this, the Office takes a consultative and facilitative approach to its engagement with the health sector.

16. For example, the Office has recently released a series of five detailed information sheets that address matters that have been raised with it since the NPPs were introduced in 2001. These information sheets were developed following consultation with a wide range of health professional and consumer bodies, and cover: fees that can be charged for patients to access their records;

  • use and disclosure of health information for managing a health service;
  • sharing health information within a treating team;
  • sharing health information with relatives of an incapacitated patient; and
  • denial of access to health information due to a serious threat to life or health.[9]

17. The Office has also recently released seven 'Frequently Asked Questions' for consumer guidance on the same issues as raised in the new information sheets.[10]

18. In its submissions to the ALRC review, the Office has noted the importance of this advisory and educative role. While the private health sector has, in the Office's view, been demonstrably successful in implementing privacy regulation, there remain areas where providers may be uncertain as to their obligations or where the Privacy Act may have been misapplied or misinterpreted.

19. Many of these uncertainties can be resolved through ongoing engagement between the Office and sector. However, as is discussed later in this submission, scope remains for legislative reform to promote national consistency and simplicity in health privacy regulation.

Importance of health privacy

20. Individuals view their health information as particularly sensitive, and expect that it will be handled carefully. The Office's own community attitude research, conducted in 2001 and 2004,[11] supports the view that many individuals feel that their personal health information is particularly intimate and should be handled with sensitivity.

21. Accordingly, strong and nationally consistent health privacy regulation is integral to an effective heath system.

22. The justifications for the importance of health privacy are well established, including that such information could, if handled inappropriately, lead to individuals being discriminated against, including for employment, housing and insurance purposes.

23. Similarly, individuals may suffer hurt and embarrassment if the mishandling of their personal health information leads to marginalisation or stigmatisation. Personal and familial relationship could be damaged by the disclosure of health information that the individual understood would remain private.

24. As a consequence, if individuals do not believe that their personal health information will be treated privately, they may avoid treatment or withhold information that may be crucial to their clinical care.

25. As well as affecting the health of the individual, this absence of trust could also have broader public health consequences, particularly where a condition is contagious or could be linked to causal environmental factors that may otherwise be able to be mitigated.

26. Similarly, the efficient delivery of health services may be hindered where individuals are hesitant to seek treatment at early stages of their condition before their symptoms require more intensive or chronic care.

27. The strong tradition in the health sector of confidentiality and adherence to ethical values reflects the underlying importance placed on the appropriate handling of individuals' personal health information. The role for health privacy regulation is to build upon such values to ensure that evolving community expectations remain fulfilled, particularly in an environment where information is increasingly and routinely collected and stored in electronic form.

Achieving national consistency in health privacy regulation

28. A key issue facing health reform is how to foster national cooperation and consistency between jurisdictions. The NHHRC Terms of Reference include a commitment to:

...address overlap and duplication including in regulation between the Commonwealth and States. 

29. The Office has also recently released seven 'Frequently Asked Questions' for consumer guidance on the same issues as raised in the new information sheets.[12]

30. In addition, NHHRC governance principle 11 (transparency and accountability) states that:

Australians are entitled to regular reports on the status, quality and performance of our whole health care system, both public and private, ranging across the spectrum from primary to tertiary care and at local, state and national levels.

31. Similarly, the need for greater consistency, simplicity and clarity, including between jurisdictions, is a significant concern in health privacy regulation in Australia. This aim mirrors the NHHRC's desire to facilitate greater regulatory harmony in the Australian health care sector.

32. The importance of national consistent health privacy regulation is made greater as the flow of health information between jurisdictions is encouraged and facilitated, whether across state boundaries, or between public and private sector. Health information afforded a certain standard of privacy protection in one jurisdiction, should continue to receive the same level of protection as it flows throughout the health system.

Multiple privacy regimes

33. Currently, health privacy regulation varies across Commonwealth, state, and territory jurisdictions. The Privacy Act applies only to how the private sector and Australian Government agencies handled health information. Some states and territories have health specific privacy regulation, some have administrative arrangements, while others may not offer any formal privacy protections in regard to their public health systems. In addition, some state and territory jurisdictions also regulate private sector providers within that jurisdiction, in addition to the regulation provided by the Privacy Act.

Uncertainty created by multiple regimes

34. The Office has said that this arrangement:

'... creates a major potential obstacle to effective and consistent privacy regulation in the Australian federal system. This may result in consumers not knowing where they should go to resolve issues about their health information. It could also create problems for those covered by the legislation, as organisations will not understand their obligations and the standards they have to meet.'[13]

35. In its submissions to the ALRC review, the Office supported the proposition that national health privacy regulation should clarify that the Privacy Act 'covers the field' for the regulation of Australian Government agencies and private sector health service providers. This would represent a significant step toward reducing possible uncertainty for those bodies.

36. In its discussion paper for its review of privacy, the ALRC proposed that each jurisdiction should enact privacy legislation that is consistent with the principles set out in the Privacy Act. The Office supports the ALRC's proposal, along with the suggestion that the Privacy Act not be extended to cover state and territory public health systems.

37. Accordingly, the Office reiterates its view that strong privacy protections that are implemented consistently across jurisdictions are integral to the effectiveness of the health care system. Given this, the Office submits that the need for consistent regulation of the handling of personal health information should be expressly reflected in the draft Principles.

38. The ALRC also stated that the proposed National Health Privacy Code should not be pursued as a method to promote national consistency in health privacy regulation. As discussed in considerable detail in its submission to the ALRC, the Office does not believe that the proposed National Health Privacy Code is an adequate solution.[14]

Alignment of health privacy with the draft principles

39. The Office notes that many of the draft Principles align with, and in some cases may be underpinned by, good health privacy practice and regulation.

Clear and open communication between patient and provider

40. The Office notes the importance of effective communication in maintaining the relationship of trust between health service providers and patients, and that Australian doctors have been recognised in international benchmarking research for their effective clinical communication skills.[15]

41. Good communication ensures that patient and provider have a shared understanding of how health information will be handled, thus giving the individual a sense of control and ownership, fostering trust and assisting with greater participation in the health system by individuals. As the then President noted in the AMA's Privacy Resource Handbook (2002):

'Aligning patient and doctor expectations better will reduce red tape and the costs of complying with the privacy legislation while maintaining quality patient care.'[16]

42. Similarly, the Handbook For The Management Of Health Information In Private Medical Practice produced by the Royal Australian College of General Practitioners notes that:

'Sharing information is integral to good doctor-patient communication and to high quality care, providing an opportunity for health promotion and for building trust.'[17]

43. Accordingly, while effective clinician-patient communication is essential to good clinical care,[18] the degree to which such practice also aligns with good privacy should not be understated. Openness and mutual understanding can be key elements to ensuring that individuals' personal information is handled in way that an individual expects.

44. The NHHRC's proposed design principle 3 (shared responsibility[19]) aligns with the Office's position that a health consumer should be an informed participant when making privacy choices in their own healthcare and in the context of building on existing relationships of trust.

45. This is similarly the case with draft principle 13 (a respectful, ethical system[20]). The Office notes that neither principle 3 or 13, nor any other principle, appear to clearly recognise the important role that privacy plays in promoting an effective health system.

46. Accordingly, the Office recommends that draft principle 13 should be amended to expressly reflect the importance of ensuring the privacy of individuals' health information in the health system.

New information flows within the health system

47. A number of NHHRC principles may have the potential to affect the way health information of individuals is handled. Proposed design principles 6 (value for money), 7 (providing for future generations) and governance principles 9 (taking the long term view), 10 (safety and quality) and 15 (a culture of reflective improvement and innovation), would seem to have the potential to significantly affect the manner and purposes for which personal health information may flow within the health system.

48. In addition, NHHRC governance principle 15 (a culture of reflective improvement and innovation) proposes that:

The Australian health system should foster innovation, research and sharing of practices shown to be effective and to improve not only the specific services it provides, but also the health of all Australians.  Audit, quality feedback loops and 'Plan, Do, Study, Act' cycles, supported by information and communication technologies, can enable and drive this.

49. Further, NHHRC proposed design principle 6 (value for money) states that:

Pathways to care should be seamless with continuity of care maximised, with systems in place to ensure a smooth transfer of information at each step of the care pathway, making effective use of information technology.

50. The Office recognises the importance of good information management to clinical care and the efficient delivery of services.

51. However, it is important that the handling of individuals' health information continues to afford individuals an appropriate degree of control and choice over how it is used and by whom. The Privacy Act provides a framework for the appropriate handling of health information, including by permitting uses and disclosures where:

  • the use or disclosure is for a purpose directly related to the initial purpose of collection and within the individual's reasonable expectations;
  • the individual consents;
  • the use or disclosure is necessary to lessen or prevent a serious and imminent threat; and
  • required or authorised by law.

52. The Privacy Act also provides mechanisms through the section 95 and 95A process, as discussed earlier, for the handling of personal information for important health-related research where it is not practicable to gain consent.

53. The Office believes that early consultation on the privacy issues affecting complex health reform programs could be critical in helping to shape community confidence in such reforms. Including express references to the role of privacy in the proposed principles would assist in ensuring that it is given adequate consideration as part of wider health reform.

Privacy in an e-health environment

54. The draft principles make a number of references to the potential role of technology in the heath system. In the Office's view, technologies that affect the handling of health information warrant special consideration. Perhaps most significant in this regard is the possible role of electronic health records (EHRs)

Potential benefits of electronic health record systems

55. The Office has previously noted the potential benefits that may accrue to individuals and the broader community through the use of EHRs. Such systems have the potential to deliver financial savings to the health sector as well as facilitating improved electronic linking of health information for clinical and health research purposes in the public interest.

56. EHRs may also improve the efficiency for individual providers by reducing the amount of time they spend obtaining patient information. Most importantly, such systems may improve clinical treatment by enhancing information flows between health service providers.[21]

Privacy challenges raised by EHRs

57. However, the Office has also noted that such systems have the potential to vastly increase the capacity to collect, store, copy, transmit, share and link health information, including in ways not expected by individuals.

58. There is greater potential for health information collected for one purpose, to be used or disclosed for other purposes increasingly unrelated to the reason for which it was initially collected (the 'function creep' phenomenon). This potential is enhanced by the IT-enabled ability to link data from disparate sources, including possibly from beyond the health sector.

59. Given these risks, and the importance of ensuring that EHRs promote trust in the community and allow individuals to retain appropriate control over their personal health information, the Office has previously argued that legislative protections are one important element toward building a robust privacy framework for such systems.

60. The Office has advocated the view that interaction with e-health records systems should operate on an 'opt-in' basis, wherein an individual's consent cannot be implied.[22]Accordingly, for the purpose of such engagements, consent should be defined to be limited to express consent, where an individual makes an active decision to participate.[23]

61. More broadly, the Office has previously suggested that EHR systems should be accompanied by:

'specific establishing legislation...setting out primary uses of data, authority and processes for approval of secondary uses of data, consent processes, penalties and sanctions and complaints mechanisms'[24]

62. If EHRs are implemented by state and territory governments, then they will generally remain outside of the Privacy Act's existing jurisdiction. Significantly though, the Office notes that private sector health service providers that engage with such systems are required to comply with the NPPs.

Unique health identifier

63. The Office has also commented substantively on the proposed unique health identifier, noting the potential benefits that such an identifier may bring.[25]At the same time, in a March 2007 submission to the National E-Health Transition Authority, the Office noted concerns regarding the proposed national UHI.[26]These risks were also expressed in the Office's submissions to the ALRC review, where the Office noted in regard to the proposed searchable database that:

... this database would be a national database of names and addresses of individuals with UHIs. The Office notes that while other similarly large databases exist in Australia, such as those maintained by Medicare Australia and the Australian Taxation Office, what would seem to make this repository unique is the potential for it to be accessible to a large number of users who work in the health sector. In regard to privacy protections, users will interact with the database in different jurisdictions, some of which may have no privacy legislation.[27]

64. Further, the Office has noted in regard to the UHI itself that:

...the challenge for such an initiative is to ensure that such a highly reliable identifier is not usurped for purposes beyond the health system and the clinical care of individuals. If such identifiers were used expansively outside of the health system, particularly in ways the community may be uncomfortable with, then the trust individuals place in the system may be undermined.

65. Proposals such as a national EHR and UHI highlight the importance of ensuring that community trust is maintained, including by getting privacy right in how they are designed and implemented. Failing to establish or maintain consumer confidence has much potential to impact consumer take-up and acceptance of these new technologies, thus challenging their clinical and cost effectiveness.

66. Accordingly, the Office suggest that decisions concerning new technologies that affect health information should not be driven only be 'evidence and cost-effectiveness', as suggested in draft principles 6 and 14, but that the degree to which they maintain (and preferably enhance) privacy should be expressly factored in to consideration.

ATTACHMENT A

Principles to shape Australia's health system[28]

  • People and family centred
  • Equity
  • Shared responsibility
  • Strengthening prevention and wellness
  • Comprehensive
  • Value for money
  • Providing for future generations
  • Recognise broader environmental influences which shape our health
  • Taking the long term view
  • Safety and quality
  • Transparency and accountability
  • Public voice
  • A respectful and ethical system
  • Responsible spending on health, and
  • A culture of reflective improvement and innovation

[1]http://www.nhhrc.org.au/internet/nhhrc/publishing.nsf/content/terms-of-reference.

[2]http://www.nhhrc.org.au/internet/nhhrc/publishing.nsf/content/principles-lp.

[3] 'Health information' is a sub-set of 'sensitive information' both terms are defined in section 6(1) Privacy Act.

[4]Section 135AA of the National Health Act1953 requires the Privacy Commissioner to issue the Guidelines. That section specifies the data to which the Guidelines apply and the areas that the Guidelines must cover. Section 27(1)(pa) of the Privacy Act 1988 says that it is a function of the Privacy Commissioner to issue the Guidelines.

[5]http://www.privacy.gov.au/law/other/medical/#2.8

[6] Information on the review of these Guidelines is available at http://www.privacy.gov.au/, while the revised Guidelines and explanatory statement are at Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs.

[7] The sections 95 and 95A Guidelines are available at http://www.privacy.gov.au/law/other/medical/.

[8] As at May 2008, the NHMRC is developing the section 95AA guidelines following the release of a public consultation draft.

[9] These information sheets are available under 'I' on the 'Publications' page of the Office's website at http://www.privacy.gov.au/materials#I.

[10] These 'FAQs' are available at http://www.privacy.gov.au/faq/health/.

[11] Available at http://www.privacy.gov.au/materials#R.

[12] These 'FAQs' are available at http://www.privacy.gov.au/faq/health/.

[13] Office of the Privacy Commissioner (2003) Annual Report 2002-03, page 29, available at http://www.privacy.gov.au/materials/types/download/8590/6445.

[14] In particular, in its submission on the ALRC's Issues Paper 31, the Office provides a detailed analysis of the lack of equivalent privacy protections provided by the proposed NHPC - see, chapter 8 available at http://www.privacy.gov.au/publications/submissions/alrc/c9.html.

[15] See, for example, Schoen C et al (2004) 'Primary care and health system performance:  Adults' experiences in five countries' Health Affairs 28 October pp.487-503; Department of Health and Ageing (2004) Australian doctor-patient relationship one of the best, 2 November available at http://www.health.gov.au/internet/ministers/publishing.nsf/Content/health-mediarel-yr2004-ta-abb172.htm?OpenDocument&yr=2004&mth=11 

[16] Australian Medical Association (2002) Privacy Resource Handbook:  For all medical practitioners in the private sector, "Foreword" p.iii.  Available at http://www.ama.com.au/web.nsf/doc/WEEN-5PY2FH/$file/Privacy_resource.pdf.

[17] Page 6, available at Handbook for the Management of Health Information in Private Medical Practice 

[18] See, for example, P Greenberg, W Walker and Buchbinder R (2006) "Optimising communication between consumers and clinicians", Medical Journal of Australia 185(6), pp. 246-247, available at http://www.mja.com.au/public/issues/185_05_040906/gree10342_fm.html#0_CACIFAF

[19] The proposed design principle 3 on shared responsibility states in part that health professionals have a responsibility to communicate clearly, to help health consumers understand the choices available and to empower them to take an active role in their treatment in a relationship of mutual respect. 

[20] The proposed governance principle 13 on a respectful ethical system states in part that those working within the health sector must be aware of ethical considerations throughout their training and in their daily clinical practice.

[21] Office of the Privacy Commissioner (2005) Submission on the HealthConnect Business Architecture Version 1.9, available at http://www.privacy.gov.au/materials/types/download/8680/6520

[22] Submission to the Department of Health and Ageing on the HealthConnect Business Architecture, available at http://www.privacy.gov.au/materials/types/download/8680/6520.

[23] The Office discussed its views on consent and SEHRs in detail in its 2005 submission to the Australian Government Department of Health Ageing on the HealthConnect Business Architecture at paragraphs 37-62 available at http://www.privacy.gov.au/materials/types/download/8680/6520.

[24] Office of the Privacy Commissioner (2004) Submission on the HealthConnect Interim Research Report and Draft Systems Architecture para 43 [available at http://www.privacy.gov.au/materials/types/download/8673/6516 ].

[25] See, for example, in the Office's submission to the ALRC Issues Paper 31, chapter 12, available at http://www.privacy.gov.au/publications/submissions/alrc/c12.html#Benefits1.

[26] Available at http://www.privacy.gov.au/materials/types/submissions/view/6752.

[27]http://www.privacy.gov.au/publications/submissions/alrc_72/PartH.html#apr8.

[28] Located at http://www.nhhrc.org.au/internet/nhhrc/publishing.nsf/content/principles-lp