A week or so ago a quiet bit of regulation making occurred in the Federal Parliament. The following regulation was tabled under the Ministerial Authority of Senator Chris Ellison.
Here is the title of the Direction.
Medicare Australia (Functions of Chief Executive Officer) Amendment Direction 2007 (No. 2)
Medicare Australia Act 1973
I, CHRISTOPHER MARTIN ELLISON, Minister for Human Services, make this Direction under paragraph 5 (1) (d) of the Medicare Australia Act 1973.
Dated 8 August 2007
CHRISTOPHER MARTIN ELLISON
The full text is downloadable from here. (It is only a page or two in .pdf format and well worth a read)
In plain language what this does is, without any contestability or assessment of value for money, have Medicare Australia scope, develop, build and test the NEHTA UHI (as defined in the regulation).
It also authorises them to make a copy of the two key identity databases supported by Medicare Australia (as defined in the .pdf file - essentially the client and the provider databases) and use them to provide an identity service.
This is really an amazing thing to be authorised. What seems to have happened is the despite the prohibition in the Commonwealth Privacy Act (2000) of personal information being used for purposes other than for which it was collected by Government Agencies it has been decided that information that was collected to enable Medicare benefits to be paid is to be used to operate the NEHTA UHI.
The implications this has for the trust the population will have in Medicare Australia to keep their private information private must be profound.
There are all sorts of questions this authorisation raises – such as:
1. Are the Consumer Directory Maintenance System and the Provider Directory System operated by Medicare Australia ‘fit for purpose’ in the role of electronic health record identification and linkage? (I think not).
2. How are those whose information is on this copy of the register able to see what is held and how accurate it is?
3. How will this information be protected from un-authorised or unwanted disclosure or look up. It seems every healthcare provider in the country will be able to search the customer data-base to find an associated UHI – this is a really terrible idea and will have victims of domestic violence and the like just terrified?
4. How are the Medicare and UHI data-bases going to be kept in synch as one or the other is updated? If a ‘snapshot’ of the databases is taken – how will the data’s currency be maintained into the future?
5. Where is the Privacy Impact Assessment that validates this approach?
6. Who is going to be responsible if there is a security breach or someone’s details are released and an individual is damaged or harmed. Is it the private company NEHTA or the Government through Medicare Australia?
7. Who is actually going to run the proposed service – NEHTA, Medicare Australia or someone else? Does anyone else notice a certain irony in a private company contracting a Government Agency for the delivery of services – as seems to be the case?
8. Why is such a potentially privacy destructive regulation just slipped through the House of Reps and the Senate with no public announcement etc?
It seems clear to me this proposal represents the health identifier you have when you are not prepared to pay for an identifier that one can be sure is fit for purpose in terms of safety and integrity.
Frankly this is a disaster in my view and should be aborted before it even gets started. If we are to have a UHI service (and I think it is vital) it should be based on privacy and security protections that are appropriate for clinical record linkage.
David.
Note: Comprehensive coverage on the basics of this issue is found in an article by Karen Dearne in the Tuesday Australian IT section of 28th August, 2007. This can be seen on line at the following URL.
http://www.australianit.news.com.au/story/0,24897,22318001-5013040,00.html
Ellison unlocks Medicare databases
Karen Dearne | August 28, 2007
MEDICARE patient and provider databases will be the key sources of a healthcare identifier regime being introduced to support a shift to e-health programs.
Records belonging to 99 per cent of Australians are contained in Medicare's Consumer Directory Maintenance System, considered to be the most up-to-date and accurate government repository of personal information.
Although the law prevents the use of Medicare data for other purposes, Human Services Minister Chris Ellison has unlocked access via a legislative amendment tabled in Parliament on August 16.
Senator Ellison has authorised Medicare's chief executive to enter into a contract with the National E-Health Transition Authority and provide resources in support of the Unique Healthcare Identifier program.
Progress on the individual, healthcare provider and health organisation directories was flagged by NEHTA chief executive Ian Reinecke at MedInfo 2007 in Brisbane last week.
Dr Reinecke said NEHTA had established an operational governance model for contracting a universal identifier services operator, expected to be Medicare Australia.
….. (see URL above for full article)
D.
2 comments:
You say "It also authorises them to make a copy of the two key identity databases supported by Medicare Australia".
What are the copies to be used for?
Presumably to be massaged in what ever way is required to be used to provide the Identity Service.
There would probably need to be some 'data cleansing' before the data could be used I would imagine but we don't have the details yet.
What is not clear is why the actual registers can't be used directly - to avoid all sorts of maintenance issues.
However the regulation says 'copy personal information' but does not say where to - which is a worry.
David.
Post a Comment