The following appeared in The Australian the day before yesterday.
- OPINION: Juanita Fernando
- From: The Australian
- March 06, 2010
WE'RE told that from July 1 the federal government will issue every citizen with a cradle-to-grave healthcare identifier number. By virtue of this new numbering program, more than half a million health workers will routinely use and disclose the HI and linked information gathered from many sources. This proposal creates extensive risks to privacy.
The HI is a 16-digit identity number that's linked to your Medicare number. It's like a virtual key to your personal and health information. A healthcare provider individual will use the Medicare number to access data stored about you.
You may wonder what that information will be. So does the Australian Privacy Foundation. Since 1987 it's been the country's leading public interest advocacy organisation, focusing specifically on privacy.
The APF has made many attempts to communicate with the National E-Health Transition Authority and the Department of Health and Ageing on the succession of e-health initiatives during the past few years. However, both agencies have avoided engagement with privacy advocates. Contrary to their claims, consultation with consumer advocacy groups about the HI scheme has emphatically not taken place.
At the moment, the HI will be linked to your name, birth date and address, unless more details, such as order of birth, are required to make a positive identification. Patients and consumers will need to identify themselves by verifying the information when visiting or telephoning a health service, or perhaps a Medicare office.
The first time many patients discover the HI will be at the GP's reception desk when their identity is checked.
The HI system -- as described in the Healthcare Identifiers Bill 2010 and Healthcare Identifiers (Consequential Amendments) Bill 2010 before parliament -- is self-defeating.
That's because it could facilitate medical error as clinicians depend on a potentially unreliable number to ensure a patient's identity for health care. That's the direct opposite of government assertions about the HI's capacity to make people well.
Under clauses 18 and 23 of the bill, from July 1 consumers will have to work through a third-party service operator, Medicare, to access the personal information linked to their HI, presenting yet another point at which sensitive personal data may leak.
As reported this week in The Australian, documents published by the Office of the Privacy Commissioner show several hundred Medicare staff were suspected of unauthorised access to patient records in 2008 and 2009. The HI scheme will extend the number of people with access to such information by more than half a million.
The HI database will be the most accurate and up-to-date list of the names and former names, dates of birth, addresses and former addresses, and birth order -- including that of twins, triplets and so forth -- of Australians.
But the lack of real-life, large-scale trials of the system before implementation means that we can't measure or control the impact of growing levels of medical identity theft and other information breaches on the database.
There's nothing in the HI bills that requires a record to be kept of each time a service provider makes a disclosure of a healthcare identifier. The bills don't specify security obligations for anyone storing or in possession of an HI or associated personal information.
Electronic systems will always require human input. But if something goes wrong, those devising the system will be indemnified.
This despite the fact that no data set is absolutely clean. No information system is completely secure. Errors will creep into the national database linked to one's HI, if indeed they aren't already present. It's essential that the HI bills be amended to ensure that, from the outset, consumers can check their personal data. Even if penalties for misusing patient information are available, they'll be completely ineffective if consumers don't know what's stored.
Juanita Fernando is the academic convener, BMedSc (Hons), medicine, nursing and health sciences at Monash University; she is on the health subcommittee of the Australian Privacy Foundation and a councillor with the Australasian College of Health Informatics.
There is more available on the APF’s views here:
It is worth noting the APFs views as they are very vigilant on such matters.
I find it interesting that the Office of the Victorian Privacy Commissioner raises a number of major concerns.
Her concerns on data quality of the core data being used to create the IHI I find useful.
Whereas the Office of the Federal Privacy Commissioner seems to be ‘relaxed and comfortable’
I do have to say however that allocation of $500,000 for two years to monitor a program of this scale and complexity would seem to be a little fatuous. With on-costs etc that is only 4-5 people to keep an eye on a system which concerns all of us!
The case for not undertaking decent scale piloting and testing I see as utterly unarguable. (And it now seems NEHTA agrees – thank heavens!)