As reported in the last 24 hours we now have had the Inquiry and have the Report from the Senate on the Healthcare Identifiers Bills (2010).
The Bills has already passed the House of Representatives:
While it is clear the Labor Government is happy to pass the Bills in their present form the same is by no means clear as far as the Coalition is concerned.
The Opposition has a pretty strong position in the Senate and these sections of their Minority Report make one feel they may really want some changes (from a principled perspective I believe).
Especially these three areas appear to be of concern to the Opposition. (Quoted from the report).
Stand alone provisions
During the course of the inquiry, the Department of Health and Ageing indicated that this legislation was intended to stand alone as purely establishing the Health Identifiers and not for any future purposes.
The Bill does not achieve this given the various provisions that defer provisions for inclusion in regulation, for example; clauses 9, 21 and 22.
In relation to clause 9 (1) - It is recommended that the classes of healthcare providers be included in the Bill as a schedule.
In relation to Clause 9 (5) - The Bill should prescribe the requirements for assigning a healthcare identifier.
In evidence, Mr Lou Andreatta, Acting First Assistant Secretary, Primary and Ambulatory Care, Department of Health and Ageing said: "The e-health strategy is a sequential strategy. The building blocks need to be in place before we look at what products or functionality can be rolled out in the future. The emphasis has been on getting those building blocks in place – the secure messaging, the identifier service." (Hansard, March 10, 2010 CA22)
These comments are surprising given the staggering amount of funding that have been allocated to e-health since its inception. Indeed, it reaffirms the concerns raised by Coalition Senators during the hearing as to the Department's ability to deliver such a major project.
Furthermore, while implementers may have a clear view of the extent of the intended roll-out, the proposed legislation, with its "building block" strategy, could be used as the basis for the roll-out of further products or functionality. This serves as a warning that, when implemented, this strategy could be used for other purposes.
Parliamentary scrutiny to address ‘function creep’
Under the Healthcare Identifiers Bill, health information may be disclosed for other purposes not detailed in the Bill, where that disclosure is ‘authorised under another law.’ This means that it might be authorised by other commonwealth, state or territory legislation, or even by any regulations or other legislative instruments made under such laws.
The Coalition believes that where other agencies seek access to the Individual Healthcare Identifier (IHI) or any information attached to it, the access to such information should not be granted automatically by virtue of other commonwealth legislation, regulations or state or territory legislation, but only if authorised by express amendments made to the principal Bills. This will ensure that the Commonwealth Parliament retains direct oversight and responsibility for any increase in the entitlement to access information by government agencies.
To that end the Coalition proposes that clause 15 (2)(b) and clause 26 (2)(b) of the Healthcare Identifiers Bill be deleted. On that basis, the provisions of Clause 19 (2) (b) (ii) should be reviewed.
Coalition Senators note that this view is consistent with the Privacy Impact Assessments (PIAs) undertaken into the Bills and the view of the Australian Privacy Foundation.
In evidence, Dr Juanita Fernando, Chair of the Health Subcommittee of the Foundation said the proposed new system was "worse than the current system, because the health identifier is going to provide a way to index all of that ([personal health care) information. So whereas previously I might have breached information security at some hospital somewhere and I then had to find out how I could get that person's individual records from all the various departments – their tax records, their surgical records, their outpatient records and so on and so forth – with the HI I have got the key to all of that information." (Hansard, March 10, 2010 CA2)
Dr Fernando also said: "So it is important that there be penalties or some ways of ensuring that information security breaches are slated home to the people who created the environment in which patient care is operating. The health identifier bill actually indemnifies servants of the Crown. If the health identifier bill is such a robust bill, then it is interesting that servants of the Crown are indemnified…Although the legislation contains penalties for individuals who commit information fraud or who use information for purposes other than those intended by the health identifier bill, because consumers do not have direct access to that health identifier how are they going to know that their information has been breached?"(Hansard, March 19, 2010 CA3).
Patient control of Individual Healthcare Identifier
Under the Bills the allocation of the Individual Healthcare Identifier (IHI) is compulsory. The health care recipient neither requests nor agrees to its provision, and may not even be aware that an IHI has been allocated to them. Moreover, there is nothing in the bills to prevent access to health services being made conditional upon the allocation of a number or its use.
The Coalition appreciates the importance of ensuring that the benefits of modern health care are available to as many citizens as possible. It thus supports the Bill’s intention to provide an IHI to all Australians. However, the Coalition also recognises that to better safeguard privacy, patients should control their health records.
In balancing these concerns the Coalition believes, therefore, that while providing an IHI, Australian citizens should have the right to ‘opt out’ and not be required to possess an IHI or have their IHI linked to the Department, other Departments or functions within those Departments.
However, importantly, the Coalition believes that the provision of healthcare services must not be made conditional (or de-facto conditional) upon possessing an IHI.
The Coalition notes that the Privacy Impact Assessments (PIAs) conducted into the Bills opposed the compulsory provision of an IHI to Australian citizens.
In evidence, Dr Fernando of the Australian Privacy Foundation said: "..this is going to be the most-up-to-date, well-maintained database of Australians' names, addresses and ages that is in existence at the moment. So this is going to be the richest source of data that exists in Australia at the moment." (Hansard, March 10, 2010 CA2)
Dr Roger Clarke, also of the Australian Privacy Foundation, said the database "represents a honey pot. If you are in organised crime or if you are a kid in a back bedroom with considerable skills who is looking for interesting things to break into, you look for the honey pots that have got substantial amounts of data that could be interesting." (Hansard, March 10, 2010 CA4).
----- End Report Extract.
It seems to me what happens next depends on how seriously the opposition takes these problems – and with Mr Abbott (the Opposition Leader) being ‘oppositional’ – one can only guess. At some point I guess the Shadow Health Minister – Mr Dutton also needs to get into the loop.
The second issue is that time is really short. Here are the sitting days available:
As I read this if not passed in the next 2 days (Wed and Thu) it is held up till the 3 day Budget session in May and then we have the Winter Recess into July.
Even limited ‘mucking about’ on the part of the Opposition is going to delay things big time it appears as even the smallest change then has to go back to the Reps to be agreed.
We do live in interesting times!
It looks like the Senate will debate the Bills after May, 11 2010 - 3rd on the agenda after the CPRS and Education Bills. Hard to know how the Service can start on July 1 with this timetable.