The following appeared today – March 2, 2010.
Medicare privacy breaches shake heathcare identifier legislation
From: The Australian
March 02, 2010 12:00AM
REVELATIONS that Medicare Australia has investigated 1058 employees for possible unauthorised access to client records in the past three years may rock a Senate inquiry into the controversial Healthcare Identifiers Bill.
The bill has been dogged by concerns over patient privacy raised by consumer health, privacy and technology advocates.
Australian IT uncovered evidence that 948 staff out of a total 5887 employees were being tracked via an Unauthorised Access database as at June 30, 2009 for apparently snooping among client files without a valid reason.
But a Medicare spokesman has disputed the one-in-six figure provided to the federal Privacy Commissioner in a statutory report, saying that by December 2009, 1058 cases had been investigated since surveillance started in November 2006. "Of these, 54 per cent were found to be unauthorised access, although about 30 per cent of these cases involved staff accessing their own record," the spokesman said.
"About 43 per cent were found to be legitimate access, and investigations are still in progress in relation to the other 3 per cent."
It is understood the internal surveillance system was introduced as part of a Medicare crackdown on privacy breaches.
Health Minister Nicola Roxon has been relying on Medicare's reputation as a secure handler of Australians' personal information as it prepares to launch a nationwide Healthcare Identifier service from July 1 -- provided enabling legislation is passed in time.
But the unexpected news of snooping by Medicare staff has set off alarm bells.
"These figures suggest hundreds or thousands of patient records may have been accessed without authorisation over the past few years," says Australian Privacy Foundation health spokeswoman Juanita Fernando.
"Healthcare authorities have always claimed Medicare staff respect people's privacy yet the federal government is currently considering a bill that extends `birth to grave' access to the private information of all Australians to an additional 600,000 individuals."
Dr Fernando said it was perplexing that health authorities had not provided details of alleged data breaches at a time when "HI bills that further reduce our privacy rights are before parliament".
The full article is here:
What to say? At first glance it looks like Medicare Australia needs a full blown ‘cultural renovation’ before getting involved in the HI Service and the planned Electronic Health Records Service. They are certainly not up to it at present and won’t be for a while I would suggest.
The clear implication of all this is that we must see and be confident in all the governance arrangements for the HI Service and what may follow before we pass legislation that does not provide the public with some real protections against such ‘snooping’.
To not fix this will be a nail in the coffin of e-Health more generally as it will have a major impact on public trust.
Looks like a little more work on the HI Service Legislation submission is needed!