The first report – made public 12 October, 2018 covered the question of passing the Government Legislation to make some changes – the need for warrants and record deletion – and this was agreed as being OK as far as it went.
The Report is titled: Community Affairs Legislation Committee - My Health Records Amendment (Strengthening Privacy) Bill 2018 [Provisions].
The report can be downloaded from this link:
Of most interest were the Labor and Green comments:
Additional Comments by Labor Senators
1.1 While supporting the Committee's recommendation that the bill be passed, Labor Senators note that the Government's changes to the My Health Record Act are woefully inadequate.
1.2 The Minister for Health dismissed inquiries into the My Health Record as a 'stunt'. But the inquiry has revealed a range of serious flaws in the current legislation that are not addressed by the Government’s bill.
1.3 These flaws have been created by the Government’s rushed implementation of an opt-out model. Legislation and settings that made sense in Labor's opt-in model – when informed consent was assured – make no sense under the Government’s opt-out model.
1.4 In contrast to the Government's stubborn refusal to address these flaws, Labor Senators intend to move amendments to this bill to ensure that:
· The My Health Record can never be privatised or commercialised;
· Private health insurers can never access My Health Records, including de- identified data;
· Employees' right to privacy is protected in the context of employer-directed health care, by including a clause similar to s14(2) of the Healthcare Identifiers Act in the My Health Record Act;
· Vulnerable children and parents such as those fleeing domestic violence are protected, by narrowing the definition of parental responsibility; and
· The System Operator (the Australian Digital Health Agency) cannot delegate access to My Health Records to other entities.
1.5 Labor Senators may also move additional amendments in light of ongoing consultations with concerned stakeholders.
1.6 Labor Senators share a range of further privacy and security concerns in relation to default My Health Record settings – for example, regarding automatic uploads and minors aged 14-18. Labor Senators will address these concerns in the separate References Committee report.
1.7 In the meantime, the Government must heed Labor's call to suspend the opt- out rollout until all remaining concerns are addressed and public confidence in this important reform is restored.
Senator Murray Watt Senator Lisa Singh
Senator for Queensland Senator for Tasmania
Senator Kristina Keneally
Senator for New South Wales
Australian Greens Additional Comments
1.1 While not dissenting from the Committee's recommendations, the Australian Greens express caution that this legislation may represent a minor improvement instead of the necessary solution.
1.2 The Committee has heard ample evidence of community concern over issues with the My Health Record (MHR) system. These concerns relate to privacy and security, as well as the authorised handling of sensitive health data by parties for whom it is valuable for reasons other than the protection and promotion of health.
1.3 The purpose of this legislation is to address these concerns.
Record destruction
1.4 Item 6 of the Bill proposes to amend section 17 of the MHR Act through the addition of two new paragraphs which would require the System Operator to permanently destroy any record uploaded to the National Repositories Service, which includes health information that is included in a healthcare recipient's MHR, if that healthcare recipient has requested that the System Operator cancel their MHR.
1.5 The Australian Greens support this amendment in principle.
1.6 The Committee heard evidence that this amendment is valuable but key questions remain over how easily this destruction can be achieved. It is standard database management practice to routinely create backups and cache files that capture and preserve a moment in time, as the database existed at that moment, and retain these backups offline.
1.7 It is unclear if this amendment requires the System Operator to additionally and permanently destroy any saved version of a person's MHR, including in historical backups, although at face value it does not appear to do so. Furthermore, there remain unanswered questions over whether such backups remain accessible to law enforcement agencies, which, if so, would be both inappropriate and unsafe.
Authorised disclosures
1.8 The collection, use, or disclosure of the health information included in health recipients' MHRs is restricted by section 59 of the MHR Act.
1.9 Section 70 of the Act authorises the System Operator to use or disclose information in a recipient's MHR to enable a law enforcement body to undertake specified law enforcement activities. It also authorises the System Operator to use or disclose health information if the System Operator suspects that there has been unlawful activity in relation to its functions, and reasonably believes that the use or disclosure of the information is necessary for investigation of, or report to, an authority.
1.10 Section 70 of the MHR Act does not currently specify that a court order is required for the System Operator to use or disclose healthcare recipients' MHR information for law enforcement or related purposes.
1.11 Items 10 and 12 of the Bill have the effect of restricting the System Operator from disclosing a healthcare recipient's information to law enforcement or government agencies without an order from a judicial officer, and confirming that MHR information will not be released to law enforcement agencies or government bodies without a court order.
1.12 We support this provision as an improvement on the status quo, but it is an insufficient and disappointing one. There remains significant scope for improvement.
1.13 The University of Melbourne noted that healthcare recipients' trust of disclosure provisions of the MHR system could be enhanced if, under proposed subsection 69A(4), the System Operator was required to notify a healthcare recipient if their MHR information had been disclosed under proposed new section 69A. The Australian Greens support such a requirement, although note that such a notification would require current and up-to-date contact information for a healthcare recipient be maintained, and this is a challenging task.
1.14 Further improvements to recipient privacy should also include making security access PINs the default, opt-out option, restricting all access to a healthcare recipient's MHR. The opt-out period should be extended and a larger investment in community awareness of the program should be rolled out as a matter of urgency.
Conclusion
1.15 The Australian Greens are supportive of the intent of My Health Record, and we share the in-principle belief that there are substantial public health benefits to be gained from such a model.
1.16 Nonetheless, we recognise also that there are legitimate and serious concerns that have not yet been fully addressed. This legislation goes some way to addressing them but in and of itself is insufficient to satisfy these outstanding concerns.
Senator Rachel Siewert - Deputy Chair Senator Richard Di Natale
We will have to see how much the Reference Committee Report adds to what is here – especially in the way of making improvement to the technical infrastructure and clinical utility of the system. There was no shortage of concern expressed by submissions in these areas and it is vital these issues be addressed. I would have liked to see some change foreshadowed. Note we also do not have the Government response to the Report.
Sure we should pass this small step asap while planning what is really needed in the future and if the myHR is actually part of that future.
At present the report is due 17 October, 2018.
David.
No comments:
Post a Comment