Wednesday, February 05, 2020

I Do Not Think The Public Would See This As Reasonable In Many Circumstances. Improvement Is Needed!

This appeared last week.

Police’s secret access to our health data

Posted by Felicity Nelson
The Department of Human Services has decided to release the guidelines governing the disclosure of private health data to the police, one year after rejecting a Freedom of Information request by The Medical Republic.
The thought of the police rifling through private health documents makes many Australians feel uncomfortable, as evidenced by the furore surrounding access to the My Health Record, but our investigation has revealed police can access other private health data relatively easily through the department.
The data held by the Department of Human Services is just as sensitive as My Health Record data, and can include information on abortions, mental health and STIs.
We know from a previous FOI request that state, territory and federal police request around 2,600 private health records every year from this department.
But, while the police need a court order to access My Health Record data, no court order is required to access health data held by the Department of Human Services.

Instead, department officials use a set of guidelines to adjudicate police requests for Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Schedule (MBS) data.
Health privacy advocates are uniformly unimpressed by the quality of the privacy provisions in the department’s guidelines.
“If the road to hell is paved with good intentions with this process the government has created a four-lane highway,” Peter Clarke, a barrister at Isaacs Chambers in Melbourne, said. “The process is the antithesis of proper privacy protections.”
Dr Bernard Robertson-Dunn, the chair of the health committee at the Australian Privacy Foundation, pointed out the department’s guidelines had not been updated in 16 years. “So much for taking privacy seriously,” he said.
We requested a copy of the guidelines under FOI laws last year, but the request was rejected by the department.
The Department has now decided to release the guidelines, one year after we asked the Office of the Australian Information Commissioner to review the decision.
This is the first time the public will have the opportunity to review the Guidelines for the release of information where necessary in the public interest, which were established by the Commonwealth Department of Health and Ageing in 2003.
The document released to The Medical Republic by the department was mostly blank. Whole pages had been redacted because they fell outside the scope of the original FOI request.
Lots more detail here including a link to the Guidelines.
There is also coverage here:

Australian government secretly releasing sensitive medical records to police

Lawyers and health privacy advocates condemn laxness of privacy provisions in guidelines
Felicity Nelson
Mon 27 Jan 2020 10.00 AEDT
The Australian government is releasing highly sensitive medical records to police through a secret regime that experts say contains fundamentally flawed privacy protections.
The Department of Human Services fields large volumes of requests for Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Schedule (MBS) data from state and federal policing agencies each year.
The records can paint a detailed picture of a person’s medical history, including, for example, any history of mental health issues, HIV, abortion or sexually transmitted diseases.
But, unlike the controversial My Health Record, no warrant or court order is needed for the department to release the information to police.

The department instead uses a set of internal guidelines to decide how and when it will acquiesce to a police request. It has never made the guidelines public and has actively fought to keep them secret.

The Medical Republic, a specialist medical news publication, recently won a year-long freedom of information battle with the department to secure the release of the guidelines and has shared the document with experts and Guardian Australia.
Lawyers and health privacy advocates were almost universally critical of the laxness of the privacy provisions in the guidelines, which have not been updated since 2003.
Lots more here:
The bottom line here is that when you combine the PBS and MBS data on an individual you can understand and infer a lot about them – some of which may be very sensitive and private information indeed.
Remembering that a lot of the information in the #myHR is derived from MBS and PBS data it would seem to be a ‘no-brainer’ to just apply these rules to the source data-bases.
This would certainly close a rather glaring loophole with very little administrative pain and would also reassure the public.
I am not against legitimate use of the information by the proper authorities – just against the present unregulated free for all for the use of it. What is good for the #myHR data is good for the data sources!
David.

No comments:

Post a Comment