This appeared last week.
How these agencies are breaching patient privacy
Privacy experts have criticised Services Australia and AHPRA for sharing thousands of private health records every year without informing patients, a practice that appears to contradict the government’s own guidelines.
Large volumes of Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Schedule (MBS) data are routinely shared between the two agencies to aid AHPRA’s investigations into alleged doctor misconduct.
While doctors are informed when their own private health data, or their practice data, is transferred to AHPRA during an investigation, patients are not routinely alerted by either agency that their privacy has been breached.
In 2019, Services Australia released 2,625 private health records to AHPRA, which represented an increase in disclosures since 2017.
Access to MBS and PBS data can help AHPRA determine whether a complaint about a doctor is valid.
But PBS and MBS data contains personal information about what scripts a patient has filled and which Medicare items were billed during a consultation and can reveal highly sensitive information about the patient.
“It is very troubling that Services Australia is sharing private medical data with AHPRA without consulting the patients involved,” Jonathan Crowe, a professor of law at Bond University, said.
Patients should be systematically informed that their data had been shared between agencies, even if it was necessary to wait until after an AHPRA investigation had concluded, Assistant Professor Bruce Baer Arnold, a legal academic at the University of Canberra, said.
“It would be easy to build such a communication mechanism into systems,” he said.
Secret data sharing arrangements such as these often stemmed from a “culture of bureaucratic laziness” and could be interpreted as a lack of respect for the patient.
While a patient making a complaint about a health practitioner to AHPRA might assume that their private MBS and PBS data could be shared between agencies as part of the investigation, around half of complaints are not made by patients.
When complaints are made about doctors by third parties (such as other practitioners, employers or relatives), patients are generally unaware AHPRA is accessing their data and have no opportunity to provide informed consent.
After a year-long freedom of information battle, The Medical Republic has finally secured an unredacted copy of the internal guidelines used by Services Australia officials to make decisions about sharing MBS and PBS data with external agencies.
Page 11 of those guidelines states that: “…in circumstances where it is practicable and reasonable to do so, persons about whom information may be released should be consulted and their views taken into account in making the decision to release information in the public interest.
“Further, where it is practicable and reasonable to do so, persons about whom information is released should be informed that information about them has been disclosed in the public interest to a third party and identify that party.”
Services Australia and AHPRA could be behaving unlawfully by failing to inform patients when their private health data was shared between agencies, barrister and privacy advocate Peter Clarke said.
More here:
This looks to me like a story with a good way to run, given the comments from the academics who have reviewed the details. Good on the Medical Republic journalists for keeping the pressure on.
We need more, not less, accountability on who is accessing our private information without our consent.
David.
1 comment:
Secret data sharing arrangements such as these often stemmed from a “culture of bureaucratic laziness” and could be interpreted as a lack of respect for the patient.
That sums things up very succinctly and is widespread across public service.
Post a Comment