This appeared last week:
AMA raises alarm over data sharing plan
Denham Sadler
Senior Reporter
24 March 2021
The Australian Medical Association has sounded the alarm over the federal government’s flagship new data-sharing scheme, warning there are no minimum privacy protections and that private health information could be shared with insurance firms.
The government introduced the Data Availability and Transparency Act to Parliament in December last year, after nearly three years of development and consultation. The legislation facilitates a significant expansion of the sharing of public sector data between agencies and private organisations, sometimes without consent.
It will provide a “new path” for the sharing of this data that is currently blocked by secrecy provisions or other laws and will see far more identified data be shared among agencies and departments, and for de-identified data be shared with universities and think tanks, among other organisations.
There will be no opt-out options from the data-sharing scheme for individuals, and consent will be required unless it is “unreasonable or impracticable to obtain”.
The legislation was quickly referred to a Senate committee for an inquiry, which is expected to table its report by the end of April.
In a submission to the inquiry, the Australian Medical Association (AMA) said it is “impossible to overstate” how concerned it is about the new laws.
The organisation’s primary concern is that the bill does not include minimum privacy protections, with agencies allowed to determine their own privacy settings for sharing data. The legislation merely requires agencies to be satisfied that the sharing principles are being applied in a way that “risks associated with the sharing are appropriately mitigated”.
These principles are also “inherently subjective”, the AMA said.
“This means that, unless an agency had no regard to the data sharing principles or failed to comply with other procedural requirements, it would be difficult to ‘second guess’ their decision,” the AMA submission said.
“This leaves the public with little comfort that they will have redress – or that the officials and agency will be penalised – if decisions are made recklessly or negligently.”
There is also no power for the Data Commissioner to have to approve of the sharing of data before it happens, or to require changes to this plan.
The AMA called on the government to make amendments requiring all of the data principles be satisfied before any data is shared, for decisions to share data to be subject to review by the Administrative Appeals Tribunal and for the Commissioner to have more powers to intervene.
The medical body raised concern that the new powers will see healthcare information, such as from the MBS and PBS, being shared with private health funds for “their own purposes”, which is currently prohibited by law.
“It makes no sense to preclude My Health Record data from the data sharing scheme, but then permit the same MBS / PBS data to be directly shared with private health insurers. This is not consistent with the public’s expectations and has the potential to undermine the community-rated private health insurance system,” the submission said.
The data-sharing scheme only requires consent to be obtained from individuals “unless it is unreasonable or impracticable to seek their consent”, and this could lead to very personal information being shared without consent, the AMA said.
“It is entirely foreseeable that this exception will be used to justify the disclosure of MBS and PBS datasets of identified or identifiable sensitive health information without patient consent,” it said.
The bill allows agencies and departments to undertake the de-identification of personal data in-house, with them only having to “consider” the use of accredited data service providers.
“The well-publicised privacy breaches involving Medicare provider numbers and Myki travel information demonstrate well-intentioned officers may not be trained to appropriately anonymise personal information,” the AMA said.
The medical body said the de-identification of any data should be outsourced by default, and any decision not to do this should be subject to AAT review.
The scheme does not allow individuals to make complaints about the sharing of their data, with the only avenues being the Commonwealth Ombudsman and the Office of the Australian Information Commissioner. And as the AMA points out, the agencies and departments only have to comply with the new legislation to prove there has not been an interference with privacy.
More here:
https://www.innovationaus.com/ama-raises-alarm-over-data-sharing-plan/
Frankly this sounds just terrible and to my mind clearly needs many more safeguards before being implemented. A rushed Senate Enquiry is a very bad idea indeed.
Here is the AMA Submission:
AMA submission on the Data Availability & Transparency Bill 2020
15 Mar 2021
On 12 March 2021, the AMA lodged a submission to the Senate Finance and Public Administration Committee for their inquiry into the Data Availability and Transparency Bill 2020. This proposed new Bill, authorizes Commonwealth agency staff to share or release datasets collected from Australian citizens, including health data, according to the privacy protections agency staff deem appropriate. The AMA submission points out the weaknesses in the proposed new framework and makes suggested changes to strengthen privacy protections.
Here is the link:
https://ama.com.au/articles/ama-submission-data-availability-transparency-bill-2020
The intro to the submission says it all!
Introduction
It is impossible to overstate the importance of this Bill and the level of concern that the AMA holds regarding significant elements of the proposed legislation given that it:
- applies to any “data lawfully collected, created or held by or on behalf of a Commonwealth body”1;
- overrides existing Commonwealth, State and Territory statutory secrecy provisions2;
- overrides the restrictions on disclosure in the Privacy Act 1988Cth (the Privacy Act); and
- provides no minimum privacy protections–a standard of privacy governance well below community expectations expressed during the 2018 Senate Review of the My Health Record System.
In the health space, this will include data held by:
- ·The Department of Health
- Services Australia
- Hearing Australia
- National Disability Insurance Agency
- Independent Hospital Pricing Authority
- National Blood Authority
- Organ and Tissue Authority
- Australian Institute of Health and Welfare
- Australian Institute of Family Studies
----- End Quote.
Wow they are just furious and I reckon with very good reason.
I foresee some real fireworks!
David.
Hard to gage if the public service is stupid or has such a complete and utter disregard for the general public. Must be all that snorting and skulling between hangovers!!
ReplyDeleteCertainly smacks of laziness and arrogance. Well done AMA.
ReplyDelete