Key Recommendations for Health Information Privacy Reform

1,508 views
1,462 views

Published on

Speech by Professor Rosalind Croucher* at the Managing Patient Confidentiality & Information Governance Forum, 22 August 2011, Melbourne.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,508
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Key Recommendations for Health Information Privacy Reform

  1. 1. For Your Information: Australian Privacy Law and Practice – key recommendations for health information privacy reform<br />Professor Rosalind Croucher<br />President, ALRC<br />1<br />
  2. 2. Time line<br />1982 – FOI Act (Cth)<br />1983 – Archives Act (Cth)<br />1988 – Privacy Act (Cth)<br />2000 – Privacy (Private Sector) <br />2<br />
  3. 3. Time line<br />2004 – Privacy Commissioner review of private sector provisions<br />2005 – Senate Legal and Constitutional Affairs Committee inquiry into Privacy Act<br />2006 – Privacy Act amendments to include ‘genetic information’ <br />3<br />
  4. 4. Time line<br />2006 – January referral to ALRC<br />2006 – COAG agrees to national approach<br />2008 – May, ALRC report<br />2009 – October, Government response<br />2009 – Dec, COAG agreement re e-health<br />4<br />
  5. 5. Time line<br />2010 – Privacy Commissioner into Office of the Australian Information Commissioner<br />2010 – Health Identifiers Bill<br />2011 – June, Draft Australian Privacy Principles<br />5<br />
  6. 6. 6<br />
  7. 7. Terms of Reference<br />the effectiveness of privacy laws in Australia given:<br />rapid advances in information, communication, storage, surveillance and other technology<br />possible changing community perceptions around privacy<br />expansion of state & territory activity in this area<br />
  8. 8. Terms of Reference<br />8<br /><ul><li>The need of individuals for privacy protection in an evolving technological environment
  9. 9. The desirability of minimising the regulatory burden on business in this area</li></li></ul><li>Competing tensions<br />9<br />autonomy<br />public interests<br />
  10. 10. Spectrum<br />10<br />
  11. 11. Secrecy obligations?<br />11<br />
  12. 12. Federal interest in privacy<br />12<br />
  13. 13. <ul><li>Part A – Introduction
  14. 14. Part B – Developing Technology
  15. 15. Part C – Interaction, Inconsistency and Fragmentation
  16. 16. Part D – The Privacy Principles
  17. 17. Part E – Exemptions
  18. 18. Part F – Office of the Privacy Commissioner
  19. 19. Part G – Credit Reporting Provisions
  20. 20. Part H – Health Services and Research
  21. 21. Part I – Children, Young People and Adults Requiring Assistance
  22. 22. Part J – Telecommunications
  23. 23. Part K – Protecting a Right to Personal Privacy</li></ul>3 volumes, 74 chapters, <br />295 recommendations<br />
  24. 24. Key Recommendations<br />Rationalisation of the Privacy Principles<br />Greater national harmonisation – same privacy principles to apply across Australia <br />Fewer exemptions<br />Greater enforcement powers for the OPC<br />Mandatory data breach notification<br />Cause of action for serious invasions of privacy<br />
  25. 25. Health information <br />15<br /><ul><li>Privacy of health information and e-health strategies
  26. 26. Ensuring that the Privacy Act is not an impediment to appropriate information sharing among health care professionals
  27. 27. What constitutes appropriate consent in particular contexts
  28. 28. Development of nationally consistent rules for handling all health information</li></li></ul><li>New Regulatory Framework<br />One Set of (High Level) Privacy Principles<br />1 Anonymity and Pseudonymity<br />2 Collection<br />3 Notification<br />4 Openness<br />5 Use and Disclosure<br />6 Direct Marketing (org only)<br />7 Data Quality<br />8 Data Security<br />9 Access and Correction<br />10 Identifiers (org only)<br />11 Cross-border Data Flows<br />OPC<br />Guidance<br />Regulations<br /> - can impose more specific - and more or less stringent - requirements<br />Industry codes <br />- to deal with operational matters<br />
  29. 29. Achieving National Consistency<br /><ul><li>Privacy Act 1988 (Cth) – apply to Cth public sector and private sector
  30. 30. State and territory privacy laws - not apply to private sector organisations
  31. 31. Major impact on health privacy legislation by excluding state and territory privacy laws applying to organisations - eg:
  32. 32. Health Records and Information Privacy Act 2002 (NSW)
  33. 33. Health Records Act 2001 (Vic)
  34. 34. Health Records (Privacy and Access Act) 1997 (ACT)</li></li></ul><li>Government response<br />Stage 1 (legislation within 12 to 18 mths of 11 Aug 08) <br />one set of privacy principles <br />credit reporting and health regulations<br />Education/legislation concerning issues of new technology<br />work with states and territories towards harmonisation<br />Stage 2<br />removal of exemptions<br />data breach notification<br />statutory cause of action<br />Concurrent<br />Powers of OPC<br />OPC guidance<br />
  35. 35. Health Identifiers<br />National shared system<br />Underpinned by enabling legislation<br />Build on Medicare infrastructure<br />Consent of individual not required to assign UHI (unique healthcare identifier)<br />19<br />
  36. 36. Health Identifiers<br />Control use <br />Subject to privacy principles<br />Sanctions – criminal offences<br />Purpose – sharing of healthcare info for management of patients<br />20<br />
  37. 37. For information about ALRC work, copies of speeches and presentations<br />ALRC website – all papers available online (free): <br />www.alrc.gov.au<br /> Email: info@alrc.gov.au<br /> GPO Box 3708, Sydney 2001<br />21<br />

×