Senators split over e-health Bill

(Lubbock Heart Hospital image by brykmantra, CC BY-SA 2.0)

The Bill — due for debate as the third item on the Senate's orders of the day on 11 May — is required to be passed in order for Australians to be issued a 16-digit national healthcare identifier. The Federal Government intends to have the Bill passed before 1 July, when the roll-out is due to begin.

Health Minister Nicola Roxon referred the Bill to a Senate Committee late February due to high levels of community interest. The report from the committee's inquiry has shown in its corresponding report that Coalition and Labor senators are split over privacy concerns and evidence raised in submissions.

The Senators were so split over the Bill that they couldn't decide unanimously on recommendations to Parliament. The report therefore had two separate recommendations: one from Coalition senators and the other from the Labor chair of the Senate Committee.

"The committee recommends that NEHTA, in partnership with the Department of Health and Ageing and Medicare Australia, take steps to more effectively engage all healthcare stakeholders in the establishment of the Healthcare Identifiers Service," the report said. This was followed by a recommendation that the Bill be passed.

But Coalition senators were of a different view. They believed that issues raised by submissions and evidence given of "function creep" (the potential for the use of Healthcare Identifiers to be extended to other purposes) needed to be addressed. They also voiced concerns that the systems would not be ready for the 1 July implementation date.

"Coalition members feel very strongly that assurances from the government alone that these matters have, and will be, addressed are insufficient to allay those concerns," the senators said. "We contend that the Bills require amendment to ensure that the privacy of healthcare consumers is maintained and that individual Healthcare Identifiers cannot become de facto Australia Cards.

"Coalition members of the Committee support the intent of the Bills but recommend very significant strengthening as outlined in this report to protect Australian healthcare consumers," the Coalition wrote in the report.

The Australian Privacy Foundation, the Public Interest Advocacy Centre, and the Cyberspace Law and Policy Centre in the law faculty at the UNSW all spoke at the inquiry.

They all warned of privacy concerns with the Bill, with Robin Banks, chief executive officer of the Public Interest Advocacy Centre, saying that the Bill was "underdone" in the area of consumer rights and protection of data.

"Healthcare recipients seem to be on the periphery of the design of the scheme and have very few express rights," Banks said. "There is also very little comfort, I think, for consumers to be gained from the limited information security obligations."

Banks said that from her organisation's point of view, more needed to be done to ensure that the legislation was "in step" with current privacy reforms for which the government has been developing exposure draft legislation.

However, there was also a great deal of support for the required legislation to be passed. The Department of Health and Ageing said the Bill had to be passed as a necessary "building block" for the government's plans to be considered by the Council of Australian Governments in order for a national electronic health record strategy to be implemented.

The Australian Privacy foundation chair Karen Curtis said that her office had been involved in the legislation underpinning the creation of the identifiers and had commented on early stages of legislation.

"We consider the current Bills include appropriate privacy safeguards. In particular, I note that the Bills clearly set out the purposes for which healthcare identifiers can be collected, used and disclosed, and limit those purposes to activities related to managing or communicating health information in a healthcare context. They impose obligations on healthcare providers, the health identifier service operator and other entities to keep healthcare identifiers and the information associated with them secure."