A senate committee has given a tick of approval to proposed added privacy measures for the MHR, but the wrangling is far from over
A senate committee has given a tick of approval to proposed added privacy measures for the My Health Record, but the wrangling is far from over.
The My Health Records Amendment (Strengthening Privacy) Bill 2018 was drafted amid an outcry over privacy issues, such as whether police would be able to demand access to patientsâ health information.
In one key amendment, the bill removes the ability of the system operator (the Australian Digital Health Agency) to disclose a patientâs information to a law enforcement or other government agency without a court order or the patientâs consent.
In another safeguard, the system operator will be required to permanently delete information uploaded to the National Repositories Service when a patient cancels their MHR registration.
However, while supporting the Community Affairs Legislation Committeeâs recommendation that the bill be passed, Labor senators said the proposed changes were âwoefully inadequateâ and they would propose a raft of further amendments.
In remarks attached to the committeeâs report, the three Labor members, Kristina Keneally, Murray Watt and Lisa Singh, said the inquiry had revealed a number of flaws that the bill did not address.
âThese flaws have been created by the governmentâs rushed implementation of an opt-out model,â they wrote.
âLegislation and settings that made sense in Labor’s opt-in model â when informed consent was assured â make no sense under the governmentâs opt-out model.â
The Labor senators repeated a demand that the opt-out period, due to expire next month, be extended indefinitely âuntil all remaining concerns are addressed and public confidence in this important reform is restoredâ.
The senators said Labor intended to introduce new amendments to ensure:
- The My Health Record can never be privatised or commercialised;
- Private health insurers can never access My Health Records, including de-identified data;
- Employees’ privacy is protected in the context of employer-directed health care, by including a clause similar to s14(2) of the Healthcare Identifiers Act in the My Health Record Act;
- Vulnerable children and parents such as those fleeing domestic violence are protected, by narrowing the definition of parental responsibility; and
- The system operator cannot delegate access to My Health Records to other entities.
Additional privacy and security concerns over default My Health Record settings â for example, regarding automatic uploads and minors aged 14-18 â would be addressed in a separate report, the Labor senators said.
Greens Senators also stopped short of dissenting from the committeeâs recommendations but said the proposed legislation âmay represent only a minor improvement instead of the necessary solutionâ.
