ADF Archive Files : For Browse View Click Here

Australian Doctors' Fund Comments on the draft provisions of the Federal Government's proposed Privacy Amendment (Private Sector) Bill

Stephen Milgate - Executive Director, ADF
14 January 2000

Contents

• Background
• Insufficient privacy protection
• Reinterpret in the light of other developments:
  • e-commerce
  • e-health
• The public interest
• Principle 9 - Transborder data flows
• Broad definitions
• Conclusions

Background

In Australia it has long been considered a public virtue that the details of a person's health including their clinical diagnosis be treated with the utmost confidentiality.

The Australian Doctors' Fund is principally concerned with the preservation of the doctor-patient relationship which we believe is and should remain a core value of the Australian health care system.

Once patients lose confidence in their treating doctors and their supportive institutions their ability to receive quality medical and hospital care is unnecessarily diminished.

A breakdown in trust can be evidenced by unwillingness by patients to divulge information which is essential to their treatment and/or the movement away (by both doctors and patient) from formal health information recording systems to informal systems and/or a reluctance to divulge or record anything of a potentially sensitive nature.

In the extreme patients and indeed members of the public may be tempted to give false information where they believe their privacy is likely to be unduly invaded.

This raises all sorts of possibilities given a determination by government to place increasing reliance on the diagnosis of patients using electronic information systems.

Rather than produce efficiencies, poor privacy protection of health information will generate greater costs and poorer clinical outcomes.

Furthermore, it is known that the relationship between data and information is logarithmic ie a considerable amount of data must be recorded to generate a small percentage of meaningful information.

Therefore the justification for discarding traditional privacy protection in order to service the public good by facilitating access to information has not come to grips with the reality that massive amounts of data do not readily produce useful information.

This point must be kept in mind when considering the public interest argument for overriding privacy restrictions.

The Bill does not provide sufficient privacy protection for personal health information

The Australian Doctors' Fund does not believe that the proposed Privacy Amendment (Private Sector) Bill provides the required level of protection for patients who have traditionally relied doctors and hospitals as custodians of their confidential personal health information.

The Bill must be interpreted in the light of other developments, particularly e-commerce and e-health

The Federal Government has recently announced its intention to establish a national database of clinical health records for all Australians.

This network has been labelled Health Online and is being developed over the next 12-18 months.

This computerised network will make available through databases all clinical records on all persons receiving medical treatment. Hence, clinical records that were once held in doctors' surgeries and/or hospital archives will become living information capable of being accessed by a variety of users whom the Government determines should have authority to access them.

The proposal to establish electronic networks of health information should not of itself be a cause to weaken the rights of citizens to enjoy legitimate privacy and dignity.

Given the Government intention to allow access by a wide range of user to private health information the question to be answered by the Bill is:

"How does the Bill protect personal privacy given that the Government intends to build national database of all personal health information?"

Answer: It does not.

Eg.

• What is and who decides the meaning of the term "unreasonably intrusive way"? (reference: Principle 1 - Collection: 1.2).
• What are and who decides what are the "reasonable steps" that must be taken to ensure that an individual is made aware of the points outlined in 1.3? (reference: Principle 1 - Collection: 1.5).
  - Does this mean a phone call, a letter, a notice in the paper? This could mean anything.
• What is the definition of the term "community welfare" which the justification for allowing any organisation to obtain and access personal health information? (reference: Principle 2 - Use and Disclosure: 2.1(d)).
  - Almost anything can be made to fit the term "community welfare".
• What is the definition of the term "research" which the justification for allowing any organisation to obtain and access personal health information? (reference: Principle 2 - Use and Disclosure: 2.1(d)).
  - Does this mean market research, scientific research, or ethical scientific research?
  - Does this mean that research ethics committees are redundant?
• What is the definition of the term "the compilation or analysis of statistics" which the justification for allowing any organisation to obtain and access personal health information? (reference: Principle 2  Use and Disclosure: 2.1(d)).
  Statistics can be compiled for a variety of reasons including marketing, scientific research, social research, potential litigation, and insurance risk profiling.

The public interest

Whilst the Bill stipulates that the disclosure of personal health information must be conducted under Privacy Commissioner guidelines (reference: Section 47 (2)), these guidelines simply give the Commissioner the power to decide what is, on balance, in the public interest. Hence, the public's privacy protection is dependent on the mind state of the Privacy Commissioner. Hardly an objective test of the public interest.

Principle 9 - Transborder data flows

Although the Bill attempts to restrict the transborder flow of information to countries that have similar privacy principles to Australia, it is not known whether the US is considered as a country which would be a safe recipient of such information. If so there are serious privacy implications.

The US private health care system with the proliferation of private for-profit Managed Care companies has notoriously disregarded any semblance of medical privacy for patients reimbursed under their policies.

In the US entire clinical profiles of patients are traded as commodities by health companies who take over, amalgamate, tender for patient services, outsource, or on-sell their services.

In Australia health funds have traditionally only involved themselves in reimbursing hospital costs with a small component of medical costs.

The interest of health funds, as with any traditional insurer, has been purely at the financial transaction level of a claimable event. Clinical records have been held in trust for the patient by doctors and hospitals and only financial transaction records have been utilised by private health insurance funds.

In the US however the situation is much different. US health funds known as health maintenance organisations (HMO) actually contract doctors and hospitals to provide care to insured members. These organisations contend that the ownership of patients clinical records vests with them and not the patient or the treating doctor.

It is of considerable commercial value for an American HMO to be able to demonstrate that its patients profile is superior (are in better health and less likely to claim ie better risk) to that of its competitors.

Australia is now confronting the same situation given that Federal Government policy is encouraging the transformation of health funds from reimbursement funds into American style HMOs or at best is not preventing this transformation from taking place.

The Medical Benefits Fund of Australia has recently stated that "MBF is rapidly making the transition from being a traditional transaction-based insurer to a healthcare organisation impacting on the lives of its members."¹

Along with this transformation Australian health funds are making greater demands for access to clinical records including the right to audit clinical records in-hospital without patient consent.

Similarly, using the argument that they must be in a position to validate in hospital 'gap insurance' claims, health funds are now demanding legislative rights to access and process all in-hospital medical bills which contain considerable detail about a patients medical history.

Hence the federal government is enabling Australian health funds to adopt the same function as is currently performed by the Health Insurance Commission. The latter has been traditionally enmeshed in privacy protection legislation far more stringent than the proposed legislation for the private sector.

Since 1997 the National Centre for Classification in Health (NCCH) has been accessing clinical records and transmitting morbidity data to organisations including:

• Private Hospital Data Bureau
• Australian Bureau of Statistics
• Department of Health and Aged Care
• Australian Institute of Health and Welfare

This system of accessing clinical records has been growing without any of the community debate as to the rights of patients whose information is being accessed.

Structures are now in place to access clinical records via agencies who have a community welfare, research, or public benefit ethic but who in turn relay information to other users who may have as their principle a commercial objective.

Given the Government approval of foreign companies owning Australian health infrastructure and/ or health funds, medical practices, and any other organisation in receipt of personal health information there is nothing to stop personal health information being transferred overseas, in particular to the US where it may be actively traded without consent.

Broad definitions

Where the Bill does define important terms it does so in a very broad context.

eg The definition of "health information" includes collecting an opinion about someone's health. This raises a number of interesting privacy implications.

A "health service" is broadly defined and can include any activity that an individual thinks or claims will improve their health. Penalties for breaches of the this proposed legislation

There are none. Why would anybody be concerned about compliance with the legislation?

Conclusion

Rather than protect the privacy of personal health information the Privacy Amendment (Private Sector) Bill creates opportunities for the erosion and abuse associated with the collection of personal health information.

Private sector organisations, in particular who would be subject to civil litigation for torts involved in the breach of privacy in relation to health matters, are now, with this legislation, given considerable protection, and encouragement, to broaden their involvement in the collection and use of personal health information.

These organisations are duty bound in the interests of shareholders and financiers to pursue the profit motive to the greatest extent allowable under the law.

At this level personal privacy is an obstacle to be overcome in the pursuit of commercial interest. This Bill goes a long way to removing and weakening that obstacle, particularly in the light of substantial investment and take up of e-commerce and e-health.

The justification for the Bill is that it relies heavily on the current Privacy Commissioner's report into the handling of personal information. This is no defence. The current Privacy Commissioner in his report has shown his unwillingness to take any substantial measure to protect privacy of Australian citizens. The Commissioner's weakness is no justification for a weak Act by an elected Government.

The Bill is a disgrace for a Government purporting to be concerned about the privacy interests of Australians. It should be withdrawn and considerably strengthened, with adequate penalties for breaches and compensation for those whose privacy is illegally breached.

When it comes to a choice between dollars and privacy, dollars always wins.

Stephen Milgate

Executive Director

---

¹ Day, Ian. CEO, Medical Benefits Fund of Australia. Annual Report 1997/96. pg 5.