There is a growing trend towards the use of electronic records
and databases for the collection, storage and transfer of health
information, and the integration of health information systems to
create shared electronic health records. While this allows health
service providers to better access health information, it also has
important implications for privacy.
The ALRC's Final Report considered this trend and the
Australian Government's proposal to establish national shared
electronic health records (SEHR) based on a unique healthcare
identifiers system (UHI). The ALRC found that in general,
collecting health information into electronic health information
systems did not require specific legislative control, provided the
Privacy Act was updated to deal with new technologies.
However, the ALRC recommended that any SEHR or UHI scheme should be
established under specific enabling legislation to address privacy
nominating an agency or organisation to be responsible and
accountable for managing the systems
eligibility criteria, rights and requirements for participation
in the UHI and SEHR schemes by health consumers and health service
providers, including consent requirements
permitted and prohibited uses and transfers of personal
information and UHIs, and sanctions in relation to misuse.
The Privacy Commissioner made similar recommendations in its
submission to the National E-Health Transition Authority (NEHTA) on
the Privacy Blueprint for the Individual Electronic Health
Record, which was released before the ALRC report was
finalised. The Blueprint outlines a proposed approach to an
Individual Electronic Healthcare Records (IEHR) system. This would
initially be implemented through 'mass contracting', where
the IEHR organisation would enter into participation agreements
with individual consumers and healthcare providers. It envisages
supporting legislation in the future to assist in the regulation of
the systems, including privacy issues.
The Privacy Commissioner expressed concern with the mass
contracting approach, as it does not guarantee individuals a right
to enforce participation agreements and seek remedies for
inappropriate handling of health information. The Privacy
Commissioner recommended introducing specific legislation to
regulate the IEHR system, not only to ensure that robust privacy
safeguards are in place, but also as an important element in
establishing and maintaining public confidence that an
individual's privacy will be protected and enforced. Other key
the ability for individuals to opt-in to the system
implementing 'sensitivity labels' in the system to
restrict access to certain information within the IEHR
audit logs to enable individuals to see who has accessed their
The responses to the Blueprint will provide input into
NEHTA's business case for funding of a national approach to
IEHR, which is expected to be submitted for consideration by the
Council of Australian Governments in late 2008.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
As a licensor or a licensee, here are some tips you should consider when negotiating your next licence agreement.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).