My Health Records Amendment Bill: Further Amendments to be Proposed Following Committee Report
Tuesday 13 November 2018 @ 11.54 a.m. | Legal Research
The My Health Records Amendment (Strengthening Privacy) Bill 2018 (CTH) (‘the Bill’) was first introduced on 22 August 2018. The Bill amends the My Health Records Act 2012 (CTH) (‘the Act’) in regards to its disclosure and privacy provisions. The Bill was discussed in a previous Timebase article. This article will focus on the Committee Report (‘the Report’) tabled on 12 October 2018 by the Senate Community Affairs Legislation Committee (‘the Committee’) and the amendments that are to be introduced in response to the Report.
Committee Report
The Bill was referred to the Committee on 23 August 2018. As a whole, the Bill’s current proposed amendments to the Act have been commended by the Committee. However, the Committee found that submitters had other concerns regarding broader privacy issues.
The first issue raised was in regards to the My Health Records (‘MHR’) system’s opt-out provisions. Submissions called for opt-out arrangements to be reviewed and revised in order to maximise the benefits of the system, especially as the system operates on an opt-out basis.
The second issue flagged was in regards to family violence and elder abuse concerns. Questions were raised about access of information by perpetrators of family violence, and the consequential safety concerns that would arise from a potential abuse of the system. The Women’s Legal Service NSW and the Law Council of Australia noted that the system would be accessible through current parental access measures and so potentially reveal victims in hiding. In regards to elder abuse the Queensland Law Society recommended that verification requirements must be clarified in determining that an individual attempting to access the MHR system is an authorised representative of the other person.
The third issue raised was in regards to coerced consent, in particular in regards to current and potential employers and insurers accessing MHR.
The final issue identified was in regards to threats to public health and the Act’s emergency provisions in these situations. Under section 64(2) of the Act:
“A participant in the My Health Record system is authorised to collect, use and disclose health information included in a healthcare recipient’s My Health Record if the participant reasonably believes that the collection, use or disclosure by the participant is necessary to lessen or prevent a serious threat to public health or public safety.”
Submitters noted that such disclosures should at first require an order from a judicial officer and/or that recipients should be notified as soon as practical where their information has been used for such emergency purposes.
In the Report:
“The committee acknowledges the evidence provided by submitters and witnesses regarding the issues and concerns described in this section. The committee notes that these issues and concerns, whilst not directly applicable to the provisions of the Bill, are relevant to the effective operation of the MHR system.”
Amendments to follow
In response to the Report and submissions received, the government will be introducing further amendments. In the Minister of Health’s media release, he comments that the following amendments will be introduced in order to further strengthen the Act:
- “Increase penalties for improper use of a My Health Record:
- Maximum criminal penalty increasing from 2 years to 5 years jail
- Increase of maximum fines for individuals from $126,000 to $315,000
- Strengthening provisions to safeguard against domestic violence. The proposed provisions will ensure that a person cannot be the authorised representative of a minor if they have restricted access to the child, or may pose a risk to the child, or a person associated with the child. In cases where there may be a risk to a person’s life, health or safety then the amendments will remove the requirement for the Australian Digital Health Agency to notify individuals about certain decisions.
- Prohibiting an employer from requesting and using health information in an individual’s My Health Record and protecting employees and potential employees from discriminatory use of their My Health Record. Importantly, employers or insurers cannot simply avoid the prohibition by asking the individuals to share their My Health Record information with them.
- No health information or de-identified data to be released to private health insurers, and other types of insurers for research or public health purposes.
- The proposed amendments also reinforce that the My Health Record system is a critical piece of national health infrastructure operating for the benefit of all Australians, by removing the ability of the System Operator to delegate functions to organisations other than the Department of Health and the Chief Executive of Medicare.”
Further amendments in regards to automatic parental access to children between the ages 14-17 is also being reviewed. Under current legislation, children between these ages can take control over their MHR by removing parental access at any given time.
TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products. Nothing on this website should be construed as legal advice and does not substitute for the advice of competent legal counsel.
Sources:
The My Health Records Amendment (Strengthening Privacy) Bill 2018 (CTH) and supporting materials, including Committee Report, available from TimeBase's LawOne service.
Media Release: A stronger My Health Record (Minister for Health, 7 November 2018)
