|Executive summary | Chapter 1 | Chapter 2 |Chapter 3 |Chapter 4 |Chapter 5 |Chapter 6 |Chapter 7 |Chapter 8 |Chapter 9 |Chapter 10 |Chapter 11 |Chapter 12 |Chapter 13|
1. The Office submits that the existing provisions of the Privacy Act have generally met individuals' expectations regarding the handling of their health information. As well as this, the Office believes the existing provisions afford appropriate regard to the needs of health service delivery and medical research.
2. However, the Office notes in this chapter that there is a strong need to clarify the application of the Privacy Act to private sector health service providers. Section 3 of the Privacy Act should be amended to make clear that the National Privacy Principles 'cover the field' for the regulation of private sector health service providers. This would address a key source of uncertainty and potential fragmentation in health privacy regulation in Australia.
3. The Office also notes that the proposed National Health Privacy Code (NHPC) has not been adopted by the relevant jurisdictions since the Office's Private Sector Review was released. In light of changed circumstances, the Office considers that the objectives of national consistency and higher privacy protection for health information can be best achieved through certain amendments to the NPPs, or the adoption of a single set of principles as discussed in Chapter 4.
4. While comfortable that the existing principles work well, the Office makes a number of recommendations regarding areas of health privacy regulation where the law could be enhanced. These include in regard to access, including the role of intermediaries, as well as information handling obligations where a health service closes or where an individual wishes their records transferred. The Office has also suggested that, among other things, the principle regulating the collection of health information without consent and where 'necessary to provide a health service' could be usefully amended.
5. In regard to health and medical research, the Office submits that the existing regulatory framework affords individuals with an appropriate degree of assurance that their personal health information will not be misused, particularly where it is handled without their consent. The Office draws attention to provisions where regulatory complexity could be reduced, particularly by harmonizing the enabling provisions for the section 95 and 95A mechanisms.
6. Consistent with the second reading speech for the Privacy Amendment (Private Sector) Bill 2000, the community expects that health information will be afforded privacy protections that are in addition to those applying to non-health information.
7. In that speech, the then Attorney-General, the Hon Daryl Williams QC, said:
'The government recognises that the Australian public considers their health records to be particularly sensitive. ...The bill provides additional protections in relation to the use and disclosure of health information, as such information is clearly considered by the community to be particularly sensitive.' 280
8. The Office's own community attitude research, conducted in 2001 and 2004,281 supports the view that many individuals feel that their personal health information is particularly intimate and should be handled with sensitivity.
9. The justifications for this view on the importance of health privacy are well established, including that such information could, if handled inappropriately, lead to individuals being discriminated against, including for employment, housing and insurance purposes. Similarly, individuals may suffer hurt and embarrassment where their personal health information leads to marginalisation or stigmatisation. Personal and familial relationship could be damaged by the disclosure of health information that the individual understood would remain confidential.
10. As a consequence, if individuals do not believe that their personal health information will be treated privately, they may avoid treatment or withhold information that may be crucial to their clinical care. As well as affecting the health of the individual, this absence of trust could also have broader public health consequences, particularly where a condition is contagious or could be linked to causal environmental factors that may otherwise be able to be mitigated. Similarly, the efficient delivery of health services may be hindered where individuals are hesitant to seek treatment at early stages of their condition before their symptoms require more intensive or chronic care.
11. The strong tradition in the health sector of confidentiality and adherence to ethical values reflects the underlying importance placed on the appropriate handling of individuals' personal health information. The role for health privacy regulation is to build upon such values to ensure that evolving community expectations remain fulfilled, particularly in an environment where information is increasingly and routinely collected and stored in electronic form.
12. While recognising the importance of additional privacy protections applying to health information, the Office submits that such protections are likely to be able to be accommodated within the existing regulatory framework of the Privacy Act.
13. In responding to Chapter 8 of ALRC Issue Paper 31 (IP31), the Office proposes a number of measures, detailed in later questions, that would enhance health privacy regulation. The Office is, however, of the view that such measures could be accommodated within the principle-based framework already existing (or equally, within the unified principle-based framework proposed earlier in this submission in response to questions 4-34 and 4-35).
14. Accordingly, the Office submits that health privacy regulation could be enhanced by building upon existing provisions, without the necessity of an additional instrument or an entirely new set of principles. In the event that the Office's proposal for a single set of principles is adopted, these enhancements could be incorporated into the new set of principles.
15. The Office understands that other stakeholders may hold differing views on this matter and would prefer a separate regulatory instrument specifically for the health sector. The Office submits that a uniform and coherent approach to privacy regulation is best served by incorporating privacy protections into a single body of regulation.
16. A single body of regulation is also likely to reduce regulatory complexity for those agencies and organisations that handle both health and non-health information. The existence of separate sets of principles may create confusion by requiring agencies and organisations to refer to different instruments, depending on the type of personal information they are handling at any given time.
17. The Office believes that, overall, health service providers have achieved a high level of compliance with and understanding of the NPPs. While some specific issues remain, it is the Office's view that a number of these could be effectively addressed through enhanced communication and education campaigns by the Office. In its Private Sector Review, the Office committed to providing such guidance on a number of specific areas, including those addressed later in response to questions 8-9, 8-17 and 8-20.
18. Where specific amendments are likely to be appropriate, including as proposed in response to questions 8-13, 8-15, 8-21, 8-22 and 8-24 (amongst others), the Office submits that it could work with consumers and providers to implement these reforms while building upon the established body of understanding that has developed since the NPPs were introduced in 2001. In contrast, creating a new and separate set of privacy principles could risk undermining the awareness and understanding developed by the sector and the community since the NPPs were introduced.
19. The Office submits that an entirely new regulatory instrument for health privacy should only be pursued where there is a clear evidence of substantial manifest failings in how the existing principles have worked. As suggested above, the Office believes that the existing principles and regulatory framework have broadly functioned well since inception in 2001. While the current review provides an opportunity to refine and improve existing regulation, there does not appear to be a compelling reason that warrants the wholesale reform of the principles regulating health privacy. Such a process, even where pursued with care, would leave open the risk that extensive new and untested regulation may lead to unintended or undesirable consequences.
20. Further, substantial reform of health privacy regulation raises the risk, at least in the medium term, of undermining regulatory stability and promoting regulatory complexity. Investments made by stakeholders in developing compliance skills with the existing regime may be wasted.
21. Further, the Office notes the potential logical inconsistency that may emerge if the existing two sets of principles were unified (as the Office has advocated in response to questions 4-34 and 4-35), while at the same time a new and separate set of principles were being introduced for a specific sector.
22. Accordingly, in absence of a clear objective basis for pursing a separate regulatory instrument for health information, the Office submits that enhanced health privacy regulation should be given effect as part of a unified set of privacy principles.
23. The Office submits that if a separate instrument were pursued for health privacy regulation then it must be drafted on the basis that the protections offered will be at least equivalent to those already provided by the Privacy Act. This could be done by maintaining a single set of principles, though retaining the flexibility to make binding guidelines on matters of detail. Such guidelines should not derogate from the protections afforded in the principles. This 'equivalence' test is consistent with the existing s18BB of the Privacy Act, which requires that any industry privacy code must offer protections that are at least equivalent to those in the NPPs. As detailed below in response to questions 8-3 and 8-4, it is noted that the Office does not believe that the proposed National Health Privacy Code (NHPC) meets this test of affording equivalent protections.
24. The Office has previously stated that:
'The best advice available to the Office is that where an act or practice is regulated by the Commonwealth Privacy Act, then it is not regulated by a State or Territory Privacy Act. On this basis, the State and Territory health privacy Acts are restricted in their application to the relevant State or Territory public sector, and perhaps aspects of the private sector which are exempted from the Privacy Act 1988 (e.g. certain small businesses and certain acts or practices relating to employee records).'282
25. Equally though, the Office has recognised that the matter is not fully settled and that other parties may have differing advice. The Office has said that this lack of certainty:
'... creates a major potential obstacle to effective and consistent privacy regulation in the Australian federal system. This may result in consumers not knowing where they should go to resolve issues about their health information. It could also create problems for those covered by the legislation, as organisations will not understand their obligations and the standards they have to meet.'283
26. The Office submits that amending section 3 of the Privacy Act to make clear that its provisions 'cover the field' for the regulation of Australian Government agencies and private sector health service providers would be a significant step toward reducing possible uncertainty for those bodies.
27. The Office submits that inconsistency between how state and territory jurisdictions regulate their own agencies, while a significant issue, is less crucial than eliminating those circumstances where there is uncertainty in the private sector as to which jurisdiction applies. The Office suggests that the Privacy Act could serve as a useful model for jurisdictions in preparing their own legislation.
28. The Office supports the notion of consistent, and preferably uniform, health privacy regulation. However, such protection must be consistent with the Parliament's intention in passing the private sector amendments that health information be afforded 'additional protections in relation to the use and disclosure of health information, as such information is clearly considered by the community to be particularly sensitive.'
29. As noted in the Office's 2002-03 Annual Report284, the Office held observer status on the working group that negotiated the content of the proposed NHPC. Accordingly, and consistent with its observer status and with its role as a potential 'Code approver', the Office had limited input to the development of the content of the proposed code.285
30. The Office notes that in a number of significant areas, particularly concerning the collection, use and disclosure of health information, it is questionable whether the proposed NHPC would be likely to be equivalent to the protections of the NPPs. These areas are detailed below in response to questions 8-11, 8-15, 8-18 and 8-21.
31. In addition, in a number of areas, the proposed code seems unwieldy, complex and overly prescriptive and, hence, inconsistent with the established light-touch approach to privacy regulation.
32. The Office notes that a copy of a proposed code is available from an archived webpage maintained by the National Library of Australia.286 This version is marked as a 'proposed National Health Privacy Code' and dated August 2003. This archived webpage, originally created by the Department of Health and Ageing, explains that:
A revised version of the Code, draft mandatory guidelines for research, and draft explanatory notes for the use or disclosure of genetic information will be considered by Health Ministers in late 2004.
33. However, the Office is not aware that any subsequent agreed version is publicly available, or whether any further substantive progress has been undertaken toward implementing the instrument, nor toward finalising the various guidelines that are referred to in its provisions. Accordingly, it appears highly uncertain whether finalising and implementing the proposed NHPC remains a priority for jurisdictions. Incorporating it into the Privacy Act would, therefore, not resolve inconsistencies between the regulation of privacy in the public health systems and the private sector, but may instead reduce the protections currently applying to health information under the NPPs.
34. The Office also notes that national consistency may not, in itself, be adequate to address existing complexity. This is because consistency can be taken as merely providing that various regulatory regimes are not inconsistent, though they may still provide different obligations, whether substantive or on matters of detail. The ultimate value of any regulatory instrument agreed to and implemented by all jurisdictions is more likely to depend on uniformity, whereby the same obligations would apply in each jurisdiction.
35. In contrast, the Office submits that amendment to section 3 of the Privacy Act, as suggested in the response to question 8-2 would significantly reduce the degree of regulatory overlap and complexity for the private sector in those jurisdictions where local law purports to impose regulation. This would, by itself, be a significant step forward in reducing regulatory uncertainty and promoting national uniformity for the regulation of the Australian Government and private sectors.
36. Accordingly, the Office submits that the proposed NHPC, in its current form, would not be an appropriate or effective regime for the regulation of health information.
37. The proposed NHPC may, however, serve as a useful resource document by providing a range of options that could be adopted to enhance privacy regulation. This could include on matters about which the Privacy Act is currently silent (such as those discussed in questions 8-22 and 8-24).
38. As discussed in question 8-3 and detailed below in response to various questions, the proposed NHPC would be unlikely to afford overall protections that are equivalent to those offered by the existing NPPs. It would seem an undesirable outcome for reform of privacy law to result in a lessening of privacy protections for health information.
39. Further, as noted in question 8-3, the Office is not aware of substantive progress by the various jurisdictions, since 2003, toward implementing the proposed NHPC nor preparing the necessary guidelines referred to in its provisions. In the absence of evidence of such progress, the Office submits that the proposed NHPC should be set aside and health privacy reform progressed through amendment to the existing NPPs.
40. As also noted above in question 8-3, the proposed NHPC may still offer value as a resource describing a range of possible regulatory options for the Privacy Act.
41. As outlined below, the Office has previously advocated that electronic health information systems should be accompanied by specific legislative measures to ensure community confidence that personal health information will be handled privately.
42. The Office has previously noted the potential benefits that may accrue to individuals and the broader community through the use of shared electronic health records (SEHRs). Such systems have the potential to deliver financial savings to the health sector as well as facilitating improved electronic linking of health information for clinical and health research purposes in the public interest. They may also improve the efficiency for individual providers by reducing the amount of time they spend obtaining patient information. Most importantly, such systems may improve clinical treatment by enhancing information flows between health service providers.287
43. However, the Office has also noted that such systems have the potential to vastly increase the capacity to collect, store, copy, transmit, share and manipulate health information, including in ways not expected by individuals. There is greater potential for health information collected for one purpose, to be used or disclosed for other purposes increasingly unrelated to the reason for which it was initially collected (the 'function creep' phenomenon). This potential is enhanced by the IT-enabled ability to link data from disparate sources, including possibly from beyond the health sector.
44. Given these risks, and the importance of ensuring that SEHRs promote trust in the community and allow individuals to retain appropriate control over their personal health information, the Office has previously strongly argued that legislative protections are one important element toward building a robust privacy framework for such systems.
45. The Office has advocated the view that interaction with e-health records systems should operate on an 'opt-in' basis, wherein an individual's consent cannot be implied.288 Accordingly, for the purpose of such engagements, consent should be defined to be limited to express consent, where an individual makes an active decision to participate.289
46. More broadly, the Office has previously submitted that, in the context of the former HealthConnect initiative, the legislative privacy protections should include:
'specific establishing legislation for HealthConnect setting out primary uses of data, authority and processes for approval of secondary uses of data, consent processes, penalties and sanctions and complaints mechanisms'290
47. The Office notes that the national SEHR agenda has progressed since its previous engagement with the HealthConnect project office, with responsibility for the implementation of SEHR systems now primarily devolved to the states and territories. The Office notes the work of the National E-Health Transition Authority in seeking to develop national uniform standards on which SEHRs may be pursued.
48. If SEHRs are implemented by state and territory governments, then they will generally remain outside of the Privacy Act's existing jurisdiction. Significantly though, the Office notes that private sector health service providers that engage with such systems are required to comply with the NPPs. Accordingly, there is scope for reform of the Privacy Act to make a useful contribution to defining appropriate standards by which individual's health information may be disclosed to and collected from SEHR systems.
49. This question refers to those guidelines made under section 135AA of the National Health Act 1953. As well as being enabled under this section, making the guidelines is also a function of the Privacy Commissioner under section 27(pa) of the Privacy Act.
50. The Office submits that, in absence of evidence to the contrary, the underpinning policy settings on which section 135AA was enacted remain appropriate. In the Office's view, Parliament's decision to make the guidelines the responsibility of the Privacy Commissioner was a clear statement that privacy was to be a primary concern for any guidelines. Transferring the role of making these guidelines to another body may alter this emphasis in such a way that other interests are afforded greater prominence. The Office submits that, without a compelling argument to the contrary, it remains appropriate for the Privacy Commissioner to retain this role.
51. The Office also submits that health information dealt with by section 135AA is likely to warrant additional protections of the type required by that section.
52. The two databases maintained by Medicare Australia to hold Medicare and PBS claims information are close to universal, in that they contain personal and health information on almost all Australian residents. This is unique information which is generally not found in other large government data sources, such as those held by the Australian Electoral Commission, Centrelink or the Australian Taxation Office.
53. Because of their universality and the high sensitivity of the information they contain, the Medicare and PBS claims databases warrant special protective measures. The relevant section is intended to ensure that Guidelines are made that provide such measures.
54. In regard to the sensitivity of the information being held, the Office notes that, generally, it is not possible to identify an individual's specific condition from Medicare claims information, which indicates visits to a health provider, but does not identify the medical condition. In some cases, however, Medicare claims information could infer what an individual has received treatment for. For example, a Medicare claims classification exists for identifying mental health consultations.
55. Similarly, in many cases, it would not usually be possible to accurately determine from PBS claims information an individual's precise medical condition, as one pharmaceutical may be used for a range of different conditions. On the other hand, some medications may only have application for a particular type of disease or a specific condition. For example, the Office has previously received expert advice that some pharmaceuticals are uniquely identified on the PBS schedule and are only used for specific and highly sensitive conditions.291
56. The Office released a report of its review of the guidelines made under section 135AA (the 135AA Guidelines Review) in August 2006.292 While it was beyond the terms of reference of this review to examine the enabling legislation for the guidelines, the 135AA Guidelines Review report did note the legislative underpinning of the instrument and the importance placed on ensuring that the information was handled privately. Relevantly, the following is drawn from chapter 2 of the report at page 19.
57. In the second reading speech for the National Health Amendment Bill 1993, Dr Andrew Theophanous (then Parliamentary Secretary to the Minister for Health) explained that the function of the section is to require:
'...that information obtained from claims for medical benefits must be stored in a separate database from information obtained from claims for pharmaceutical benefits, and prohibits linkage of such information except in the way specified in the guidelines.'293
58. Given the terms of reference of the 135AA Guidelines Review, stakeholders were not specifically asked for comments on the enabling legislation, however, it is noteworthy that many (though not all) stakeholders expressed support for the underlying intent of the enabling legislation.294
59. The Office is generally comfortable with the existing definitions of health information and health service provided in section 6 of the Privacy Act.
60. The proposed NHPC expressly includes 'mental and psychological health' as categories of 'health information', though the existing definition of the Privacy Act would already appear to comfortably allow for such an interpretation. In the Office's view, a common sense interpretation of health information would include information relating to mental health.
61. It is also noted that the proposed NHPC definition of 'health service' includes a significant departure from the Privacy Act definition in that it defines a 'health service' as an activity '...performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual service provider or the organisation performing it...[emphasis added]' to meet various health related functions.
62. In contrast, the Privacy Act definition includes provision for the perspective of the individual, not just the provider, by listing various activities '...intended or claimed (expressly or otherwise) by the individual or the person performing it [emphasis added]'. Accordingly, the definition contained in the draft NHPC appears to remove the role of the individual's understanding and interpretation of whether or not they believed that a health service was being provided to them.
63. It is also noted that the proposed NHPC definition of 'health service' removes the word 'record' from (a)(i) such that an activity that is intended 'to record the individual's health' may no longer be covered by the definition. The Office is unsure of the consequences of such an amendment. In absence of clear justification, the Office submits that such an amendment not be made as it would seem to reduce the range of activities currently deemed to be health services and thus may lower protections.
64. The Office also notes that the word 'injury' is added in addition to illness and disability in (a)(ii) and (iii) of the proposed NHPC definition. The nature of an injury appears to be distinct from the inherent properties of an illness or a disability, and as such, the inclusion of this word may increase the clarity of the definition.
65. The Office notes that the definitions of health information and health service in the draft NHPC include provision for certain types of each, whether by specific instance or by class, to be made exempt from the definition '...in accordance with the Code'. It is not immediately clear what process is envisaged for considering and giving effect to such exemptions. These provisions would seem to have significant potential to reduce privacy protections by creating a mechanism whereby health information might not be afforded the additional protections usually expected.
66. If such provisions were adopted during the process of health privacy reform, the Office submits that the decision to exempt types of information or services should be subject to mandatory consultation and Parliamentary scrutiny.
67. It is also noted that a similar exemption is included in the definition of 'health service provider' in the proposed NHPC.
68. The Office is mindful that an amendment to the Privacy Act which required all organisations that collect, hold or use health information to comply with the Privacy Act may result in increased regulatory complexity, and may create a regulatory burden on small business operators. The Office notes that all private health service providers are required to comply with the NPPs. However, there may be other organisations which do not provide a health service, but do collect, hold or use health information, for which an existing exemption applies, such as the small business exemption. The Office has, in this submission, asked the ALRC to consider the merits of creating certain exceptions to the small business exemption, including for child care providers, which hold potentially sensitive information including health information. Further discussion on this proposal can be found in the response to Question 9.1.
69. Australian Government agencies are covered by the Privacy Act where they are included in the definition of 'agency' in section 6.
70. The ALRC issues paper raises the question of whether agencies which are currently excluded from regulation under the Privacy Act, but which may hold health information, should be subject to the Privacy Act. The Office submits that the public interest in excluding these agencies from regulation is likely to be unrelated to the type of personal information that they may handled. Accordingly, the Office does not advocate that such agencies should fall within the Privacy Act's coverage simply because they hold health information.
71. The Office also notes that health information held in an employee record by an organisation would be exempt from the coverage of the Privacy Act by virtue of section 7B(3). The appropriateness of the employee record exemption is discussed in detail in Chapter 3.
72. The Office submits that guidance remains the best response to clarify when organisations may disclose information for the purposes of health service management. The Privacy Act already provides for this activity. In the absence of clear evidence of a problem, an amendment is unwarranted and risks introducing complexity.
73. In the accompanying discussion to this question, IP31 introduces a number of matters primarily drawn from the National Health and Medical Research Council's (NHMRC) submission to the Office's Private Sector Review.295
74. The Office recognises that management activities are an essential part of providing health services to the community. In its submission to the Private Sector Review, the NHMRC suggests a range of activities involved in managing health services, including quality assurance, quality improvement, policy development, planning, evaluation and cost-benefit analysis.296 The Office agrees with IP31 and the NHRMC's submission that it may, on occasion, be difficult to distinguish some of these management functions, such as quality assurance, from medical research.
75. Disclosures for health-management purposes are already provided for by the Privacy Act. Because these activities are integral to health services, disclosures of this kind will generally fall within NPP 2.1(a)(i), that is, they are directly related to the primary purpose of collection, and will usually fall within individuals' reasonable expectations, thus satisfying NPP 2.1(a)(ii).
76. The above position has already been expressed in the Office's guidance material. The Guidelines on Privacy in the Private Health Sector state that, provided it is within the individual's reasonable expectations, no extra steps need to be taken when using or disclosing personal information in circumstances such as:
an organisation's management, funding, service-monitoring, complaint handling, planning, evaluation and accreditation activities - for example, activities to assess the cost effectiveness of a particular treatment or service.297
77. This issue is also addressed in Information Sheet 11: Handling Health Information for Research and Management.298
78. The Office is not convinced that the circumstances warrant amending legislation, given the complexity that process may introduce. If, for example, a specific provision was introduced permitting disclosures, confusion would arise as to how this provision interacted with NPP 2.1(a): such an amendment would risk redundancy. An organisation engaging in health management may find it difficult to determine which section applied to them: the more general provisions of NPP 2.1(a), or the new provision. Difficulties also attend the prospect of introducing binding Guidelines, as organisations would be faced with the prospect of complying both with this new instrument, and with the NPPs.
79. The most effective response to uncertainty in this area is for the Office to issue guidance clarifying the position. In recommendation 61 of the Private Sector Review, the Office committed to this process, which it is currently implementing.
80. The Office recognises that there is a difference between how NPP 2 interacts with health service management, as compared with the collection of sensitive information provisions contained in NPP 10. NPP 2 does not refer to health service management. Instead, this class of activities is captured as one of the many forms of disclosures within the terms of the provision. By contrast, NPP 10 addresses collection for health service management explicitly, and subjects this activity to the Health Research Ethics Committee (HREC) oversight.
81. The NHMRC's submission to the Private Sector summarised the resulting difference in process:
Health information may be disclosed by an organisation in circumstances where compliance with the Privacy Act can be achieved without recourse to the Section 95A Guidelines, yet the legality of collection by the receiving organisation of the same health information depends on approval by an HREC under the Section 95A Guidelines.299
82. The Office submits that this difference is appropriate. NPP 2 provides organisations such as health-service providers with a degree of confidence to use information internally as necessary for management purposes where consistent with the individual's reasonable expectations, or subject to the individual's consent.
83. Conversely, the collection provisions (and associated HREC approval requirements) regulate information which has left the control of the health service provider and where there may be heightened privacy risks. Since the quality assurance will be conducted by the collecting organisation, it is reasonable that the obligations attach to this point in the information flow.
84. The individual's interest in how their personal information is handled requires that, where such collection occurs, consent should be sought, or the use of de-identified information be considered as an alternative. Where this is not practicable, ethics oversight is appropriate.
85. The ALRC IP31 expresses reservations about subjecting management processes to HREC oversight where these activities do not amount to research.300
86. The Office submits that the legislative framework is sound on this point, but would see merit in addressing the issue through institutional reforms.
87. At the legislative level, it is difficult to adequately distinguish all management activity from research. As the NHMRC itself acknowledges, it may be very difficult to differentiate some forms of health service management (such as quality assurance) from research. The two activities exist along a continuum.301 At opposite poles, the two forms of activity are quite distinct, but a grey area exists in particular around quality assurance, which in some cases could arguably be classed as both research and health service management.
88. The difficulty of distinguishing the two activities poses problems for legislation which attempts a separation. The risk is that expressly excluding health service management from HREC oversight will also exclude some activities which may be considered forms of research, notably quality assurance activities. This could amount to a lessening of current ethical safeguards and controls.
89. Concerns about the appropriateness of the HREC process are better addressed at the institutional level. The Office notes that section 95A allows the Commissioner to approve guidelines for the collection of health information for:
90. The two provisions are presented as alternatives. Therefore, the Privacy Act does not require that collections for health service management are to be subjected to an identical process as is used for research. The legislation already permits HREC processes to be tailored for management-related collection, should the sector wish to pursue this avenue.
91. The Office also notes that individual institutions are able to address this issue through their internal processes. As the NHMRC notes in its publication When Does Quality Assurance in Health Care Require Independent Ethical Review, institutions should encourage HRECs to:
'establish policies that allow efficient review of low risk quality assurance proposals. Delegates of HRECs could approve these proposals and this may avoid creating impractical and/or unnecessarily large workloads or delays.'302
92. The ALRC identifies a perceived gap in the NPPs in that they refer to 'management, funding and monitoring of a health service' and 'research relevant to public health or public safety.' They do not, however, refer to the management of research.303
93. This may be an overly precise reading of the NPPs. It is important here to note that NPP 2.1(d) refers to uses or disclosures necessary for research. This would comprehend the actual investigation itself, as well as the management structures and processes which are needed to support this activity.
94. Given that the Office has recognised the public interest in health research (see 8-29) the provisions would be given an enabling construction.
95. The alternative - introducing further provisions specifically permitting management, funding and monitoring of a research project - may introduce unnecessary complexity to the Act.
96. In the absence of evidence that this aspect of the Privacy Act presents difficulties for researchers, the Office does not see a need for reform.
97. In considering the application of the IPPs to the management, funding and monitoring of a health service, the Office notes that the provision of health services in Australia primarily falls on state and territory government agencies, or the private sector, rather than on Australian Government agencies bound by the IPPs.
98. At present, the IPPs do not explicitly provide for health service management - it is necessary to rely on basic principles. IPP 10(e) permits secondary uses which are directly related to the purpose of collection. As discussed in relation to NPP 2.1, this would cover health service management. IPP 11(a) states that disclosures are not permitted unless:
The individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that information of that kind is usually passed to that person, body or agency.
99. The best course of action is for the patient to be adequately informed of the likely information flows, and to seek their consent.
100. It is also useful to note that section 95, which provides a framework for the use of information held by Commonwealth agencies, does not refer to health service management. Section 95(1) reads:
The CEO of the National Health and Medical Research Council may, with the approval of the Commissioner, issue guidelines for the protection of privacy in the conduct of medical research.
This omission creates a gap in the legislation.
101. In addressing question 8-32, the Office proposes that the public and private-sector provisions for health and medical research be merged. A new provision should make explicit provision for health service management to address this gap.
102. The Office is not aware of evidence that regulation by the Privacy Act, where correctly understood and applied, impedes the provision of health care. For example, the Office does not consider that the Privacy Act prevents the collection, use or disclosure of health information where appropriate for an individual's health care.
103. The Office believes that the NPPs sit comfortably with good treatment practices and promote appropriate information flows within the health sector. Application of the NPPs is consistent with professional ethical standards, the principle of patient autonomy, and the collaborative relationship of trust between doctor and patient.
104. It appears that that there are some areas where the health service providers' understanding of NPP obligations could be improved. In some instances, uncertainty or confusion in the health sector as to how patients' health information should be handled may lead to unnecessarily conservative interpretations of the NPPs.
105. For example, the Office is aware of a case where a specialist refused to provide information to a referring general practitioner regarding a patient, without that patient's consent, purportedly because of the 'Privacy Act'. However, such disclosures would likely be consistent with the Office's understanding of NPP 2, which emphasises the important role of the individual's reasonable expectations in determining how their personal health information may be handled (the application of NPP 2 is discussed further in response to question 8-17). This example illustrates that incorrect perceptions regarding the regulation of personal health information may impede the provision of health services to individuals. This Office does not consider that the NPPs, when correctly interpreted and applied, create impediments to health services delivery.
106. As discussed in response to questions 8-1 and 8-2, in the Office's view a primary source of uncertainty in the health sector about privacy law obligations is likely to be the existence, in some jurisdictions, of multiple privacy instruments that purport to regulate private sector health service providers. Jurisdictional overlap of this type is likely to promote regulatory complexity and uncertainty, making it difficult for health service providers to understand and implement efficient and workable information handling policies.
107. In the Office's view, the requirement (whether real or perceived) to comply with multiple instruments at different jurisdictional levels is the most likely challenge faced by health service providers when seeking a degree of confidence that they are compliant with privacy regulation. However, in the Office's view, it would seem a further and exaggerated step to suggest that privacy provisions obstruct the provision of good healthcare.
108. As suggested in question 8-3, a key outcome of the ALRC's review process could usefully be to clarify which privacy principles apply uniformly and exclusively across the private health care sector.
109. The Office suggests that the prospect of achieving uniformity (or at least consistency) in health privacy regulation was a key reason why the concept of a NHPC received support from jurisdictions. Given that implementation of the proposed NHPC does not appear to have progressed, the Office submits that the Australian Government should act, as far as is possible, to unify organisations' obligations for the handling of health information.
110. As noted in response to question 8-2, the Office recommends that section 3 of the Privacy Act be amended to ensure the Privacy Act 'covers the field' for personal health information privacy in the private sector.
111. This would remove the ambiguity for private sector doctors, pharmacists and other private health sector organisations which may currently face uncertainty in determining their obligations under various privacy regimes.
112. The question of impaired capacity is discussed in greater detail in Chapter 9.
113. The Office submits that the Privacy Act is generally adequate, though there may be merit in the ALRC considering whether NPP 6 (on access) could be enhanced.
114. The proposed NHPC appears to go further, in some instances, in allowing more third parties to exercise access rights than would seem appropriate. The NHPC includes a definition of authorised representative, who can act on behalf of an individual with limited capacity, and outlines the powers of the authorised representative. Generally, it recognises formal legal representatives such as guardians and those acting under a power of attorney, or otherwise legally empowered. The Office considers that these arrangements are also implicitly recognised under the Privacy Act.
115. The NHPC also includes in its definition of authorised representatives a parent of an individual who is a child. 'Child' is not defined in the NHPC. The Office does not consider that this provides more clarity on when a parent may act on behalf of a child than does the Privacy Act, which relies on a common law test of capacity.
116. The NHPC provides a statement for the threshold test that should apply when determining whether an individual is incapable of giving consent. It establishes a different standard than current Office guidance material. The NHP prescribes that an individual has capacity if they understand 'the general nature and effect of giving consent in contrast the office's Guidelines on Privacy in the Private Health Sector stipulate that for consent to be valid, the individual 'must be capable of understanding the issues related to the decision and forming a view based on reasoned judgment'.
117. Additional clarity may be achieved if principles, other than NPP 2 (dealing with use and disclosure) and NPP 10 (dealing with collection of sensitive information), provided more explicit reference to dealing with representatives when an individual has impaired capacity or a decision making disability. In particular, measures in NPP 6 (dealing with access to information) could allow an individual to obtain access through a representative.
118. The Office has no other issues concerning consent to deal with health information, though would welcome the opportunity to examine other matters that may be raised with the ALRC by other submitters and incorporated in a future discussion paper for this review.
119. The Office supports amending the Privacy Act to give statutory effect to Public Interest Determinations 9 and 9A.
120. The combined effect of PIDs 9 and 9A is that health service providers may conduct acts or practices that would otherwise breach NPP 10.1, without being determined to have interfered with an individual's privacy. In summary, under PIDs 9 and 9A, a health service provider may collect health information from a health consumer about a third party without the consent of the third party when both of the following circumstances are met:
121. The Office acknowledges that relevant third party health information, such as family medical history, is an extremely important resource for clinicians. Submissions received during consultations for PIDs 9 and 9A emphasised that health care would be severely compromised if family history and other similar third party information were not available to practitioners.304
122. The Office also notes that it is often impractical to seek consent from third-parties, such as relatives. As has been noted elsewhere:
It is often not possible to directly assess individual relatives. This occurs because the relative cannot be traced, lives too far away to be interviewed, or is ill, deceased, or otherwise not available.305
123. The PIDs will expire on 11 December 2007, with a review due to take place before this date.
124. No submissions to the Private Sector Review criticised the content of the PIDs. A number of submissions were strongly supportive of the substance of the PIDs being incorporated into the NPPs, and described the crucial role of social and family histories in providing effective medical treatment.306
125. The Private Sector Review profferred two models for legislative reform, both of which would see the substance of the PIDs incorporated into the NPPs:
126. The review observed that since 10.2(b) already deals with providing a health service to the individual, the second option may be preferable.307 This could be given effect by inserting a new subclause 10.2(b)(iii), with two parts to accommodate the two criteria set out above. It is noted that the current drafting of NPP 10.2 assumes collection from the individual about which the information relates.
127. It should also be noted that, in response to a number of submissions, the Private Sector Review raised the possibility of limiting the scope of such a new amendment, particularly to exclude genetic information and information contained in an electronic health record. Given the potential breadth of detail that may be contained in such sources, which may go beyond that which has traditionally been obtained by collecting family history information, the Office submits that such limitations merit further consideration in this review.
128. IP31 has sought views on whether NHPP 1.1(i) offers a more appropriate and effective framework to that established by PIDs 9 and 9A. NHPP 1(i) provides that health information may be collected without consent where:
The information is a family medical history, social medical history or other relevant information about an individual that is collected for the purpose of providing a person (including the individual) with a health service, and is collected by a health service provider:
129. The Office submits that enacting the relevant provisions of the PIDs may be preferable to adopting NHPP 1.1(i). The Office believes that the sector has had over 4 years experience with the existing terms of the PIDs and that this affords the benefits of continuity and efficiency. In absence of compelling arguments to the contrary, it would not seem useful to change established regulation.
130. However, the Office notes that there may be value in considering the merit of allowing family, household or social histories to be obtained by a relative or carer where the individual is incapacitated. In this regard, the Office accepts that the provision of health care to an incapacitated individual may be assisted by the provision of such third-party information from another individual.
131. The Office notes that the forms of information prescribed in NHPP 1.1(e) diverge from the PIDs, though the full implications are these distinctions are unclear.
132. The Office submits that a PID is not required for insurance companies to collect health information about third parties without their consent.
133. The Office understands that family history information may be used in insurance underwriting to assess the probability that the applicant will suffer hereditary disease. In this context, family history information could be used to either deny coverage or to adjust premiums based on perceived risk.
134. As discussed in the Office's response to question 8-13, it is generally unlawful to collect health information (for example, family history information) about an individual without their consent.
135. The Office notes that insurers have collected family history information for over a hundred years.308
136. At the same time, the Office notes substantial community opposition to this practice. In research conducted by the Investment and Financial Services Association, 62% of respondents opposed the use of family history information by life insurance companies:
'The most prevalent view is that lifestyle factors must also be considered, and that a family history of a particular ailment does not predestine the offspring to inherit the affliction - effectively, the view is that 'the sins of the father should not be visited upon the son.'309
137. The Office also notes the debate about family history information's actuarial relevance. The usefulness of family history information as a predictor of an individual's prospective health may be quite limited. Due to the complex interplay of causal factors, '...correct actuarial determination of risk for a given individual may currently only be possible for a few cancer-related (and other) genetic conditions.'310
138. However, these concerns do not detract from the fact that family history information does have some relevance for underwriting. It may be effective, for instance, as a negative indicator, where family history information can indicate that an individual is not at high risk of a given condition.311
139. IP31 discusses whether PID 9A (collecting family history and other third-party information for the purpose of providing medical treatment) could provide a useful analogy for considering the practice. However, as the ALRC has recognised, this practice raises a very different set of policy issues to those addressed in PID 9 and 9A.
140. First, family history information is often vital to providing health care to the individual, whereas it is only a useful, but not integral part of insurance underwriting.
141. Secondly, the nature of the interests involved differ considerably. Determination 9A concerns the preservation of life and health, while the provision of insurance involves actuarial decision-making and loss-distribution. While important, the latter arguably lacks the compelling policy considerations necessary to warrant potentially lessening privacy protections.
142. The ALRC has previously recommended that insurers apply for a PID to make the practice lawful (ALRC Report 96). The Office notes that for a PID to be made, the Privacy Commissioner must be satisfied that the public interest in the act or practice occurring outweighs to a 'substantial degree'312 the public interest in adhering to the relevant IPP, NPP or approved privacy code.
143. Further, the Office's Public Interest Determination Procedure Guidelines explain that in making an application of a PID, an agency or organisation should identify:
Alternative courses of action that have been considered that would not lead to a breach of an IPP, NPP or an approved privacy code, with explanations as to why such alternatives are not feasible.313
144. Investment and Financial Services Association Standard 16 provides a practical solution to compliance with the Privacy Act by stating that insurers should collect family histories in a non-identifiable format.314 The Office supports this solution, which allows the industry to collect useful information in a format which respects individual privacy. Further, the presence of an alternative course of action that does not undermine compliance with the Privacy Act would tend throw further doubt on the appropriateness of a PID.
145. In regard to the first part of question 8-15, in the Office's view, NPP 10 generally functions well. However, the Office does note that there are some structural inconsistencies between NPPs 2 and 10, in that the permitted disclosures provided by the former do not align perfectly with permitted collections under the latter. For example, it is the Office's view that disclosures are generally likely to be permitted between members of a treatment team (discussed in greater detail in response to question 8-17). However, it is less clear which prescribed exception to NPP 10 could be relied upon by treatment team members to collect that information. In some circumstances it is likely that consent may be able to be implied. The Office recognises that this may not always be an exception upon which providers could confidently rely.
146. NPP 10.2 recognises the need of health service providers to collect health information without consent in certain circumstances. NPP 10.2(b)(i) allows such collection where it is necessary to provide a health service, and is required or authorised by law (this should be contrasted with 10.1(b) where collection must be required by law).
147. NPP 10.2(b)(ii) is intended to provide a mechanism to allow collection by health service providers where necessary to provide a health service, and in accordance with binding rules of professional confidentiality. However, it is the Office's view that no current rules fit the terms of 10.2(b)(ii) in such a way that it could be confidently relied upon. The Office considers in detail below the various options for addressing this.
148. In regard to the second part of question 8-15, the Office submits that NHPP 1 could lessen privacy protections in several areas, including allowing collection where 'required, authorised or permitted, whether expressly or impliedly, by or under law' (1.1(b)). It also allows collection of health information for research 'in the public interest' (1.1(e)), which is broad and difficult to assess. Nevertheless, the Office seems some merit in the underlying policy intent of certain other provisions, including those which allow collection of family history information (NHPP 1.1(i)), genetic information and deceased persons' information (parts of 1.1(d)).
149. These matters are discussed in greater detail below.
150. The first element of question 8-15 goes to the clarity of NPP 10.
151. The Office submits that NPP 10 appears to function adequately for most stakeholders; the need for its amendment was not a significant issue in submissions to the Office's Private Sector Review.315 The Office also notes the very small number of complaints it has received in regard to NPP 10 since inception of the private sector provisions.
152. Nevertheless, there would appear to be some misalignment between disclosures allowed under NPP 2, and the equivalent collection under NPP 10.316 For structural consistency and regulatory certainty, the Office believes NPP 10 would benefit from some clarification, particularly around the utility of 10.2(b)(ii).
153. NPP 10.2(b)(ii) is intended to allow collection of health information from a basis that recognises the longstanding tradition of professional ethics and duties of confidentiality in the health sector. NPP 10.2(b)(ii) permits collection without consent where necessary to provide a health service to an individual and where that collection is done 'in accordance with rules established by competent health or medical bodies that deal with professional confidentiality which bind the organisation.'
154. Both the Office's Private Sector Review and the ALRC's IP 31 note the ambiguity of 10.2(b)(ii), in that no existing rules appear to fit the provision's requirements.317
155. In the Office's view, rules envisaged by the current 10.2(b)(ii) provision would need to:
156. The Office is not aware of existing binding rules in the health sector that would meet each of these criteria. However, it should be noted that the Office has had few compliance issues with this issue, conceivably on the grounds that relevant complaints would seem more likely to go to the act of disclosure, rather than subsequent collection.
157. As discussed in response to question 8-17, the Office believes that it is appropriate for the health sector to be able to exchange health information for the purpose of treating an individual where such exchanges are within the individual's reasonable expectations. The Office does not believe that consent need always be obtained when using, disclosing or collecting health information in the context of providing care. Addressing the current anomaly in NPP 10.2(b)(ii) could allow for the appropriate collection of health information that is necessary for a health service, where the equivalent disclosure is within reasonable expectations. Examples of where such a mechanism could be valuable include:
158. The Office sees three alternatives for reform of NPP 10.2(b)(ii):
159. In the Office's view, option 3 would appear to be offer an appropriate and transparent mechanism for reforming NPP 10.2(b)(ii), and would cause the least interference with current good practice in the health sector. This option would provide greater alignment between the disclosure and collection provisions of the NPPs, and resolves the possible uncertainty surrounding collection by members of a treating team and other similar scenarios.
160. By way of contrast, the proposed NHPP appears to address collection by a treating team (and others) by way of NHPP 1.1(d). This draft provision effectively offers a 'catch-all' authority allowing collection of health information wherever the equivalent disclosure is authorised under certain provisions of NHPP 2. This includes where the disclosure is directly related to the primary purpose of collection, and within the individual's reasonable expectations. However, the Office is concerned that, in the pursuit of this consistency, NHPP 1.1(d) lowers existing privacy protections in other areas.
161. The Office recommends that the ALRC's current review give further consideration to the operation of 10.2(b)(ii) and possible solutions.
162. IP31 questions why 10.1(b) differs from 10.2(b)(i) (collection 'required by law' compared with 'required or authorised by law'), following the 2006 amendment to the Privacy Act.318
163. As a consequence of the 2006 amendment,319 NPP 10.2(b)(i) permits collection of health information without consent, if the collection is necessary to provide a health service and is required or authorised by law (the amendment introduced the word 'authorised' to NPP 10.2(b)(i)).
164. If the collection of health information is not necessary to provide a health service, the collection would need to be required by law under 10.1(b), not merely authorised. While the test of 'required or authorised' in 10.2(b)(i) effectively establishes a lower threshold than the 'required by law' test of 10.1(b), it must be read in conjunction with the joint-test established by 10.2(a). This establishes a regulatory obligation specific to health service delivery, which is quite distinct from that provided by 10.1(b).
165. The underlying intent of this distinction between NPPs 10.1(b) and 10.2 is that the latter is intended to recognise the special role of health service providers, which at times must collect personal information without consent where it is necessary for individual health care. Prior to the 2006 amendments, the Office's Private Sector Review noted that 'the more restrictive provisions of NPP 10.2(b)(i) ... [could] have the potential to unduly impede the effective delivery of services.'320 The Private Sector Review report also noted that:
'The restrictive character of this sub-paragraph may be inconsistent with the Privacy Act's general reliance upon the ethical traditions, including recognition of the duty of confidentiality, of health service providers.'321
166. The Prescription Shopping Information Service (PSIS), provided by Medicare Australia,322 provides an example of where a 'required by law' test does not work in the health care context. Prior to its amendment, NPP 10.2(b)(i) was too narrow to permit general practitioners to collect health information from the PSIS. This was because a relevant legal authority existed that only authorised, but did not require, the collection323 (even though use of the PSIS is predicated on the collection being necessary to provide a health service to individuals suspected of using medicines beyond their therapeutic needs).
167. In contrast to the intent of NPP 10.2(b)(i), where an organisation seeks to rely on a legal authority to collect personal health information without an individual's consent for a purpose other than the provision of a health service, the Office submits that it is appropriate that such law expressly require the collection, as provided for in NPP 10.1(b).
168. Accordingly, the Office submits that the distinction between NPPs 10.1(b) and NPP 10.2 is significant and appropriate.
169. Not all disclosures of health information under NPP 2 involve a collection under NPP 10. For example, a disclosure may be to an individual (such as a relative) or an entity that is not bound by the Privacy Act (such as a small business that does not provide a health service or to a state police force). Also, a disclosure could simply be verbal, whereas a collection involves holding information in a record.324
170. IP 31 provides an example of where disclosure and collection principles may not align - where a health service provider pre-emptively discloses a patient's health information to a medical defence insurer 'where there is not and may never be a legal claim'.325
171. In regard to this example, the Office is not convinced that a collection by the insurer would be necessary if a legal claim is not 'on foot'. The provider could, for example, de-identify information if they felt it necessary to report the incident to their insurer in anticipation of potential future legal action.
172. The second element of 8-16 seeks views on the adequacy of NHPP 1.
173. The Office believes NHPP 1 would afford lesser privacy protection to health information in several areas. Particular differences are outlined below.
174. NHPP 1.1(b) would permit collection of health information without an individual's consent where 'required, authorised or permitted, whether expressly or impliedly, by or under law'. The Office notes that the inclusion of 'permitted' and 'whether expressly or impliedly' appears to leave open the prospect of wider legal permissions than the current exceptions under NPP 10.1(b) ('required by law') and NPP 10.2 ('necessary to provide a health service to the individual' and 'as required or authorised by or under law (other than this Act)').
175. The Office is particularly concerned, for example, as to what may constitute an 'implied permission' to collect health information without consent. The Office understands that the word 'permit' can be interpreted in such a way that a permission may '...sometimes even be inferred from an unfettered handing over for use without a knowledge of that particular use'.326 Put another way, 'permit' could be interpreted as allowing by inference something to occur on the grounds that it is not specifically prohibited.
176. In the Office's view, the sensitivity of health information and community expectations regarding its appropriate handling should require that a legal authority to collect it, without the individual's consent, should be relatively narrow, transparent and subject to a clear statement from a Parliament.
177. NHPP 1.1(c) provides that health information may be collected without the individual's consent where:
178. This provision combines elements of NPPs 10.1(c) (where there is a 'serious threat and imminent threat to life or health' and incapacity) and 10.2 (collection necessary for a health service). While the Office recognises that such a provision may be helpful toward ensuring that individuals lacking capacity are afforded health care, it is noted that this principle removes from consideration any role for the individual's reasonable expectations. For this reason, the Office submits that its proposed amendment to NPP 10.2, incorporating a reasonable expectations test, is a preferable alternative.
179. NHPP 1.1(d) provides that information may be collected without consent where:
180. This provision is designed to promote consistency between collection and disclosure principles. While this has some intuitive appeal and offers a simple approach to reconciling collection and disclosure exceptions, it is necessary to consider the potential effects of such a provision and whether it would afford equivalent protections to the existing structure of the NPPs.
181. In this regard, the Office notes that NHPP 1.1(d) allows collection of health information, without consent, as a result of a disclosure made in accordance with NHPP 2.2(a), that is, directly related to the primary purpose of collection and within the individual's reasonable expectations. This would provide a lower test than NPP 10.2, as the information need not be necessary to provide a health service. NPP 10.2 is deliberately narrow in focus, requiring that personal health information may only be collected without consent where it is necessary to provide a health service (unless an alternate exception to NPP 10 is available).
182. The Office refers to its earlier proposal in response to this question that NPP 10.2 be amended such that a test of an individual's reasonable expectations be adopted, though only in conjunction with the existing test that the collection be necessary to provide a health service. This would provide a principle that more effectively balances the needs of providers to collect information in a care context, with the need to ensure that privacy protections are maintained, including by giving due regard to the expectations of individuals.
183. Collection for some other purposes in NHPP1.1(d), such as management of a health service and law enforcement purposes, are likely to be encompassed within existing NPP and IPP collection provisions (or would be outside of the Privacy Act's jurisdiction, such as in regard to collections by state police).
184. NHPP 1.1(e) would permit the collection of health information for research or statistical purposes 'in the public interest'. This appears to go beyond the existing exception provided in NPP 10.3, which provides a mechanism allowing such collection for narrower and more easily definable purposes - 'relevant to public health or public safety'.
185. In this regard, it should be noted that the Office has considered the scope of any research exceptions in greater detail in responding to question 4-13 and 4-32, as well as in questions 8-29 through to 8-32. While proposing some amendments to these arrangements, the Office is informed by a body of community attitude research that suggests that many individuals would be uncomfortable with such a broad exception allowing collection of health information without their consent. The Office notes that this position would not cause a halt to such research, but would require researchers to either seek individuals' consent (whether express or implied) or conduct their research using de-identified information.
186. Additionally, where there is a compelling public interest, any Parliament may choose to enact law requiring the collection for that purpose. A number of Parliaments have enacted such laws, including for the purpose of various health registers.
187. NHPP 1.1(f) would permit the collection of an individuals' health information without consent to prevent or lessen a 'serious and imminent threat to life, health, safety or welfare of any individual', and is mirrored in NHPP 2.2(h) to allow disclosure in the same situations (see the Office's response to question 8-18).
188. The existing NPP 10.1(c) is limited to permitting collections without consent for the purpose of addressing threats to 'life or health'. The Office believes 'safety', as included in NHPP 1.1(f), would be likely to be encompassed within 'life or health'. Perhaps of more concern, the Office submits that the inclusion of threat to any individual's 'welfare' would be difficult to define and would potentially significantly expand the current exception.
189. NPP 10.1(c) also limits collection to situations where the individual cannot consent, while NHPP 1.1(f) does not (instead, it requires collection be 'in accordance with [issued] guidelines, if any...'). Requirements for collection under NPP 10.1(c) do however appear inconsistent with disclosure allowed by NPP 2.1(e), because the latter does not require incapacity to consent.
190. NHPP 1.1(g) would allow the collection of health information without the individual's consent by or on behalf of a law enforcement agency that the organisation reasonably believes is necessary for a 'law enforcement function'. Although it aims at consistency with use and disclosure provisions, this is a broad exception when compared with NPP 10. The latter holds that such a collection must be required by law (10.1(b)), or to prevent or lessen a serious and imminent threat to life or health, where the individual whose information is being collected cannot consent.
191. NPP 10.3 facilitates the collection of health information that has been disclosed under NPP2.1(d). In responding to question 8-32 and as part of harmonising the research mechanisms under sections 95 and 95A, the Office has recommended that NPP 2.1(d) be amended to allow the disclosure of personal information (that is, not restricted to health information) where it is relevant to 'health and medical research', rather than 'public health or public safety'. If that recommendation is adopted, NPP 10.3 would need to be amended to apply to all sensitive information.
192. In addition, the Office notes that 10.3(d)(ii) is expressed in the same terms as the (currently ineffective) 10.2(b)(ii), and may need amendment as discussed above in question 8-15.
193. The Office recognises that some health sector stakeholders hold the view that the current application of 'primary purpose' under NPP 2 restricts health service providers from disclosing information appropriately within an individual's treating team, which in turn impedes healthcare.
194. However, the Office believes that NPP 2 sits comfortably with the relationships of trust and good communication that are the hallmark of good practice in the health sector. The Office does not believe that it is always, or even usually, necessary for a health service provider to seek the consent of an individual before using or disclosing their health information to provide healthcare.
195. The operative elements to applying NPP 2.1(a) to the provision of health services are that the use or disclosure be for a directly related secondary purpose within the individual's reasonable expectations. In the healthcare context, an individual's reasonable expectations are likely to be formed by, amongst other things, what they are told may happen to their health information during the course of usual consultations. The Office believes that the health sector has a strong awareness of the importance of communicating with patients regarding how their information will be used and disclosed in the course of treatment. Such communication should greatly increases doctors' confidence that they may share health information with other providers, without necessarily seeking the patient's consent.
196. Consistent with Private Sector Review recommendations 77 and 78, the Office believes further guidance on appropriate use and disclosure for the primary purpose of collection, and directly related purposes, would clarify for health service providers the degree to which existing good communication facilitates compliance with NPP 2.
197. Issues concerning NPP 2 and the construction of primary purpose are discussed in greater detail below.
198. NPP 2 establishes the general rule that organisations, such as private sector health service providers, may only use or disclose personal information for the purpose for which it was initially collected (that is, the 'primary purpose'). In the health care context, the Office has consistently interpreted a health service provider's primary purpose for collecting health information as the 'main or dominant reason the individual is seeking assessment, treatment or care.'328
199. However, there are a number of exceptions to this general rule. These exceptions provide that personal information may be used or disclosed for another or 'secondary' purpose if, for example, the individual consents (NPP 2.1(b) or where the use or disclosure is necessary to respond to a serious or imminent threat to any person's life, health or safety (2.1(e)(i)).
200. Relevantly for the health sector, NPP 2.1(a) provides that health service providers may use or disclose health information for a secondary purpose if:
201. The Office believes that NPP 2.1(a) provides an appropriate mechanism for regulating how health information may be used and disclosed, without the individual's consent, in the health context. It does not require providers to routinely and unnecessarily seek consent from individuals for the sharing of their health information for treatment.
202. The Office submits that this application is consistent with community expectations regarding how health information should be handled. Attitudinal research from Australia and overseas has found that many individuals have strong views on the handling of their health information, including the extent to which it should be shared. These views are likely to be more relevant as clinical care moves toward greater use of electronic health records, which may facilitate the sharing of information on a vastly greater scale than paper-based records.329
203. Research conducted by the UK National Health Services summarised some of these concerns as:
If this information is inappropriately shared outside the NHS, it may prejudice people's ability to get jobs, life insurance or mortgages. Information shared inappropriately within the NHS could affect the way people are treated by health and other public services (eg. about terminations of pregnancy, debt, literacy, or mental health problems).330
204. This same research found that the degree to which individuals felt health information should be shared depending on the purpose for which it would be used. While a majority of individuals supported it being shared to treat a specific health problem, individuals viewed sharing for other purposes, including managing a health service, as far less important. A majority of individuals believed that sharing for any purpose other than clinical care should be with consent or by using de-identified information. Additionally, this research found that even for clinical care, at least some types of information, such as termination details, sexual health or mental health, should not be routinely shared.331
205. Many of these themes are supported in other research. In addition, research has found that individuals may have sensitivities about health information being shared without consent even across a treatment team332 and distinguish between different types of health professional.333
206. As discussed in the Office's Guidelines on Privacy in the Private Health Sector, an individual's reasonable expectations are what a reasonable individual with no special knowledge of the health sector would expect to happen to their health information in the given circumstances.
207. Such expectations are closely linked to what the patient is told and how they react. In this regard, it should be noted that practitioners must comply with obligations under NPP 1.3 to provide notice to individuals as to how their personal information will be handled. Therefore, compliance with NPP 1.3 notice requirements will enhance practitioners' ability to rely on patients' 'reasonable expectations' for appropriate disclosures.334
208. Moreover, the type of communication that would normally be entered into by practitioners and individuals in the course of consultation and treatment is likely to be a key determinant of an individual's reasonable expectations of how their health information may be handled. As is discussed in greater detail below, the Office submits that the long-standing importance placed by the health sector on effective practitioner-patient communication promotes an environment whereby a mutual understanding can be established as to how health information will be handled.
209. In addition, reasonable expectations may be influenced by the degree of awareness in the general community about how the health system may provide care to individuals. In some cases, community education campaigns may contribute significantly to framing an individual's reasonable expectations.
210. The Office understands that some health stakeholders believe existing distinctions between disclosures for a 'primary purpose' and 'directly related secondary purposes' may interfere with holistic care, conflict with doctors' legal and professional obligations, and hinder necessary and appropriate use and disclosure within a patient's treating team. Some have called for 'primary purpose' to be applied broadly in the health care context, such as to encapsulate 'the health care and well being of the patient', unless otherwise agreed.335
211. In addition, some health sector stakeholders believe that a consequence of a applying a narrow interpretation to primary purpose is that providers must always obtain a patient's consent, whether express or implied, before sharing health information with other health service providers.
212. As discussed in greater detail below, the Office believes that these concerns can be assuaged by recognising the high degree to which existing good clinical practice facilitates compliance with NPP 2.1.
213. The Office notes that contemporary approaches to health service delivery increasingly emphasise an 'holistic' rather than episodic approach to health care. The Office acknowledges the potential health benefits of such an approach.336 Equally though, the Office submits that effective communication and patient autonomy regarding information-handling remain essential to ensuring that individual's privacy expectations are met.337
214. In a health care context, episodes of care provided as part of an holistic approach to treatment will often be directly related to the primary purpose of collection. The Office has recognised that an holistic approach to the provision of health care can be comfortably accommodated within the 'directly related, within reasonable expectations' test of NPP 2.1(a). Specifically, in the Guidelines on Privacy in the Private Health Care Sector the Office has explained:
'The concept of holistic health care recognises that a health service provider can treat an individual for a number of different complaints or ailments at a single time. In these circumstances, the primary purpose is linked to each of these conditions or ailments.
This principle also allows personal information to be used or disclosed without further consent if this occurs for reasons directly related to the primary purpose and these are within the reasonable expectations of the individual. These are uses and disclosures for directly related secondary purposes.'338
215. The Office acknowledges the importance of communication to the fiduciary relationship of trust between health service providers and patients, and is confident that this strong tradition of effective communication in the health sector does much to promote providers' compliance with NPP 2 when sharing health information for treatment.
216. As the then President noted in the AMA's Privacy Resource Handbook (2002):
'Aligning patient and doctor expectations better will reduce red tape and the costs of complying with the privacy legislation while maintaining quality patient care.'339
217. Similarly, the Office notes that the role of an individual's reasonable expectations sits comfortably alongside values articulated in the AMA's Code of Ethics,340 including those ethical principles that go to respecting the individual (1.1(b)), approaching health care as a collaboration between doctor and patient (1.1(c)) and maintaining patient's confidentiality (1.1(l)).
218. The Handbook For The Management Of Health Information In Private Medical Practice produced by the Royal Australian College of General Practitioners similarly notes that:
'Sharing information is integral to good doctor-patient communication and to high quality care, providing an opportunity for health promotion and for building trust.'341
219. The Office notes that Australian doctors have been recognised in international benchmarking research for their effective clinical communication skills.342
220. Accordingly, while effective clinical-patient communication is essential to good clinical care,343 the degree to which such practices promote compliance with NPP 2 should not be underestimated.
221. The policy intent of NPP 2.1 is to ensure that individuals are aware of what may happen to their health information and are able to exercise an appropriate degree of control over its handling, by requiring that personal information should only used or disclosed for the purpose for which it was collected, unless there is a strong justification. If 'primary purpose' is construed broadly, use and disclosure are harder to regulate, and the original policy intent is more difficult to achieve.
222. In the Office's view, the casting of 'primary purpose' in general broad terms such as 'healthcare and wellbeing' would:
223. In contrast, the existing approach to applying 'primary purpose' in the health care context:
224. Further, the Privacy Act must have adequate scope for redress against unacceptable use and disclosures of health information by the small proportion of health service providers who may not adequately uphold their privacy obligations. This includes maintaining an interpretation of primary purpose that allows for a specific purpose to be identified. Otherwise, an organisation could claim that a disclosure was made for the primary purpose of 'healthcare' or 'wellbeing', satisfying NPP 2 without reference to what a patient would reasonably expect in the circumstances.
225. As health services are amalgamated and corporatised, and as e-health initiatives evolve to simplify the transmission of health information between providers, it is likely to be increasingly important for the use and disclosure of health information to be sufficiently regulated, and that health service providers and individuals share common understandings of how it will be handled. This is important to continued trust and quality assurance in the healthcare professions, as well as to patients' autonomy and peace of mind, and the continued effectiveness of the Privacy Act.
226. Consistent with Private Sector Review recommendations 77 and 78, the Office believes increased guidance on appropriate use and disclosure for the primary purpose of collection, and directly related purposes, would clarify for health service providers the degree to which existing good clinician-patient communication facilitates compliance with NPP 2.
227. This may include updating information sheets, providing greater access to these and other Office resources, and publishing articles in prominent health sector publications. A clearer understanding of how these terms operate would allow health service providers to be more confident in using and disclosing patients' information for appropriate and mutually anticipated purposes, and ensure individuals receive enough information to retain control over the direction of their healthcare.
228. The Office submits that NHPP 2 is not, overall, a more appropriate or effective framework than NPP 2 for regulating when organisations may use or disclose health information.
229. There are two primary reasons influencing this view. Firstly, NHPP 2 appears excessively lengthy and complex, thus potentially making it difficult for health service providers and consumers to adequately understand, apply and rely upon. The highly prescriptive approach taken by the principle also seems inconsistent with the government's intention that privacy regulation in Australia be applied in a 'light touch' manner. Secondly, in a number of provisions, NHPP 2 reduces the level of privacy protections (including by limiting individual choice and control) currently available under NPP 2.
230. As suggested in the response to question 8-3, above, the provisions of the proposed NHPC may offer utility by demonstrating options on matters about which the Privacy Act is silent. In this regard, there are elements of NHPP 2 which could be considered for adoption in an enhanced NPP 2. These include:
231. The comparative merits of various principles are discussed in greater detail below.
232. NHPP 2.2 lists the exceptions that may be relied upon to use or disclose health information for secondary purposes. Some exceptions appear to reduce the protections afforded in the existing NPP 2, though others seem to provide equivalent or greater protection. The possible effects of some proposed changes are not clear, leaving open the risk of unintended consequences.
233. The Office submits that the community generally expects to be asked to consent to the handling of personal health information for secondary purposes other than clinical care. This is supported by a body of community attitude research.345 As has been suggested by the UK Academy of Medical Sciences, '...as a general rule, patients grow increasingly concerned about access to their data as control moves from their own GP'.346 This view has been supported elsewhere.347 New Zealand research, for example, has found significant differences in the degree to which individuals believe health information should be shared for different purposes. While sharing to treat their specific condition is consistently viewed as appropriate, other purposes, including sharing with other health professionals, received less support.348
234. The sharing of health information in ways not expected by individuals may have significant impacts on community trust and engagement with the health sector. Research suggests that this is likely to be heightened for vulnerable groups, including young people, who may avoid treatment if they do not believe their information will be handled appropriately.349 These anxieties are also likely to increase where conditions are involved that may be stigmatising, such as mental or sexual health problems.350
235. However, the Office recognises that there may be other public interests which warrant uses and disclosures without consent. In considering these public interests, it is important that community sensitivities toward the sharing of health information are acknowledged. Uses and disclosures should only be permitted without the individual's consent where there is a clear and compelling justification.
236. As discussed in similar terms in responding to question 8-15, the Office has concerns that NHPP 2.2(c) permits use or disclosure, without the consent of the individual, where it is 'is required, authorised or permitted, whether expressly or impliedly, by or under law' (emphasis added). This appears to lower the current threshold in NPP 2.1(g) - 'required or authorised by or under law'. It is not clear to what extent this form of wording widens the existing exception and 'whether expressly or impliedly' may increase the risk of unintended authorisations (such as an 'implied permission') being read into a law.
237. The Office believes NHPP 2.2(e)351 may confer too broad a discretion on the health service providers to use or disclose health information without consent for the provision of further health services, particularly as this exception affords no role to individual's wishes or reasonable expectations. This provision does not reflect individuals' right to decide whether they want to continue receiving 'further health services'. Where such further services are within individual's reasonable expectations, or where they consent to handling for such services, the relevant use or disclosure would already be permitted by NPPs 2.1(a) or 2.1(b) respectively.
238. NHPP 2.2(f) would provide a broad discretion, subject to criteria being met, on health service providers to use and disclose health information for the secondary purposes of:
239. The question of appropriate arrangements for the handling of health information for management is discussed in detail in response to question 8-9.
240. In regard to the use or disclosure of health information without consent for the purpose of training, the Office reiterates the view expressed in its Guidelines on Privacy in the Private Health Care Sector:
'Where the use of health information is necessary for training purposes, the sensitivity of such information needs recognition as some individuals seeking health care may not want their information disclosed any more widely than is necessary to receive care. These individuals may not want their information used for training or education activities.
The use of information for training and education will therefore usually require the individual's consent.'352
241. The Office notes that community attitude research conducted in the UK found that individuals attribute low importance to the sharing of health information for training of doctors and nurses and generally hold that the use of their information for secondary purposes should be subject to their consent or facilitated by de-identified information.353
242. NHPP 2.2(g) can be compared to the existing NPP 2.1(d). The former provision facilitates use or disclosure for research and statistical purposes in the 'public interest', while NPP 2.1(d) allows for the narrower criterion of research and statistics 'relevant to public health or public safety' only. Difficulty and uncertainty may arise in determining what is in the 'public interest' in a given instance.
243. The Office notes that the current mechanism for medical research provided by the Privacy Act requires that the handling of health information be done in accordance with guidelines (issued under sections 95 and 95A) that are only approved where the Privacy Commissioner is satisfied that the public interest in that type of research 'substantially outweighs' the public interest in protecting privacy. It does not appear that this 'substantially outweighs' test is provided in the draft Code, either in the NHPP 2.2(g) or the guidelines referred to in NHPP 2.2(g)(iii).
244. As discussed in Chapter 4 in the response to question 4-13, the Office does not support an extension of the research exception to allow the handling of health information for non-health research.
245. If adopted, NHPP 2.2(h) would substitute for the 'serious threat' exceptions currently in NPP 2.1(e).
246. As discussed in response to question 8-15, where a similarly drafted exception applies to collection, the reference to 'life, health, safety or welfare' rather than simply 'life, health or safety' seems unnecessary and potentially diminishing of privacy. In particular, 'welfare' appears overly subjective, difficult to define and potentially broad. It is unclear what a serious and imminent risk to an individual's welfare might include, and whether such an exception is consistent with the underlying principle that information should only be used or disclosed without consent where there is a clear and compelling justification.
247. It should also be noted that, in response to question 4-7, the Office has questioned whether the term 'safety' enhances the useful of this exception without lowering protections for individuals. Safety is not currently included in NPP 6 (on access) or NPP 10 (on collection of sensitive information).
248. NHPP 2.2(i) is similar to NPP 2.1(ea), enacted in 2006 to regulate use and disclosure of genetic information. Unlike NPP 2.1(ea) however, the Code's provision does not limit disclosure to a 'genetic relative'. The Office does not believe it would be appropriate to allow disclosure to non-relatives without consent. While consent is referred to NHPP 2.2(i)(ii), it is unclear whether use or disclosure would be allowed where consent is sought but denied.
249. NHPP 2.2(l) is designed to mirror NPP 10.1(e), which allows collection for legal and equitable claims in the same terms. This promotes consistency between the prescribed authority to disclose and, consequently, to collect. However, it is unclear in what range of circumstances such an exception would permit disclosure. The exception is potentially broad, in that it could allow disclosure of health information for a range of civil and administrative actions that are not within reasonable expectations or necessary for law enforcement.
250. The question of whether the health information of deceased persons should be covered in the Privacy Act is addressed in response to question 3-5.
251. In short, the Office has submitted that NPPs 1, 2 and 4 should apply to deceased persons' health information, and that an additional exception should be added to NPP 2 to give organisations a discretion to disclose that information in appropriate circumstances.
252. NHPP 2.5 generally allows use and disclosure for certain purposes when an individual is known or suspected to be dead or missing, or is incapable of consenting due to accident or misadventure.
253. In regard to missing people, the Office believes that an exception to use or disclose personal information without consent is inappropriate. Individuals who have chosen to disassociate themselves from family or friends, for whatever reason, may continue to expect that the privacy of their personal information will be respected, particularly where no suspicious or criminal activity is apparent and where there is no legal requirement or obligation for the disclosure of the information. Where circumstances indicate potentially criminal activity, then information should be provided to law enforcement agencies in accordance with the Privacy Act, and with the powers of law enforcement bodies.
254. In regard to emergency situations, the Privacy Act currently contains a number of provisions to ensure that law enforcement or other appropriate authorities can seek relevant personal information in emergencies, and as part of their investigations. For example, NPP 2, and IPPs 10 and 11, already allow use and disclosures in some emergency situations, including where there is a serious and imminent risk, while the Commissioner's Temporary Public Interest Determination (TPID) power may be invoked where an activity would otherwise conflict with the Privacy Act. A Public Interest Determination of this kind currently applies to the Department of Foreign Affairs and Trade to permit disclosure of personal information of Australians overseas to their next of kin in certain limited circumstances. 354
255. The Office also notes that for Australian Government-declared emergencies, NHPP 2.5 may be unnecessary by virtue of provisions enacted by the Privacy Legislation Amendment (Emergencies and Disasters) Bill 2006.355
256. NHPP 2.2 (j)(ii) and (k)(ii) may offer increased protection for health information. These provisions state that a health service provider could not make a disclosure for law enforcement purposes if it would be a breach of confidence. While these provisions appear to merely restate existing common law duties, they may be useful in clarifying such obligations. A similar provision could be considered for adoption in the NPPs.
257. NHPP 2.3 requires that a written note be made of disclosures made under NHPP 2.2 (j) and (k). Currently, NPP 2 only requires a note for NPP 2.1(h), not 2.1(f). As both exceptions are for law enforcement purposes, the additional notation requirement may improve transparency and accountability.
258. The Office has no other issues concerning access to health information, though would welcome the opportunity to examine matters that may be raised with the ALRC by other submitters and incorporated in a future discussion paper.
259. The Office submits that NPP 6.1(b) is an appropriate and effective exception, and should not be extended to encompass threats to the therapeutic relationship alone. The critical issue is whether the threat relates to the individual's life or health, otherwise the exception would allow denial in a much broader range of circumstances than is currently permitted. As the Private Sector Review indicated, the Office believes greater guidance will clarify the utility of this exception. NPP 6.1(b) can be relied upon where access would cause breakdown of the therapeutic relationship, and that breakdown would itself be a serious threat to life or health of an individual.
260. Distinct from NPP 6.1(a), the threat in question need only be serious and not necessarily imminent. The Office notes that there appears to be some confusion in the health sector regarding this distinction.
261. These issues are discussed in greater detail below.
262. The Office understands that some health sector bodies propose that health service providers should be able to deny access to health information on the grounds that such access would harm the therapeutic relationship between the health service provider and the individual, even if that harm would not lead to a serious threat to the life or safety of any individual.
263. Consistent with the findings of the Private Sector Review, the Office does not support this position. In line with Recommendation 30, the Office submits that it is appropriate to provide additional guidance to health service providers explaining the extent of this exception.
264. The Office believes that the 'serious threat to life or health' exception (NPP6.1(b)) to the general right of access under NPP 6 is an appropriate exemption, and aligns with public expectations of privacy rights.
265. The existing exception acknowledges that privacy is an important right, but one that must be balanced with other public interests, with life and good health being prominent amongst those interests. Exceptions to privacy rights on the basis of threats to life and health are found in several NPPs, including NPP 2.1(e), and the newly-enacted paragraph 2.1(ea) relating to genetic information.
266. The fact that the threat must be 'serious' reflects the principle that access to one's own personal information should be the rule, rather than the exception. At the same time the exception is broad enough to encompass serious threats to any relevant person (including threats to mental health), such as the individual themselves, other patients, practitioners and staff, and the individual's family. Similar language is used in the equivalent exceptions under NSW and Victorian health records legislation,356 although those instruments are more prescriptive than the principle-based NPPs.
267. In addition, the Office proposes that there may be merit in inserting a clarifying note to NPP 6.1(b).such as:
Note: A serious threat to life or health referred to in paragraph 6.1(b) could include a situation where granting access would cause the deterioration or destruction of the therapeutic relationship provided the deterioration or destruction would itself constitute a serious threat to any individual's life or health.
268. While the Office believes that the underlying policy settings for NPP 6.1(b) are appropriate, it is noted that the term 'would' (as in, 'would pose a serious threat..') establishes a test that requires a degree of certainty that may not always be obtainable in clinical environments. Submissions were received to the Private Sector Review stating that it may be difficult for providers to predict how their patients will react to being granted access to their health information.357
269. While one option might be to reduce this to a more subjective test (such as 'could'), the Office submits that the existing obligation more closely reflects the relationship of trust between patients and health professionals, ensuring that denial of access is the exception, not the rule. Nevertheless, in light of concerns expressed by the health sector, the Office submits that the test 'reasonably likely to' might be considered as an alternative.
270. In assessing the overall effectiveness of NPP 6.1(b), the Office believes the exception remains an important provision for health service providers to rely on under relevant circumstances, when they face difficult choices about whether providing access (and in what form) would endanger life or health. This is the case even though the proportion of health service providers who need to rely on NPP 6.1(b) in practice has been very small.
271. The Office believes that the 6.1(b) exception covers, to an appropriate degree, 'threats to the therapeutic relationship', where endangering that relationship would be a serious threat to the life or health of any person (including, the individual, the practitioner, or a family member).
272. The Office does not support expanding the exception to cover threats to the therapeutic relationship which do not pose a serious threat to life or health. An additional or widened exception for that circumstance alone would mean that health service providers could potentially deny access whenever an individual would disapprove of the provider's assessment, possibly tipping the balance towards a far broader range of exceptions.
273. As noted in IP31, where appropriate, other exceptions may also apply to parts of the information, which would lessen any adverse reaction. For example, NPP 6.1(c) may provide for a therapist's personal notes to be exempt if access would unreasonably impacts on another person's privacy (in this case, the therapist).
274. NPP 6.7 indicates that reasons must be given for denial of access. In the Office's view, however, where access is denied on the basis of NPP6.1(b), it may be inappropriate to notify the individual of the precise provision relied upon for refusal.
275. Accordingly, rather than broadening the exception in such a way as to increase the circumstances under which individuals may be denied access to their health information, the Office submits that further education may enhance health service providers understanding of how NPP 6 applies.
276. NHPP 6 and Part 5 generally provide equivalent access rights and protections to NPP 6, and may inform matters on which the Privacy Act is silent. However, the Office submits that the instruments appear to be overly complex and prescriptive, the latter of which sits uncomfortably with a principles-based approach to regulation. Having to refer to two separate instruments instead of a single principle may add unwarranted regulatory complexity (as would creating a separate set of principles specifically for health information).
277. Nevertheless, some of the policy objectives reflected in NHPP 6 could be adopted to usefully reform the Privacy Act, albeit possibly in different terms. Key examples include provisions for the transfer of medical records, and arrangements when a health service provider ceases to trade358.
278. Overall in regard to access provisions, the Office believes that access should be provided in the form requested, subject to existing exceptions. This will usually mean a copy, although sometimes the individual may prefer another form, such as a summary or an explanation. Where the chosen form of access would be inappropriate (on the basis of an NPP 6 exception), other forms of access should be granted where appropriate. Additionally, express reference to access rights for representatives of living individuals could be usefully considered. Further, when access is denied, a stronger requirement to use intermediaries where requested (particularly in the case of health service providers) would likely represent a valuable reform of the Privacy Act.
279. These issues are discussed in greater detail below.
280. In the first 3 years of the NPPs operation, about half of all health-related complaints to the Office concerned a refusal of access to health records, or charges for access.359 This highlights the importance of access rights to the community and the need for provisions to be comprehensible enough to understand and apply (both for organisations and individuals), and rigorous enough to ensure appropriate access.
281. As with NPP 6, NHPP 6.1 states that any organisation which holds health information must provide an individual with access to any such information held about them. However, various Privacy Act exemptions currently limit the application of NPP 6 (such as the small business and employee records exemptions).
282. It is noted that the draft NHPC states that the meaning of 'organisation' will vary depending on implementation within each jurisdiction. In other jurisdictions, the Health Records and Information Privacy Act 2002 (NSW) incorporates the Privacy Act's small business exemption by reference to the Commonwealth legislation.360 The Office understands that the Victorian Health Records Act 2000 does not include a small business exemption.361
283. The exceptions which allow an organisation to deny access under NHPP 6 are similar to those in NPP 6. The Code's exceptions generally reflect the provisions in the Health Records Act 2001 (Vic) and the HRIP Act 2002 (NSW).362
284. Notable differences between NHPP 6 and NPP 6 exceptions include:
285. NHPP 6.5 retains the NPP 6.5 requirement that the individual 'establish' information is inaccurate, incomplete, misleading or not up to date before an organisation must correct the information. The Australian Privacy Foundation has suggested that a lower standard than 'establish' may be more appropriate for requiring a review of data quality (such as 'reasonable grounds' to doubt accuracy).364 Private Sector Review recommendation 32 expressed the need for guidance to clarify the current requirements.365
286. At times, it may be appropriate to maintain a complete historical record by marking information as disputed or incorrect, rather than deleting it (as required under NHPP 6.5/NHPP 4, and noted in the Office's Guidelines on Privacy in the Private Health Care Section (p 50-51)). Such practices may, for example, be consistent with medio-legal needs, particularly where there is a possibility that potentially inaccurate information was acted upon to provide a health service.
287. However, NHPP 6.5 (read with Part 5 Div 4) may be overly prescriptive regarding correction and deletion. Health service providers may need greater flexibility, as health information will vary in its sensitivity and importance to the medical record. Views from the health sector would be relevant as to whether such prescription could lead to onerous or impractical requirements.
288. The Private Sector Review recommended that consideration be given to an amendment requiring organisations to notify third parties who have received incorrect information, that the relevant information has been corrected366 (see also question 4-25). Part 5 Division 4 of the proposed NHPC (paragraph 20) requires such notification to health service providers who may use or disclose the information in future. As the APF notes367, such a requirement 'where appropriate/practicable' appears in NSW, New Zealand, Canadian and Hong Kong privacy laws.368
289. In a health treatment context, correcting health information and notifying misinformed parties (in consultation with the individual) can be particularly important to safeguarding the individual's health. The Office submits that further consideration be given to such an amendment, including in regard to the degree to which it may accord with existing good clinical practice.
290. While NHPP 6 does not canvass this point, a related provision (which may facilitate the above notifications) could require a note to be made each time health information is disclosed (even if only for secondary purposes).
291. The increasing use of electronic health records system could be expected to make such measures increasingly feasible, particularly as such systems should be designed with audit capacities. The Office has previously noted that importance of audit logs for affording individuals with some assurance that the handling of their personal health information is transparent. This has been discussed in response to question 8-5.
292. Health sector and consumer views, and other jurisdictions' practices, would be relevant in assessing this proposal. This matter is also discussed in Chapter 11.
293. In the Office's view, Part 5 of the proposed NHPC may add to regulatory complexity, particularly as it must be read in conjunction with NHPP6, and be excessively prescriptive. Nevertheless, some provisions of Part 5 would seem likely to enhance an individual's rights to access health information beyond what is currently afforded by NPP 6. These are discussed below.
294. Part 5 explicitly allows access by an authorised or legal representative of the individual (Div 1-1 and 1-4), including individuals. NPP 6 only implies an access right for authorised representatives (and then only for living persons), and is the subject of some confusion.369 Issues around representative access are also discussed in response to question 8-11 and in Chapter 9.
295. The Office acknowledges that any provision allowing representative access must be drafted so as to prevent misuse or unauthorised access. In regard to the former, the Office notes anecdotal evidence that, in some jurisdictions, existing representative access provisions may be used in ways not intended, including as de facto forms of preliminary discovery for legal proceedings. Under the proposed NHPC, a representative's request must be in writing (Part 5 Div 2-8), and the organisation must take reasonable steps to establish identity and authority (Div 1-5).
296. It should also be noted that in Chapter 3 in the response to question 3-5, the Office has suggested a number of measures concerning the handling of deceased persons' information. The Office has not proposed that an access right be given to third-parties, but rather that a discretion to disclose be given to organisations and agencies.
297. In contrast to NPP 6, Part 5 specifies access methods,370 which include:
298. The NSW Health Records and Information Privacy Act 2002 (HRIP Act) is similarly drafted, although without clause (c).
299. The Office believes that access to health information should be provided in the form requested unless an exception makes this inappropriate (eg serious risk to health, frivolous request).
300. Where no specific format is requested, the individual could choose between receiving a copy, an accurate summary or an explanation. The organisation could be required to inform the individual of these options. However, requirements for health information requests should only be distinguished from other access requirements where necessary.
301. Part 5 Div 2 gives specific time periods and detailed instructions for access requests and responses. Organisations are given 45 days to arrange or refuse access, or to notify of fees (as does NSW legislation371).
302. In the Office's view, this level of prescription is likely to be inconsistent with the principle-based approach underpinning the NPPs. It is the Office's current position that organisations should take no more than 30 days (from the request date) to arrange or refuse access. Legislatively prescribing an explicit time period would reduce flexibility for communication and administration. The term 'as soon as practicable' or 'without excessive delay'372 may be more appropriate.
303. Empirical evidence from the NSW experience may inform a decision to prescribe a maximum period within which access must be provided, including whether delays are caused by some organisations choosing to exhaust the entire 45 days to process requests that might otherwise be facilitated earlier.
304. While Part 5 Div 3 is overly prescriptive and detailed, the use of intermediaries may well be appropriate for negotiating access where the 'serious threat' exception is relied upon (and potentially for other refusals involving health information). Generally, under Part 5 Div 3, the organisation 'may' offer to discuss the relevant health information, or to arrange for a nominated health service provider to discuss it (where the organisation itself is not a health service provider).
305. Individuals 'must' also be notified of their right to nominate a health service provider as an intermediary. Subsequent provisions (perhaps more appropriate as guidelines) are intended to ensure the intermediary is:
306. The organisation is then obliged to provide the info to the agreed intermediary.
307. The Office has considered a range of related issues regarding possible reform to access provisions for health information.
308. NPP 6.3 currently requires an organisation to 'consider' whether using an intermediary would satisfy any access request that is refused. The Private Sector Review suggested that an equivalent to Part 5 Div 3 of the proposed Code (above) may be appropriate. The provision should be less prescriptive than Part 5 Div 3, but offer greater rights to individuals than the existing NPP 6.3.
309. NPP 6.3 could be enhanced by giving individuals a right to request a health service provider as an intermediary where access to health information has been denied. The intermediary could assess the validity of the exception and 'filter' access as appropriate.
310. Organisations could be obliged to notify individuals of their right to seek an intermediary upon refusal of access (perhaps under NPP 6.7). Organisations could be able to reject an intermediary on reasonable grounds (such as lack of expertise). The Commissioner could review the 'reasonableness' of the objection should a complaint result from denial of access. The Office notes the issue of an intermediary's fees may present potential difficulty for some individuals.
311. The Office can see merit in limiting stronger intermediary provisions to apply in only those circumstances where the 'serious threat to life or health' exception is relied upon, as in the HRIP Act373 and proposed NHPC. The role of an intermediary would seem most likely to be appropriate in such circumstances, where a form of negotiated access may be acceptable, but full access would have unacceptable consequences to any individual's life or health. It is less clear whether an intermediary would serve an effective or appropriate role where other grounds have been relied upon to deny an individual access to personal information.
312. Part 5 Div 1-6 deals with fees for access (which are not mentioned in NHPP 6 itself). The provision is more explicit than NPP 6.4 in noting that an organisation need not charge for access to (or transfer of) health records. Also, if access involves an explanation of the information, the fee must not exceed the normal consultation fee (Div 1-6(3).
313. Div 1-6(2) maintains the requirement that fees must not be 'excessive' and must not apply to the request itself (as in NPP 6.4). The provision adds that the fee must not exceed any prescribed maximum, leaving it open to each state to prescribe maximum fees.
314. Some organisations appear to have difficulty in determining what would be 'excessive' in the absence of prescribed maximum fees. However, the Office believes that flexibility is necessary and appropriate. If a table of prescribed maximum fees were introduced at any level of government, it must adequately cater for such diversity.374
315. The Office is aware of cases where individuals have experienced difficulties accessing their records of health information when a health service provider ceases to operate. Such circumstances may occur where a practitioner retires, dies or simply moves to another location.
316. In regard to this issue, the Royal Australian College of General Practitioners advises that on the sale or closure of a practice:
'... the medical practitioner (or executor in the case of the medical practitioner being deceased) should take reasonable steps to notify patients and allow them the opportunity to transfer records to another provider.'375
317. The AMA similarly provides advice that it is appropriate for arrangements to be made to ensure the continuity of an individual's ability to access health information if a practice closes.376
318. Amendment to the Privacy Act to introduce a privacy principle with a similar purpose as NHPP 10, would usefully clarify the obligations of health service providers and establish reasonable expectations for individuals on the handling of their health information in these circumstances.
319. In regard to the form of such a provision, the Office notes that NHPP 10 refers to making 'individual users aware' of the sale or otherwise closure of the business. It is not clear whether this imposes a requirement to contact each individually, or whether advertising in the local paper (or similar method) in an effort to notify patients collectively, would demonstrate a reasonable effort to contact 'individual users'. The Office submits that an obligation of this type should reflect an appropriate balance between the privacy rights of individuals and the need not to impose an unreasonable regulatory burden.
320. The Office has no other issues concerning access to health information, though would welcome the opportunity to examine matters that may be raised with the ALRC by other submitters and incorporated in a future discussion paper.
321. The Office is aware of cases where individuals have experienced difficulties when seeking to have health information transferred to another health service provider. Currently, the Privacy Act does not provide an express mechanism for facilitating the transfer of records between providers at the request of an individual.
322. It is noted that such transfers are generally considered to be good practice in the health sector. The AMA, for example, advises practitioners that if a patient wishes to change practices:
'A doctor should always do what accords with best clinical practice and relevant codes of ethics, to ensure that the new practitioner gets all papers and records reasonably required to treat the patient adequately.
If the patient has requested transfer of the full medical file, then the patient's wish should be met, with copies of the file being provided to the nominated doctor. The transferring doctor should retain all original documents on his/her own file and archive for medico-legal purposes.'377
323. Accordingly, the Office submits that the introduction of a principle into the Privacy Act that serves a similar function to proposed principle NHPP 11 would impose a reasonable and appropriate obligation on health service providers. Such a principle would likely meet community expectations that individuals should be able to continue to have access to their health information where they may wish to be treated by a different practitioner. In addition, this principle is likely to be consistent with good clinical care and the continuity of treatment.
324. Such a measure would identify a potential gap in the regulation provided by the Privacy Act and may assist in ensuring consistent practices across those health service providers that are covered by the Privacy Act (particularly if adopted in conjunction with the Office's submission in response to question 8-2 that section 3 should be amended to clarify that the Privacy Act covers the field for private sector health service providers).
325. The current public interest test contained in the Privacy Act is effective and gives due regard to the community's expectations about the handling of health information.
326. Section 95 and 95A of the Privacy Act allow the Privacy Commissioner to approve guidelines made by the National Health and Medical Research Council for the use, disclosure and collection of health information without consent for research purposes. Section 95A also allows the Privacy Commissioner to approve guidelines for the management, funding and monitoring of a health service.
327. In regard to how the two public interest tests are incorporated into the Privacy Act, the Office notes that the wording of each provision differs slightly. In section 95A(3) and (5), the Privacy Commissioner's approval can only be given where the public interest in either the use and disclosure, or the collection, of personal health information for the type of research proposed 'substantially outweighs' the public interest in maintaining the level of privacy protections which would otherwise apply.
328. Alternatively, the expression used in section 95 is 'outweighs to a substantial degree.' In the Office's view, the effect is the same in that the onus rests on those advocating a lessening of privacy protections to demonstrate a sufficiently clear and compelling public interest in the type of research to which the guidelines will apply.
329. While the effect of these different terms seems immaterial, the Office submits that there would be value in harmonising sections 95 and 95A to provide a less complex regulatory instrument. This question of harmonising these sections is discussed in greater detail in question 8-32.
330. It is important to note that sections 95 and 95A do not give any scope for the Privacy Commissioner to assess the public interest in relation to specific research proposals, nor would the Office submit that such a function would be appropriate. This activity is performed by Human Research Ethics Committees (HRECs) under a distinct public interest test contained within the guidelines themselves.
331. The Office submits that the test's current weighting in favour of privacy protections is appropriate. The community's expectations and sensitivities surrounding health information warrants a relatively stringent and narrow set of conditions which must be met before personal health information can be handled without individual consent, particularly outside of the individual's clinical care.
332. The existing test was drafted after careful consideration of these community sensitivities. In the second-reading speech for the 2000 amendments, the then-Attorney General, the Hon Daryl Williams AM QC MP stated that the National Privacy Principles were designed:
'...to ensure an appropriate balance between privacy interests and other important public interests, such as the promotion of research and the effective planning and delivery of health services'.
The Attorney also stated that:
'The government recognises that Australians consider their personal health information to be particularly sensitive and that they expect that it will be handled fairly and appropriately by all those who come into contact with it'.378
333. This principle is reflected in other relevant sources, such as the NHMRC's National Statement on Ethical Conduct in Research Involving Humans,379 which notes that:
'Each research protocol must be designed to ensure that respect for the dignity and wellbeing of the participants takes precedence over the expected benefits to knowledge.'380
334. This principle was also supported in submissions to the Private Sector Review. For example, the Australian Government Department of Health and Ageing stated:
The private sector provisions provide a good balance between protecting individual health information privacy while at the same time recognising that there are important public and individual benefits to be gained through secondary uses of personal health information such as for research.381
335. Research conducted by the Office indicates the sensitivities surrounding health information. Twenty one percent of individuals surveyed reported reluctance to provide their medical history or health information to any organisation and 11% reported reluctance concerning providing genetic information.382
336. Other research supports this view. For example, qualitative research conducted by AC Nielsen indicates a strong preference for health information to be only used for the direct clinical care of the individual, with any other uses being premised on obtaining the individual's informed consent.383
337. This is supported by quantitative research from New Zealand, which found that only 23% of respondents were willing for their general health information to be shared with researchers. This figure fell to 12% for 'sensitive' health information (in this context, meaning related to sexual health).384 Qualitative research conducted in the UK on community attitudes to using health data for medical research without consent concluded that 'Public acceptability regarding the use of medical records in research cannot simply be assumed.'385 Other research supports this position, noting that 'Patient consent to access their medical record should not be taken for granted'.386
338. Individuals generally expect to be asked to consent to the handling of their health information for secondary purposes unrelated to their immediate care.387 Research from both Canada and the UK has found that, in many cases, individuals would be willing for their health information to be used for medical research, but still expect to be asked for their consent.388
339. Research conducted in the US, using patients of the Department of Veterans' Affairs, found that 73% of respondents believed it was critically or very important to get consent for each research study.389 At the same time, 83% of this same sample believed such research was critically or very important. Put another way, even thought these individuals recognises the importance of such research, they still believed that consent should be sought.
340. In some cases, this even extends to the sharing of de-identified data, as was found in the Office's own community attitudes research.
341. In addition, research has found that support for the use of humans in research, may not translate to a willingness to participate.390 Put another way, individuals may support health information being used without consent for medical research, but not their own.
342. In general, therefore, the Office submits that individuals expect to be given the opportunity to consent to the handling of their health information for research purposes. The section 95 and 95A mechanisms provide a way of ensuring that important health and medical research can be undertaken in circumstances where the community's expectations around consent cannot be met. The mechanisms provide a sound framework of accountability and oversight of the handling of health information without consent.
343. Accordingly, community expectations concerning the handling of personal health information merits a test which gives appropriate weight to privacy protections, but which is responsive to strong arguments put for lessening those protections where warranted in the public interest.
344. The Office submits that the Privacy Act is well-adapted to facilitate the balancing of public interests concerning medical research.
345. From the perspective of researchers, the Privacy Act plays a crucial role in addressing community concerns surrounding the handling of health information. From the community's perspective, the controls and safeguards contained within the Privacy Act play a crucial role in sustaining community confidence about how their information will be handled. As Roger Magnusson , an Associate Professor specialising in medical law at the University of Sydney, has noted, '...together, consent and privacy protect individual dignity and autonomy, and should be regarded as public health values in addition to being individual interests.'391 This view was also highlighted by the Australian Consumers' Association in its submission to the Private Sector Review. It stated that '...Third party access to data without the consumers' knowledge is something of a breach of trust'.392
346. Therefore, privacy is an important feature of the environment in which medical research is conducted.
347. The Office is aware of the view held by some in the research community that the Privacy Act is frustrating important medical research. For example, a researcher at the University of Adelaide has called for relaxing privacy controls '...not just in the interests of researchers, but to prevent the harm to public health that is being threatened by privacy laws.'393
348. In this regard, the Office suggests that difficulties reported by the researchers arise from the complexity of interactions between national and state legislation, the complexity of HREC processes and possibly a need for additional education within the research community about working within the privacy framework. It has also been suggested that uncertainty introduced by the complexity of the section 95 and 95A mechanisms may result in HREC's being somewhat over cautious in their approval of research proposals. These difficulties do not result from an imbalance embedded within the Privacy Act itself.
349. Furthermore, the Office submits that, again, the view held by some that privacy is frustrating research stems from an inaccurate perception of the role of privacy regulation. The fact that particular research projects are not approved is not a proper indicator of privacy regulation's total impact on medical research. It is inevitable that, on some occasions, HRECs will not approve a given research proposal because the public interest in the research (while in many cases possibly significant), does not, on balance, merit the lessening of privacy protections.
350. Far from being an obstructing factor, privacy regulation is a necessary and supporting condition for serving the public interest in the benefits of research. The relationship of trust between health service providers and individuals is vital for sustaining public confidence in the health sector, their participation in effective treatment and the resulting quality of medical research.
351. Community research has shown that individuals may change the way they engage with agencies and organisations, including health service providers, if they are not satisfied that their privacy will be protected. For example, 33% of individuals surveyed for the Office's research have, at some point, decided not to deal with a private company because of concerns over the protection of the use of their personal information, while 18% decided not to deal with a government department or agency.394
352. Accordingly, it can be suggested that privacy safeguards are necessary for research to remain effective. If individuals do not feel that their personal information is going to be appropriately protected, they may avoid treatment, or may supply partial or inaccurate information to the detriment of their clinical well-being and the ultimate quality of any research which may utilise their health information.
353. By placing appropriate and balanced controls on the flow of health information, the Privacy Act provides a structure to support individual's confidence in how their information will be handled, helps to assure their ongoing engagement and promotes the long-term viability of research.
354. The present reference to 'substantially outweighs' brings a level of certainty to this process, as it imposes an expectation that the public interest be clear, substantial and indisputable.
355. The Office would not support a test which lessened the relative weighting given to privacy. The Office submits that the central role of privacy in ethics oversight of health and medical research should continue. Relegating privacy to a place amongst a plurality of interests, all vying for consideration, would tend to result in privacy being eclipsed by other interests. This is particularly the case where those other interests may be easier to quantify than privacy, or where they may offer more immediate benefits. In contrast, the utility of privacy, including by promoting trust and contributing to human autonomy, is likely to be less tangible, often less pronounced and realised over longer periods of time.
356. Accordingly, the Office endorses the existing tests, and would be concerned at any moves to lower them, including, for example, by removing the test of substantiality.
357. The Office submits that the term 'research' not be defined in the Privacy Act.
358. In responding to this question, the Office also notes a range of related matters.
359. At present, the Privacy Act does not offer an exhaustive definition of 'research.' The only relevant definition is for medical research, which is defined in section 6(1) to include epidemiological research. This definition is provided to clarify the status of epidemiological research.
360. The Office does not believe that there are strong justifications for prescribing an exhaustive definition of 'research' in the Privacy Act. Whereas, there are a range of reasons why such an amendment may be unhelpful.
361. The Office shares the NHMRC's concerns about the problems associated with defining 'research'. As discussed in the NHMRC's National Statement on Ethical Conduct in Research Involving Humans, this task raises a number of complexities, including:
362. Given the breadth of the subject, a conceptual definition that seeks to capture the essential nature of research is also problematic.395
363. Conversely, there would seem to be potential benefits in leaving the term without a statutory definition. As a matter of statutory construction, a definition that relies on common usage is open to the many contexts in which the term may be currently used, and is responsive to the rapid changes in the field of research.
364. The Office does not see strong justification for including definitions of these terms in the Privacy Act.
365. While an explanation or discussion of these terms may be useful in another document, the application of the Privacy Act to an act or practice will ultimately turn on whether the information being handled is 'personal information' for the purposes of section 6. In turn, the definition of personal information provides latitude for the Office to take into consideration contextual factors when determining if information should be subject to the Privacy Act. These contextual factors go to determining whether an individual's identity is 'readily ascertainable'.
366. The Office recognises the challenges posed by the development of new technologies and processes, particularly in the field of data-matching, that have the potential to create identified information from data sources containing previously anonymous data. However, the definition of personal information leaves open the flexibility to consider the degree to which an organisation is able to 'reasonably ascertain' someone's identity, including by the use of such technologies.
367. The Office's own research has found that the community preference for consent-based research extends even to de-identified information. Most noticeably, 64% of respondents felt that their permission should be sought before de-identified information is used for health research purposes.396 This finding is supported by the AC Nielsen research.397 Thus, individuals retain an interest in their health information, even where the identifying links are obscured or erased.
368. However, the Office remains of the view (as discussed in question 8-27) that, for the purposes of privacy regulation, the key issue is whether the information in question satisfies the definition of personal information provided in section 6 of the Privacy Act. Whether an individual's identity is apparent or readily ascertainable will depend on context and circumstance, including the resources available to the recordkeeper.
369. While the Office recognises community concerns regarding the handling of information that may not identify an individual, it remains uncertain whether extending privacy regulation to such information would be in the public interest. Such an extension to existing regulation would, for example, impose regulatory obligations on organisations and agencies in the way they handle information that does not identify an individual. This may impose an unreasonable regulatory burden and obstruct legitimate functions that may have little or no adverse effect on privacy.
370. The Office submits that explanation of these terms in another form may assist HRECs, researchers and consumers to understand the distinctions between various forms of information. The Office does not, however, see merit in giving them statutory meaning.
371. The Office is generally comfortable with the existing mechanisms provided by section 95 and 95A, as well as in the NPPs. These are discussed further in questions 8-30 and 8-32, including opportunity for potential reform that may reduce regulatory complexity.
372. The Office acknowledges the clear benefits that health research delivers to the community. Since its passage in 1988, the Privacy Act has:
'recognise[d] the special nature of medical research, especially epidemiological research'.398
373. The community also recognises these benefits.399
374. At the same time, there is a body of evidence that suggests that the community expects that uses of their personal information for research purposes be premised on first obtaining consent. Accordingly, the Office is not persuaded by submissions to the Private Sector Review advocating a departure from consent-based research.
375. For example, it was suggested that requiring consent is redundant given that, when asked, a large percentage of individuals will give their permission for their information to be used for health research.400
376. However, this should not detract from the reality that individuals, while willing to consent, still expect to be asked. In many cases, the process of seeking consent will necessarily require that individuals be given details about how their information will be handled and for what purpose. This could indicate that many individuals are only willing to consent once they have been made aware of such details.
377. Qualitative research conducted by AC Nielsen indicates the community's clear preference that de-identified information be used wherever possible, and where this is not sufficient, that they be asked before their information is used.401 This research also indicates a strong preference for health information to be only used for the direct clinical care of the individual, with any other uses being premised on obtaining the individual's informed consent.402
378. In the ALRC's National Privacy Phone-In of June 2006, one caller expressed a reaction to a failure to seek consent:
'My mother's medical details were released to a research company without her consent. The research company wrote to her indicating that she had a medical condition she wasn't even aware of. She may have been told about the medical condition but did not understand it in the terms outlined in correspondence from the research company. I cannot describe the amount of distress this caused her. She was completely enraged and very upset. She felt violated and powerless.'403
379. The emphasis on consent is an important issue for members of the medical profession. Medical ethics consistently emphasise the centrality of consent as a cornerstone of engagement between individuals and the health sector. 404 The Office's records of phone enquiries show that health service providers have expressed concern at proposals to appropriate information collected for the patient's treatment and use that information for research purposes without patients' consent.
380. The Office recognises the importance of high response rates to the validity of research findings. It is also important, however, that individuals have a genuine choice about the handling of their health information.
381. It should be noted that in response to question 8-32, the Office sees merit in expanding the scope of NPP 2.1(d) to allow for the use of non-health information for health and medical research purposes, and reform of the section 95 and 95A processes.
382. The present framework contained in NPP 2 is appropriate and effective for health and medical research. This framework recognises that, in some cases, the public interest in health and medical research may merit waiving the general requirement of seeking consent for individuals for the use and disclosure of health information for medical related research.
383. The Privacy Act makes allowance for the use and disclosure of health information for types of research where, amongst other things, it is 'impracticable' to seek the individual's consent (NPP 2.1(d)(i)).
384. The further requirement that research comply with statutory guidelines (2.1(d)(ii)) ensures that the research is subject to institutional ethical oversight. In the Office's view, such oversight is essential to the integrity and long-term viability of research. This issue is explored further under 8-31.
385. The guidelines themselves, which provide for approval of research proposals by a HREC, ensure that researchers are held accountable to a representative body. The guidelines are considered further under 8-32.
386. Lastly, where information is disclosed to a third party, NPP 2.1(d)(iii) ensures that privacy protections continue when the information leaves the control of the collector.
387. In submissions to the Private Sector Review, a view was expressed that the requirement in NPP 2.1(d)(i) (that consent be impracticable) imposed too stringent a test and that research which was important to the public interest was being frustrated as a result.405
388. The Office has stated previously that whether or not consent would be deemed impracticable will depend on the particular circumstances of the case.406 The absence of rigid, definitive prescription requires researchers to take reasonable steps to seek consent. It ensures that individual's privacy rights are not derogated from without compelling justification and the presence of concrete and substantial obstacles, as opposed to mere inconvenience.
389. The Office has issued guidance material indicating that in practice, while the following scenarios will not be definitive proof of impracticability in every case, they will go towards establishing a case for determining that consent need not be sought:
390. Organisations suggesting that consent is impracticable on the grounds that it would invalidate the research methodology should consider if this is the conclusion that a reasonable person, independent of the research project, would come to. As the Office stated in its Information Sheet on the subject, 'Impracticability should be something more than incurring some expense or effort in seeking an individual's consent.'408
391. It should not be assumed that obtaining consent is impracticable simply because a large cohort is involved. Logistical problems may be overcome, as can be illustrated by research conducted in the United States, where 96 percent of the 214,000 patients who returned forms gave written consent for the use of their records in medical research.409 The Office would consider the available processes and mechanisms by which consent could conceivably be obtained for the given cohort.
392. As discussed under 8-25, it should not be assumed that all research with an arguable public benefit must proceed. It follows from the safeguards put in place by NHMRC Guidelines and the Privacy Act that, in some cases, research using identified information may not be able to proceed without the consent of individuals. In such cases, researchers may need to consider other approaches, including the possible utility of de-identified information or less burdensome mechanisms for obtaining consent, including implied consent.
393. Submissions to the Office's Private Sector Review argued that the requirement for seeking consent should be relaxed where there was no possibility of harm resulting from the research.410
394. The Office does not find the above argument persuasive. Privacy has inherent value - its worth stems not from the need to avert physical or emotional harm resulting from the research, but from individuals' right to determine how their personal information is handled.
395. The Office recognises that the use of patient information may not involve the same potential for direct harm as experimental research. Nevertheless, it does raise significant ethical issues. Grulich and Kaldor identify the following ethical sensitive practices in observational health research:
396. Submissions to the Private Sector Review also suggested that the requirement of consent should be waived where the process of obtaining consent '[is] likely to seriously and adversely affect the well being (which includes the psychological health) of the person from whom consent would be sought.'412
397. The Office recognises the sensitivities involved including: that, particularly in times of crisis, some patients may react negatively to such requests. It would, however, detract from the dignity of the person to suggest that the existence of emotional frailty is a sufficient basis for waiving the requirement for consent. The Office would be concerned if adverse effects on the individual were judged a sufficient basis for waiver. This creates opportunity for manipulative or expedient behaviour on the part of a small subset of individuals. In the interests of the framework's integrity, such an opportunity should not be created.
398. In those cases of actual incapacity (whether physical or mental), the Office suggests that the present framework already provides a sound policy foundation: that, where individuals are not able to exercise consent, that right may be exercised by their legal representative.
399. The Office submits that Human Research Ethics Committees (HRECs) are the most appropriate bodies to make decisions concerning the handling of health information, without consent, for specific health and medical research projects.
400. The Office reaffirms the statements made in its submission to the ALRC-AHEC Joint Inquiry into the Protection of Human Genetic Information that the existing mechanisms are fundamentally sound,413 but must be resourced appropriately to perform their functions.414
401. The Office notes that a degree of consensus exists that much can be done to simplify the process to which HRECs are subject. In recommendation 62 of the Private Sector Review report, the Office committed to work with the National Health and Medical Research Council to consider the possible simplification of reporting processes under the section 95A Guidelines.415 Such a proposal would likely have equal relevance to the reporting obligations contained in the section 95 Guidelines. The Office submits that reform of the arrangements under section 95 and 95A, as suggested in response to question 8-32, would assist in reducing regulatory complexity and promoting certainty.
402. Incidents of unethical medical and health research highlight the need for multidisciplinary oversight. Institutional ethics committees provide a barrier against overzealous medical research, particularly with regard to vulnerable individuals. The Office notes the example of the infamous Tuskegee syphilis studies in Alabama between 1932 and 1972. African-American men who had contracted the disease were not told details of their condition and were denied treatment, even after antibiotics became widely available. Several died as a result. These experiments have left lingering mistrust of medical research.416
403. The Office also notes the more recent controversy over African AIDS drug trials. Participants in one study were given a placebo which was ineffective in halting the progress of AIDS, though AZT, a treatment with proven effectiveness, is widely available.417
404. In the Office's view, the existence of an established and robust framework for institutional ethical oversight has served Australia effectively and ensured that the community has confidence that such abuses would not happen in this country.
405. The Office notes that the first international instrument on the ethics of medical research, the Nuremberg Code, was designed to protect the integrity of the research subject and set out conditions for the ethical conduct of research involving human subjects, emphasising the importance of consent.418
406. Since that time, a series of international instruments have emphasised the importance of consent in medical research. In 1966, the General Assembly of the United Nations adopted the International Covenant on Civil and Political Rights. Article 7 of the Covenant states:
No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment. In particular, no one shall be subjected without his free consent to medical or scientific experimentation.419
407. Australia ratified this Covenant on 13 November 1980.420
408. The World Medical Association's Helsinki Declaration (Ethical Principles for Medical Research Involving Human Subjects)421 states that experimental procedures for research involving human subjects should proceed according to a protocol, which should be submitted to a specially appointed ethical review committee.
409. Article 9 of the Council of Europe's Additional Protocol to the Convention on Human Rights: Concerning biomedical research provides specific guidance on the formulation of such a committee:
410. The developing international consensus on medical research ethics is strongly supportive of the form of oversight found in the HREC model. The Office submits that there is no cause for departing from it.
411. These guidelines are subject to statutory review by the issuing agency, the National Health and Medical Research Council (NHRMC), and approval by the Privacy Commissioner. As such, it would inappropriate for the Office to comment on specific requirements in advance of such a review.
412. However, as indicated above in response to question 8-31, the Office has expressed in-principle agreement to work with the NHMRC to consider options for reviewing and simplifying reporting obligations imposed by the guidelines issued pursuant to section 95A Guidelines.
413. The Office does, however, provide comment below on potential reform of the enabling provisions for the respective guidelines, which may reduce regulatory complexity, increase transparency for individuals and ensure that appropriate privacy protections are maintained.
414. Submissions to the Private Sector Review expressed a sense that the existence of two sets of Guidelines regulating the public and private sectors was causing difficulties for researchers. As the NHMRC noted in its submission to the Private Sector Review:
'Much health and medical research is multi-site and multi-jurisdictional, involving participants who move between the public and private sectors.'
'In particular, the differing requirements of Sections 95 and 95A are inconsistent and confusing. Their application to similar projects in different settings can result in different outcomes, without any apparent policy rationale'.423
415. The Australian research environment is increasingly characterised by public-private partnerships. Many health databases draw funding from a number of sources across the public and private sectors. The Office notes, for instance, the Australian and New Zealand Transplant and Dialysis and Transplant Registry, which is located within a South Australian public hospital, but is funded by the Federal Department of Health and Ageing, Kidney Health Australia, and a number of private sector companies.424
416. The Office recognises the potential benefits of a simplified framework for the regulation of how personal information may be handled, without consent, for health related research by organisation and agencies. The Office notes that, while having similar policy objectives, sections 95 and 95A appear to include a number of inconsistencies.
417. At present, various terms are used in the Privacy Act to define the scope of permissible types of health-related research that may use health information without consent. These include:
418. These differing provisions have significant consequences on the types of research that may be conducted using health information without consent. Under the section 95 mechanism, agencies are permitted to conduct 'medical research' using personal information without the consent of the individual. In contrast, the section 95A mechanism allows organisations to handle health information (but not other forms of personal information) for the broader purposes of research relevant to public health and safety.
419. The Office suggests that there seems little compelling argument why agencies and organisations should not be able to conduct similar types of health-related research, using the same types of information.
420. Accordingly, the Office can see merit in harmonising these mechanisms, including by possibly unifying sections 95 and 95A into a single provision. As well as enhancing the comprehensibility of the Privacy Act, such a measure would, more importantly, reduce complexity for researchers, agencies, and organisations by providing a single set of standards to which all health-related research was subject. A single framework would also be more transparent for consumers, who may find it easier to traverse the regulatory environment to gain a clear understanding of the relationship between health research and their health information.
421. Such an amendment would also eliminate the need for two sets of statutory guidelines, thus further reducing regulatory complexity.
422. In addition, submissions to the Private Sector Review made the following observations of the current provisions:
423. In considering a suitable alternative that could apply to define the types of research that may be conducted by both agencies and organisations, the Office suggests that 'health and medical research' may be appropriate as encapsulating the breadth of research to which a harmonised research mechanism should apply. The Office suggests that such a provision would encompass public health research, epidemiological research, as well as medical research itself.
424. The Office also notes that this description accords with the nomenclature and the establishing legislation427 of the agency responsible for making statutory guidelines, the National Health and Medical Research Council.
425. At present, the section 95A mechanism and relevant research exceptions in the NPPs attach to health information. In contrast, the section 95 mechanism available to agencies permits all types of personal information to be used for the purpose of medical research.
426. As a requisite step to harmonising the section 95 and 95A mechanisms, it would also seem necessary to permit organisation to collect, use and disclose (albeit subject to appropriate guidelines and institutional ethical oversight, as is currently the case) information other than health information for (as proposed above) 'health and medical research' without the consent of the individual (where such consent is impracticable to obtain).
427. The Office notes that as well as simplifying these elements of regulation, this form of consistency would likely have significant benefits to important health and medical research. One consequence of the existing framework is that non-health information cannot be used through the existing section 95A mechanism, which expressly applies to health information. This restricts health-research where that research seeks to utilise non-health information. For example, research linking DIMA airport arrivals (non-health information) and hospital admission records (health information) led to establishing the relationship between long-haul flights and deep vein thrombosis.428 Such research may also be necessary where inquiry is being conducted into lifestyle-related health and medical issues, such as obesity and diabetes, as well as some forms of cancer.429
428. In the interests of facilitating this important activity, the Office would support further consideration being given to permitting personal information, other than health information, to be used for health and medical research under the section 95A process.
429. To give effect to such a proposal, amendments to the Privacy Act would be required. In particular, NPP 2.1(d) currently reads:
An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless...
(d) if the information is health information and the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety [emphasis added]:
430. Subsection NPP 2.1(d) could be amended to remove the reference to health information, thus reading '...if the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety...'.
431. NPP 10, which deals with collecting sensitive information, would also require amendment. At present, NPP 10.3 states that, 'despite subclause 10.1 an organisation may collect health information about an individual' if that information is necessary for research and health service management. This could be amended to read 'despite subclause 10.1, an organisation may collect sensitive information...'. This amendment would overcome the prohibition prescribed in NPP 10.1 against collecting sensitive information.
432. Health registers are characterised as being personal data that is identified, population-based and ongoing.430 They are used for a range of purposes:
433. Researchers assert that research is different from quality assurance and providing health care in that the identity of the individual is irrelevant for research purposes except in allowing for linking records.431
434. The application of the Privacy Act will depend very much on the nature of the particular register. Many registers are operated by State Government agencies, and so, are not covered by the Act. Voluntary registers (such as the Australian and New Zealand Dialysis and Transplant Registry) would fall under the 'consent' exceptions. Statutory registers (such as the cervical cancer register) will fall under the 'required by law' exceptions in NPPs 2 and 10.
435. The Office notes that, with the expansion of electronic health records, it will become increasingly difficult to quarantine off research registers from other health information systems. The move towards electronic health records puts increasing pressure on health records to be multi-functional, able to serve both patient-care, epidemiological and clinical outcomes research, quality assurance, and management functions.432
436. Many future advances in public health depend on the ability of health researchers to capitalise on the information gleaned from analysing clinical data. Several industry stakeholders made submissions to the Private Sector Review to this effect.433
437. Commonwealth and ACT agencies considering creating registers would be bound by IPP 1: that is, they could only collect the information if doing is necessary and directly related to their function or activity.
438. The Office notes the NHMRC's submission, which suggested that collecting information for the specific purpose of inclusion in a register would be unlikely to fall within the provisions of NPP 2.1 (a directly related purpose within the individual's reasonable expectations).434
439. The alternative - seeking approval through the HREC mechanism - also presents difficulties for researchers. In the absence of a clearly identified purpose, HRECs would be unable to assess where the public interest lay in relation to the register. It may be difficult for researchers to clearly identify all prospective uses of that data at the time of submitting a research proposal. As the NHMRC put it in their submission to the OPC review, 'by the time the questions are obvious, the opportunity to identify the person to whom the information relates or to gain consent to use the health information may be lost.'435
440. The Office sees merit, therefore, in specific legislative provision being made for the establishment of health data registers. Enabling legislation would bring the activity within the 'required or authorised' by law exceptions of NPP 10. Doing so would recognise both the value of such registers, and the sensitivity of the information contained and would offer the certainty, parliamentary oversight and scrutiny needed to sustain community confidence.
441. Sample acquisition entails researchers accessing data registers in order to identify health consumers with specific characteristics relevant to a research proposal.
442. The NHMRC submission to the Office's Private Sector Review notes that this activity predates the development of a formal research proposal. Because of its 'preliminary, unsystematic nature',436 it is said that it would arguably also not fulfil the criteria for the research or statistical/analysis exceptions under the NPPs.
443. This is an overly conservative reading of the private sector provisions of the Act. As stated above (at the response to 8-9), the research exception encompasses activities necessary for research, which includes processes needed for the subject activity (in this case, research). Thus, sample acquisition falls within the research exceptions contained in NPPs 10 and 2.
444. In the alternative, sample acquisition would arguably also fall under the statistical compilation provisions of the NPPs. The Office takes compilation to entail any ordered collection of information from other records.
445. This activity may, however, fall outside the scope of the IPPs, since section 95 refers only to 'the conduct of medical research.' Unification of the public and private sector provisions would allow for a new section to be drafted which addressed this issue.
446. In the forthcoming review of the s95 and 95A Guidelines, sample acquisition should be considered to ensure that it is adequately catered for. This, however, is not a matter for the present inquiry.
447. The possible research applications or uses of a given database are not closed. Information collected for one purpose may be re-analysed in ways which were not apparent when the data was originally collected.
448. The question then arises as to how tightly the uses of registers should be controlled. Should researchers be required to gain ethics approval for each proposed study, or should more flexibility be given to researchers to explore new avenues of study as they become apparent?
449. The present Guidelines require a high level of detail about individual research proposals. They are not equipped to authorise bundled approvals. For example, 2.4(h) of the s95 Guidelines states that 'in the proposal for the conduct of each such research project, the researcher should state... the specific uses to which the personal information used during the study will be applied.'437
450. The Office maintains that a degree of specificity is required in the approval process. Researchers should not be given a 'blank cheque' approval for future uses of a health register. If ethics approval is not required for new proposals, there is a risk that a small minority of researchers may depart from the original research parameters and use the data in ways which are contrary to the wishes of the individual subjects.
451. The need for continued oversight is demonstrated by the case of Havasupai Tribe et al. v. Arizona State University, 3:04-CV-1494, (D. Ariz.) In 2005, Members of the Havasupai Tribe in Arizona sued University researchers, alleging that the team collected 400 blood samples from tribe members for researching diabetes, but that additional unauthorized research was undertaken on those samples regarding schizophrenia, inbreeding, and population migration. Furthermore, researchers were alleged to have failed to have appropriate procedures in place for vulnerable subjects such as children, persons with mental illness, and persons whose main language was the tribal language.438
452. The Office takes 'data linkage' to be the creation of a relationship between information originating from separate sources. The linkage involves the use of identifiers that are common to both sets of records.439 In some cases, the information remains stored within its original source, with a translational table recording the links. In other cases, the linked information is extracted and stored in a new record.
453. For fairly simple, contained research projects, data-linkage can be performed on a 'one-off' basis, the data-sets can be linked, then permanently de-identified before they are used in research. However, a number of health research projects do not fit this model.440
454. Identifying risk factors for diseases, or evaluating treatment's effectiveness requires an identifier that can be used to link a series of records over time to the same individual ('longitudinal data-matching').441 For example, assessing the long-term effectiveness of a particular cancer treatment, requires storing the patient's records in a format that allows subsequent health information to be linked back to that same individual. De-identified information is of limited value for these purposes.442
455. The Office emphasises the importance of a 'patient-centred' approach to health data regulation. Patients themselves should be recognised as stakeholders in this process: the risk is that the substantial benefits to the various industry sectors involved will obscure the fact that the entire process depends on data gleaned from individual patients.
456. The Office also notes strong community support for consent-based research. The Office's 2004 survey of community attitudes to privacy found that even where the information is de-identified before being linked, almost two thirds of respondents (64%) felt permission should be sought.443 Good privacy practice in health-data linkage requires that, ideally, individuals' consent be sought before health data is collected.
457. The Office notes the Australian Bureau of Statistics National Data Network initiative (NDN). The NDN will create a distributed library of data holdings which are relevant to policy analysis and research. According to the NDN's website, these data holdings will remain held and controlled by their Custodian organisations. The National Data Network exposes metadata about data, rather than the data itself. Researchers and policy makers will have access to metadata to identify data which may be of value to their work. Access to the data will only be provided after access conditions are met.444
458. The Office also notes that there is a national agenda for population health data linkage as part of the National Collaborative Research Infrastructure Strategy (NCRIS).445 At the state level, health data linkage projects are at various stages of development.
459. Within the health research sector, the Western Australia Data Linkage Unit presents one model.446 Here, linkage of records occurs through a third party independent of both researchers and original points of collection (eg, health service providers). Personal identifiers are separated from health information and used only for the initial linkage stage.447 The Data Linkage Unit also links data with information on hospital separations, births and deaths.448
460. The Office notes the existence of sophisticated models which avoid the need for centralised linking. In these models, individual hospitals maintain control over the health information, with all identifying data being encrypted before it leaves their systems. The CSIRO's Health Data Integration Software is one example of this technology.449
461. It is unclear at this stage whether the national health data linkage agenda would favour a centralised linkage unit, or a network of state-based units, with oversight by a national coordination authority.
462. The public- and private-sector provisions of the Privacy Act differ in their approach to collecting health information for data-linkage. NPP 10.4 provides that:
If an organisation collects health information about an individual in accordance with subclause 10.3, the organisation must take reasonable steps to permanently de-identify the information before the organisation discloses it.
463. This would seem to exclude data-linkage projects which retain the identifying chain between the individual and the health information - even where part of that chain is located externally to the researchers. The WA data linkage model would fall within this category. The Office notes, however, that these difficulties can be avoided by obtaining the individual's consent, as per NPP 10.1(a). Difficulties principally arise where privacy has not been built into the system at early stages of development. Privacy regulation provides guidance on how to develop a privacy-friendly statistical linkage system, rather than being a barrier to such a system.
464. The Office notes that the IPPs do not include the same restrictions as found in the NPPs. Data-linkage, therefore, may face less compliance issues where it is conducted under the auspices of a government agency. Any data linkage activity should be governed by clear legislative parameters. Other arrangements for facilitating data linkage, such as MOUs, may lack the necessary rigour and transparency.
465. In terms of privacy compliance, researchers have suggested that the private sector provisions do not cater for ongoing data-linkage.450 Submissions to the Private Sector Review expressed a sense that the privacy regime is impeding the use of health registers for important research. The Australian Nursing Federation discussed difficulties regarding the national asbestosis registry:
'The dissemination of disease incidence and asbestosis related deaths was withheld in some cases, but equally disturbing was the withholding of demographic data such as postcodes of those diagnosed with the disease. Linking the place of work or residence was vital in establishing the link between the disease and the cause.'
466. The Nursing Federation also indicates, however, that this difficulty arose from organisation's lack of awareness of the law, as opposed to a flaw in the law itself. The Privacy Act provides for potentially identifying information to be used in research subject to HREC approval.
280 Available at http://parlinfoweb.aph.gov.au/piweb/TranslateWIPILink.aspx?Folder=HANSARDR&Criteria=DOC_DATE:2000-11-08%3BSEQ_NUM:8%3B
281 Available at http://www.privacy.gov.au/publications/index.html#R.
282 Office of the Privacy Commissioner (2002) Annual Report 2001-02, page 15, available at http://www.privacy.gov.au/publications/02annrep.pdf.
283 Office of the Privacy Commissioner (2003) Annual Report 2002-03, page 29, available at http://www.privacy.gov.au/publications/03annrep.pdf.
284 http://www.privacy.gov.au/publications/03annrep.pdf
285 Office of the Privacy Commissioner (2003) Annual Report 2002-03, page 30, available at http://www.privacy.gov.au/publications/03annrep.pdf.
286 Available at http://pandora.nla.gov.au/pan/44612/20060314/www7.health.gov.au/pubs/nhpcode.htm [accessed 8 January 2007].
287 Office of the Privacy Commissioner (2005) Submission on the HealthConnect Business Architecture Version 1.9, available at http://www.privacy.gov.au/publications/hlthcnnctsub.pdf
288 Submission to the Department of Health and Ageing on the HealthConnect Business Architecture, available at http://www.privacy.gov.au/publications/hlthcnnctsub.pdf.
289 The Office discussed its views on consent and SEHRs in detail in its 2005 submission to the Australian Government Department of Health Ageing on the HealthConnect Business Architecture at paragraphs 37-62 available at http://www.privacy.gov.au/publications/hlthcnnctsub.pdf.
290 Office of the Privacy Commissioner (2004) Submission on the HealthConnect Interim Research Report and Draft Systems Architecture para 43 [available at http://www.privacy.gov.au/publications/healthcsub04.pdf ].
291 For example, the Pharmacy Guild of Australia submitted that: '...there has been a recent trend for the Therapeutic Goods Administration (TGA) to approve medicines for inclusion on the PBS for the treatment of one medical condition only. If this trend continues, in many cases it would be possible to identify the medical condition a patient has as a result of knowing the medicine they have been prescribed. An example of this is Abacavir Sulfate (item no. 6264Q) which is only used in the treatment of HIV.' Available at http://www.privacy.gov.au/health/guidelines/healthsub18.pdf.
292 See, Office of the Privacy Commissioner (2006) Report of the Privacy Commissioner's Review of the Privacy Guidelines for the Handling of Medicare and PBS claims information available at http://www.privacy.gov.au/act/review/healthreview.html.
293 26 May 1993 available at http://parlinfoweb.aph.gov.au/piweb/view_document.aspx?ID=453858&TABLE=HANSARDR
294 See, for example, submissions by Caroline Chisholm Centre for Health Ethics, the Australian Privacy Foundation, National Network of Private Psychiatric Sector Consumers and Carers, the Australian Medical Association, Consumers' Health Forum of Australia, Australian Nursing Federation, Australian Federation of AIDS Organisations, available at http://www.privacy.gov.au/health/guidelines/healthsubs.html.
295 Available at http://www.privacy.gov.au/act/review/revsub32.pdf.
296 National Health & Medical Research Council (NHMRC) (2003) When does quality assurance in health care require independent ethical review? Advice to institutions, human research and ethics committees and health care professionals. Available at http://www.nhmrc.gov.au/publications/pdf/e46.pdf. Accessed 19 December 2006.
297 Office of the Privacy Commissioner (2001), Guidelines on Privacy in the Private Health Care Sector, available at http://www.privacy.gov.au/publications/hg_01.html. Accessed 19 December 2006.
298 Office of the Privacy Commissioner, Information Sheet 9: Handling Health Information for Research and Management, available at http://www.privacy.gov.au/publications/IS9_01.html. Accessed 19 December 2006.
299 National Health and Medical Research Council, (2004) submission to the Private Sector Review at page 30, available at http://www.privacy.gov.au/act/review/revsub32.pdf.
300 ALRC Issues Paper 31 at para 8.107.
301 National Health and Medical Research Council (2003) When Does Quality Assurance in Health Care Require Independent Ethical Review, available at http://www.nhmrc.gov.au/publications/_files/e46.pdf. at p3.
302 NHMRC (2003) When Does Quality Assurance in Health Care Require Independent Ethical Review http://www.nhmrc.gov.au/publications/_files/e46.pdf, at p2. .
303 ALRC Issues Paper 31, Paragraph8.108.
304 See Office of the Privacy Commissioner, Public Interest Determination 9A (2002), available at http://www.privacy.gov.au/publications/pid9a.html.
305 K Kendler 'Family history information in biomedical research' (2001) 21(4) Journal of Continuing Education in the Health Professions, p 215.
306 See, Australian Government Department of Health and Ageing, submission to the Private Sector Review available at http://www.privacy.gov.au/act/review/revsub99.doc; Australian Medical Association, submission to the Private Sector Review available at http://www.privacy.gov.au/act/review/revsub29.doc; Mental Health Privacy Coalition (2004) submission to the Private Sector Review, available at http://www.privacy.gov.au/act/review/revsub58.pdf.
307 Office of the Privacy Commissioner (2005) Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act (Office's Private Sector Review) at 276.
308 House of Commons - Select Committee on Science and Technology, Genetics and Insurance, The Stationery Office Limited, London, 2000-2001, cited in ALRC 96, 25.2
309 Investment and Financial Services Association (2002) Genetic Testing and Life Insurance Consumer Perception Research, Page 8, http://www.ifsa.com.au/public/content/ViewCategory.aspx?id=84. Accessed 19 December 2006.
310 E LLynch, et al (2003) 'Cancer in the family' and genetic testing: implications for life insurance' Medical Journal of Australia 179(9) 480
311 Centre for Genetics Education (2006) Some Common Questions http://www.genetics.com.au/fhh/fhhfaq.htm#8. Accessed 19 December 2006.
312 Privacy Act 1988 (Cth) ss 72(1)(b) and (2)(b).
313 S1.5 of the Public Interest Determination Procedure Guidelines, available at http://www.privacy.gov.au/publications/pidguide.pdf.
314 Investment and Financial Services Association Standard 16: Family Medical History Policy. (2002) http://www.ifsa.com.au/public/content/ViewCategory.aspx?id=70. Accessed 19 December 2006.
315 http://www.privacy.gov.au/act/review/revreport.doc p 278.
316 See, for example, ALRC IP 31, para 8.160.
317 http://www.privacy.gov.au/act/review/revreport.doc, p 279.
318 ALRC IP31, paragraph 8.154.
319 Privacy Legislation Amendment Act 2006, available at http://www.comlaw.gov.au/comlaw/Legislation/Act1.nsf/0/592A1E3B62096FD6CA2571ED0012E038?OpenDocument.
320 Office's Private Sector Review report, p 279.
321 Office's Private Sector Review report, p 279.
322 For further information on the PSIS, see http://www.medicareaustralia.gov.au/providers/programs_services/pbs/prescription_shop.htm#about.
323 The legal authority is contained in the National Health Act 1953 (Cth).
324 See Privacy Act 1988 (Cth), s 16B.
325 ALRC, IP 31, paragraph 8-160.
326 J Saunders (ed.) Words and phrases legally defined Butterworth 1988, pp.355-356.
327 These exceptions go to, respectively: (a) directly related secondary purposes within the individuals reasonable expectations; (f) funding or management of health services; (i) genetic information that could be predictive of the health of another individual where it is necessary to lessen or prevent serious threat to life of the other person, and it is not reasonably practicable to obtain consent; (j) the information is disclosed to relevant authorities where there is a reasonable suspicion of unlawful activity; (m) the information is about a deceased person and it is provided to their representative; 2.4 where it relates to someone who is incapable of giving consent and it is for continued healthcare decisions or for compassionate reasons, subject to restrictions regarding reasonable expectations, and not contrary to any known wish of the individual; 2.5 where it relates to a person known or suspected to be dead or missing and it is disclosed for certain purposes related to locating the individual; 6 providing access to information.
328 http://www.privacy.gov.au/act/review/revreport.doc, p 263.
329 Scottish Consumer Council (2005) Health on-line: Public attitudes to data sharing in the NHS.
330 UK National Health Service (2002) Share with care; People's views on consent and confidentiality of patient information, p.5.
331 ibid p.13.
332 H Schers et al (2003) 'Continuity of information in general practice: patient views on confidentiality' Scandinavian Journal of Primary Health Care, pp 21-26; M Paterson and E Mulligan (2003) 'Disclosing health information breaches of confidence, privacy and the notion of the "treating team"', Journal of Law and Medicine Vol 10, pp.460-469.
333 R Whiddet et al (2005) Patients' attitudes towards sharing their health information: final report to participants, June, Massey University.
334 See, also, Australian Medical Association (2003) Recent HIV/AIDS Case: Confidentiality, Statutory Obligations and HIV/AIDS available at http://www.ama.com.au/web.nsf/doc/WEEN-5PF8EF/$file/WebsiteHarvey.doc
335 See, for example, Australian Medical Association submission to the Private Sector Review at page 4, available at http://www.privacy.gov.au/act/review/revsub29.pdf
336 See, for example, the Office's Guidelines on Privacy in the Private Health Care Sector, pp 16-17, available at http://www.privacy.gov.au/publications/hg_01.pdf
337 See, for example, M Paterson and E Mulligan, 'Disclosing Health Information: Breaches of Confidence, Privacy and the Notion of the "Treating Team"' (2003), Journal of Law and Medicine, Vol 10, May 2003, p 462.
338 Available at http://www.privacy.gov.au/publications/hg_01.html#b21
339 Australian Medical Association (2002) Privacy Resource Handbook: For all medical practitioners in the private sector, "Foreword" p.iii. Available at http://www.ama.com.au/web.nsf/doc/WEEN-5PY2FH/$file/Privacy_resource.pdf.
340 AMA Code of Ethics (Editorially Revised 2006) available at http://www.ama.com.au/web.nsf/doc/WEEN-6VQ2NX/$file/AMA_Code_of_Ethics_-_2004._Editorially_Revised_2006.pdf
341 Page 6, available at http://www.racgp.org.au/Content/NavigationMenu/PracticeSupport/Privacy/Handbookforthemanagementofhealthinformationinprivatepractice/20021014privacy.pdf
342 See, for example, Schoen C et al (2004) 'Primary care and health system performance: Adults' experiences in five countries' Health Affairs 28 October pp.487-503; Department of Health and Ageing (2004) Australian doctor-patient relationship one of the best, 2 November available at http://www.health.gov.au/internet/ministers/publishing.nsf/Content/health-mediarel-yr2004-ta-abb172.htm?OpenDocument&yr=2004&mth=11
343 See, for example, P Greenberg, W Walker and Buchbinder R (2006) "Optimising communication between consumers and clinicians", Medical Journal of Australia 185(6), pp. 246-247, available at http://www.mja.com.au/public/issues/185_05_040906/gree10342_fm.html#0_CACIFAF
344 M Paterson and E Mulligan, 'Disclosing Health Information: Breaches of Confidence, Privacy and the Notion of the "Treating Team"' (2003), Journal of Law and Medicine, Vol 10, May 2003, p 461.
345 See, for example, M Stone et al (2005) 'Sharing patient data: competing demands of privacy, trust and research in primary care' British Journal of General Practice October pp 783-789.
346 Academy of Medical Sciences (2006) Personal data for public good: using health information in medical research p.70.
347 UK National Health Service (2003) The public view on electronic health records 7 October, notes of its research findings that "There is little appeal for those outside of the 'caring loop' to have access to medical records' (p.4).
348 R Whiddet et al (2005) Patients' attitudes towards sharing their health information: final report to participants, June, Massey University.
349 J Carlisle et al (2006) 'Concerns over confidentiality may deter adolescents from consulting their doctors. A qualitative exploration' Journal of Medical Ethics vol 32, pp.133-137. Lena A et al (2005) 'Confidential health care for adolescents; Reconciling clinical evidence with family values', Medical Journal of Australia, vol 183, pp.410-414; Mulligan E and Braunack-Mayer A (2004) 'Why protect confidentiality in health records? A review of research evidence' Australian Health Review vol 48 pp. 48-55.
350 M Robling et al (2004) 'Public attitudes towards the use of primary care patient record data in medical research without consent: a qualitative study' Journal of Medical Ethics, available at www.bmj.com.
351 This principle would permit use or disclosure of health information with consent by health service providers providing a health service where: (ii) the use is for the purpose of the provision of further health services to the individual by the organisation; and (iii) the organisation reasonably believes that the use is necessary to ensure that the further health services are provided safely and effectively; and (iv) the information is used in accordance with guidelines, if any, issued for the purposes of this paragraph;
352 Available at http://www.privacy.gov.au/publications/hg_01.html#b23a.
353 UK National Health Service (2002) Share with care; People's views on consent and confidentiality of patient information, p.21.
354 See, PIDs 7 and 7A, available at http://www.privacy.gov.au/publications/pid7.html.
355 See Explanatory Memorandum for the Privacy Legislation Amendment (Emergencies and Disasters) Bill 2006, p 3. For example, clause 80H of the Bill, which lists 'permitted purposes' for collection, use and disclosure (including to 'responsible' persons as defined under NPP 2.5) during an emergency declared by the Prime Minister or Attorney-General.
356 S 30 of the Health Records and Information Privacy Act 2002 (NSW) and s 26 of the Health Records Act 2001 (Vic), respectively.
357 See, for example, submissions by the Mental Health Privacy Coalition, http://www.privacy.gov.au/act/review/revsub58.pdf pp 3-4, and the Australian Medical Association, http://www.privacy.gov.au/act/review/revsub29.pdf p15.
358 These are addressed below at the responses to 8.22 and 8.24
359 182 out of 330 complaints between December 2001 and January 2005 (see NPP Review p 112, footnote 77).
360 Health Records and Information Privacy Act 2002 (NSW), s 4 Definitions - 'private sector person'.
361 See Health Records Act 2000 (Vic), Part 2 Div 2 - 'Private Sector Organisations'.
362 Respectively, HPP 6.1, Schedule 1 of the Health Records Act 2000 (Vic); and s 29, Health Records and Information Privacy Act 2002 (NSW).
363 Health Records Act 2000 (Vic), Part 5 Div 3.
364 http://www.privacy.gov.au/act/review/revsub90.pdf para 111. See also http://www.privacy.gov.au/act/review/revreport.doc, p 116.
365 http://www.privacy.gov.au/act/review/revreport.doc p 118.
366 http://www.privacy.gov.au/act/review/revreport.doc pp 116-118
367 Australian Privacy Foundation, http://www.privacy.gov.au/act/review/revsub90.pdf para. 112.
368 Health Privacy Principle 8(3) of the HRIP Act 2002 (NSW) entitles the individual to have recipients notified of the correction "if it is reasonably practicable". Information Privacy Principle 7(4), under section 6 of the Privacy Act 1993 (NZ) uses the similar terms. Section 12(2)(c) of the Privacy Act 1985 (Canada) allows an individual to require notification to third parties, to whom the information has been disclosed in the 2 years prior to the correction. Part V, s 23(1) of the Personal Data (Privacy) Ordinance (Hong Kong) refers to notification for disclosures made in the prior 12 months where further use is contemplated.
369 See NPP Review, p 114-5.
370 Part 5 Divs 1-2 and 1-3.
371 HRIPA 2002 (NSW), s 27.
372 NSW HRIPA, HPP 7(1).
373 See, for example, Privacy Act 1988 (Cth) s 30.
374 http://www.privacy.gov.au/act/review/revreport.doc p.118.
375 RACGP (2002) Handbook for the Management of Health Information in Private Medical Practice, p.9, available http://www.racgp.org.au/Content/NavigationMenu/PracticeSupport/Privacy/Handbookforthemanagementofhealthinformationinprivatepractice/20021014privacy.pdf.
376 AMA (2002) Privacy Resource Handbook: For all medical practitioners in the private sector, p.18, available at http://www.ama.com.au/web.nsf/doc/WEEN-5PY2FH/$file/Privacy_resource.pdf.
377 AMA (2002) Privacy Resource Handbook: For all medical practitioners in the private sector, p.18, available at http://www.ama.com.au/web.nsf/doc/WEEN-5PY2FH/$file/Privacy_resource.pdf.
378The Hon Daryl Williams AM QC, Privacy Amendment (Private Sector) Bill 2000, Second Reading Speech, House of Representatives, Wednesday, 12 April 2000, p 15751
379 Currently under review and available at www.nhmrc.gov.au.
380 NHMRC, National Statement on Ethical Conduct in Research Involving Humans, at page 11. Available at http://www.nhmrc.gov.au/publications/synopses/e35syn.htm.
381 Department of Health and Ageing, Submission to the Private Sector Review, p17. Available at http://www.privacy.gov.au/act/review/revsub99.doc.
382 See Office of the Privacy Commissioner (2004), Community Attitudes to Privacy, at 6.2. Available at http://www.privacy.gov.au/publications/rcommunity. Accessed 19 December 2006.
383 AC Nielsen (1998), Community Consultation: Health Information Privacy: A Research Report, page 8.
384 R Whiddett, I Hunter, J Engelbrect,J and Handy, (2004). Sharing Patient Information: A Survey of Patients' Views. Health Informatics Conference 2004, pages 59-64.
385 M Robling et al (2004) 'Public attitudes towards the use of primary care patient record data in medical research without consent: a qualitative study' Journal of Medical Ethics, available at www.bmj.com.
386 H Schers et al (2003) 'Continuity of information in general practice: patient views on confidentiality' Scandinavian Journal of Primary Health Care, pp 21-26.
387 UK National Health Service (2002) Share with care; People's views on consent and confidentiality of patient information, p.10.
388 S Page and I Mitchell (2006) 'Patients' opinions on privacy, consent and the disclosure of health information for medical research' Chronic Diseases in Canada, vol 27, pp. 60-67; UK National Health Service (2002) Share with care; People's views on consent and confidentiality of patient information.
389 L Damschroder (2007) 'Patients, privacy and trust: Patients' willingness to allow researchers to access their medical records' Social Science and Medicine vol 64, pp.223-235.
390 J Trauth (2000) 'Public attitudes regarding willingness to participate in medical research studies' Journal of Health and Social Policy, Vol 12, pp.23-43.
391 R Magnusson, 'Data Linkage, Health Research and Privacy: Regulating Data Flows in Australia's Health Information System' (2002) 24 Sydney Law Review at 6.
392Australian Consumers Association, Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub15.pdf.
393 University of Adelaide, Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub28.pdf.
394 http://www.privacy.gov.au/publications/rcommunity04.pdf
395 National Health and Medical Research Council (1999) National Statement on Ethical Conduct in Research Involving Humans http://www.nhmrc.gov.au/publications/_files/e35.pdf at page 6.
396 http://www.privacy.gov.au/publications/rcommunity04.pdf, Community Attitudes to Privacy
397 AC Nielsen (1998), Community Consultation: Health Information Privacy: A Research Report at p8.
398 The Hon Nigel Bowen MP, Attorney General, Australia, House of Representatives, Hansard, 1 November 1988
399 Investment Review of Health and Medical Research Committee, Sustaining the Virtuous Cycle for a Health Competitive Australia (2004), Minister's Forward. Available at http://www.researchaustralia.com.au/files/IRHMR_Executive_Summary.pdf.
400 Australian Epidemiological Association, Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub30.pdf.
401 AC Nielsen (1998), Community Consultation: Health Information Privacy: A Research Report.
402 AC Nielsen (1998), Community Consultation: Health Information Privacy: A Research Report, p 8.
403 Australian Law Reform Commission, Overview of ALRC Issues Papers 31 & 32, Review of Privacy Reviewing Australia's Privacy Laws Is Privacy passé? ... have your say. Available at http://www.austlii.edu.au/au/other/alrc/publications/issues/31-32_Overview/.
404 See A Grulich and J Kaldor 'Individual Privacy and Observational Health Research: Violating an Individual's Privacy to Benefit the Health of Others' (2001) University of New South Wales Law Journal 24(1) 298 at 301.
405 University of Adelaide, (2004) Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub28.doc.
406 See Information Sheet 9: Handling Health Information for Research and Management, Available at http://www.privacy.gov.au/publications/IS9_01.html.
407 See Information Sheet 9: Handling Health Information for Research and Management, Available at http://www.privacy.gov.au/publications/IS9_01.html.
408 Information Sheet 9: Handling Health Information for Research and Management. Available at http://www.privacy.gov.au/publications/IS9_01.html.
409L JMelton, 'The Threat to Medical Records Research' (1997) New England Journal of Medicine 337(20) 1466.
410 Such as University of Adelaide's Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub28.doc.
411 See A Grulich and J Kaldor 'Individual Privacy and Observational Health Research: Violating an Individual's Privacy to Benefit the Health of Others' (2001) University of New South Wales Law Journal 24(1) 298 at 300.
412 National Health and Medical Research Council (2004), Submission to the Private Sector Review, at p20. Available at http://www.privacy.gov.au/act/review/revsub32.pdf; University of Adelaide, (2004) Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub28.doc.
413 Office of the Privacy Commissioner (2002, March) Submission from the Federal Privacy Commissioner at. p30. Available at http://www.privacy.gov.au/publications/genesub.pdf.
414 Office of the Privacy Commissioner (February 2003) Submission from the Federal Privacy Commissioner at p20. Available at http://www.privacy.gov.au/publications/genesub03.pdf.
415 Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act. Available at http://www.privacy.gov.au/act/review/review2005.htm.
416J Levine, 'Sour Legacy of Tuskegee syphilis study still lingers' CNN May 16, 1997. Availabe at http://www.cnn.com/HEALTH/9705/16/nfm.tuskegee/index.html.
417 G Warigi (1997),Africa Aids Study Generates Anger, Bitter Exchanges. Available at http://www.tuskegee.edu/global/Story.asp?s=1209892.
418Council for International Organizations of Medical Sciences, 'International Ethical Guidelines for Biomedical Research Involving Human Subjects'. Available at http://www.cioms.ch/frame_guidelines_nov_2002.htm.
419 Office of the United Nations High Commissioner for Human Rights, International Covenant on Civil and Political Rights. Available at http://www.unhchr.ch/html/menu3/b/a_ccpr.htm.
420Office of the United Nations High Commissioner for Human Rights, Status of Ratifications of the Principal International Human Rights Treaties. Available at http://www.unhchr.ch/pdf/report.pdf.
421World Medical Association, Declaration of Helsinki: Ethical Principles for Medical Research Involving Human Subjects. Available at http://www.wma.net/e/policy/b3.htm.
422 Council of Europe (2005), Additional Protocol to the Convention on Human Rights and Biomedicine, concerning Biomedical Research. Available at http://conventions.coe.int/treaty/en/Treaties/Html/195.htm.
423 NHMRC, Submission to the Private Sector Review. Available at http://www.privacy.gov.au/act/review/revsub32.pdf
424 Australia and New Zealand Transplant Registry, ANZDAT Structure. http://www.anzdata.org.au/anzdata/structure.htm
425 National Health and Medical Research Council (2004), Submission to the Private Sector Review, available at http://www.privacy.gov.au/act/review/revsub32.doc at page 29.
426 National Health and Medical Research Council (2004), Submission to the Private Sector Review, available at http://www.privacy.gov.au/act/review/revsub32.doc at page 30.
427 National Health and Medical Research Council Act 1992 (Cth) at http://www.comlaw.gov.au/ComLaw/Legislation/ActCompilation1.nsf/framelodgmentattachments/A30A690CEFB8191ECA25719C008331DA
428 See, C Kelman et al (2003) "Deep vein thrombosis and air travel: record linkage study", British Medical Journal 327:1072 (8 November), available at http://www.bmj.com/cgi/content/full/327/7423/1072.
429 See, for example, Academy of Medical Sciences (2006) Personal data for public good: using health information in medical research pp 12-13.
430 National Health Information Management Group (2001), 'Minimum Guidelines for Health Registers for Statistical and Research Purposes' at page 2. Available at http://www.aihw.gov.au/publications/hwi/mghrsrp01/mghrsrp01.pdf.
431 B Sibthorpe, E Kliewer and L Smith, 'Record Linkage in Australian Epidemiological Research: Health Benefits, Privacy Safeguards and Future Potential: (1995) 19 Australian Journal of Public Health 250 at 253.
432 R Magnusson, 'Data Linkage, Health Research and Privacy: Regulating Data Flows in Australia's Health Information System' (2002) 24 Sydney Law Review 5, 10
433NHMRC, Submission to the Private Sector Review, p35, available at http://www.privacy.gov.au/act/review/revsub32.pdf; Department of Health (South Australia); Office of the Chief Executive, Submission to the Private Sector Review, available at http://www.privacy.gov.au/act/review/revsub95.pdf; University of Adelaide, Submission to the Private Sector Review, available at http://www.privacy.gov.au/act/review/revsub28.pdf.
434 NHMRC, Submission to the Private Sector Review, p35, available at http://www.privacy.gov.au/act/review/revsub32.pdf
435 NHMRC, Submission to the Private Sector Review, p36, available at http://www.privacy.gov.au/act/review/revsub32.pdf
436 NHMRC, Submission to the Private Sector Review, p35, available at http://www.privacy.gov.au/act/review/revsub32.pdf
437 NHMRC, Guidelines under Section 95 of the Privacy Act 1988 (2000). Available at http://www.privacy.gov.au/publications/e26.pdf
438 L Andrews, 'Havasupai Tribe Sues Genetics Researchers' (2005) 31(6) Privacy Journal 5. Case pending as at 2 November 2006.
439 CW Kelman, Bass AJ, Holman CDJ 'Research use of linked Health Data - a best practice protocol' (2002) 26(3) Australian and New Zealand Journal of Public Health 251.
440 A Young, A Dobson , J Byles, 'Health services Research using linked Records: who Consents and What is the Gain?' (2001) 25(5) Australian and New Zealand Journal of Public Health 417 at 420.
441 R Magnusson, 'Data Linkage, Health Research and Privacy: Regulating Data Flows in Australia's Health Information System' (2002) 24 Sydney Law Review 5, 8
442 R Magnusson, 'Data Linkage, Health Research and Privacy: Regulating Data Flows in Australia's Health Information System' (2002) 24 Sydney Law Review 5, 22
443 Office of the Privacy Commissioner (2004), Community Attitudes Towards Privacy 2004, available http://www.privacy.gov.au/publications/rcommunity/chap8.html.
444 National Data Network, FAQ's,available at http://nationaldatanetwork.org/NDN/NDNHome.nsf/Home/FAQs?OpenDocument.
445 National Collaborative Research Infrastructure Strategy (2006) Strategic Roadmap 31, available at http://www.dest.gov.au/NR/rdonlyres/E2001074-CDA2-4CEA-A1B4-775B4882A5F5/9519/NCRISStrategicRoadmap.pdf.
446 See CW Kelman, AJ Bass, CDJ Holman, 'Research use of Linked Health Data - A Best Practice Protocol' (2002) 26(3) Australian and New Zealand Journal of Public Health 251
447 Kelman CW, AJ Bass, CDJ Holman. 'Research use of linked Health Data - a best practice protocol' (2002) 26(3) Australian and New Zealand Journal of Public Health 251 at 252.
448 Garfield C, Rosman D, Bass J, 'Inside the Western Australian data linkage system' (2002) Symposium on Health Data Linkage Proceedings, available at http://www.publichealth.gov.au/symposium_papers_presenter.html.
449 See E-Health Research Centre 'Health-Data Integration Project,' available at http://www.e-hrc.net/hdi/.
450 Department of Health, Western Australia, submission to the Private Sector Review, available at http://www.privacy.gov.au/act/review/revsub101.doc.