Below are the ALRC submission issues that have been developed from the discussions at the recent HIPS seminar at Microsoft in November. 

Click here to read the summary notes from the discusion. 

We have only a few days to gather our comments, so please review the points below and click on the comment button to provide you feedback.

Key ALRC Submission Points:

The view of the Health Information Privacy and Security Group is that

1. We seek national consistency with the proposed privacy laws across State/Federal Public/Private sectors. The current proposals do not go far enough to resolve this by allowing state exceptions and complex rules regarding when those exceptions apply. Furthermore, a well resourced nationally consistent process for managing privacy complaints (i.e. not delegated to state/territory as proposed in 56-1) would be more appropriate considering today's ubiquitous technology. 

2. Greater reliance on referral to the Human Research Ethics Committees (HREC) is being proposed for interpreting research, quality assurance, audit etc. Will there be sufficient consistency across the various HRECs and do they have the necessary skills and resources to carry out the proposed functions? Concern has been raised about how to avoid the inevitable bureaucratic backlog associated with HRECs unless these issues are adequately addressed?

3. In health we have witnessed changes in people's (clients) expectations and behaviour brought about by the advances in technology. That is their ability to access health knowledge and to take greater personal control over their health to include user controlled internet content (e.g. Web 2.0). Furthermore, personal access to medical devices, assistive technologies and ‘smart home' environments are causing a shift towards data being held by non traditional healthcare providers. Although the proposed privacy law changes intend to be ‘technology-neutral' they need to recognize this shift in behaviour brought about by technology. Current proposals focus on ‘health service' and ‘health service providers' and not the individuals.

4. Technology changes rapidly and hence any ‘technology neutral' proposal must therefore rely on the basic principals (UPPs) set down in the Act. Are sufficient provisions being made to accommodate how any technology changes need to be interpreted as being compliant with the UPPs in the Act? Too much damage can be done if we have to wait for case law hence, more regular periodic risk assessments of new technologies and interpretive guidelines would greatly assist in maintaining people's trust with technology.

5. There is a proposal to develop guidelines that relate to the "handling of health information under the Privacy Act" (56-4). The stakeholders involved will be at the discretion of the Office of the Privacy Commissioner with only DoHA being specifically mentioned. The range and types of stakeholders need to be specified to ensure industry and professional society representation.

6. National guidelines on obtaining individual's consent are crucial. This would permit unified approach to recording client's preferences and ensure technological compatibility for sharing and linking health information.

7. Common platforms for the application of privacy to take into account cross border data flows. Many of our industry partners are requesting a ‘global' approach to ensure a baseline standard across the industry and organizations.