Draft laws to underpin the operation of the Gillard government's $500 million personally controlled e-health record system also provide another loophole allowing authorities to decide a data breach was "not deliberate".
"Under this legislation, no government and no employee can be sued or prosecuted for any harm or damage arising from a breach," APF Health chairwoman Juanita Fernando said.
"We believe this absolution of jurisdictions and their agents must be removed from the draft bills.
"Which body or organisation will be held to account over malicious hacks of centralised databases -- such as the (Medicare-operated) Healthcare Identifiers database -- linked by the PCEHR system?" she said.
Dr Fernando said all breaches of health data must be "subject to consequences". "If a government authority decides no deliberate breach occurred, the penalties outlined in the bill are unenforceable and so are irrelevant.
"Therefore, we ask for penalties to be provided in the context of unintentional breaches of community information." These should include compensation, the ability to take class actions and measures to stop future breaches.
The bills do not cover new technologies such as cloud computing, smartphones and tablets. "Patients and their clinicians need to feel confident applying such innovations to healthcare data," she said.
Dr Fernando said the legislation allowed health services to download data from the PCEHR system and store it in their own clinical systems, and researchers would be able to override existing consent mechanisms to obtain that data directly from providers.
"Recent moves to (permit) the collection of third-party health information relevant to a patient's family or social histories without consent are concerning," she said.
"Providers are permitted to collect and use the contact details of relatives to enable disclosure of genetic information. The merger of Centrelink, Medicare and Human Services exacerbates matters. People won't able to control access to their data."
Dr Fernando said the Gillard government's credibility was "shot to ribbons" by its failure to put privacy protection into the main bill. The critical elements have been relegated to the draft consequential amendments bill.
"It is completely unacceptable for critical protections to be in delegated legislation," she said.
"It risks them never being delivered, and they can be readily compromised by subsequent amendments," Dr Fernando said. He said statements suggesting consumers would be able to directly review their own health records were "misleading".
---
Autor(en)/Author(s): Karen Dearne
Quelle/Source: Australian IT, 01.11.2011
Bitte besuchen Sie/Please visit:
