"The legislation will strike the right balance between security and access," Ms Roxon said in a statement.
"Two rounds of consultation were held on this legislation prior to its introduction."
But the government is yet to respond to a large number of concerns raised by medical, consumer and privacy groups in submissions to the draft exposure bill, and it appears few changes have been made.
Ms Roxon said patients will choose whether to opt in to the system.
"Australians will have unprecedented control over their health information, including who can access their record and which documents can be viewed," she said.
"Records will have the capacity to contain summary information such as conditions, medications, allergies and records of events such as hospital stays. Free trial
"Our legislation will also allow records to be connected to the existing information from Medicare systems."
Ms Roxon said the bill included strong penalties for breaches of privacy; an Independent Advisory Council would be set up to advise on operational and policy matters, and audit logs would be made available to show who has accessed health records.
But key governance issues have not been addressed.
Patient data protection will be safeguarded by the 1988 Privacy Act, allowing the Information Commissioner to investigate any complaints, but the present pathwork of differing state and territory health and privacy laws will still apply.
Privacy Commissioner Timothy Pilgrim had called for a unified approach to privacy protections, and clarification of how different commonwealth, state and territory privacy laws would work together.
Mr Pilgrim noted protection of data held in local systems fell under state and territory health and privacy laws, where these exist, and called for stronger powers for his office to audit the system operator, open own motion investigations and manage the complaints process.
The bill states: "For entities that are subject to the (commonwealth) Privacy Act, the Information Commissioner (will be able) to carry out investigations. Entities not subject to the Privacy Act will, in addition to the requirements in the PCEHR Bill, be subject to any local privacy or health information laws and the mechanisms that are available under those laws.
The legislation will also authorise the use of Healthcare Identifiers service, operated by Medicare, but with governance arrangements not yet in place the Health department's secretary has been nominated as the official operator.
The Medical Industry Software Association is locked in battle with Health and Medicare over unresolved patient safety and liability concerns relating to the year-old but not yet operational Healthcare Identifiers service.
However, the government appears to have stepped back from plans to exempt the commonwealth and its agents for liability for data breaches involving citizens' sensitive personal and medical information.
The Australian Privacy Foundation had flagged concerns that the draft bill meant "no government and no employee can be sued or prosecuted for any harm or damage arising from a breach".
But the bill says: "While each jurisdiction will be legally bound by the arrangements set out, the Crown will not be liable for pecuniary penalties or subject to prosecution for offences. While the Crown cannot be liable to be prosecuted for an offence, or liable for a pecuniary penalty, this does not mean that all action against the Crown is precluded.
"If the Crown in any of its capacities does not comply with its obligations under this bill, other remedies are potentially available. For example, it may be subject to a declaration or injunction, investigated by the Information Commissioner under the Privacy Act, investigated by the Ombudsman, subject to Parliamentary scrutiny or subject to claims for breach of statutory duty.
"Further, while the Crown may have immunity in certain regards, the employees and contractors of the Crown will not necessarily have any such immunity. Finally, nothing in the Bill prevents an individual who suffers loss or damage from seeking to recover that loss or damage from the person who caused it."
Ms Roxon needs to get the legislation passed to support her July 2012 deadline for the start of the PCEHR system.
"Electronic health records have the potential to save lives, time and money and make the health system more efficient,” she said.
"There’s no doubt that Australia needs to drag the management of health records into the 21st century."
---
Autor(en)/Author(s): Karen Dearne
Quelle/Source: Australian IT, 23.11.2011
Bitte besuchen Sie/Please visit:
