The peak consumer body has turned to the Joint Select committee inquiry into Cyber-Safety for Senior Australians to raise additional concerns, including clarification around notification of data breaches on PCEHR records.
A Senate inquiry into the PECHR Bills and related matters is due to report its findings today.
"The complaints mechanism for the PCEHR will be crucial to ensuring the safety and security of consumer health information, and will be of particular interest to older Australians who are likely to be high end-users of the health system," the CHF said in its submission.
"Consumers have emphasised the importance of ensuring there is a single, clear avenue for making complaints.
"We recommend that the committee explore the management of the PCEHR complaints mechanism, and the possibility of a review of Medicare's role as the complaints body.
"We also recommend the allocation of additional resources to the Office of the Australian Information Commissioner to ensure it has the capacity to conduct investigations on behalf of consumers."
The CHF said older Australians, particularly those who lack computer and online health literacy skills, may be particularly vulnerable to misuse of information by third parties.
"We recommend the committee (considers) safeguards to prevent the misuse of PCEHR information by third parties, such as employers or insurers," it said.
The CHF notes that under the proposed enabling legislation, the system will provide an audit trail showing the organisations that have accessed their records, but not the healthcare professionals responsible for a breach.
"Consumers considered this would make it extremely difficult to identify any unauthorised viewings of their PCEHR, and will significantly undermine the safety of their record," it said.
"We call for the audit trail to provide consumers with information on individual health practitioners who have accessed their record."
The CHF said that until recently, it had understood consumers would be notified of major breaches relating to their record, but not necessarily more minor ones, which would be left to the discretion of the PCEHR system operator.
"However, evidence provided by the department at a Senate estimates hearing last month suggested that consumers would be notified of all breaches," it said.
"We would like this matter clarified, as consumers feel strongly that it should not be left to the operator's discretion to determine what constitutes a major breach.
"This issue was cited as key to consumer confidence in the system."
In its submission, Health said the design of the system and the legal framework provided in the proposed legislation "enables security and privacy breaches to be detected and prosecuted".
"The bills address security and safety risks that could arise with participation," it said. "A large number of potential offences are covered in existing legislation and can be applied to offences within the context of the PCEHR system."
Health said possible cyber risks have been addressed using a multi-layered approach.
"While the department does not design programs and systems specifically to deal with cyber security for senior Australians, the framework in which the department operates ensures seniors can be assured of their security in the ever increasingly digital world in which we live," it said.
Meanwhile, the National E-Health Transition Authority said a range of functionality for PCEHR "has been developed to specifically address" the needs of senior citizens.
"Older Australians are a key target group for the system," its submission said. "In order for older people to fully benefit from the PCEHR, it must be safe and easy to use.
"NEHTA doesn't regard it acceptable to respond to cyber risks by limiting older Australians' access to online information and services, but will rather ensure that the system is useable for those who stand to benefit from it the most."
It notes that consumers' online interactions with the PCEHR will be via the consumer portal.
The National Authentication Service for Service, currently being developed, will "ensure e-health transactions are private, traceable and only conducted by known entities".
---
Autor(en)/Author(s): Karen Dearne
Quelle/Source: Australian IT, 15.03.2012
Bitte besuchen Sie/Please visit:
