Privacy commissioner to regulate eHealth system

The privacy commissioner will be able to seek civil penalties for breaches in eHealth privacy

The federal government's new eHealth system will be regulated against privacy breaches by the privacy commissioner and the Office of the Australian Information Commissioner (OAIC).

The eHealth system, which went live July 1, will initially include basic information, with healthcare professionals adding to the system, such as medications prescribed and allergies.

The system sits within the the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act) and the Personally Controlled Electronic Health Records Regulation 2012 legislation.

The PCEHR Act has been a contentious piece of legislation which has reportedly been marred by a lack of governance and privacy concerns.

The OAIC has actively fought to ensure privacy protections were built into the Act.

In a submission to the Senate Standing Committee on Community Affairs in January this year, the privacy commissioner, Timothy Pilgrim, recommended amending the Privacy Act to allow the OAIC to investigate contraventions of civil penalty provisions

Pilgrim has welcomed the widened scope of his role and advised consumers to read the terms and conditions of the system carefully.

"You are in control, so make sure you understand how your personal and health information will be collected, used and disclosed. You can decide which healthcare providers can see your record and what information they can access. Have a conversation with your healthcare provider about what will be uploaded and accessed from your eHealth record," Pilgrim said.

Pilgrim also warned healthcare providers to conform to their obligations under the Privacy Act, which include not collecting more information than is necessary for the eHealth records and ensuring staff are adequately trained in protecting patient eHealth records.

The OAIC will investigate eHealth complaints and also conduct own motion investigations. For consumers who make complaints to the OAIC, the privacy commissioner is able to seek civil penalties and accept enforceable undertakings from healthcare providers.

Mandatory data breach notification will also be introduced for the PCEHR Act for systems operators, repository operations and portal operators.

Follow Stephanie McDonald on Twitter: @stephmcdonald0

Follow Computerworld Australia on Twitter: @ComputerworldAU

1 Comment

Cris Kerr

1

To-date, we have been told that only the 'healthcare organisation name' and the 'role' of the person who is accessing is all that will be revealed in the PCEHR audit log.

PCEHR Audit Log:

Public Hospital, GP
Public Hospital, GP
Public Hospital, Radiologist
Public Hospital, GP
Public Hospital, Dietician
Public Hospital, GP
Public Hospital, Radiologist
Public Hospital, Radiologist
Public Hospital, Dietician
Public Hospital, Pathologist
Public Hospital, Dietician
Local Medical Clinic, GP
Local Medical Clinic, Physiotherapist

How will the chronically ill know if, when, or how many times their PCEHR has been inappropriately accessed by someone so they can raise a red flag or make a complaint?

Comments are now closed

Newegg takes pre-orders for Samsung's first 3D Pro SSD

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]