Privacy commissioner to regulate eHealth system

The privacy commissioner will be able to seek civil penalties for breaches in eHealth privacy

The federal government's new eHealth system will be regulated against privacy breaches by the privacy commissioner and the Office of the Australian Information Commissioner (OAIC).

The eHealth system, which went live July 1, will initially include basic information, with healthcare professionals adding to the system, such as medications prescribed and allergies.

The system sits within the the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act) and the Personally Controlled Electronic Health Records Regulation 2012 legislation.

The PCEHR Act has been a contentious piece of legislation which has reportedly been marred by a lack of governance and privacy concerns.

The OAIC has actively fought to ensure privacy protections were built into the Act.

In a submission to the Senate Standing Committee on Community Affairs in January this year, the privacy commissioner, Timothy Pilgrim, recommended amending the Privacy Act to allow the OAIC to investigate contraventions of civil penalty provisions

Pilgrim has welcomed the widened scope of his role and advised consumers to read the terms and conditions of the system carefully.

"You are in control, so make sure you understand how your personal and health information will be collected, used and disclosed. You can decide which healthcare providers can see your record and what information they can access. Have a conversation with your healthcare provider about what will be uploaded and accessed from your eHealth record," Pilgrim said.

Pilgrim also warned healthcare providers to conform to their obligations under the Privacy Act, which include not collecting more information than is necessary for the eHealth records and ensuring staff are adequately trained in protecting patient eHealth records.

The OAIC will investigate eHealth complaints and also conduct own motion investigations. For consumers who make complaints to the OAIC, the privacy commissioner is able to seek civil penalties and accept enforceable undertakings from healthcare providers.

Mandatory data breach notification will also be introduced for the PCEHR Act for systems operators, repository operations and portal operators.

Follow Stephanie McDonald on Twitter: @stephmcdonald0

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments