It’s a fine line between health and stealth

Publication | 26 July 2010

by Bernard O'Shea

Almost without public comment the Healthcare Identifiers Act 2010 (Cth) (the Act) came into effect on 29 June 2010. It paves the way for Australian individuals and healthcare providers to be allocated unique 16 digit “healthcare identifiers” and for information linked to that number to be collected, stored and disseminated. Given the scope of the powers under the Act, and the obvious concerns it raises for privacy, the Act has attracted surprisingly little attention.

The Act allows the service operator (which will initially be Medicare Australia) to assign healthcare identifiers to both healthcare providers and recipients. The service operator is not required to consider the consent of the healthcare identifier recipient. Further, it allows the service operator to collect data from Medicare, the Veterans’ Affairs Department and the Defence Department to create a record about that person or healthcare provider.

The stated concept of the Act is to manage health related data more efficiently and effectively. Developing an effective system of electronic health records is stated as an important step in the improvement of our health system. There are a number of safeguards against inappropriate disclosure and penalties for disclosing information in contravention of the Act but obviously, once the information is out, no penalty can bring it back.

There is also the certainty that mistakes will be made. They will range from a simple mismatch whereby an individual may be locked out of their personal data store (and may find themselves unable to show who they are, or their entitlement to essential services) to a mass loss of data. The example that springs to mind is the case in the UK where the government admitted that two CDs with the personal records of all families in the UK with a child under the age of 16 had gone missing. The data included dates of birth, addresses, bank details and national insurance numbers of 25 million people. The CDs were sent by courier between government departments. The replacement CDs (sent by normal post) arrived safely. No attention appears to have been given to the consequences of the mismatch of records.

There are strong arguments to support the overall utility of what is envisaged. It is of concern that the Act is an important but incomplete part of a much bigger overall system. Without a complete picture, much is left to trust. In this regard it is noted that there are essentially no negative restrictions on the use of the healthcare identifier, and the inclusion of information in the records attached to it.

Of itself, the Act is not an immediate threat to personal privacy, but as a step towards all personal health data (and potentially other information) being stored in one system against one number, which will be immediately available to government agencies, it is an Act that should have warranted significantly more debate.


Bernard O'Shea

Bernard O'Shea