Greg Hunt has introduced legislation strengthening privacy for My Health Record
Health Minister Greg Hunt has this month introduced the My Health Records Amendment (Strengthening Privacy) Bill 2018 into Parliament.
The current legislation authorises the My Health Record System Operator to use and disclose health information in a recipient’s record to an enforcement body for certain enforcement-related activities.
Minister Hunt’s bill repeals these subsections, removing the ability for health information in My Health Records to be disclosed to law enforcement agencies and government agencies without a court order or the healthcare recipient’s consent.
These changes provide a “significantly reduced form of this authorisation, with significantly strengthened privacy protections,” says the minister.
Under the current legislation, documents held by My Health Record will be retained for a period of 30 years after a person’s death or, if the date of death is unknown, for a period of 130 years after the date of a person’s birth.
The amendments will require the government to permanently delete stored health information for a person “as soon as practicable” (within 24 to 48 hours) after they have cancelled their My Health Record.
Minister Hunt’s bill has been referred to the Senate Community Affairs Legislation Committee for inquiry, with a report due on 8 October. Submissions are sought by 14 September.
The proposed bill affirms that the My Health Record system opt-out process was unanimously agreed by all state and territory governments in March 2017 at the Council of Australian Governments (COAG) Health Council, and again unanimously at the August 2018 COAG Health Council.
“Since the opt-out period began concerns have been expressed by some healthcare recipients, privacy advocates and some peak healthcare bodies that the MHR Act authorises the release of information to law enforcement agencies and other government bodies,” reads the bill explanatory memorandum.
“Concern has also been expressed that information would continue to be stored in the National Repositories Service for people who have cancelled their My Health Record.
“The safeguards that apply to a healthcare recipient’s My Health Record will be strengthened by this Bill, effectively providing that health information can only be collected, used or disclosed for healthcare purposes, with the healthcare recipient’s consent, in response to a court order or an order by a judicial officer, to respond to public health or safety threats, for medical indemnity claims, or in order to operate the My Health Record system.”
Any unauthorised collection, use or disclosure of MHR information will continue to be subject to criminal and civil penalties – up to two years’ imprisonment and/or up to $126,000 for an individual (up to $630,000 for bodies corporate).
The opt-out period has also been extended to 15 November.