Law Reform Commission proposes health privacy changes

The Australian Law Reform Commission (ALRC) has just published Discussion Paper 72, Review of Australian Privacy Law (DP 72), which sets out the ALRC’s proposals for reform of privacy laws and related practices.

The deadline for feedback on the ALRC's proposal is 7 December 2007. The ADA is currently considering whether it will make a submission on the health privacy recommendations, and member feedback on the proposed changes will be taken into account in this matter.

Key recommendations in the health section of the report are as follows:

• that there should be one set of principles that apply to both public and private sector organisations.
• that new federal privacy laws override state and territory privacy laws in relation to the private sector, so that private and non-government health services only have to comply with one set of privacy laws.
• that there should be nationally consistent laws on health privacy.
• that there should be new regulations under the federal Privacy Act that regulate the handling of health information.
• that there should be specific legislation to regulate any shared
  electronic health record scheme, and unique healthcare identifiers.
  This legislation should address issues including:
  • rights and requirements for participation in the scheme, including consent arrangements;
  • permitted and prohibited uses of unique healthcare identifiers and information in the electronic health record; and
  • safeguards in relation to unique healthcare identifiers, such as a guarantee that it is not required to provide an identifier in order to obtain healthcare.
• that healthcare providers should be able to collect information on third parties without consent, where it is relevant and necessary for treatment.
• that where a health service is closing or transferring to a new owner, the owner or operator should take reasonable steps to ensure that consumers know that the service is closing or transferring.