Commonwealth of Australia Bills
[Index]
[Search]
[Download]
[Related Items]
[Help]
This is a Bill, not an Act. For current law, see the Acts databases.
HEALTHCARE IDENTIFIERS BILL 2010
2008-2009-2010
The Parliament of the
Commonwealth of Australia
HOUSE OF REPRESENTATIVES
Presented and read a first time
Healthcare Identifiers Bill 2010
No. , 2010
(Health and Ageing)
A Bill for an Act to provide for healthcare
identifiers, and for related purposes
i Healthcare Identifiers Bill 2010 No. , 2010
Contents
Part 1--Preliminary
1
1 Short
title
...........................................................................................
1
2 Commencement
.................................................................................
1
3
Purpose of this Act ............................................................................. 2
4
Act to bind the Crown ........................................................................ 2
5 Definitions
.........................................................................................
2
6 Meaning
of
service operator .............................................................. 5
7 Meaning
of
identifying information ................................................... 5
8 Meaning
of
national registration authority ....................................... 6
Part 2--Assigning healthcare identifiers
7
9 Assigning
healthcare
identifiers ......................................................... 7
10
Service operator must keep record of healthcare identifiers
etc. ...................................................................................................... 8
Part 3--Use and disclosure of healthcare identifiers and other
information
9
Division 1--Use and disclosure of identifying information for
assignment of healthcare identifiers
9
11 Disclosure
by
healthcare providers .................................................... 9
12 Disclosure
by
data sources ................................................................. 9
13 Disclosure
by
national
registration authority ................................... 10
14 Maintaining
healthcare identifiers ................................................... 10
15
Service operator's duty of confidentiality ........................................ 10
Division 2--Disclosure of healthcare identifier by service
operator
12
Subdivision A--Request by healthcare provider for healthcare
recipient's healthcare identifier
12
16
Disclosure of healthcare recipient's identifying information
by healthcare provider ..................................................................... 12
Subdivision B--Disclosure of healthcare identifier by service
operator
12
17
Disclosure to healthcare provider .................................................... 12
18
Disclosure to healthcare recipient .................................................... 13
19
Disclosure to registration authority .................................................. 13
20
Disclosure for authentication of healthcare provider's
identity ............................................................................................. 14
21 Access
controls
................................................................................
14
22
Information about disclosures by service operator .......................... 14
Healthcare Identifiers Bill 2010 No. , 2010 ii
Division 3--Use, disclosure and adoption of healthcare identifier
by healthcare provider
15
23
Disclosure to healthcare recipient .................................................... 15
24
Use and disclosure for other purposes ............................................. 15
25 Adoption
by
healthcare provider ..................................................... 16
Division 4--Unauthorised use and disclosure of healthcare
identifiers
17
26
Unauthorised use and disclosure of healthcare identifiers
prohibited ......................................................................................... 17
Division 5--Protection of healthcare identifiers
18
27 Protection
of
healthcare identifiers .................................................. 18
Part 4--Interaction with the Privacy Act 1988
19
28 Interaction
with
the
Privacy Act 1988 .............................................. 19
29
Functions of Privacy Commissioner ................................................ 19
30
Annual reports by Privacy Commissioner ....................................... 19
Part 5--Healthcare Provider Directory
21
31 Healthcare
Provider Directory ......................................................... 21
Part 6--Oversight role of Ministerial Council
22
32 Directions
to
service operator .......................................................... 22
33 Consultation
with
Ministerial Council about regulations ................ 22
34
Annual reports by service operator .................................................. 22
35
Review of operation of Act .............................................................. 23
Part 7--Miscellaneous
24
36 Extent
of
authorisation
.....................................................................
24
37
Relationship to State and Territory laws .......................................... 24
38 Severability--additional
effect of Parts 3 and 4 .............................. 25
39 Regulations
......................................................................................
27
Healthcare Identifiers Bill 2010 No. , 2010 1
A Bill for an Act to provide for healthcare
1
identifiers, and for related purposes
2
The Parliament of Australia enacts:
3
Part 1--Preliminary
4
5
1 Short title
6
This Act may be cited as the Healthcare Identifiers Act 2010.
7
2 Commencement
8
This Act commences on the day after this Act receives the Royal
9
Assent.
10
Part 1 Preliminary
Section 3
2 Healthcare Identifiers Bill 2010 No. , 2010
3 Purpose of this Act
1
(1) The purpose of this Act is to provide a way of ensuring that an
2
entity that provides, or an individual who receives, healthcare is
3
correctly matched to health information that is created when
4
healthcare is provided.
5
(2) This purpose is to be achieved by assigning a unique identifying
6
number to each healthcare provider and healthcare recipient.
7
4 Act to bind the Crown
8
(1) This Act binds the Crown in right of the Commonwealth, of the
9
States, of the Australian Capital Territory, of the Northern
10
Territory and of Norfolk Island.
11
Note:
The Minister must, in certain circumstances, declare that certain
12
provisions of this Act do not apply to the public bodies of a specified
13
State or Territory: see subsection 37(4).
14
(2) This Act does not make the Crown liable to be prosecuted for an
15
offence.
16
5 Definitions
17
In this Act:
18
data source has the meaning given by subsection 12(2).
19
date of birth accuracy indicator means a data element that is used
20
to indicate how accurate a recorded date of birth is.
21
date of death accuracy indicator means a data element that is used
22
to indicate how accurate a recorded date of death is.
23
employee, of an entity, includes:
24
(a) an individual who provides services for the entity under a
25
contract for services; or
26
(b) an individual whose services are made available to the entity
27
(including services made available free of charge).
28
entity means:
29
(a) a person; or
30
Preliminary Part 1
Section 5
Healthcare Identifiers Bill 2010 No. , 2010 3
(b) a partnership; or
1
(c) any other unincorporated association or body; or
2
(d) a trust; or
3
(e) a part of another entity (under a previous application of this
4
definition).
5
healthcare means health service within the meaning of subsection
6
6(1) of the Privacy Act 1988.
7
healthcare identifier has the meaning given by section 9.
8
healthcare provider means:
9
(a) an individual who:
10
(i) has provided, provides, or is to provide, healthcare; or
11
(ii) is registered by a registration authority as a member of a
12
particular health profession; or
13
(b) an entity, or a part of an entity, that has conducted, conducts,
14
or will conduct, an enterprise that provides healthcare
15
(including healthcare provided free of charge).
16
Example: A public hospital, or a corporation that runs a medical centre.
17
healthcare recipient means an individual who has received,
18
receives, or may receive, healthcare.
19
health information has the meaning given by subsection 6(1) of
20
the Privacy Act 1988.
21
Human Research Ethics Committee has the meaning given by:
22
(a) the National Statement on Ethical Conduct in Human
23
Research issued in March 2007 by the Chief Executive
24
Officer of the National Health and Medical Research Council
25
under the National Health and Medical Research Council Act
26
1992; or
27
(b) if that Statement is amended--that Statement as amended.
28
Note:
In 2010, the text of the Statement was accessible through the National
29
Health and Medical Research Council website (www.nhmrc.gov.au).
30
identified healthcare provider means a healthcare provider who
31
has been assigned a healthcare identifier under section 9.
32
Part 1 Preliminary
Section 5
4 Healthcare Identifiers Bill 2010 No. , 2010
identifying information has the meaning given by section 7.
1
law includes:
2
(a) an Act or legislative instrument; or
3
(b) an Act or legislative instrument of a State or Territory.
4
Ministerial Council has the meaning given by:
5
(a) the National Partnership Agreement on E-Health made on
6
7 December 2009 between the Commonwealth, the States,
7
the Australian Capital Territory and the Northern Territory;
8
or
9
(b) if that Agreement is amended--that Agreement as amended.
10
Note:
In 2010, the text of the Agreement was accessible through the Council
11
of Australian Governments website (www.coag.gov.au).
12
National Privacy Principle has the meaning given by the Privacy
13
Act 1988.
14
national registration authority has the meaning given by section 8.
15
public body, of a State or Territory, means:
16
(a) the Crown in right of the State or Territory; or
17
(b) a State or Territory authority of that State or Territory; or
18
(c) the head (however described) of a Department of State of the
19
State or Territory; or
20
(d) the Parliament of the State, or the legislature of the Territory
21
(whichever is applicable); or
22
(e) a member of the Parliament of the State, or of the legislature
23
of the Territory (whichever is applicable).
24
registration authority means an entity that is responsible under a
25
law for registering members of a particular health profession.
26
service operator has the meaning given by section 6.
27
State or Territory authority has the meaning given by the Privacy
28
Act 1988.
29
Veterans' Affairs Department means the Department that:
30
(a) deals with matters arising under:
31
Preliminary Part 1
Section 6
Healthcare Identifiers Bill 2010 No. , 2010 5
(i) section 1 of the Australian Participants in British
1
Nuclear Tests (Treatment) Act 2006; or
2
(ii) section 1 of the Military Rehabilitation and
3
Compensation Act 2004; or
4
(iii) section 1 of the Veterans' Entitlements Act 1986; and
5
(b) is administered by the Minister who administers that section.
6
6 Meaning of service operator
7
(1) The Chief Executive Officer of Medicare Australia is the service
8
operator.
9
(2) However, if the regulations prescribe another person for the
10
purpose of this subsection, that person is the service operator
11
instead.
12
7 Meaning of identifying information
13
(1) Each of the following is identifying information of a healthcare
14
provider who is an individual, if the service operator requires it for
15
the purpose of performing the service operator's functions under
16
this Act in relation to the healthcare provider:
17
(a) the name of the healthcare provider;
18
(b) the address of the healthcare provider;
19
(c) the date of birth, and the date of birth accuracy indicator, of
20
the healthcare provider;
21
(d) the sex of the healthcare provider;
22
(e) the type of healthcare provider that the individual is;
23
(f) if the healthcare provider is registered by a registration
24
authority--the registration authority's identifier for the
25
healthcare provider and the status of the registration (such as
26
conditional, suspended or cancelled);
27
(g) other information that is prescribed by the regulations for the
28
purpose of this paragraph.
29
(2) Each of the following is identifying information of a healthcare
30
provider that is not an individual, if the service operator requires it
31
for the purpose of performing the service operator's functions
32
under this Act in relation to the healthcare provider:
33
Part 1 Preliminary
Section 8
6 Healthcare Identifiers Bill 2010 No. , 2010
(a) the name of the healthcare provider;
1
(b) the address of the healthcare provider;
2
(c) if applicable, the ABN (within the meaning of the A New Tax
3
System (Australian Business Number) Act 1999) of the
4
healthcare provider;
5
(d) if applicable, the ACN (within the meaning of the
6
Corporations Act 2001) of the healthcare provider;
7
(e) other information that is prescribed by the regulations for the
8
purpose of this paragraph.
9
(3) Each of the following is identifying information of a healthcare
10
recipient, if the service operator requires it for the purpose of
11
performing the service operator's functions under this Act in
12
relation to the healthcare recipient:
13
(a) if applicable, the Medicare number of the healthcare
14
recipient;
15
(b) if applicable, the Veterans' Affairs Department file number
16
of the healthcare recipient;
17
(c) the name of the healthcare recipient;
18
(d) the address of the healthcare recipient;
19
(e) the date of birth, and the date of birth accuracy indicator, of
20
the healthcare recipient;
21
(f) the sex of the healthcare recipient;
22
(g) for a healthcare recipient who was part of a multiple birth--
23
the order in which the healthcare recipient was born;
24
Example: The 2nd of twins.
25
(h) if applicable, the date of death, and the date of death accuracy
26
indicator, of the healthcare recipient.
27
8 Meaning of national registration authority
28
A
national registration authority is a registration authority that is
29
prescribed by the regulations for the purposes of this section.
30
31
Assigning healthcare identifiers Part 2
Section 9
Healthcare Identifiers Bill 2010 No. , 2010 7
Part 2--Assigning healthcare identifiers
1
2
9 Assigning healthcare identifiers
3
(1) The service operator is authorised to assign a number (a healthcare
4
identifier) to uniquely identify:
5
(a) a healthcare provider included in a class prescribed by the
6
regulations for the purpose of this paragraph; or
7
(b)
a
healthcare
recipient.
8
(2) A national registration authority is authorised to assign a number (a
9
healthcare identifier) to uniquely identify a healthcare provider, if:
10
(a) the healthcare provider is an individual who is a member of a
11
particular health profession; and
12
(b) the national registration authority is responsible under a law
13
for registering members of that health profession.
14
(3) The types of healthcare identifiers include:
15
(a) an identifier that is assigned to a healthcare provider who is
16
an individual who:
17
(i) has provided, provides, or is to provide, healthcare; or
18
(ii) is registered by a registration authority as a member of a
19
particular health profession; and
20
(b) an identifier that is assigned to a healthcare provider who has
21
conducted, conducts, or will conduct, an enterprise that
22
provides healthcare (including healthcare provided free of
23
charge); and
24
(c) an identifier that is assigned to a healthcare recipient.
25
Note:
A healthcare provider who is an individual and who is covered by
26
both paragraphs of the definition of healthcare provider in section 5
27
(for example, a sole practitioner) may be assigned:
28
(a) a healthcare identifier of the type mentioned in paragraph (3)(a);
29
and
30
(b) a different healthcare identifier of the type mentioned in
31
paragraph (3)(b).
32
(4) In exercising a power under subsection (1), the service operator is
33
not required to consider whether a healthcare provider or
34
Part 2 Assigning healthcare identifiers
Section 10
8 Healthcare Identifiers Bill 2010 No. , 2010
healthcare recipient agrees to having a healthcare identifier
1
assigned to the healthcare provider or healthcare recipient.
2
(5) The regulations may prescribe requirements for assigning a
3
healthcare identifier to a healthcare provider or to a healthcare
4
recipient, including providing for review of decisions made under
5
this section.
6
(6) A healthcare identifier is an identifier for the purpose of National
7
Privacy Principle 7.
8
10 Service operator must keep record of healthcare identifiers etc.
9
The service operator must establish and maintain an accurate
10
record of:
11
(a) healthcare identifiers that have been assigned; and
12
(b) the information that the service operator has that relates to
13
those healthcare identifiers, including details of requests
14
made to the service operator for the service operator to
15
disclose those healthcare identifiers under Division 2 of
16
Part 3.
17
18
Use and disclosure of healthcare identifiers and other information Part 3
Use and disclosure of identifying information for assignment of healthcare identifiers
Division 1
Section 11
Healthcare Identifiers Bill 2010 No. , 2010 9
Part 3--Use and disclosure of healthcare identifiers
1
and other information
2
Division 1--Use and disclosure of identifying information
3
for assignment of healthcare identifiers
4
11 Disclosure by healthcare providers
5
(1) An identified healthcare provider is authorised to disclose
6
identifying information of a healthcare recipient to the service
7
operator for the purpose of the service operator assigning a
8
healthcare identifier to the healthcare recipient.
9
(2) The service operator is authorised:
10
(a) to collect the information; and
11
(b) to use the information for the purpose of assigning a
12
healthcare identifier to the healthcare recipient.
13
12 Disclosure by data sources
14
(1) A data source is authorised to disclose identifying information of a
15
healthcare provider, or of a healthcare recipient, to the service
16
operator for the purpose of the service operator assigning a
17
healthcare identifier to the healthcare provider or healthcare
18
recipient.
19
(2) Each of the following is a data source:
20
(a)
Medicare
Australia;
21
(b) the Veterans' Affairs Department;
22
(c) any entity prescribed by the regulations for the purpose of
23
this paragraph.
24
(3) The service operator is authorised:
25
(a) to collect the information; and
26
(b) to use the information for the purpose of assigning a
27
healthcare identifier to the healthcare provider or healthcare
28
recipient.
29
Part 3 Use and disclosure of healthcare identifiers and other information
Division 1 Use and disclosure of identifying information for assignment of healthcare
identifiers
Section 13
10 Healthcare Identifiers Bill 2010 No. , 2010
13 Disclosure by national registration authority
1
(1) A national registration authority is authorised to disclose:
2
(a) a healthcare identifier; or
3
(b) information that the national registration authority has that
4
relates to a healthcare identifier;
5
to the service operator for the purpose of the service operator
6
establishing or maintaining the record mentioned in section 10.
7
(2) The service operator is authorised:
8
(a) to collect the healthcare identifier or information; and
9
(b) to use the healthcare identifier or information for the purpose
10
of establishing or maintaining the record mentioned in
11
section 10.
12
14 Maintaining healthcare identifiers
13
The regulations may require an identified healthcare provider to
14
provide to the service operator information that:
15
(a) relates to the healthcare provider's healthcare identifier; and
16
(b) is prescribed by the regulations for the purposes of this
17
section.
18
15 Service operator's duty of confidentiality
19
(1) A person commits an offence if:
20
(a) information was disclosed to the person for the purpose of
21
Part 2 or this Division; and
22
(b)
the
person:
23
(i) uses the information; or
24
(ii) discloses the information.
25
Penalty: Imprisonment for 2 years or 120 penalty units, or both.
26
Note:
If a body corporate is convicted of an offence against subsection (1),
27
subsection 4B(3) of the Crimes Act 1914 allows a court to impose a
28
fine of up to 600 penalty units.
29
(2) Subsection (1) does not apply if the person uses or discloses the
30
information for:
31
Use and disclosure of healthcare identifiers and other information Part 3
Use and disclosure of identifying information for assignment of healthcare identifiers
Division 1
Section 15
Healthcare Identifiers Bill 2010 No. , 2010 11
(a) the purpose for which the information was disclosed to the
1
person; or
2
(b) a purpose that is authorised under another law.
3
Note:
A defendant bears an evidential burden in relation to the matters in
4
subsection (2): see subsection 13.3(3) of the Criminal Code.
5
(3) A person commits an offence if:
6
(a) information was disclosed to the person in contravention of
7
subsection (1); and
8
(b) the person knows that the disclosure of the information to the
9
person contravened that subsection; and
10
(c)
the
person:
11
(i) uses the information; or
12
(ii) discloses the information.
13
Penalty: Imprisonment for 2 years or 120 penalty units, or both.
14
Note:
If a body corporate is convicted of an offence against subsection (3),
15
subsection 4B(3) of the Crimes Act 1914 allows a court to impose a
16
fine of up to 600 penalty units.
17
(4) Subsection (3) does not apply if the person discloses the
18
information for the purpose of an appropriate authority
19
investigating the contravention mentioned in paragraph (3)(b).
20
Note:
A defendant bears an evidential burden in relation to the matter in
21
subsection (4): see subsection 13.3(3) of the Criminal Code.
22
23
Part 3 Use and disclosure of healthcare identifiers and other information
Division 2 Disclosure of healthcare identifier by service operator
Section 16
12 Healthcare Identifiers Bill 2010 No. , 2010
Division 2--Disclosure of healthcare identifier by service
1
operator
2
Subdivision A--Request by healthcare provider for healthcare
3
recipient's healthcare identifier
4
16 Disclosure of healthcare recipient's identifying information by
5
healthcare provider
6
(1) An identified healthcare provider is authorised to disclose
7
identifying information of a healthcare recipient to the service
8
operator for the purpose of the service operator disclosing the
9
healthcare recipient's healthcare identifier to the healthcare
10
provider under section 17.
11
(2) The service operator is authorised:
12
(a) to collect the information; and
13
(b) to use the information for the purpose of disclosing the
14
healthcare recipient's healthcare identifier to the healthcare
15
provider under section 17.
16
Subdivision B--Disclosure of healthcare identifier by service
17
operator
18
17 Disclosure to healthcare provider
19
(1) For the purpose of an identified healthcare provider
20
communicating or managing health information, as part of
21
providing healthcare to a healthcare recipient, the service operator
22
is authorised to disclose a healthcare identifier to:
23
(a) an identified healthcare provider (the collecting provider); or
24
(b) an employee (the authorised employee) of an identified
25
healthcare provider, if that identified healthcare provider has,
26
by notice to the service operator, authorised the employee to
27
act on behalf of that identified healthcare provider under this
28
section.
29
(2) The collecting provider or authorised employee is authorised to
30
collect the healthcare identifier.
31
Use and disclosure of healthcare identifiers and other information Part 3
Disclosure of healthcare identifier by service operator Division 2
Section 18
Healthcare Identifiers Bill 2010 No. , 2010 13
Note 1:
Section 24 authorises a healthcare provider to use, or to disclose, a
1
healthcare identifier:
2
(a) for the purpose of communicating or managing health
3
information, as part of the provision of healthcare to a healthcare
4
recipient; or
5
(b) for certain other purposes.
6
Note 2:
Section 25 authorises a healthcare provider to adopt the healthcare
7
identifier of a healthcare recipient as the healthcare provider's own
8
identifier of the healthcare recipient.
9
18 Disclosure to healthcare recipient
10
The service operator must, if asked to do so by a healthcare
11
recipient or a person who is responsible (within the meaning of
12
subclause 2.5 of National Privacy Principle 2) for a healthcare
13
recipient, disclose to the healthcare recipient or responsible person:
14
(a) the healthcare recipient's healthcare identifier (if any); or
15
(b)
information
that:
16
(i) relates to the healthcare recipient or to the healthcare
17
recipient's healthcare identifier; and
18
(ii) is included in the record the service operator maintains
19
under section 10.
20
19 Disclosure to registration authority
21
(1) The service operator is authorised to disclose an identified
22
healthcare provider's healthcare identifier to a registration
23
authority for the purpose of the registration authority registering
24
the healthcare provider.
25
(2) The registration authority is authorised:
26
(a) to collect the healthcare identifier; and
27
(b) to use the healthcare identifier for the purpose of the
28
registration authority:
29
(i) registering the healthcare provider; or
30
(ii) performing any other function of the registration
31
authority under a law.
32
Part 3 Use and disclosure of healthcare identifiers and other information
Division 2 Disclosure of healthcare identifier by service operator
Section 20
14 Healthcare Identifiers Bill 2010 No. , 2010
20 Disclosure for authentication of healthcare provider's identity
1
(1) The service operator is authorised to disclose an identified
2
healthcare provider's healthcare identifier to an entity for the
3
purpose of enabling the healthcare provider's identity to be
4
authenticated in electronic transmissions (for example, as part of a
5
public key infrastructure).
6
(2) The entity is authorised:
7
(a) to collect the healthcare identifier; and
8
(b) to use the healthcare identifier for the purpose of enabling the
9
healthcare provider's identity to be authenticated in
10
electronic transmissions.
11
21 Access controls
12
The regulations may prescribe rules about the disclosure of
13
healthcare identifiers by the service operator, including rules about
14
requests to the service operator to disclose healthcare identifiers.
15
22 Information about disclosures by service operator
16
If the service operator discloses a healthcare identifier to an entity,
17
the regulations may require the entity to provide prescribed
18
information to the service operator in relation to that disclosure.
19
Note:
The regulations may provide for the imposition of a penalty for
20
contravention of a regulation: see subsection 39(2).
21
22
Use and disclosure of healthcare identifiers and other information Part 3
Use, disclosure and adoption of healthcare identifier by healthcare provider Division 3
Section 23
Healthcare Identifiers Bill 2010 No. , 2010 15
Division 3--Use, disclosure and adoption of healthcare
1
identifier by healthcare provider
2
23 Disclosure to healthcare recipient
3
A healthcare provider is authorised to disclose a healthcare
4
recipient's healthcare identifier to:
5
(a) the healthcare recipient; or
6
(b) a person who is responsible (within the meaning of subclause
7
2.5 of National Privacy Principle 2) for the healthcare
8
recipient.
9
24 Use and disclosure for other purposes
10
Use and disclosure for other purposes
11
(1) A healthcare provider is authorised to use a healthcare identifier, or
12
to disclose a healthcare identifier to an entity, (including a
13
healthcare identifier disclosed to the healthcare provider for any
14
purpose under a previous application of this section) if:
15
(a) the purpose of the use or disclosure is to communicate or
16
manage health information as part of:
17
(i) the provision of healthcare to a healthcare recipient; or
18
(ii) the management (including the investigation or
19
resolution of complaints), funding, monitoring or
20
evaluation of healthcare; or
21
(iii) the provision of indemnity cover for a healthcare
22
provider; or
23
(iv) the conduct of research that has been approved by a
24
Human Research Ethics Committee; or
25
(b) the healthcare provider reasonably believes that the use or
26
disclosure is necessary to lessen or prevent:
27
(i) a serious threat to an individual's life, health or safety;
28
or
29
(ii) a serious threat to public health or public safety.
30
(2) The entity is authorised:
31
(a) to collect the healthcare identifier; and
32
Part 3 Use and disclosure of healthcare identifiers and other information
Division 3 Use, disclosure and adoption of healthcare identifier by healthcare provider
Section 25
16 Healthcare Identifiers Bill 2010 No. , 2010
(b) to use the healthcare identifier, or to disclose the healthcare
1
identifier to a healthcare provider, for the purpose for which
2
it was disclosed to the entity.
3
(3) A healthcare provider to which a healthcare identifier is disclosed
4
under paragraph (2)(b) is authorised to collect the healthcare
5
identifier.
6
Note 1:
Subsection (1) authorises the healthcare provider to use, or to disclose,
7
the healthcare identifier. Section 25 authorises the healthcare provider
8
to adopt the healthcare identifier.
9
Note 2:
An entity may also use, or disclose, a healthcare identifier for a
10
purpose that is authorised under another law: see paragraph 26(2)(b).
11
Certain purposes excluded
12
(4) This section does not authorise the use or disclosure of the
13
healthcare identifier of a healthcare recipient for the purpose of
14
communicating or managing health information as part of:
15
(a) underwriting a contract of insurance that covers the
16
healthcare recipient; or
17
(b) determining whether to enter into a contract of insurance that
18
covers the healthcare recipient (whether alone or as a
19
member of a class); or
20
(c) determining whether a contract of insurance covers the
21
healthcare recipient in relation to a particular event; or
22
(d) employing the healthcare recipient.
23
25 Adoption by healthcare provider
24
A healthcare provider is authorised to adopt the healthcare
25
identifier of a healthcare recipient (including a healthcare identifier
26
disclosed to the healthcare provider for any purpose under
27
section 24) as the healthcare provider's own identifier of the
28
healthcare recipient.
29
Note:
This Division authorises the collection, use, disclosure and adoption
30
of only healthcare identifiers, and information relating to healthcare
31
identifiers. The collection, use, disclosure or adoption of other
32
personal information (e.g. health information), is dealt with in other
33
legislation, including the Privacy Act 1988.
34
35
Use and disclosure of healthcare identifiers and other information Part 3
Unauthorised use and disclosure of healthcare identifiers Division 4
Section 26
Healthcare Identifiers Bill 2010 No. , 2010 17
Division 4--Unauthorised use and disclosure of healthcare
1
identifiers
2
26 Unauthorised use and disclosure of healthcare identifiers
3
prohibited
4
Offence
5
(1) A person commits an offence if:
6
(a) a healthcare identifier is disclosed to the person; and
7
(b)
the
person:
8
(i) uses the healthcare identifier; or
9
(ii) discloses the healthcare identifier.
10
Penalty: Imprisonment for 2 years or 120 penalty units, or both.
11
Note:
If a body corporate is convicted of an offence against subsection (1),
12
subsection 4B(3) of the Crimes Act 1914 allows a court to impose a
13
fine of up to 600 penalty units.
14
(2) However, subsection (1) does not apply if:
15
(a)
the
person:
16
(i) is authorised to use, or to disclose, the healthcare
17
identifier for a purpose that is authorised under this Act;
18
and
19
(ii) uses or discloses the healthcare identifier for that
20
purpose; or
21
(b) the person uses or discloses the healthcare identifier for a
22
purpose that is authorised under another law; or
23
(c) the person uses or discloses the healthcare identifier only for
24
the purpose of, or in connection with, the person's personal,
25
family or household affairs (within the meaning of
26
section 16E of the Privacy Act 1988).
27
Note:
A defendant bears an evidential burden in relation to the matters in
28
subsection (2): see subsection 13.3(3) of the Criminal Code.
29
30
Part 3 Use and disclosure of healthcare identifiers and other information
Division 5 Protection of healthcare identifiers
Section 27
18 Healthcare Identifiers Bill 2010 No. , 2010
Division 5--Protection of healthcare identifiers
1
27 Protection of healthcare identifiers
2
An entity must:
3
(a) take reasonable steps to protect healthcare identifiers the
4
entity holds from:
5
(i) misuse and loss; and
6
(ii) unauthorised access, modification or disclosure; and
7
(b) comply with any requirements prescribed by the regulations
8
for the protection of healthcare identifiers the entity holds.
9
Note:
The regulations may provide for the imposition of a penalty for
10
contravention of a regulation: see subsection 39(2).
11
12
Interaction with the Privacy Act 1988 Part 4
Section 28
Healthcare Identifiers Bill 2010 No. , 2010 19
Part 4--Interaction with the Privacy Act 1988
1
2
28 Interaction with the Privacy Act 1988
3
An authorisation to collect, use or disclose a healthcare identifier
4
or identifying information under this Act is also an authorisation to
5
collect, use or disclose the healthcare identifier or identifying
6
information for the purpose of the Privacy Act 1988.
7
29 Functions of Privacy Commissioner
8
Breach of this Act is an interference with privacy
9
(1) An act or practice that contravenes this Act or the regulations in
10
connection with the healthcare identifier of an individual is taken
11
to be:
12
(a) for the purposes of the Privacy Act 1988, an interference with
13
the privacy of the individual; and
14
(b) covered by section 13 of that Act.
15
Note:
The act or practice may be the subject of a complaint under section 36
16
of that Act.
17
(2) For the purpose of applying Part V of that Act (Investigations) in
18
relation to the act or practice, treat a State or Territory authority as
19
if it were an organisation (within the meaning of that Act).
20
Audits
21
(3) For the purpose of paragraph 27(1)(h) of the Privacy Act 1988
22
(about audits), a healthcare identifier is taken to be personal
23
information.
24
30 Annual reports by Privacy Commissioner
25
(1) The Privacy Commissioner must, as soon as practicable after the
26
end of each financial year, prepare a report on the Privacy
27
Commissioner's compliance and enforcement activities under this
28
Act during the financial year.
29
Part 4 Interaction with the Privacy Act 1988
Section 30
20 Healthcare Identifiers Bill 2010 No. , 2010
(2) The Privacy Commissioner must give a copy of the report to the
1
Minister, and to the Ministerial Council, no later than on
2
30 September after the end of the financial year to which the report
3
relates.
4
(3) The Minister must table a copy of the report in each House of
5
Parliament within 15 sitting days after the Privacy Commissioner
6
gives a copy of the report to the Minister.
7
8
Healthcare Provider Directory Part 5
Section 31
Healthcare Identifiers Bill 2010 No. , 2010 21
Part 5--Healthcare Provider Directory
1
2
31 Healthcare Provider Directory
3
(1) The service operator must establish and maintain a record (the
4
Healthcare Provider Directory) of the professional and business
5
details of the healthcare providers who have consented to those
6
details being included in the Healthcare Provider Directory.
7
(2) The service operator may disclose the professional or business
8
details of a healthcare provider who is listed in the Healthcare
9
Provider Directory to:
10
(a) an identified healthcare provider; or
11
(b) an employee of an identified healthcare provider, if that
12
identified healthcare provider has, by notice to the service
13
operator, authorised the employee to act on behalf of that
14
identified healthcare provider under this section.
15
16
Part 6 Oversight role of Ministerial Council
Section 32
22 Healthcare Identifiers Bill 2010 No. , 2010
Part 6--Oversight role of Ministerial Council
1
2
32 Directions to service operator
3
(1) After consulting the Ministerial Council, the Minister may, by
4
legislative instrument, give directions to the service operator about
5
the performance of the service operator's functions under this Act.
6
Note 1:
Section 42 (disallowance) of the Legislative Instruments Act 2003
7
does not apply to the directions--see section 44 of that Act.
8
Note 2:
Part 6 (sunsetting) of the Legislative Instruments Act 2003 does not
9
apply to the directions--see section 54 of that Act.
10
(2) The service operator must comply with a direction given under
11
subsection (1).
12
33 Consultation with Ministerial Council about regulations
13
Before the Governor-General makes a regulation for the purpose of
14
this Act, the Minister must consult with the Ministerial Council.
15
34 Annual reports by service operator
16
(1) The service operator must, as soon as practicable after the end of
17
each financial year, prepare a report on the activities, finances and
18
operations of the service operator during the financial year, so far
19
as they relate to this Act and the regulations.
20
(2) The service operator must give a copy of the report to:
21
(a) the Minister; and
22
(b)
either:
23
(i) the Ministerial Council; or
24
(ii) if the Ministerial Council directs the service operator to
25
give the report to another entity--that other entity;
26
no later than on 30 September after the end of the financial year to
27
which the report relates.
28
(3) The Minister must table a copy of the report in each House of
29
Parliament within 15 sitting days after the service operator gives a
30
copy of the report to the Minister.
31
Oversight role of Ministerial Council Part 6
Section 35
Healthcare Identifiers Bill 2010 No. , 2010 23
35 Review of operation of Act
1
(1) The Minister must, after consulting the Ministerial Council,
2
appoint an individual:
3
(a) to review the operation of this Act; and
4
(b) to prepare a report on the review before 30 June 2013.
5
(2) The Minister must:
6
(a) provide a copy of the report to the Ministerial Council; and
7
(b) table a copy of the report in each House of Parliament within
8
15 sitting days after the report is prepared.
9
10
Part 7 Miscellaneous
Section 36
24 Healthcare Identifiers Bill 2010 No. , 2010
Part 7--Miscellaneous
1
2
36 Extent of authorisation
3
An authorisation under this Act to an entity for a particular purpose
4
is an authorisation to an individual:
5
(a) who is an employee of the entity; and
6
(b) whose duties involve the implementation of that purpose.
7
37 Relationship to State and Territory laws
8
Relationship to State and Territory laws
9
(1) A law of a State or Territory has effect to the extent that the law is
10
capable of operating concurrently with this Act or the regulations.
11
(2)
However,
if:
12
(a) a person's act or omission is both:
13
(i) an offence under this Act; and
14
(ii) an offence under the law of a State or Territory; and
15
(b) that person is convicted of either of those offences;
16
the person is not liable to be convicted of the other offence.
17
(3) Nothing in this Act limits, restricts or otherwise affects any right or
18
remedy that a person would have had if this Act had not been
19
enacted.
20
Declarations that Act does not apply
21
(4) A provision of this Act does not apply to the public bodies of a
22
State or Territory if a declaration made under subsection (5) is in
23
force in relation to that provision and that State or Territory.
24
(5) The Minister must, by legislative instrument, declare that specified
25
provisions of this Act do not apply to the public bodies of a
26
specified State or Territory if:
27
(a) a Minister of the State or Territory, by written notice,
28
requests the Minister to make the declaration; and
29
Miscellaneous Part 7
Section 38
Healthcare Identifiers Bill 2010 No. , 2010 25
(b) the Minister is satisfied that a law in force in the State or
1
Territory contains provisions that have been agreed to by the
2
Ministerial Council.
3
(6) The Minister may, by legislative instrument, revoke the declaration
4
if:
5
(a) a Minister of the State, by written notice, requests the
6
Minister to do so; or
7
(b) a provision in the State or Territory law, which had been
8
agreed to by the Ministerial Council, is amended without the
9
agreement of the Ministerial Council.
10
(7) Neither section 42 (disallowance) nor Part 6 (sunsetting) of the
11
Legislative Instruments Act 2003 applies to a declaration or
12
revocation made under subsection (5) or (6) of this section.
13
38 Severability--additional effect of Parts 3 and 4
14
(1) Without limiting their effect apart from each of the following
15
subsections of this section, Parts 3 and 4 have effect in relation to a
16
collection, use or disclosure of information as provided by that
17
subsection.
18
(2) Parts 3 and 4 also have the effect they would have if their operation
19
in relation to a collection, use or disclosure of information were
20
expressly confined to a collection, use or disclosure taking place in
21
the course of, or in relation to, trade or commerce:
22
(a) between Australia and places outside Australia; or
23
(b) among the States; or
24
(c) within a Territory, between a State and a Territory or
25
between 2 Territories.
26
(3) Parts 3 and 4 also have the effect they would have if their operation
27
in relation to a collection, use or disclosure of information were
28
expressly confined to a collection, use or disclosure using a postal,
29
telegraphic, telephonic or other like service (within the meaning of
30
paragraph 51(v) of the Constitution).
31
(4) Parts 3 and 4 also have the effect they would have if their operation
32
in relation to a collection, use or disclosure of information were
33
expressly confined to a collection, use or disclosure in relation to
34
Part 7 Miscellaneous
Section 38
26 Healthcare Identifiers Bill 2010 No. , 2010
census or statistics (within the meaning of paragraph 51(xi) of the
1
Constitution).
2
(5) Parts 3 and 4 also have the effect they would have if their operation
3
in relation to a collection, use or disclosure of information were
4
expressly confined to a collection, use or disclosure in relation to
5
aliens (within the meaning of paragraph 51(xix) of the
6
Constitution).
7
(6) Parts 3 and 4 also have the effect they would have if their operation
8
in relation to a collection, use or disclosure of information were
9
expressly confined to a collection, use or disclosure by, or to, a
10
trading, foreign or financial corporation (within the meaning of
11
paragraph 51(xx) of the Constitution).
12
(7) Parts 3 and 4 also have the effect they would have if their operation
13
in relation to a collection, use or disclosure of information were
14
expressly confined to a collection, use or disclosure in relation to
15
the provision of:
16
(a) sickness or hospital benefits; or
17
(b) medical or dental services (but not so as to authorise any
18
form of civil conscription);
19
(within the meaning of paragraph 51(xxiiiA) of the Constitution).
20
(8) Parts 3 and 4 also have the effect they would have if their operation
21
in relation to a collection, use or disclosure of information were
22
expressly confined to a collection, use or disclosure:
23
(a) in relation to which the Commonwealth is under an
24
obligation under an international agreement, including, the
25
International Covenant on Civil and Political Rights, and in
26
particular Article 17 of the Covenant; or
27
Note:
The text of the Covenant is set out in Australian Treaty Series
28
1980 No. 23 ([1980] ATS 23). In 2010, a text of a Covenant in
29
the Australian Treaties Series was accessible through the
30
Australian Treaties Library on the AustLII website
31
(www.austlii.edu.au).
32
(b) that is of international concern, including the international
33
concern reflected by the Guidelines Governing the Protection
34
of Privacy and Transborder Flows of Personal Data,
35
recommended by the Council of the Organisation for
36
Miscellaneous Part 7
Section 39
Healthcare Identifiers Bill 2010 No. , 2010 27
Economic Co-operation and Development on 23 September
1
1980.
2
Note:
In 2010, the text of the Guidelines was accessible through the
3
Organisation for Economic Co-operation and Development
4
website (www.oecd.org).
5
(9) Parts 3 and 4 also have the effect they would have if their operation
6
in relation to a collection, use or disclosure of information were
7
expressly confined to a collection, use or disclosure by, or to, the
8
Commonwealth or a Commonwealth authority.
9
(10) Parts 3 and 4 also have the effect they would have if their operation
10
in relation to a collection, use or disclosure of information were
11
expressly confined to a collection, use or disclosure taking place in
12
a Territory.
13
39 Regulations
14
(1) The Governor-General may make regulations prescribing matters:
15
(a) required or permitted to be prescribed by this Act; or
16
(b) necessary or convenient to be prescribed for carrying out or
17
giving effect to this Act.
18
Note:
Before the Governor-General makes a regulation for the purpose of
19
this Act, the Minister must consult with the Ministerial Council: see
20
section 33.
21
(2) Without limiting subsection (1), the regulations may provide for
22
the imposition of a penalty of not more than 50 penalty units for
23
contravention of a regulation.
24