Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) The Governor - General may make regulations prescribing matters:
(a) required or permitted to be prescribed by this Act; or
(b) necessary or convenient to be prescribed for carrying out or giving effect to this Act.
Note: Before the Governor - General makes a regulation for the purpose of this Act, the Minister must consult with the Ministerial Council: see section 33 .
(2) Without limiting subsection ( 1), the regulation s may provide for the imposition of a penalty of not more than 5 0 penalty units for contravention of a regulation .
Under this Act, healthcare identifiers are assigned to healthcare recipients, individual healthcare providers and healthcare provider organisations.
There are strict rules on:
(a) the verification of a person's identity before a healthcare identifier is assigned; and
(b) the purposes for which a healthcare identifier can be collected, used and disclosed; and
(c) the purposes for which the identifying information of a healthcare recipient, a healthcare provider or a healthcare provider organisation can be collected, used and disclosed.
This Act facilitates the use of the healthcare identifier for the purposes of communicating and managing health information about a healthcare recipient (including through the My Health Record system).
This Act also facilitates:
(a) the creation of a Healthcare Provider Directory, to allow healthcare providers to check the professional and business details of healthcare providers; and
(b) the use of authenticated electronic communications by healthcare providers.
Healthcare identifiers are assigned to healthcare recipients, individual healthcare providers and healthcare provider organisations.
The service operator assigns healthcare identifiers to healthcare recipients. A national registration authority will usually assign a healthcare identifier to an individual healthcare provider, although there are a number of cases in which a healthcare provider is not registered by such an authority. In those cases, the healthcare identifier is assigned by the service operator. The service operator assigns a healthcare identifier to a healthcare provider organisation.
For a healthcare provider organisation to be assigned a healthcare identifier, the organisation must have at least one employee who is an individual healthcare provider providing healthcare as part of his or her duties, a responsible officer and an organisation maintenance officer. The responsible officer may also be the organisation maintenance officer. If the organisation is part of, or subordinate to, another healthcare provider organisation, it need not have its own responsible officer.
A sole practitioner may be registered as a healthcare provider organisation.
If the service operator refuses to assign a healthcare identifier, a person whose interests are affected by the decision may ask the service operator to reconsider the decision. A person may apply to the Administrative Appeals Tribunal for review of the service operator's reconsidered decision.
The service operator must keep a record of the healthcare identifiers assigned, and other information relating to the healthcare identifiers including details of requests to the service operator to disclose a healthcare identifier.
This Part authorises the collection, use and disclosure of healthcare identifiers, identifying information and other information.
Healthcare identifiers and other information relating to healthcare recipients
The service operator may collect information about a healthcare recipient from various sources for the purpose of assigning a healthcare identifier to the recipient. Once a healthcare identifier is assigned to a healthcare recipient, the service operator may disclose it to healthcare providers to assist in communicating and managing health information. The healthcare identifier may also be disclosed to other entities to assist in the operation of the My Health Record system.
A healthcare provider can obtain the healthcare identifier of a healthcare recipient from the service operator, so that the healthcare provider can communicate and manage health information. The healthcare provider can use the healthcare identifier in providing healthcare, for example, by using it to access the My Health Record of a healthcare recipient.
Healthcare identifiers and other information relating to healthcare providers
Under Part 2, the service operator must keep a record of the healthcare identifiers that have been assigned and other information relating to healthcare identifiers. As a national registration authority assigns healthcare identifiers to most healthcare providers, the service operator may obtain information for the record from a national registration authority.
Under Part 2, the service operator assigns healthcare identifiers to healthcare providers in a number of cases. The service operator may collect information about a healthcare provider from various sources for the purposes of assigning those identifiers.
The service operator may disclose the healthcare identifiers of healthcare providers to healthcare providers to assist in communicating and managing health information. The healthcare identifier may also be disclosed to other entities to assist in the operation of the My Health Record system.
A healthcare provider can obtain the healthcare identifier of a healthcare provider from the service operator, so that the healthcare provider can communicate and manage health information. This includes the use of the identifier in electronic transmissions. The collection, use and disclosure of identifying information and healthcare identifiers is permitted for the purposes of authenticating a healthcare provider's identity in electronic transmissions.
A person must not use or disclose information collected for the purposes of the Act or healthcare identifiers, except where required or authorised to do so under the Act or in other limited circumstances. Criminal and civil penalties apply if this obligation is breached.
If a person is authorised to collect, use or disclose information under this Act, the person will not interfere with the privacy of an individual for the purposes of the Privacy Act 1988 in doing so.
Section 26 imposes a higher standard of privacy in relation to healthcare identifiers than is imposed in relation to other information. If a person uses or discloses a healthcare identifier in circumstances that are not permitted under that section, the person will not only be subject to criminal and civil penalties. That action will also be an interference with privacy for the purposes of the Privacy Act 1988 , and can be dealt with as such under that Act.
The Healthcare Provider Directory is a directory available to healthcare providers to allow them to find information about other healthcare providers, such as:
(a) the healthcare identifier of a healthcare provider; and
(b) whether an individual healthcare provider is linked to a healthcare provider organisation; and
(c) whether a healthcare provider is registered under the My Health Record system; and
(d) whether a healthcare provider is registered with a registration authority and the status of that registration (such as whether it is conditional, suspended, cancelled or lapsed); and
(e) the type of healthcare provider that an individual is.
The Minister may give directions to the service operator about the performance of the service operator's functions under this Act, after consulting the Ministerial Council.
The Minister must also consult the Ministerial Council before regulations are made under this Act.
If an entity is authorised to collect, use or disclose information under this Act, an employee or contracted service provider of the entity is authorised to do that, provided the duties of the employee or contracted service provider involve implementing the purpose for which the collection, use or disclosure is authorised.
If an entity is authorised to disclose information to a healthcare provider, the entity is authorised to disclose the information to an employee or contracted service provider of the healthcare provider, provided the duties of the employee or contracted service provider involve implementing the purpose for which the disclosure is authorised.
This Act applies to partnerships, unincorporated associations and trusts in the same way as it applies to persons.
The service operator may delegate functions and powers under this Act.
This Part also:
(a) provides for the concurrent operation of State and Territory law; and
(b) deals with the effect Parts 3 and 4 are to have in certain constitutionally significant circumstances.
The Governor - General may make regulations prescribing matters that are
required or permitted to be prescribed by this Act, or that are necessary or
convenient to be prescribed for carrying out or giving effect to this Act.