Home | Databases | WorldLII | Search | Feedback Australian Senate Standing Committee for the Scrutiny of Delegated Legislation - Monitor

Health Insurance (Approved Pathology Undertakings) Approval 2017 [F2017L01293]-Concluded matters [2017] AUSStaCSDLM 449 (12 June 2017)

Personal rights and liberties: privacy

The committee previously commented as follows:

Scrutiny principle 23(3)(b) of the committee's terms of reference requires the committee to ensure that instruments of delegated legislation do not trespass unduly on personal rights and liberties, which includes the right to privacy.

Section 7 of Schedule 1 (Approved Pathology Practitioner Undertaking) and

section 12 of Schedule 2 (Approved Pathology Authority Undertaking) to the instrument require pathology practitioners and authorities, respectively, to comply with requests for information by specified government officials.^[2] The relevant sections also provide that such information may then be made available to other specified entities.

Subsection 12(4) of Schedule 2 provides that an approved pathology authority is not required to provide information containing clinical details relating to a patient.

That caveat is not included in section 7 of Schedule 1 with respect to information requested from an approved pathology practitioner.

The committee notes that the ES does not address the nature of the information that may be requested under subsection 7(1) of Schedule 1, nor does it set out any means by which the privacy of any information provided under the instrument — particularly information relating to a patient's clinical details, which it seems may be provided by pathology practitioners under Schedule 1 — will be appropriately protected.

Without information regarding these matters, the committee is unable to be satisfied that the instrument will not unduly trespass on the personal rights and liberties of individuals.

The committee requested the minister's advice in relation to:

• the nature of information that may be requested under subsection 7(1) of Schedule 1 to the instrument; and

• any relevant safeguards in place in relation to the collection and sharing of personal information under the instrument, particularly information concerning patients' clinical details.

Minister's response

The Minister for Health advised:

I am confident that the requirements in the legislative instrument do not infringe on individual's personal rights or liberties.
The Commonwealth introduced a compulsory accreditation system in relation to Medicare benefits for pathology in 1986. In order to be accredited, a pathology laboratory must meet specified quality standards. Medicare benefits are only payable for pathology services if:

• approved services are performed in a laboratory within an appropriate Accredited Pathology Laboratory category;

• the service is rendered by or on behalf of an Approved Pathology Practitioner; and

• the proprietor of the laboratory is an Approved Pathology Authority.

Section 7(1) of Schedule 1 of the Health Insurance (Approved Pathology Undertakings) Approval 2017 allows for relevant information related to pathology services provided by an Approved Pathology Practitioner or on behalf of the Approved Pathology Practitioner, to be provided to the Australian Government Department of Human Services, who manage the administration of laboratory status and Medicare payments for pathology services.
Alternatively, the information may be provided to the Australian Government Department of Health, who has responsibility for compliance activities. For example, the information may include records of pathology services claimed to have been rendered by the Approved Pathology Practitioner or on their behalf that may inform the monitoring of Medicare payments for the purposes of ensuring the appropriate use of public funds or compliance activities. The requestor of the information is considered
to have the responsibility of determining whether any clinical information is relevant to any issues arising from the Undertaking.
Section 12(1) of Schedule 2 of the Health Insurance (Approved Pathology Undertakings) Approval 2017 enables the Approved Pathology Authority, or the proprietor of the laboratory, to provide any requested relevant information to the Australian Government Department of Human Services relating to the pathology laboratory or pathology services provided at the laboratory or services provided by the Approved Pathology Practitioner that has signed the Undertaking. The example provided for section 7(1) would be relevant to this provision.
In terms of safeguards addressing disclosure of personal information or clinical information, as part of the national pathology accreditation program, laboratories are required to have protocols and procedures relating to the tracking of specimens and test results and the disclosure of test results. In addition, a pathology request form and laboratory records often are identified with a patient name and up to two other unique identifiers, such as unique medical record number or date of birth.
There are also legal safeguards in place relating to the disclosure of this information. To the extent that the information requested would include information patient clinical details, the secrecy provision in section 130(1) of the Health Insurance Act 1973 (the Act) prohibits a person from directly or indirectly divulging or communicating to any person any information with respect to the affairs of another person acquired by him or her in the performance of his or her duties, or in the exercise of his or her powers or functions under the Act. This secrecy provision extends to information acquired by the requestors under section 7 (1) of Schedule 1 to the instrument from Approved Pathology Practitioners, and the sharing of that information with recipients. Therefore, once the requestors and recipients have been provided with the information about the affairs of a person (e.g. identified clinical information), the requestors and recipients are bound by section 130(1) of the Act not to divulge or communicate that information, unless an exception applies. A general exception allowing information to be divulged in the exercise of powers, functions and duties under the Act is included in section 130(1) itself. Any disclosure that occurs outside these exceptions is prohibited and could constitute an offence, attracting criminal penalties.
Section 135A of the National Health Act 1953 (NH Act) is the secrecy provision that applies to information acquired under the NH Act.
For relevant purposes, this secrecy provision mirrors the secrecy provision in the HI Act (i.e. section 130(1) of the Act). This provision may be invoked subject to whether information is shared and disclosed. If the NH Act should apply, section 135A will prohibit disclosure of information (unless an exception applies) in the event that information is acquired for the purposes of the NH Act (in addition to the Act).
Furthermore, the Department and other recipients/requestors are 'APP entities' for the purposes of the Privacy Act 1988 and are therefore subject to the principles regarding the handling of personal information arising from that Act.

Committee's response

The committee thanks the minister for his response, and notes the minister's advice regarding the nature of the information that may be requested under subsection 7(1) of Schedule 1 and subsection 12(1) of Schedule 2 to the instrument, and the entities to whom that information may be provided.

The committee further notes the minister's advice as to the legal and policy safeguards in place to protect patients' personal information and clinical details.

In particular, the committee notes the secrecy provisions in section 130(1) of the Health Insurance Act 1973 and section 135A of the National Health Act 1953, as well as relevant provisions of the Privacy Act 1988 that apply to the recipients of information provided under the instrument.

The committee considers that this information would have been useful in the ES.

The committee has concluded its examination of the instrument.