Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2010-2011
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
HOUSE OF REPRESENTATIVES
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS
(CONSEQUENTIAL AMENDMENTS) BILL 2011
EXPLANATORY MEMORANDUM
(Circulated by authority of the Minister for Health and Ageing,
the Honourable Nicola Roxon, MP)
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS
(CONSEQUENTIAL AMENDMENTS) BILL 2011
The purpose of the Personally Controlled Electronic Health Records (Consequential
Amendments) Bill 2011 (`Consequential Bill') is to ensure that the PCEHR Bill, once
enacted, operates appropriately and effectively. This will be achieved by making a number of
amendments to the Healthcare Identifiers Act 2010 (`HI Act') and other legislation to allow
participants in the PCEHR system to take up and use healthcare identifiers to support the
secure and accurate sharing of records within the PCEHR system.
The Healthcare Identifiers Service (`HI Service') was created by the HI Act as a foundation
element for electronic transmission of health records. By assigning a unique identifier to
each consumer, individual healthcare provider and healthcare provider organisation, the
HI Service provides a solid basis for:
· ensuring that a health record is attached to the PCEHR of the right consumer;
· restricting the ability to author a clinical record for the PCEHR system to qualified
healthcare providers; and
· making sure that connection to the PCEHR system is only available to those healthcare
provider organisations that meet technical and security requirements.
As a result, a health record entering the PCEHR system will typically contain all three kinds
of healthcare identifiers:
· the healthcare provider organisation's identifier will be used to identify the provider
organisation to the system;
· the individual healthcare provider's identifier will be used to identify the author of a
record uploaded to the system; and
· the consumer's identifier will be used to identify the PCEHR to which the record should
be attached.
The Consequential Bill amends the HI Act to allow healthcare identifiers to play a central
role in the integrity, security and safety of the PCEHR system.
The Consequential Bill will also make amendments to the Health Insurance Act 1973 and the
National Health Act 1953 to allow a range of health records created by Medicare to be
included in an consumer's PCEHR, where a consumer wants that information to be included.
FINANCIAL IMPACT STATEMENT
In the 2010-11 Budget, the Government announced funding of $466.7 million over two years
for the PCEHR system. This funding was primarily to establish the core national
infrastructure for the system.
Cost elements of the personally controlled 2010-11 2011-12 2012-13 2013-14
electronic health record system ($m) ($m) ($m) ($m)
Governance and Program management 25.7 18.8 0.0 0.0
Change and Adoption 42.0 56.8 0.0 0.0
Standards and Foundations (infrastructure) 51.7 97.8 0.0 0.0
Architectural Framework Release 1 33.9 48.9 0.0 0.0
Operations and maintenance 11.2 30.4 0.0 0.0
Program contingency 16.9 25.6 0.0 0.0
Departmental 4.2 2.9 0.0 0.0
Total Expense 185.6 281.2 0.0 0.0
1
2
NOTES ON CLAUSES
Clause 1 Short title
Clause 1 provides that the Consequential Bill, once enacted, will be cited as the Personally
Controlled Electronic Health Records (Consequential Amendments) Act 2011.
Clause 2 Commencement
This clause specifies when different parts of the Consequential Bill, once enacted, will
commence.
The consequential amendments set out in the Schedule will commence on a day or days to be
fixed by Proclamation. This enables the Governor-General to specify the day the Bill will
commence or the days different provisions will commence. If Proclamation hasn't occurred
by either 1 July 2012 or the day the Bill receives Royal Assent, this clause provides that the
Bill will commence on the day after whichever of these dates occurs later.
This commencement is the same as the commencement for the Personally Controlled
Electronic Health Records Bill 2011 (`Principal Bill'). This ensures that the consequential
amendments to support the PCEHR system in this Consequential Bill will come into force at
the same time as the provisions to create the PCEHR system.
Clause 3 Schedule
Each Act that is specified in a Schedule to this Consequential Bill is amended or repealed as
set out in the applicable items in the Schedule concerned, and any other item has effect
according to its terms. Schedule 1 amends the Healthcare Identifiers Act 2010 (`HI Act'),
National Health Act 1953 and Health Insurance Act 1973.
SCHEDULE 1--CONSEQUENTIAL AMENDMENTS
The Consequential Bill will ensure that the PCEHR system is able to operate appropriately
and effectively. This will be achieved by making a number of amendments to the HI Act to
allow the PCEHR system to take up and use healthcare identifiers to support the secure and
accurate sharing of records within the PCEHR system.
There will also be amendments to the Health Insurance Act 1973 and the National Health Act
1953 to allow a range of health records created by Medicare to be included in a consumer's
PCEHR if that is what the consumer wants.
Amendments to the Healthcare Identifiers Act 2010
Item 1 extends the operation of the HI Act to the external territories, in order to align its
geographical operation with that of the Principal Bill.
Items 2 to 11 insert new definitions into the HI Act. Items 4, 5, 6, 7, 10 and 11 draw on the
definitions for the same concepts in the Principal Bill.
Items 2, 3 and 8 provide definitions of three programs currently administered by the
Department of Human Services. These definitions are introduced to identify the kinds of
Government program information that a consumer may choose to include in her or his
PCEHR.
3
Item 9 provides a definition for professional and business details of a healthcare provider.
This is an existing concept used in the HI Act in section 31. Section 31 provides the rules for
the Healthcare Provider Directory, in which the HI service operator may publish information
about healthcare providers, with their consent. The new definition makes it clearer that the
information which the HI service operator may publish includes the healthcare identifier of a
consenting healthcare provider.
Item 12 amends section 10 of the HI Act to expressly extend the existing record-keeping
obligations of the HI service operator to cover new kinds of transactions relating to the
PCEHR system. This means that an individual will be able to keep track of when her or his
own healthcare identifier is requested from the service operator for PCEHR system purposes
- section 18 of the HI Act gives every individual a right of access to information about access
to her or his healthcare identifier. As well as providing individuals with a greater level of
access to their own information, this level of visibility of transactions discourages misuse
because of the increased likelihood of being caught.
Item 13 amends the title of Division 1 of Part 3 of the HI Act so that it better reflects the
scope of the Division after amendment by this Consequential Bill. Before amendment, the
Division only deals with use and disclosure of identifying information for the purpose of
assignment of healthcare identifiers. After amendment, the Division will also deal with the
use and disclosure of identifying information for PCEHR system purposes, and to
authenticate the identity of healthcare providers in electronic transmissions.
Item 14 introduces a new section 11A, which allows the HI service operator to use and
disclose identifying information to the PCEHR System Operator, so that the System Operator
can effectively establish and maintain a PCEHR for consumers who want to participate in the
PCEHR system. The use and disclosure of identifying information by the service operator is
expected to play a key role in supporting the security throughout the life cycle of a PCEHR,
for example:
· as part of registering a consumer for a PCEHR, it is envisaged that the PCEHR System
Operator will give information about the consumer to the HI service operator, so that the
service operator can identify and share that person's healthcare identifier. To do this, the
service operator will match the information provided by the System Operator against the
identifying information it holds for that person, to find her or his healthcare identifier;
· over the course of the life of a consumer's PCEHR, the HI service operator will provide
identifying information to the PCEHR System Operator, so that the contact details for the
consumer held by the System Operator remain as current as possible. This will better
allow the System Operator to contact a consumer, for example, if the System Operator
wants to investigate an unusual pattern of access to the consumer's PCEHR; and
· the HI service operator will notify the PCEHR System Operator when a healthcare
identifier is retired because a person has died, so that an active PCEHR can be suspended
from further access.
It is necessary to provide an express authorisation for these uses and disclosures of
identifying information. This is because section 15 of the HI Act makes it an offence for a
person to use of disclose identifying information collected as part of the assignment of
healthcare identifiers, unless they are using it for the purpose it was disclosed to them, or the
purpose is authorised under law.
Item 15 amends section 18 by giving the HI service operator the discretion not to provide a
consumer, or a person responsible for that consumer, access to the healthcare identifier and
audit log for the consumer. This amendment aligns the HI Service with the PCEHR system,
4
which also provides some scope to refuse access to information to a consumer or her or his
representative.
This discretion gives the HI service operator the flexibility to deal with situations where
giving access to this information to one person may represent a threat to the safety of another
person. This might occur, for example, in circumstances where estranged parents are both
responsible for a young child, but there is a history of domestic violence and one parent does
not want the other to be able to locate them. This is consistent with the approach of the
Privacy Commissioner to disclosure of health information of children in Guidelines on
Privacy in the Private Health Sector, which explains at page 24:
In exceptional cases, a health service provider may also decide not to
disclose health information collected from a much younger child [to a parent]. This
would generally relate to a risk of serious and imminent harm posed to the child, or
others, if disclosure took place. For example, if a parent is abusive toward a child or
other family members, a health service provider may decide there are reasonable
grounds to believe a disclosure of the child's health information would result in
greater danger.
It is not intended that the discretion would be exercised other than in exceptional
circumstances, where there is a clear public interest in the withholding of the healthcare
identifier and/or audit log.
Item 16 introduces new sections 19A, 19B and 19C which authorise the HI service operator
to disclose healthcare identifiers, and identifying information, to support the operation of the
PCEHR system.
New section 19A allows the HI service operator to disclose healthcare identifiers to the
PCEHR System Operator, so that it can use and disclose these for PCEHR system purposes.
The System Operator will use and disclose healthcare identifiers, for example, as part of:
· establishing a PCEHR for a consumer, which uses the consumer's healthcare identifier as
their reference number or index;
· attaching incoming health records to the PCEHR of a consumer;
· providing a healthcare provider involved in the treatment of a consumer with access to the
consumer's PCEHR; and
· sharing a consumer's PCEHR with a person (such as a friend or family member) to whom
the consumer chooses to give access.
Importantly, the PCEHR System Operator will share healthcare identifiers with other
organisations who play a part in delivering the PCEHR system, such as registered repository
and portal operators. This sharing will occur both as part of providing consumers and
healthcare providers with health records in accordance with system rules, and as an integral
part of making sure the system runs properly. For example, healthcare identifiers might be
shared as part of isolating or fixing a technical problem with the system, or investigating
suspected misuse of the system.
New section 19B allows the HI service operator to use and disclose healthcare identifiers and
identifying information to the Chief Executive Medicare in restricted circumstances relating
to the PCEHR system which are specified in new section 22D (Item 21). Together, new
sections 19B and 22D provide the ability for the Chief Executive Medicare to attach a
healthcare identifier to a record so that it can be included in the PCEHR in accordance with
the wishes of the consumer concerned.
5
Similarly, new section 19C allows the HI service operator to disclose healthcare identifiers
and identifying information to other Commonwealth agencies in restricted circumstances
relating to the PCEHR system which are specified in new section 22D (Item 21).
It is anticipated that, over time, there may be a range of records which are held by
Commonwealth agencies which may be of use in providing healthcare to a consumer. For
example, the Departments of Defence and Veterans' Affairs may have records about current
and former service men and women that relate to health services they have received. New
section 19C is part of the framework that would allow those records to be included in the
PCEHR of the relevant person, if she or he requests for that to occur.
Items 17 to 20 amend section 20 of the HI Act to support the use of public key infrastructure
(PKI) certificates by healthcare providers to assert identity in electronic transmissions, as
well as use of other online systems and directories which support the accurate and secure
sharing of information. Healthcare providers will be required to use PKI certificates which
assert their healthcare identifiers when communicating electronically with the PCEHR
System Operator, so that the System Operator can be assured it is allowing access to the
system to the right individual or organisation.
In a PKI system which meets the Australian Government framework, there is typically a PKI
Registration Authority (PKI RA) and a Certificate Authority (CA). In very general terms, the
PKI RA is a body which verifies the identity of a person or organisation (`the subscriber')
applying for a PKI certificate. After verification the PKI RA submits the application for the
PKI certificate to the CA, and the CA then issues a certificate to the subscriber which allows
them to encrypt and/or `sign' electronic messages. The CA publishes details of the certificate
in a directory on the internet so that someone receiving a message from the subscriber can
verify the `signature' and/or decrypt the message.
Because the HI service operator and any healthcare identifiers registration authority (within
the meaning of the HI Act) have an existing relationship with healthcare providers and
healthcare provider organisations, and assign the healthcare identifiers, these are potentially
useful sources of verification data for a health sector PKI system.
To this end, Items 17 and 18 provide the HI service operator or a registration authority with
the sufficient scope to use and disclose healthcare identifiers and identifying information to
facilitate the verification of identity for health sector PKI systems. At the time of
introduction of this Consequential Bill, the only registration authority was the Australian
Health Practitioner Regulation Authority.
Item 19 is directed to allowing healthcare identifiers to be published in the directory of a PKI
system. When a person uses a PKI certificate to assert their identity in an electronic
transmission, the receiver uses the information in the directory to establish that the certificate
is both genuine and current. Because the healthcare identifier is a key piece of information
which will need to be included in a PKI certificate for PCEHR system transactions, it is key
information that would need to be included in the directory.
Item 20 allows a body performing the role of a PKI RA or a CA to adopt healthcare
identifiers as their own identifiers for individual healthcare providers, where this is
reasonably necessary for the administration of the PKI system. This authorisation is required
where an RA or a CA is an organisation subject to the National Privacy Principles (NPPs) of
6
the Privacy Act 1988 (`Privacy Act'), which place restrictions on the use, disclosure and
adoption of identifiers for individuals (NPP7).
Item 21 inserts new Division 2A into Part 3 of the HI Act. This new Division deals with
collections, uses, disclosures and (where relevant) adoption of healthcare identifiers and
identifying information for the purposes of the PCEHR system. It recognises that there will
be a number of bodies jointly delivering the PCEHR system to consumers and healthcare
providers. These are:
· the PCEHR System Operator, which has central oversight and coordination of the system,
as well as responsibility for delivering core functions;
· registered repository operators, which are bodies that have agreed to hold health records
and make these available for access through the PCEHR system, in accordance with strict
technical and procedural rules;
· registered portal providers, which are bodies that provide consumers or healthcare
providers with an electronic access point to the PCEHR system, in accordance with strict
technical and procedural rules; and
· the Chief Executive Medicare and other agencies that may hold certain kinds of
Commonwealth program records and/or make these available for access through the
PCEHR system, in accordance with strict technical and procedural rules.
Items 23, 24 and 25 modify section 36 of the HI Act to reflect that the organisations
delivering the PCEHR system to consumers may use the services of contractors to do so. For
example, where a contractor is providing services to the PCEHR System Operator to assist
with the performance of PCEHR system functions, then this amendment would mean that the
contractor is authorised to handle healthcare identifiers in performing those functions to the
same extent that the PCEHR System Operator would be if it were performing those functions
itself. That authorisation extends both to the contractor organisation and to those of its staff
through whom the contractor organisation is delivering the relevant services.
This authorisation is limited in three ways. Firstly, the contractor can only exercise authority
which would be available to a participant in the PCEHR system on whose behalf it is acting.
If the participant in the PCEHR system does not have authority to do it, then neither does the
contractor. Secondly, the contractor may only exercise the authority that is available to the
principal if the contractor is doing so in accordance with the terms of the contract between
them. Thirdly, that authority is further restricted as being available only for PCEHR system
purposes.
New sections 22A, 22C, and 22D will allow the PCEHR System Operator, the registered
repository operators, registered portal providers and the relevant Commonwealth agencies to
work together to make a consumer's PCEHR available in response to a valid request to
access it, to ensure the efficient and effective operation of the system and to investigate and
take action in relation to any misuse of the system. It does not allow these bodies to use or
disclose the healthcare identifiers for purposes which are not related to the delivery of the
PCEHR system.
The authority to handle healthcare identifiers given in section 22D allows the Chief
Executive Medicare and the Departments of Human Services, Defence and Veterans' Affairs
to attach the healthcare identifiers to particular Commonwealth program records, when a
consumer has chosen to have these records included in her or his PCEHR. This provision
allows for the sorting and categorising of the data held by the agency about the consumer, so
that the records which meet the terms of the consumer's consent can be accurately identified.
7
Unless a consumer has made that choice, the agency may not attach healthcare identifiers to
these records. In the Principal Bill the only kinds of records that may be dealt with in this
way relate to Medicare Benefits Scheme (MBS) (claiming) information, Pharmaceutical
Benefits Scheme (PBS) (prescribing) information, childhood immunisation information, and
organ donor information registered by a consumer in the Australian Organ Donor Register.
Section 22D also provides for the possibility that, in future, other kinds of Commonwealth
agency records may be identified, which may be of value to include in consumers' PCEHRs.
For example, the Departments of Defence and Veterans' Affairs may have records about
current and former service men and women that relate to health services they have received.
Regulations may be made which allow for healthcare identifiers to be attached to prescribed
classes of records so they can be included in the PCEHR of the right consumer. This may
only occur, however, if the consumer has consented to this occurring.
New section 22B allows the PCEHR System Operator and registered repository operators to
adopt healthcare identifiers as their identifiers for individuals. This authorisation would be
required where the PCEHR System Operator or a registered repository operator was an
organisation subject to the NPPs of the Privacy Act, which place restrictions on the use,
disclosure and adoption of identifiers for individuals (NPP7).
New section 22E allows for regulations to be made to support collection, use and disclosure
of healthcare identifiers and identifying information, where reasonably necessary for the
delivery of the PCEHR system. This power reflects, for example, that information
technology continues to move quickly, that system design may properly change over time to
respond to emerging technological threats or opportunities, and that such changes may impact
on the handling of healthcare identifiers.
Item 22 introduces new section 24A, which provides further support for healthcare providers
to obtain PKI certificates to authenticate themselves to the PCEHR system and in other e-
health transactions. By allowing healthcare provider organisations to arrange the handling of
their own healthcare identifiers and those of their healthcare employees, by consent,
healthcare providers can choose to have their healthcare identifier published in a fully public
PKI directory. Many PKI systems have fully public directories.
By supporting the ability of a healthcare provider to use a PKI certificate which is published
in a fully public directory, this amendment allows the healthcare provider to choose a PKI
certificate which it can use for PCEHR system purposes, and also other secure transmission
of information as part of running a healthcare business. This provides better capacity for the
healthcare provider to minimise the number of different PKI certificates it needs to have in
order to deliver health services to consumers.
Having a provider's electronic contact details, including the healthcare provider, in a fully
public directory is important because a wide range of organisations work collaboratively to
support the health of the community, even though they may not provide traditional health
services themselves. An example is an organisation that delivers services to the ill or infirm
in their homes, such as assistance with meals or housework. As part of the complete
provision of care to a consumer, communications occur between healthcare providers and
these kinds of organisations constantly. A fully public PKI directly supports the security of
these communications.
This section creates an authorisation which is additional to, and does not derogate from, any
other authority to collect, use or disclose healthcare identifiers.
8
Amendments to the Health Insurance Act 1973
Items 26, 27 and 28 introduce new definitions into the Health Insurance Act 1973 to bring in
concepts from the PCEHR system which are defined in the Principal Bill.
Item 29 inserts new paragraphs into section 46E of the Health Insurance Act 1973. That
section sets out the circumstances in which the Chief Executive Medicare may disclose
information from the Australian Childhood Immunisation Register. The new paragraphs give
the Chief Executive Medicare the ability to identify, index and share immunisation records,
so that they are included in a person's PCEHR in accordance with her or his wishes. These
paragraphs allow for sorting and categorising of the data held by the Chief Executive
Medicare about the immunisation records of a consumer so that the records which correspond
to the consumers consent can be accurately identified.
Item 30 amends subsection 130(1) of the Health Insurance Act 1973 so that Medicare records
may be included the PCEHR of a consumer, where the consumer has chosen for this to occur.
Amendments to the National Health Act 1953
Item 31 amends section 135A of the National Health Act 1953 so that PBS records may be
linked to the PCEHR of a consumer, where the consumer has chosen for this to occur.
Items 32, 33 and 34 amend section 135AA of the National Health Act 1953 so that the
PCEHR System Operator can include both MBS and PBS information in the PCEHR of a
consumer, where the consumer has chosen for this to occur.
The National Health Act 1953 prohibits the linking of MBS and PBS information.
Amendments to that Act will enable the PCEHR System Operator to include types of
information in a registered consumer's PCEHR where the consumer has chosen for this to
occur (see Items 31 to 34). These amendments do not remove the broader prohibition on
linking MBS and PBS information, but instead they create a limited exception so that a
registered consumer's PCEHR can contain the information.
9