Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2010-2011-2012
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
SENATE
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS BILL 2011
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS (CONSEQUENTIAL AMENDMENTS)
BILL 2011
SUPPLEMENTARY EXPLANATORY MEMORANDUM
Amendments to be Moved on Behalf of the Government
(Circulated by authority of the Minister for Health,
the Hon Tanya Plibersek, MP)
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS BILL 2011
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS (CONSEQUENTIAL AMENDMENTS)
BILL 2011
OUTLINE
The amendments to the Personally Controlled Electronic Health Records Bill
2011 ('PCEHR Bill') will address recommendations made by the Senate
Community Affairs Committee, following its inquiry into the PCEHR Bill.
The amendments will also reflect feedback by jurisdictions and government
agencies, consumers, the healthcare sector and healthcare software vendors
on the design of the PCEHR system and the regulations and rules proposed to
be made under the proposed PCEHR Act. Finally, the amendments will make
other clarifications and corrections that have been identified since the
PCEHR Bill was introduced into the Parliament, and reflect changes to the
system design that have occurred since the PCEHR Bill was introduced.
The Personally Controlled Electronic Health Records (Consequential
Amendments) Bill 2011 ('Consequential Bill') will also be amended to
reflect feedback by stakeholders on the design of the PCEHR system and the
proposed regulations and rules. It will also make clarifications and
corrections that have been identified, and reflect changes to the system
design that have occurred, following introduction of the Consequential Bill
into the Parliament.
Many of these amendments are made to more accurately reflect the intent of
certain provisions.
In summary, the key amendments will:
. ensure that certain matters are considered as part of the future review
of the legislation;
. improve the consultation undertaken prior to making PCEHR Rules;
. ensure that the System Operator has the ability to cancel or suspend the
registration of a consumer or other entity where appropriate - for
example, if continued registration poses a risk to the PCEHR system;
. strengthen consumer consent arrangements;
. clarify the extent of the Australian Information Commissioner's functions
and powers in respect of the PCEHR system;
. clarify the System Operator's functions in relation to the preparation
and use of de-identified data for research and public health purposes;
. support the use of agreements between the System Operator and
participants;
. reflect the evolving design of the PCEHR system, including clarifying the
ability of the System Operator to use computers as part of automated
decision-making;
. clarify the requirements regarding overseas storage and processing of
data; and
. clarify the parties whose healthcare identifiers and identifying
information will be collected, used and disclosed.
Financial Impact Statement
The amendments to the PCEHR Bill and Consequential Bill have no financial
impact.
STATEMENT OF COMPATIBILITY FOR A BILL OR LEGISLATIVE INSTRUMENT THAT RAISES
HUMAN RIGHTS ISSUES
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS BILL 2011
NOTES ON AMENDMENTS
Amendments 1 and 2
These amendments will ensure that, in the event that the National
Partnership Agreement on E-Health is amended or expires, the definition of
Ministerial Council remains effective.
Amendment 3
This amendment will insert additional words into the definition of PCEHR
system, in clause 5 of the PCEHR Bill, to ensure the definition is
appropriately limited and does not extend to other electronic health record
systems.
Amendment 4
This amendment will replace the current words in subclause 9(3). Its
effect is to extend the definition of identifying information to all
individuals, other than individuals in the capacity of a healthcare
provider.
This amendment is required so that identifying information of authorised
representatives and nominated representatives may be collected, used and
disclosed where necessary to support the operation of the PCEHR system,
including ensuring that activities of these representatives can, where
appropriate, appear in the audit log of consumers' PCEHRs.
Amendment 5
This amendment will insert a new clause 13A into the PCEHR Bill to reflect
that some decisions to be made by the System Operator may be automated.
The PCEHR Bill currently provides for a range of decisions to be made by
the System Operator. Given the numbers of decisions that may need to be
made, especially in relation to registering consumers online, it is
important that the System Operator have the flexibility to use computers to
automate its decision-making.
For example, if a consumer applies to register online, has provided the
required identifying information and this information has been verified
against information held by the Healthcare Identifiers Service, and there
are no existing cautionary notes regarding the consumer held by the System
Operator, registration of the consumer could occur automatically without
the direct involvement of System Operator staff.
Any automated decision-making will be consistent with the System Operator's
obligations under the PCEHR Bill.
Amendment 5 ensures that any decisions made using a computer are taken to
be made by the System Operator (new subclause 13A(2)).
Clause 97 of the PCEHR Bill provides that certain decisions made by the
System Operator are reviewable. The making of a decision by a computer
program will not alter a person's right to seek review of any decision
Amendment 6
This inserts new paragraph (ma) into clause 15 of the PCEHR Bill to clarify
that the System Operator has a function to prepare and provide de-
identified data for research and public health purposes.
There is currently nothing in the PCEHR Bill or in the Privacy Act 1988
('Privacy Act') that would prevent the System Operator releasing de-
identified data, as such information is not personal information or health
information. However, it is not currently clear that the System Operator
is authorised to prepare de-identified data for these purposes.
So that the System Operator is able to help fulfil the policy objective of
ensuring that de-identified data from the PCEHR system is available for
research and public health purposes, a new function is required. The new
function in paragraph 15(ma), in conjunction with paragraph 63(b) and
clause 50, will enable the System Operator to prepare de-identified data
for the above purposes.
The preparation and provision of de-identified data will be undertaken in
accordance with requirements specified in the PCEHR Rules (see
Amendment 32). These requirements will ensure that, for example,
appropriate protections are put in place around the preparation and release
of de-identified data.
Amendment 7
This amendment will insert a new subclause 38(3) to enable healthcare
provider names, where available, to be included in Medicare Benefits
Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) records. Having
providers' names attached to such records may be useful to a healthcare
provider who subsequently treats a consumer.
Consumers will still be required to consent to the inclusion of Medicare
records, including MBS and PBS records, in their PCEHR if they wish such
records to be included.
Amendments 8, 19, 20, 24, 25 and 26
These amendments will make it clear that subparagraph 99(c)(i), subclauses
44(2), 74(1) and 105(5) and clause 76 of the PCEHR Bill apply to healthcare
provider organisations, rather than healthcare providers more generally.
Amendment 9
This amendment will replace existing subclause 51(2) of the PCEHR Bill with
a new subclause to ensure that the System Operator has the ability to
cancel or suspend the registration of a consumer in all appropriate
circumstances.
Amendment 9 will also allow suspension or cancellation where certain
consent is not given.
The PCEHR Bill currently provides for the System Operator to obtain a
consumer's consent to the uploading of their health information as part of
registration (see subclause 41(3)). However, where a consumer does not
have capacity at the time of registration (for example, young children),
this consent will be given by a representative (such as a parent). Where a
consumer subsequently wishes to take control of their PCEHR (for example,
upon turning 18-years of age) it is appropriate that the consumer give
their own consent for the purposes of clause 41(3), and not continue to
rely on the consent previously given by their representative.
Amendment 9 will clarify that the System Operator may cancel or suspend a
consumer's registration if the consumer ceases to have a representative
and, after the System Operator has asked the consumer to give consent for
the purposes of subclause 41(3), the consumer has not done so within a
reasonable period.
In practice, the System Operator will not seek consent from the consumer
until the consumer initiates action to take control of their PCEHR.
|Example: Sidra is 20 years old. Her parents registered her for a PCEHR|
|when she was a child. However, since she turned 18 years old, her |
|parents have been unable to access her PCEHR. Because Sidra has not |
|taken active steps to take control of her PCEHR since turning 18, her |
|PCEHR has continued to operate with the same access control settings |
|that applied immediately before she turned 18, and healthcare providers|
|involved in her care have been able to upload records. |
|Sidra has been diagnosed with diabetes and she has decided to take a |
|more active role in her healthcare. Sidra cannot currently access her |
|PCEHR because she has never taken control of it - for example, she has |
|not set up her own log-in details. Sidra visits a Medicare shopfront |
|and explains that she would like to take control of her PCEHR. Sidra |
|provides evidence of her identity, gives consent for registered |
|healthcare providers to upload her health information to her PCEHR and |
|sets up her own log-in details. |
|With the information provided by the Medicare officer, Sidra is now |
|able to access her PCEHR and is able to set the access controls that |
|she chooses. |
Amendments 10, 11, 12 and 13
These amendments, in conjunction with Amendment 9, clarify when the
registration of a consumer or other entity may be suspended or cancelled.
Amendments 14 and 15
These amendments will ensure that the authorities given in clause 58 to
collect, use and disclose healthcare identifiers and identifying
information apply not just where a person has made an application, but
where the person is in the process of making an application.
These amendments are necessary to support online registration which
involves a number of preliminary steps before a full application is lodged.
Amendment 16
This amendment replaces clause 73 of the PCEHR Bill with a new provision
clarifying when a breach of the PCEHR Bill will also be an interference
with the privacy of a consumer. It also clarifies the functions and powers
of the Information Commissioner.
Subclause 73(1) will provide that an act or practice that:
. contravenes the PCEHR Bill (once enacted) in connection with health
information included in a consumer's PCEHR; or
. contravenes a provision in Part 4 or 5 of the PCEHR Bill; or
. would contravene the PCEHR Bill (once enacted) but for a requirement
relating to the state of mind of a person,
is taken to be:
. for the purposes of the Privacy Act an interference with the privacy of a
consumer; and
. covered by section 13 or 13A of the Privacy Act.
Subclause 73(2) will provide that the respondent to a complaint under the
Privacy Act about an act or practice, other than an act or practice of an
agency or organisation, is the individual who engaged in the act or
practice. The provision clarifies that individuals can be respondents to
complaints under the Privacy Act and can be investigated by the Information
Commissioner.
Subclauses 73(3) and (4) provide that the Information Commissioner has the
powers and functions under the Privacy Act as specified in subclauses 73(3)
and (4). These provisions will ensure that, where there is an interference
with the privacy of a consumer under subclause 73(1), the Information
Commissioner has the functions and powers to investigate and, if
appropriate, to attempt by conciliation to effect a settlement.
Subclauses 73(3) and (4) do not limit the functions or powers of the
Information Commissioner under other provisions of the PCEHR Bill.
Amendments 17
This amendment inserts a new clause 73A into the PCEHR Bill that permits
the Information Commissioner to disclose details about investigations where
the Information Commissioner is satisfied that doing so will enable the
System Operator to monitor or improve the operation or security of the
PCEHR system.
This amendment is necessary to ensure that existing provisions in the
Privacy Act do not prevent sharing of information about investigations
where that sharing may be appropriate - for example, to assist improve the
security of the PCEHR system following an investigation of a data breach.
Amendment 18
This amendment inserts a new clause 73B into the PCEHR Bill. Clause 73B
clarifies the manner in which the System Operator may discharge any
Information Privacy Principle 7 (IPP 7) obligations that may be applicable
to it under the Privacy Act.
The System Operator will not have any clinical expertise and will not be
responsible for the clinical content of records uploaded by registered
healthcare provider organisations to the PCEHR system. Consequently, any
disputes about the content of clinical records needs to be addressed by the
party with the requisite skills and knowledge - that is, the healthcare
provider organisation that uploaded the clinical record.
Amendment 18 allows the System Operator to discharge its IPP 7 obligations
by referring a request for correction or alteration to the relevant
participant in the PCEHR system and;
. requesting that the participant correct personal information in the
record and upload the corrected record; and
. if the participant refuses to do so, directing the participant to attach
a note from the consumer to the record and to upload the note and record.
Amendments 21 and 22
These amendments make changes to clause 77.
New subclause 77(2) will create a limited exception to existing clause 77
to ensure the provision delivers the intended outcome. The exception
applies only:
. for the System Operator (and its contractors where authorised under
clause 99 of the PCEHR Bill);
. where the records to be taken are, or the information to be processed is,
not personal information (which includes health information) or
identifying information of a consumer or other entity; and
. where the purpose of taking the records, or processing the information,
outside Australia is related to the operation or administration of the
PCEHR system.
Subclause 77(2) is intended to clarify that it is permitted, for example,
for the contractor supporting the System Operator to do administrative or
programming work on the PCEHR system's software outside Australia where
this is appropriate and provided that it does not involve taking or
processing personal information or identifying information outside
Australia.
Amendment 23
This amendment recognises that, in some cases, the System Operator may face
practical difficulties if it is required to always give notice to affected
parties - for example, in relation to a decision to recognise a person as
an authorised representative.
The amendment modifies subclause 97(2) so that the System Operator will be
required to "take such steps as are reasonably necessary in the
circumstances" to give written notice to persons affected by a decision of
the System Operator.
Amendment 27
In its report following its inquiry into the PCEHR Bill and Consequential
Bill, the Senate Community Affairs Legislation Committee ('Senate
Committee') recommended that the review required under clause 108 consider
"the appropriateness of the vesting of the System Operator responsibility
in the Secretary of the Department of Health and Ageing as well as possible
alternative governance structures" and "the opt-in design of the system
including consideration of the feasibility and appropriateness of a
transition to an opt-out system".
In response to this recommendation, this amendment will require that the
review to be conducted under clause 108 consider the following:
. the identity of the System Operator;
. alternative governance structures for the PCEHR system; and
. the opt-in nature of the PCEHR system, including the feasibility and
appropriateness of a transition to an opt-out system.
This amendment does not limit the other things that may be considered as
part of the review.
Amendments 28, 29 and 30
These amendments, which are also in response the Senate Committee's report,
will require the Minister to consult with the Independent Advisory Council
as well as the Jurisdictional Advisory Committee prior to making PCEHR
Rules.
This will help ensure that the Minister has access to advice from a wider
range of experts prior to making PCEHR Rules.
Amendment 31
This amendment inserts a new subclause 109(4A) into the PCEHR Bill.
Subclause 109(4A) will allow the PCEHR Rules to specify that a person must
enter into a specified kind of agreement in order to be, and remain, a
registered healthcare provider organisation, registered repository
operator, registered portal operator or registered contracted service
provider.
It is intended that the PCEHR Rules will specify that persons wishing to
register as one of these types of entities, and participate in the PCEHR
system, will need to enter into a participation agreement with the System
Operator. These agreements will include rights and obligations that, for
policy or other reasons, were considered not appropriate to be included in
legislation.
In combination with paragraphs 43(b) and 48(a) of the PCEHR Bill, this
amendment and the PCEHR Rules proposed to be made under it are designed to
ensure that the terms of participation agreements are not subject to review
under clause 97.
Amendment 32
This amendment inserts a new subclause 109(7A) into the PCEHR Bill. It
will allow the Minister to make PCEHR Rules specifying requirements with
which the System Operator and other entities must comply in relation to the
preparation and provision of de-identified data for research and public
health purposes. For example, PCEHR Rules could be made specifying
protections that to are put in place around the preparation and release of
de-identified data by the System Operator,
PERSONALLY CONTROLLED ELECTRONIC HEALTH RECORDS (CONSEQUENTIAL AMENDMENTS)
BILL 2011
NOTES ON AMENDMENTS
Amendments 1 and 4
Amendment 1 amends Item 16 of the Consequential Bill to ensure that the
Healthcare Identifiers Service Operator ('HI Service Operator') is able to
use, and disclose the PCEHR System Operator, healthcare identifiers under
proposed new section 19A of the Healthcare Identifiers Act 2010 ('HI Act').
Without Amendment 1, Item 16 would only permit disclosure.
Amendment 4 will have the effect of amending subsection 20(1) of the HI Act
to authorise the HI Service Operator or a registration authority to use,
and to disclose to an entity, an identified healthcare provider's
healthcare identifier and identifying information for the purpose of
identity verification as part of electronic transmissions.
Amendments 2 and 3
These amendments amend Item 16 of the Consequential Bill which, amongst
other things, inserts a new section 19B into the HI Act. Following the
amendments, the authorisations in proposed new section 19B will apply to
healthcare recipients and healthcare providers, rather than just to
healthcare recipients.
Amendment 5
This removes Item 18 from the Consequential Bill as it is no longer
necessary given Amendment 4.
Amendment 6
For the same reason as the proposed amendments to clause 58 of the PCEHR
Bill, Amendment 6 will modify Item 21 of the Consequential Bill in relation
to proposed subsection 22A(1) of the HI Act.
Amendment 7
This amendment inserts into Item 21 of the Consequential Bill a proposed
new subsection 22A(3) of the HI Act.
Proposed new section 22A(3) authorises the collection, use and disclosure
of healthcare identifiers and identifying information of authorised
representative and nominated representatives for the purpose of identity
verification and other purposes of the PCEHR system.
Amendments 8, 9 and 10
These amendments make clear that the authorisations in Item 21 of the
Consequential Bill, in connection with proposed new subsection 22B(1) and
the heading to section 22B, apply to the PCEHR System Operator, registered
repository operators and registered portal operators.
Amendment 11
This amendment inserts into Item 21 of the Consequential Bill a proposed
new subsection 22B(2) of the HI Act.
It authorises the System Operator, registered repository operators and
registered portal operators to adopt the healthcare identifier of an
authorised representative or nominated representative as their own
identifiers of the authorised representative or nominated representative so
far as is reasonably necessary for the purposes of the PCEHR system.
Amendment 12
This amendment amends Item 21 of the Consequential Bill in connection with
proposed new paragraph 22C(a) of the HI Act. The amendment will ensure
that the authorisation to be given under proposed new section 22C extends
to the collection, use and disclosure of healthcare identifiers of
authorised representatives and nominated representatives, as well as
healthcare recipients.
This authority is required to support the role of authorised and nominated
representatives in the PCEHR system.
Amendment 13
This amendment inserts into Item 21 of the Consequential Bill a proposed
new subsection 22D(4) of the HI Act.
Proposed new subsection 22D(4) of the HI Act will clarify that, despite
proposed paragraphs 22D(2)(b) and (3)(b) in the HI Act, the consent of a
healthcare recipient is not required for the uploading of information (for
example, MBS and PBS information) by the Chief Executive Medicare to the
Medicare-operated PCEHR repository under paragraph 38(2)(a) of the PCEHR
Bill.
Amendment 8A does not remove the need for consumer consent under paragraph
38(2)(b) of the PCEHR Bill before information can be made available as part
of a consumer's PCEHR.
Amendments 14 and 15
These amendments amend Item 21 of the Consequential Bill in connection with
paragraphs 22E(a) and (b) of the HI Act.
The amendments will allow regulations to be made in relation to healthcare
providers, authorised representatives and nominated representatives of
healthcare recipients, in addition to healthcare recipients as is currently
permitted.
Amendment 16
This amendment will amend section 46E of the Health Insurance Act 1973
('Health Insurance Act') by inserting a new subsection 46E(4).
Similar to Amendment 8A in connection with proposed new subsection 22D(4)
of the HI Act, proposed new subsection 46E(4) of the Health Insurance Act
will clarify that, despite proposed paragraphs 46E(1)(ba) and (bb) of the
Health Insurance Act, the consent of the consumer is not required for the
uploading of Australian Childhood Immunisation Register (ACIR) information
by the Chief Executive Medicare to the Medicare-operated PCEHR repository
under paragraph 38(2)(a) of the PCEHR Bill.
This amendment does not remove the need for consumer consent under
paragraph 38(2)(b) of the PCEHR Bill before ACIR information can be made
available as part of a consumer's PCEHR
Amendment 17
This amendment makes a change to Item 32, which inserts a new subsection in
section 135AA of the National Health Act 1953 ('NH Act'). The amendment
ensures that consistency with the language used in the NH Act.
-----------------------
Statement of Compatibility with Human Rights
Prepared in accordance with Part 3 of the Human Rights (Parliamentary
Scrutiny) Act 2011
Amendments to Personally Controlled Electronic Health Records Bill 2011
Amendments to Personally Controlled Electronic Health Records
(Consequential Amendments) Bill 2011
The government amendments are compatible with the human rights and freedoms
recognised or declared in the international instruments listed in section 3
of the Human Rights (Parliamentary Scrutiny) Act 2011.
Overview of the Amendments
The amendments will reflect recommendations made by the Senate Community
Affairs Committee, following its inquiry into the legislation, address
issues raised through consultation and make other clarifications.
The amendments are primarily designed to improve privacy and security for
the PCEHR system.
Human rights implications
The amendments engage the following human rights:
Right to Protection of privacy and reputation
Article 17 of the International Covenant on Civil and Political Rights
guarantees protection from unlawful interference with a person's privacy
and from unlawful attacks on a person's honour and reputation.
The amendments will further strengthen the proposed privacy protections of
the PCEHR system by, amongst other things, clarifying the circumstances in
which the Information Commissioner may investigate breaches or suspected
breaches of the proposed PCEHR Act.
Conclusion
The amendments are compatible with human rights because they advance the
protection of human rights, specifically the right to privacy.
Minister for Health, the Hon Tanya Plibersek MP
Index]
[Search]
[Download]
[Bill]
[Help]