1. Home
  2. Hansard & Papers
  3. Legislative Assembly
  4. 18 September 2002
Contact Print this page Reduce font size Increase font size

Health Records and Information Privacy Bill

Printing Tips | Print selected text | Full Day Hansard Transcript         « Prior Item | Item 47 of 55 | Next Item »

About this Item
Speakers - Skinner Mrs Jillian; Andrews Ms Marie; Meagher Ms Reba
Business - Bill, Second Reading


    HEALTH RECORDS AND INFORMATION PRIVACY BILL
Page: 4981


    Second Reading

    Debate resumed from 5 September.

    Mrs SKINNER (North Shore) [7.57 p.m.]: The bill was introduced in the other place and was supported by the Coalition because it protects the privacy of the health records of individual patients. The increased use of information technology and linked electronic health records have enormous potential benefits for patients. However, there have been instances where incomplete information about a particular treatment has jeopardised the safety of a patient. This bill will go a long way towards ensuring that does not recur. The privacy of all patients must be respected and this bill provides the framework for that.

    The bill was drafted through a committee established by the Government which was chaired by the Privacy Commissioner, Mr Chris Puplick, whom I have consulted about the bill. A number of health privacy principles are referred to in the overview of the bill. I will highlight some of them, as they are important to the protection of individuals. The first relates to the purposes of collection of health information and provides that information collected must be directly related to the function of a particular organisation and must be reasonably necessary. The second principle states that the information collected must be relevant to the purpose for which it is collected, it must not be excessive, it must be accurate and it must not be intrusive.

    The third principle is that information should be collected only from the individual concerned unless this is unreasonable or impractical. The information must be collected in accordance with any guidelines issued by the Privacy Commissioner. The fourth principle seeks to ensure that the individual from whom the information is collected is aware of certain matters, including the identity of the organisation collecting the information, the fact that the individual is able to request access to that information, the purposes for which the information is collected, the persons to whom the organisation usually discloses information, any law that requires particular information to be collected and the main consequences for the individual if all or part of the information is not provided. The latter is a very important provision.

    Under this principle the organisation collecting information about an individual must take reasonable steps to ensure that the individual is generally aware of these matters, particularly if they could pose a serious threat to the individual's life or health. The collection must be made in accordance with guidelines outlined elsewhere in the legislation. It is provided that the Privacy Commissioner may issue guidelines setting out circumstances in which an organisation is not required to comply with those provisions. An organisation is not required to comply in circumstances when the individual to whom the information relates has expressly consented to that organisation not complying or when the organisation is lawfully authorised not to comply. There are other provisions along those lines.

    The fifth principle relates to the retention and security of health information collected and provides that the organisation should ensure that the information is kept for no longer than is necessary for the purposes for which it is to be lawfully used. The information must be disposed of securely and protected with security safeguards. If it is necessary to give the information to someone other than the person who collected the information, this should be done in such a way as to prevent any unauthorised use or disclosure. There are also provisions that allow an organisation not to comply. The sixth principle requires an organisation that holds health information to take steps to enable an individual to ascertain certain things about that information. The individual must know the nature of the information and the purpose for which it will be used. The individual is entitled to request access to that information.

    The seventh principle is about accessing health information. It provides that an organisation that holds health information must, at the request of the individual to whom the information relates and without excessive delay or expense, provide access to that information. The eighth principle is about amending health information and provides that the organisation that holds the information must, at the request of the individual, make appropriate amendments to ensure that the information is accurate and, having regard to the purpose for which the information was collected, ensure that it is up to date, relevant, complete and not misleading. If the organisation is not prepared to amend the information that it holds, the individual can take steps to appeal the matter.

    The ninth principle is about accuracy, which speaks for itself. The tenth principle sets out limitations on the use of health information. It provides that the use of information for a secondary purpose requires the consent of the individual, that the use must be related directly to the primary purpose and that the individual must reasonably expect the organisation to use the information for that purpose. This principle contains other provisions regarding research. The eleventh principle outlines limits on disclosure of health information, such as consent and so on. The twelfth principle refers to identifiers and points out that an organisation may assign identifiers to individuals only if the assignment of identifiers is reasonably necessary to enable the organisation to carry out any of its functions efficiently. A private sector person may only adopt an identifier that has been assigned by a public sector agency.

    There are provisions about transborder data flows, data flows to Commonwealth agencies and the linkage of health records. An organisation must not include health information about an individual in a health records linkage system unless the individual has expressly consented to its inclusion. The organisation must not disclose an identifier of an individual to any other person if the purpose of the disclosure is to include health information unless the individual has expressly consented to this. This legislation is in line with Commonwealth legislation and the Coalition is satisfied that the privacy principles it contains provide the necessary protections for individuals. They will ensure that information is accurate, that it is not held inappropriately and that it cannot be passed on inappropriately. Perhaps most importantly, the bill contains provisions governing the linkage of health records to other records to ensure that there is no inappropriate second party transfer. The Coalition supports the legislation.

    Ms ANDREWS (Peats) [8.06 p.m.]: It gives me great pleasure to speak in support of the Health Records and Information Privacy Bill, the purpose of which is to implement recommendations made by the Ministerial Advisory Committee on Privacy and Health Information. The Ministerial Advisory Committee was established by the Minister for Health in June 2000. It was chaired by the New South Wales Privacy Commissioner, Mr Chris Puplick, and tasked with considering the implications of introducing linked electronic health records in New South Wales. The committee reported in December 2000 and its recommendations included the introduction of health-specific privacy legislation in New South Wales to cover both private and public sectors. There was wide consultation prior to the bill's introduction in this place.

    The Minister requested the committee to investigate and advise on privacy issues relating to health information. The committee reported to the Minister in December 2000 after conducting extensive consultation with key stakeholder groups and the public, including two public forums on health privacy issues and a workshop conducted as part of the Consumers Health Forum national consultation process on electronic health. The committee also received 42 written submissions. One of its main recommendations was the introduction of health records and information privacy legislation to protect health information held in both private and public sectors.

    This bill will apply to both public and private sectors and relies on 15 health privacy principles [HPPs] that cover a wide range of health information issues, including when and how information should be collected, how it should be stored and retained, when a person can access his or her health information, and when an organisation can use and disclose information. The content of the HPPs and the terms of the bill are generally in line with current State public sector privacy legislation, the Privacy and Personal Information Protection Act 1998; recent legislation in Victoria, the Health Records Act; and the Commonwealth Privacy Act, which became operational in the private sector on 21 December 2001.

    The bill has been developed with the aim of ensuring that it places no greater compliance burden on organisations than that which is already imposed by the Commonwealth Act. The main differences include New South Wales specific complaints mechanisms developed in consultation with the New South Wales Privacy Commissioner, and a specific principle dealing with linked electronic health records. As a result of wide consultation, the bill has been finetuned to enhance alignment of its provisions with the Commonwealth Privacy Act, streamline the mechanisms under which private sector bodies will be required to give access to and amend records, introduce a regulation-making power to allow for the development of compliance-based enforcement programs, ensure that information necessary for health care can be shared appropriately between treating practitioners, and revise the principle dealing with linked records to ensure that it focuses on the linkage of health care records. This bill is much needed in this State, and I take pleasure in commending it to the House.

    Ms MEAGHER (Cabramatta-Parliamentary Secretary) [8.10 p.m.], in reply: I thank honourable members for their contributions to this debate.

    Motion agreed to.

    Bill read a second time and passed through remaining stages.


Last modified 05/12/2007 16:40:10   :   Update this page