Australian Parliament passes permanent My Health Record deletion provision
28 November 2018 | 0
Taking a leaf from Europe General Data Protection Regulation, the Australian Parliament has passed legislation to allow its citizens to delete their health records.
The Australian Digital Health Agency (ADHA), the system operator of My Health Record, said the new bill means individuals can now “permanently delete” their record “at any time”.
“No archived copy or back up will be kept and deleted information won’t be able to be recovered,” the agency said in a statement.
The new measures – contained in the My Health Records Amendment (Strengthening Privacy) Bill 2018 – mean Australians can opt out of having a digital healthcare record at any time. Initially citizens had a three-month window (later extended by a month) during which to opt-out and stop a My Health Record being automatically created for them.
A number of people attempting to opt-out of having a record created for them reported that one already existed in their name without being aware of it.
Records will still be created for all Australians who haven’t opted-out from31 January next year, but they can now be permanently deleted at any time.
Insurers get no access for any reason
The amended laws also ‘explicitly prohibit’ access to My Health Records by insurers and employers, and ‘make clear’ that the system cannot be privatised or used for commercial purposes.
Earlier this month the government revealed plans to ban insurers from participating in a ‘secondary use’ framework for access to de-identified data.
The secondary-use framework allowed commercial organisations to apply to use the My Health Record data “so long as it can be demonstrated that the use is consistent with ‘research and public health purposes’ and is likely to generate public health benefits and/or be in the public interest”.
As per the amended legislation, insurers “cannot access data for any reason” the ADHA said.
“Under these measures, insurers and employers are prohibited from accessing any information within your My Health Record or asking you to disclose your information,” the agency said in a statement.
“The primary purpose of My Health Record is to improve your care, and access to your information by private health insurers and employers is not healthcare,” it added.
Other legislative changes mean no information within My Health Record can be released to a law enforcement organisation without an order from a judicial officer. The agency said this was already its ‘official operating policy’ but the amendment gave Australians extra reassurance.
The ADHA’s powers as system operator of the My Health Record can no longer be delegated to another government agency, with the exception of the Department of Health and the chief executive of Medicare.
Extra protections for victims of domestic and family violence and increased penalties for inappropriate or unauthorised use of information in a My Health Record also feature in the bill.
Civil fines will increase to a maximum of $315,000, with criminal penalties including up to five years’ jail time.
IDG News Service