Contents
-
Commencement
-
Parliamentary Procedure
-
Parliamentary Committees
-
-
Parliamentary Procedure
-
Ministerial Statement
-
-
Question Time
-
-
Parliamentary Procedure
-
Question Time
-
-
Matters of Interest
-
-
Parliamentary Procedure
-
Bills
-
-
Parliamentary Procedure
-
Motions
-
-
Bills
-
-
Motions
-
-
Bills
-
-
Answers to Questions
-
My Health Record
The Hon. M.C. PARNELL (15:11): I seek leave to make a brief explanation before asking a question of the Minister for Health and Wellbeing about privacy of health records.
Leave granted.
The Hon. M.C. PARNELL: Last week marked the start of a three-month period in which Australians can opt out of the My Health Record scheme before having an automatically generated electronic health record created for them. Much of the concern about My Health Record centres around privacy. Despite assurances from the government that the health records of Australians will be secure, many people are opting out because they do not trust government to get it right and they are nervous about highly personal information getting into the wrong hands.
According to Cassandra Cross, a criminology lecturer at Queensland University, breaches of centralised health records are all too common. She says that last week hackers stole the health records of 1½ million Singaporeans, including the prime minister's. In Canada, hackers reportedly stole the medical histories of 80,000 patients from a care home and held them to ransom.
Australia is not immune, because last year Australians' Medicare details were advertised for sale on the darknet by a vendor who had sold the records of at least 75 people. Earlier this year, Family Planning NSW experienced a breach of its booking system, which exposed client data of those who had contacted the organisation within the past two and a half years.
According to the federal privacy commissioner, the health service industry is the leading industry for reported breaches. In South Australia, the last published data—that is, the months of March April and May this year—shows that two SA Health staff received disciplinary sanctions for inappropriately accessing patient records, one employee received a final warning and one employee had their employment terminated.
My question is: what assurance can the minister give South Australians that when the federal government's My Health Record extension applies to all South Australians who have not chosen to opt out comes into effect in October, what additional steps will the state government take to protect the privacy of South Australians from inappropriate access to their health records?
The Hon. S.G. WADE (Minister for Health and Wellbeing) (15:14): Patient privacy is very important. It is very important because if people don't have confidence that their information is going to be held confidentially, then they are less likely to provide it. For example, in the context of mental health and drug dependency, I have heard of clients not willing to disclose that information to a health professional because they are concerned about it being put on the record and that then other health providers will say, 'You are not the sort of person that we want to engage.' I can appreciate that the concern about patient privacy is important in a global sense in terms of cybersecurity, for want of a better word, but it's also important at a very local level. That's why SA Health took the action it did to stress the importance of patient privacy to our staff.
My recollection is that, in the last two weeks, SA Health has done a bulletin to staff, reminding them of the importance of patient privacy. That's why My Health Record has one of the most stringent privacy regimes of any data network. Any of us who use the internet will see a proliferation of health apps that are provided by the private sector. I would have much greater confidence in My Health Record and what is being led by the commonwealth government and supported by the states and territories because we know how important privacy is for patients.
I don't deny that there is a risk, but I would stress to people, as they are making the choice in the next months about whether they want to take the risk of allowing their data to be available on My Health Record, that they think about the risks of not putting it on. I was in a situation last year where I became unexpectedly unwell interstate. There was no hope of the practitioner accessing my paper records. The only opportunity for him—and not just him, there was a range of professionals involved in a range of contexts—to access an electronic record remotely from my home is only possible through the opportunities of technology.
Of course, South Australians have to make a choice. I would remind them of the risks of not having a My Health Record, rather than the risks of having one. I note that the Royal Australian College of General Practitioners' president was caught out this morning by not having a My Health Record. I would like to declare to the council that I have had a My Health Record for two or three years.