Thursday, 9 March 2023
Bills
Health Legislation Amendment (Information Sharing) Bill 2023
Bills
Health Legislation Amendment (Information Sharing) Bill 2023
Committee
Resumed.
Clause 1 further considered (12:42)
Georgie CROZIER: Prior to question time we were talking about compatibility and the national My Health Record. I have had some correspondence from some community health services, and they are concerned that some of their clients have chosen to opt out of the national My Health Record. I want to understand in relation to those clients that access community health, which plays a very important role in preventative health and to support patients: what is the government’s estimate around those numbers of clients, because some of these clients are some of the more vulnerable clients in the health service? The reason I ask is I am concerned that they may not be forthcoming with their information that this legislation seeks to address.
Lizzie BLANDTHORN: Sorry, Ms Crozier, just to be clear, are you talking about individuals who have opted out of My Health Record or services that cannot then access the My Health Record?
Georgie CROZIER: I raise the issue because I have had feedback after I sought to get some feedback from community health services, and they were saying that their clients have opted out of the national My Health Record. They are concerned that some of their patients are quite vulnerable. What sorts of numbers has the government identified for some of these clients? The risk is that they may not provide their full history, and therefore what you are attempting to achieve will be lost because these clients, particularly those that are accessing community health services, will not provide what you are trying to achieve. So I am just wondering if there is an estimate of any numbers of those patients that might be involved in the community health sector but have also opted out. I think it is 10 per cent of Victorians as a total, but does the government have any visibility of that?
Lizzie BLANDTHORN: Obviously, community services will be treated the same way as hospitals. But in relation to those individuals, they cannot obviously opt out of the proposal here, so their information will be within that, and the community services records within My Health, as inclusive, or non-inclusive, as they are, will be compatible. The sharing of the information is indeed the very purpose of this bill. Its purpose is to ensure that people as far as possible do have access to that data. But if their data is not in My Health Record to start with and the community service does not have that data, then the extent to which it is compatible will be considered.
Georgie CROZIER: Minister, I think you misunderstood my question, but I will not labour the point. I was making the point that these patients or clients have concerns about their information, so they have opted out of the national My Health Record. There is quite a large cohort of these patients. They are the most vulnerable patients often that are being seen, and what this legislation is attempting to do is capture their information. What I am saying to you is that they may not be providing that full information and therefore the legislation will not capture what you are attempting to achieve. My question therefore is: what campaign are you going to run to provide certainty to these vulnerable clients or patients that access this care either through community health services or through other major health services in the state?
Lizzie BLANDTHORN: I am sorry, Ms Crozier, if this is causing confusion for either of us or we are talking at cross purposes, but in any case I think the privacy management framework that is part of this and has been certainly emphasised throughout the bill and our comments earlier will ensure that for public community health services, which already manage very sensitive conditions, that will continue to be the case under the privacy management framework. So in terms of the sensitivity of their information, that will be there.
Georgie CROZIER: Will you be running an information campaign?
Lizzie BLANDTHORN: There will certainly be support and information, as I said earlier, through the health services that are included, but also obviously it will be spoken about with individuals.
Georgie CROZIER: Minister, the Victorian Alcohol and Drug Association put out a press release in relation to this bill, and I mentioned it in the second-reading debate. They feel that the bill will further exacerbate stigma, as information relating to substance use, such as overdose or support through opioid substitution therapy, will be visible to a range of health professionals without patient consent. There were other concerns around the cyber attacks have gone on, and they mentioned the Medibank hack. The government has brought in amendments around that privacy framework that you have spoken about, so I would like to understand what consultation you have had with these agencies around the latest amendments that you have provided to the house today.
Lizzie BLANDTHORN: I will just consult.
There have been two years of comprehensive consultation on this bill. The amendment that has been circulated from the government today is reflective of that consultation.
Georgie CROZIER: Minister, this was a press release of just a few days ago, 22 February, so whatever you have said over the past two years they are not satisfied with. So I am taking it from your response to me now that they have not been consulted about these amendments. Is that correct?
Lizzie BLANDTHORN: As I said, the amendments go to issues which have been well canvassed and well discussed in the consultation in relation to this bill for a lengthy period of time, and the amendments are reflective of the intent of the bill in the first instance, which, as I said in my remarks relating to the procedural motion earlier, go to ensuring that the privacy of information that people have and the security of that information are absolutely paramount at any point.
Georgie CROZIER: It is a simple question, Minister: were they consulted or not?
Lizzie BLANDTHORN: It is a simple question and it is a simple answer. As I said, the consultation has happened over two years in relation to the entire purpose and intent of this bill, and it has always been the case that this bill is about sharing information for the health and safety of patients but ensuring that in so doing people have their privacy, particularly in relation to sensitive conditions, protected.
Georgie CROZIER: Minister, I do not think you have answered the question. Regarding the amendments in your name that have been circulated today, were these agencies consulted on these amendments that you are putting into the Parliament today?
Lizzie BLANDTHORN: Ms Crozier, I think I have answered the question. The amendments, as I said, are reflective of the issues surrounding this bill, both in relation to the sharing of information but also ensuring the protection of privacy around that information, and they are issues that have been broadly discussed throughout the consultation period.
Georgie CROZIER: Minister, you have brought a bill in for the second time around this issue. The government has constantly said that there will be safeguards and information will not be breached and privacy will not be breached, yet you have to justify that because of the concerns of the crossbench. Let us make no bones about it: you needed the support of the crossbench. These are what the Greens were talking about too, and you are reflecting that. It is a very simple question: did you consult or not about these amendments? I do not care what they reflect. These are amendments to the bill that you have put in, and I am just asking the question: did you consult or not? It is a simple yes or no. With your answers I am getting the feeling that there was no consultation with these agencies.
Lizzie BLANDTHORN: As I said in my opening remarks in relation to the first version of this same question, the amendment that has been worked on, as you rightfully point out, with the assistance, and valued assistance, of the crossbench, has been the product of a great deal of consultation, and the consultation on this bill and these very issues that are canvassed in the amendments extends across a two-year period.
Georgie CROZIER: If you have been consulting over two years, why on earth are we seeing these amendments today?
Lizzie BLANDTHORN: Again, I appreciate the question – I am not sure how many times we are up to actually – but as I said, it has always been the intent of this bill to share information and ensure the protection of privacy. Those issues have been broadly consulted on over a two-year period, and the amendments that have been proposed simply further reflect that.
David LIMBRICK: On this same line of questioning, was the intent of the government to establish this framework without legislation, because this could have been just established as part of the project? I suppose my question is: the things that are in this amendment, were they going to happen anyway? Because the minister has already spoken of the intent, and the amendment reflects that consultation, was this going to happen anyway, or is this a new thing?
Lizzie BLANDTHORN: Obviously, the system cannot be comprehensively and effectively established and maintained without the legislation. As I said to Ms Crozier, the privacy of information has always been a paramount concern, and it has always been the intention that we both share the information and protect the security of the information. These amendments simply go further to that.
David LIMBRICK: I thank the minister for her answer. So what does this amendment actually do that was not already going to happen?
Lizzie BLANDTHORN: As I said, the legislation itself was always designed in a way that was going to ensure that we can share the information and protect the security of the information. With the assistance of members of the crossbench, we have simply moved amendments that further enhance that.
Georgie CROZIER: I do not know how many people are watching this debate, but those that have signed the petition and the hundreds of thousands of Victorians that have got concerns about this bill I think will be very alarmed by the answers that you have provided to Mr Limbrick, because as he rightly asks, Minister, what are these amendments doing that were not in the bill previously? We can go around and around in circles, but this is just to placate a number of the crossbench to get the bill through the chamber. We know that because you have been very stubborn on it. But I want to go back to the point about these amendments and my original question about consultation. You talk about consultation over two years, but on the day that this bill is to be passed we see these new amendments. Could you please explain to the committee which stakeholders have had consultation from the minister’s office on these amendments?
Lizzie BLANDTHORN: As I have said a number of times now – and we can, as you said, Ms Crozier, keep going around in circles – this piece of legislation has been in the making for some time, and this bill has been in consultation for a two-year period. The issues have all been well canvassed, and the purpose of the bill was always to ensure the sharing of health information so that we can best deliver health services to those in our community who need them, particularly, as you rightfully point out, those who are most vulnerable, and so that we continue to do that in the most secure and safe way possible. That is exactly what the bill, with the amendments, does.
Nicholas McGOWAN: Thank you, Minister, for your answers so far. I appreciate the fact you do have a croaky voice today, so I will try and keep most of my questions as straightforward and easy as possible in terms of minimising the back and forth, because I do appreciate that. In respect to the amendment itself, did the government consult the Law Institute of Victoria?
Lizzie BLANDTHORN: I will just consult with the box.
As I have previously indicated, both the bill itself and the development of the bill, including the amendments, are the products of broad consultation that has happened for some time with a range of stakeholders. Consultations over time have included the law institute, and the amendments that we have before us to the bill reflect the issues within those consultations over some time with all of those stakeholders.
Nicholas McGOWAN: I thank the minister for her answer. I just want to narrow that slightly in respect to this amendment. I appreciate what you are saying in respect to the previous consultations, but given the very new nature of this amendment, were the law institute consulted in any way on this specific amendment?
Lizzie BLANDTHORN: Again, as I have said, the bill itself, including the amendments and the issues that the breadth of that includes, is a reflection of the consultation that has happened over time with a number of stakeholders, including the law institute.
Nicholas McGOWAN: Minister, has the government consulted Liberty Victoria at all in respect to this amendment?
Lizzie BLANDTHORN: My answer remains the same. Consultations happened over a two-year period in relation to the issues that are included in both the bill and the amendments that are proposed. Those issues have been well canvassed with a range of stakeholders, including the legal ones.
Nicholas McGOWAN: Minister, thank you for your answer. Did the government consult Liberty Victoria in respect to the substantive bill itself?
Lizzie BLANDTHORN: Again, it is a similar question. My answer remains the same. The consultation has happened over a two-year period in relation to the bill itself, and the issues that it and the amendments collectively canvass have been well consulted on.
Sitting suspended 1:01 pm until 2:06 pm.
David LIMBRICK: I have a number of questions, and if it suits the minister I will acquit them all on clause 1, as I believe the others are doing. My first question is: what is the reasonable justification for having no opt-out provision? In other words, what harm is there in allowing some Victorians to enjoy the benefits of the new system and other Victorians to choose not to enjoy those benefits by opting out?
Lizzie BLANDTHORN: Thank you, Mr Limbrick, for the question. The scheme has been designed purposely without the opt-out provision. Under the existing law, public hospitals can share health information required in connection with the further treatment of a patient without getting their consent first. The bill adopts a similar approach by allowing the health information to be shared for the continued care and treatment of patients. The proposed secure health information system will not change the ability of health services to share information but will improve the way that information can be accessed and the security around the sharing arrangements. It should be noted that this approach is indeed consistent with Queensland, New South Wales, the ACT and South Australia.
David LIMBRICK: I thank the minister for her answer. The minister just mentioned Queensland. It is my understanding that you can opt out in Queensland under their system.
Lizzie BLANDTHORN: I will seek some advice.
Not within the public hospital system, no.
David LIMBRICK: The Minister for Health in the other place during the second-reading speech mentioned a privacy management framework. I am sort of wondering when that will become publicly available, or is this amendment the privacy framework?
Lizzie BLANDTHORN: The privacy framework, as we were discussing earlier, goes very much to the core purpose of the bill – the sharing of the information, but then protecting the security of the information in relation to patients. Public community health services also manage sensitive conditions, and these will also be managed under the privacy management framework. The bill was designed to give effect to that, the amendments further enforce that, and that will be a fundamental part of the scheme.
David LIMBRICK: I thank the minister for the answer. The minister spoke earlier about many of these things that we were talking about in the amendments, such as the privacy management framework. Clearly that was planned because the minister spoke about it in the second-reading speech, but there was also talk about negotiations with crossbenchers, such as the Greens, on improving these things. Which of these things in the amendments are new – that were not originally planned when this bill was put forward?
Lizzie BLANDTHORN: Clearly, as you correctly identified, Mr Limbrick – and the minister spoke herself to the importance of not only sharing the information but protecting the security of the information and the privacy of patients – that was indeed always planned, and as we discussed at length earlier as well, it was indeed always part of the consultations with a broad range of stakeholders. It was always planned; it was always facilitated by the legislation. There was always intended to be a policy framework. These amendments simply spell out all of that policy framework that the minister spoke about in her second-reading speech, which clearly was intentioned in the bill itself, through the amendments.
David LIMBRICK: I thank the minister for her answer. If my understanding is correct, everything in this amendment was already going to happen. It is just that it is saying it in the legislation now.
Lizzie BLANDTHORN: I will just seek some further advice.
As I said, the privacy framework and the review were always contemplated. It just spells it out further within the legislation, and the minister’s earlier remarks in relation to the second-reading speech go to that point.
David LIMBRICK: I thank the minister for clarifying that the Greens negotiations did not really do anything. Given that only the Department of Health and not the treating health service will have access to the audit trail of who has accessed patients’ information in the system, why is the department exempt from FOI?
Lizzie BLANDTHORN: As I said in my remarks in relation to the procedural motion that you put to the chamber earlier, for the department to be responsible for FOI would be for the department, rather than the health service itself, to access all of that information. Because they are the owner of the system, it would be much more appropriately managed through the health service itself.
David LIMBRICK: I thank the minister for her answer. I understand that the health services are meant to synchronise with the system. However, there could be errors through things not being synchronised that someone would not be able to pick up. For example, I may have gone to a doctor and got an incorrect diagnosis, and then I may have gone back again and got a correct diagnosis. If for some reason it was not synchronised, if I cannot see the centralised system, then I do not know whether that record has been updated or not.
David Davis: Tampered with.
David LIMBRICK: Yes, or tampered with for that case. I accept that a patient through the normal process can go through the health service provider, but there is still a requirement in my mind that they would want to know what is on the centralised system as well to ensure that they actually are the same documents.
Lizzie BLANDTHORN: Sorry, Mr Limbrick, could you just ask your question again?
David LIMBRICK: Yes. Given that there are potential problems with the synchronisation between these two systems, why does the government feel that it is not required for someone to be able to access the information in the centralised system to see what records are in there?
Lizzie BLANDTHORN: Just to be clear, you are still referring to FOI in particular? Yes. Patients currently have rights to access their full medical records from their health service provider under FOI and privacy legislation, and this bill obviously does not do anything to disrupt that aspect of it. Importantly, the information within the system is not necessarily, as you say, a complete medical record but a subset of the information held by the service providers, and it includes information held in the system. To be accessible under the Freedom of Information Act 1982 would mean that the Department of Health would be responsible for accessing, assessing and responding to requests from patients. As I said, they are not the appropriate people to be responding to those requests, and the best source of a patient’s health information is the health service that has provided the service and has that complete medical history so that they have all of that information available to them.
David LIMBRICK: I thank the minister for her answer. If I was a patient and I suspected that the central system records were different to what the medical provider had, how could I firstly find out about that, and how could I go about changing it? It is not clear to me how a patient can actually find out if there is a synchronisation problem between the health service provider and the centralised system; it does not seem clear to me how a patient can ever know that there is a problem there.
Lizzie BLANDTHORN: Obviously, if patients have queries about their own individual health information, they can first discuss their concerns with their own individual health provider or the other health service that may have created and holds the medical records. Of course it should be noted also that patients who are not satisfied with that response will have the opportunity to lodge their concerns with the health complaints commissioner, but in the first instance they can take those issues up with the provider themselves.
David LIMBRICK: I thank the minister for her answer. I will make it simpler: is there any mechanism for a patient to see what is held in the centralised system?
Lizzie BLANDTHORN: I will seek some further clarification if that can be of assistance to you.
I am advised that it is one and the same thing. It is the same data. They can access it through their health provider, and they will be able to see the information that is held on them there.
David LIMBRICK: I thank the minister. So what you are saying is: I go to my health provider, they have got access to the system, I can sit with them, they can access it and I can view it on the screen or something. Is that how it would work? I am just trying to get in my head how this actually works – how I actually see what is held in the central system.
Lizzie BLANDTHORN: As I said, Mr Limbrick, by accessing the information through their health service provider they will be able to see that information, and that includes all of the information about their own health condition.
David LIMBRICK: I thank the minister for her answer. Why does the bill not restrict who at the Department of Health can access the system?
Lizzie BLANDTHORN: My advice is that departmental staff will not be in a position where they will need to access that information. There will be audit processes in train, and there are obviously fines for people who do the wrong thing.
David ETTERSHANK: This bill presents an opportunity to enable individuals to access their health data electronically in a manner contemplated by the European Union general data protection regulation, which addresses their accessibility and portability, as such an approach would enable individuals to obtain their health data free of charge in a generally available, machine-readable form. There are four main benefits to this: individuals could check the accuracy of their health information and correct it; individuals would be able to, at their option, share their health data with private sector providers, for example; patients would not have to access the expensive, time-consuming and complex FOI requirements to access their own information; and patients could use this information to identify any information that they do not wish to have shared or accessible. So my question, Minister, is: can you commit that this approach will be addressed and implemented prior to operationalising the electronic patient health information sharing system (EPHIS)?
Lizzie BLANDTHORN: Thank you, Mr Ettershank, for your question. As we have talked about all day, really, this bill is an important road to improving health information sharing and protecting the privacy and security of the information for patients. Citizens, as we were just discussing with Mr Limbrick, can already access their own health information, and they will retain that capacity. Some health services already operate patient portals or can provide health information under Office of the Victorian Information Commissioner-specified informal arrangements. Victoria’s Digital Health Roadmap details the government’s commitment to putting health information in the hands of citizens and, where indicated, their carers or their parents. The government will also work with all public health services to ensure that by the time EPHIS is operational there are mechanisms in place so that a patient’s individual health information will be available to them at that time without cost in an accessible and, where possible, machine-readable format without having to use freedom of information, as we were discussing earlier.
Nicholas McGOWAN: Thank you, Minister, for your previous answer to Mr Limbrick. Just in respect to persons working for the secretary not needing to have access, why does the bill propose to give them that access when it says ‘The Secretary, or a person employed’ and so on and so forth?
Lizzie BLANDTHORN: Obviously this is a bill to establish a statewide scheme compatible with My Health Record, and it is a scheme that is operated by the department. With Mr Limbrick, I was talking about why people or how people might be able to access people’s individual health information. I would imagine, without wanting to of course put words in Mr Limbrick’s mouth, we were going into talking about the privacy and the security of the information and the protection of that for patients. In the sense of accessing people’s personal records, there is no need for individuals within the department to be accessing that information, and there will be an audit trail to make sure that people are not doing that. If it has been done, and is found to be done inappropriately, there are fines to address that issue.
Nicholas McGOWAN: Just further to your answer, Minister: if there is no need, again I repeat: why would the bill then have specific provision for persons – that is, all persons – employed by the secretary to be able to have lawful access to this mega-database?
Lizzie BLANDTHORN: Sorry, I just missed the question.
The DEPUTY PRESIDENT: Could you repeat the question, please, Mr McGowan.
Nicholas McGOWAN: I can repeat the question. Minister, the question I asked was in respect to why those employed by the secretary under the act have unfettered access, and specifically why a person employed by the secretary – so any person. That was the question asked, and your response was that there is no need for those people to have that access. Therefore, why would it be in the bill?
Lizzie BLANDTHORN: I will seek some further clarification, but I believe my answer remains the same.
Further to my point, department staff will not be accessing the personal information, which is what I believe I was discussing with Mr Limbrick. The department will, though, be managing health services’ access to the system itself.
Nicholas McGOWAN: Just picking up on the FOI questions asked before as well, in respect to FOI I think what the member was trying to allude to is that it is true, is it not, that no member of the Victorian public – in fact no-one at all – will be able to access records of anyone in the department or in any authority in regard to the access they may have had to a database held by the department?
Lizzie BLANDTHORN: I am advised that, no, they cannot, but they can FOI. In fact many health services will provide that information without FOI, but they can go directly through the health service for that information.
Nicholas McGOWAN: I appreciate the minister’s answer. Unfortunately, going through the different health providers – they will not have access of course, because the database is held and administered by the department. So the only way in which people could actually receive information in respect to whether it has been accessed, for example, by the department themselves, is through the department. How do we overcome that difficulty?
Lizzie BLANDTHORN: I think we are talking a little bit at cross-purposes. Somebody can FOI their individual health data. They can go to the health service for that, and they can FOI the health service. But many health services will provide that without an FOI. Correct me if I am wrong, but my understanding of what you are asking is: can effectively the department be FOI-ed to see who at the department end has accessed the information? And that is still FOI-able.
Nicholas McGOWAN: I thank the minister for her clarification. I would like to understand in this bill where that is permitted, though, because the way it is currently structured ensures that the department is in fact able to use this bill as a guard to prevent those kinds of freedom-of-information requests.
Lizzie BLANDTHORN: In relation to the specific question you are getting to in relation to whether the department can be FOI-ed in relation to departmental staff access of the database, say, or inappropriately accessing information or whatnot, our belief is that that is not prohibited by the bill.
Nicholas McGOWAN: Again, I thank the minister for her answer. But I bring the minister’s attention to division 5, clause 1. It says very specifically:
The Freedom of Information Act 1982 does not apply to …
It includes (a) and (b), and (b) is:
the Electronic Patient Health Information Sharing System.
The way the bill is currently drafted, that would have the effect of the department successfully, in every application for freedom of information based on anything in respect to that health information sharing system, being able to deny that application, because there is a disapplication of the Freedom of Information Act under this bill. Is that not correct?
Lizzie BLANDTHORN: My advice is that that interpretation is not correct – that it is intended that an FOI of that nature would still be permitted under the legislation.
Nicholas McGOWAN: I thank the minister for her answer. But that being the case, without suggesting an amendment, is it not open to the government to provide that? Why is that not provided for in detail here? Because if we have the strict application of this bill as it stands, it does, as I said, preclude anyone from being able to make a freedom-of-information application as it currently reads.
Lizzie BLANDTHORN: On your specific point, Mr McGowan, I think we have a difference of opinion about what it does and does not allow for.
David LIMBRICK: In my second-reading speech I spoke at length about the differences in underlying philosophical principles between this and other pieces of legislation. My question is: why is the government adopting a policy position in the bill that is contrary to all other recent Victorian health legislation, where the focus has been on respecting patient autonomy and prioritising patient wishes rather than being overridden by what someone else considers to be in the best interests of the patient? I can give you some examples: the Medical Treatment Planning and Decisions Act 2016 enables a patient to refuse medical treatment and make a binding advance care directive regardless of the views of others, the Voluntary Assisted Dying Act 2017 allows eligible patients to choose the timing and manner of their death, the Guardianship and Administration Act 2019 provides that a person’s will and preferences should direct as far as practicable decisions that are made for that person, and even more recently the Mental Health and Wellbeing Act 2022 seeks to prioritise the views and preferences of mental health consumers. Also, recent changes to the Health Services Act 1988 permit patients to opt out of receiving the benefits of a statutory duty of candour.
Lizzie BLANDTHORN: Thank you very much, Mr Limbrick, and thank you for your question. I think the fundamental difference between this legislation and most of the other examples that you have given – notwithstanding that some of those examples people in this chamber have very different views about, including me – is where somebody is making a decision about their own health treatment as opposed to this bill being about the sharing of information in a way that protects the privacy and security of that information. It is about being able to deliver the best possible patient care by the health service having access to the information it might need as opposed to the nature of care that somebody receives in terms of some of the other examples you have given, where people are choosing treatment or otherwise as opposed to choosing whether or not their data is shared.
David LIMBRICK: I thank the minister for her answer. My next question is: has the government in the construction of this bill considered the views of Victorians who opted out of My Health Record, which, as was said many times during debate, was about 10 per cent of the population, or the views of people that were subjected to the Medibank health information breach more recently?
Lizzie BLANDTHORN: As we discussed earlier, this bill has been a long time in the making and has had two years of thorough consultation. I think all of those considerations have had some weight given to them in the development of this bill. Ultimately what is, I guess, winning out in the proposal of this bill is the principle that the best possible patient care is reliant on sharing information about other care that that patient may have had at some point in time that is relevant to the care that they might then be seeking, at the same of course acknowledging many of the very valid questions that have been raised here today and ensuring that that is done in a private and secure fashion.
David LIMBRICK: I thank the minister for her answer. I move on to penalties. With the existing penalties in the principal act – this is in section 141 of the Health Services Act 1988, for the benefit of those in the box – my understanding is that they have never been used to prosecute health information privacy breaches. If that is true, how will statutory penalties deter privacy breaches in the proposed health information sharing system if those existing penalties have never actually been used?
Lizzie BLANDTHORN: I think the reality is that fines are always a deterrent and penalties of other natures are always a deterrent to some level. There is going to be a rigorous audit regime, and a fine for a breach or inappropriate use of the scheme and the records is most appropriate and I think, hopefully, an adequate deterrent.
David LIMBRICK: Is there any potential overlap between the Commonwealth My Health Record and the proposed system?
Lizzie BLANDTHORN: Obviously, as we were discussing earlier, the systems are indeed complementary and they will work together to ensure that we are in a position to both deliver the best possible patient care but also deliver it in a private and secure way. My Health Record contains important summary information. However, it is not a comprehensive record of the information that is relevant to your day-to-day clinical care, particularly within a public hospital, and the proposed Victorian system will complement the My Health Record as the national system for shared health information between public and private hospitals as well as general practitioners, specialists, community health services, pharmacies and so forth.
Sarah MANSFIELD: Will the minister write to all public health services requiring them to allow patients access to their medical records without recourse to FOI?
Lizzie BLANDTHORN: FOI is obviously the current mechanism for patients to access their medical records from public health services, and it is the mechanism currently provided for in the existing legislation, such as the Health Records Act 2001, the Health Services Act 1988 and of course the Freedom of Information Act. Formally excluding health services from FOI would likely require further legislative reform. However, Minister Thomas has committed to writing to public health services – to go to your specific query – to remind them of their obligations to facilitate and optimise patient access to their health information.
Sarah MANSFIELD: Will patients also be able to receive a report on who has accessed the electronic patient health information system and when and from which health service?
Lizzie BLANDTHORN: Patients will be able to access details regarding which clinical teams have accessed their health information as well as when and where their patient health information has been accessed. Individual names may have to be redacted due to privacy concerns, as we have discussed a few times now. There will be audit trail information from the system, which will be made available to health services, and guidance will be provided to ensure patients are readily able to access it.
Sarah MANSFIELD: Will individuals and agencies not involved in a person’s care, such as the police, have access to their electronic patient health information system record?
Lizzie BLANDTHORN: The bill prohibits any voluntary information sharing with other government agencies, including law enforcement agencies. However, as is the case now, it does not preclude circumstances where the department would be legally required to provide information to the police, such as under a warrant or a subpoena. Any compulsory requests like this will be dealt with according to established processes, including strict legal reviews. Health services currently must comply with subpoenas and with warrants.
Sarah MANSFIELD: Will the government ensure that there are regular surveillance audits for episodes of inappropriate access to records?
Lizzie BLANDTHORN: I think we have covered this matter a couple of times, but again, the department will be regularly auditing how clinicians are using the system and addressing any unusual activity with public health services. Health services will also be required to monitor their usage in accordance with their existing information security management processes, and details of the audit process will be included in the privacy management framework.
Sarah MANSFIELD: Can you assure us that survivors of violence and others in need of protection will be offered additional privacy protection, such as being allowed to use an alias?
Lizzie BLANDTHORN: This is one, given the nature of my own portfolios, I also have been very interested in. Guidance will be given to health services to ensure that highly sensitive patient information, like that of victims of domestic violence, will be treated with additional care and confidentiality, and depending on the circumstances, this may include locking down information so that it cannot be viewed or applying for an alias to a file. Hospitals already have in place processes such as the use of aliases and locking certain records for circumstances like these, and with the privacy management framework we will build on those already established processes.
Sarah MANSFIELD: Will consumers and citizens with particular concerns be able to have input to the privacy management framework, and how will that operate?
Lizzie BLANDTHORN: Consultation on the development of the privacy management framework will be robust, as I said. Issues around privacy in particular have been a point of consultation throughout the two-year process. But consultation on the development of the privacy management framework will be robust. It will include community groups that advocate for the interests of patients, healthcare workers and carers, and citizens may engage with groups like the Health Issues Centre to put their views forward or write to the minister or to their local MP.
Bev McARTHUR: Minister, correct me if I am wrong or if I misheard you, but did I hear you say that you would be protecting the privacy of the providers in the healthcare system?
Lizzie BLANDTHORN: Sorry, Mrs McArthur, are you referring to the question that was asked in relation to survivors of violence? We were talking about giving guidance to health services to ensure that highly sensitive patient information like that of victims of domestic violence will be treated with additional care and confidentiality and that depending on the circumstances this would include locking down information so it cannot be viewed or applying an alias – and the hospitals already have in place a process.
Bev McARTHUR: No, that was not what I was referring to. You answered a question where you said the providers of the information would have their names redacted to protect their privacy. Is that what you said?
Lizzie BLANDTHORN: Sorry, Mrs McArthur, I am not sure which question you are referring to. Was it the immediate one about the privacy of patients?
Bev McARTHUR: It was not about the privacy of the patients.
Lizzie BLANDTHORN: I am not certain – sorry, Mrs McArthur – which question you are referring to. We were talking about who will have access to the records. We were talking about surveillance and audits for inappropriate access to the records, particularly vulnerable participants in the health system. What we were talking about was the privacy of the information of the individuals.
Bev McARTHUR: Sorry, Minister, it was when you were referring to a patient getting access to the information that others might have. I thought you said those people’s names – not the patients but the providers – would be protected by privacy and their names would be redacted.
The DEPUTY PRESIDENT: Mrs McArthur, perhaps instead of referring to what you think might have been said, just ask the question on the information you are trying to get. That might help her to answer it.
Lizzie BLANDTHORN: I am advised that I did not say it was about that, and if I misspoke, I did not mean to. I am happy to consult Hansard. But, no, we were specifically talking about the individuals and their privacy, not that of the health services.
Bev McARTHUR: Then I will ask the question another way: if a patient accesses the information that is on their records, will the privacy of the medical practitioners or whoever be protected by redaction of their names?
Lizzie BLANDTHORN: Sorry, I misunderstood your question. Yes, at times the privacy of, say, the individual nurse or doctor or whatever it is may well be.
Bev McARTHUR: Then, Minister, if it is good enough for the privacy of the providers of health who are providing health care to that patient to be protected, why is it not essential that individuals have their privacy protected if they do not want their records accessed?
Lizzie BLANDTHORN: The provisions in relation to the workers in the system are a different issue to that which we were talking about in relation to the individuals. The very purpose of this bill is being able to deliver the best possible patient care, and crucial to that is being able to share information about what other health treatment the patient may have received in the past that is relevant to the treatment that they are seeking. As we were just discussing with the questions from the crossbench, where there is a particular security or safety issue in relation to an individual who may be vulnerable, such as someone who is potentially a victim of domestic violence, then there is the opportunity for an alias or a locked record or whatnot. But in this instance across the board the very purpose of this bill is information sharing.
Bev McARTHUR: So a patient may not be able to access the names of the people who have accessed their records. Wouldn’t that be critical to the patient seeking the information?
Lizzie BLANDTHORN: Further to my information, what will be visible is the clinical team, for example, just not the individual name – it necessarily may be redacted – of an individual nurse or other clinician. There have been instances in the past where, sadly, some of the workers in the deliverance of health care have been the target of violence, for example, and so there is a reason that it becomes necessary at times to redact the names of individuals. But the clinical team as a whole – it would be obvious who the clinical team is and where they were from.
Nicholas McGOWAN: This is critical. It goes to the heart of your answer just given to member McArthur’s question – it goes to the heart of the whole integrity of the entire system. If members of the public cannot even be sure that they will ever know who accessed their information – notwithstanding that I understand your concerns, and they would be my concerns too, about unforeseen consequences of people finding that information out at some point in time – if even by the very definition their identity is kept confidential, then no-one in Victoria will ever know who has accessed their information, except to say they may know, if they can ever get past the FOI restrictions, what clinic, hospital, department et cetera. My question is: how could you possibly police this system?
Lizzie BLANDTHORN: The very principle of this system, just to be clear on that, is about information sharing within the parameters that afford the necessary protections to the information. The names of clinicians would not necessarily be automatically redacted; they may be redacted as may be needed. The whole point is information sharing, and being able to see where that information has come from is an important part of the system.
Nicholas McGOWAN: I thank the minister for her answer. I am probably a little bit more confused, because you are now using the phrase ‘redacted’. I understand that. Previously it was that their privacy would be protected or it may refer more broadly to a department – the emergency department, for example. I just want to be clear: is it that in fact every end user’s – that is, somebody who collects the information; I will call them ‘collector’ for the rest of the day – any collector’s, no matter where they are, personal information will be known to the Department of Health or not?
Lizzie BLANDTHORN: Sorry, perhaps your use of ‘collector’ is going to insert more confusion into the conversation than otherwise, but by ‘collector’ are you referring to any clinician?
Nicholas McGOWAN: Yes, I am referring to all of those who are authorised to access the information and input the information too – correct.
Lizzie BLANDTHORN: The advice that I have is that, if we start at first principles, for every hospital or health service provider, effectively, their name as a headline is in the system and the treating clinician is in the system, as is in line with normal and current practice within hospitals and within health services. Again, as is the case in hospitals and health services, at the moment there are sometimes reasons why that service may have a policy where for some particular reason in relation to certain individuals or groups of individuals they may not provide their name, and that name may not necessarily be provided. Where names are provided but then it becomes apparent that it is not appropriate for those names to be accessed, names can be redacted.
Nicholas McGOWAN: I think we are starting to get there, so I appreciate your efforts. If there were a treating physician and there were a number of nurses, for example, is it correct that those nurses’ names – or any example, because it is not just about nurses, it could be pathology, it could be pharmacists, it could be laboratory workers; many, many, many may have access. Is it correct to say that other than the person who is authorising the script or looking for the test, there will be no way of actually tracking those other people?
Lizzie BLANDTHORN: It would be provided in accordance with the current hospital or health service processes or policy as it exists now, and effectively we are picking it up and lifting it into an electronic system. If it were the policy of the hospital to perhaps release the name of the treating doctor but not necessarily the nurses, then that would be reflected in the system. It would depend on the policy of the delivering hospital or health service.
Nicholas McGOWAN: I appreciate the minister’s answer. Therefore I suppose my concern, and maybe that of members present, is that what I am hearing then is that in fact we may as well take out all these provisions about the penalties and such, because if we have a system – as member Batchelor said earlier – that goes back 20 years, we will actually never be able to tell who accessed the information, and if there are breaches of the type that are envisaged by this bill, the public have no certainty, in fact no confidence, that we will ever know who they are.
Lizzie BLANDTHORN: Mr McGowan, at risk of bringing our conversation back when I thought we were moving forward, I am speaking to people who are perhaps inputting information and then accessing the information to treat. There will be a rigorous auditing process of who has accessed the information and ensuring that that will be rigorous and that there are fines at the end of that for people using the information inappropriately. But I thought your questions principally went to who will be listed in there as having provided the treatment as opposed to having access to the system. So you are talking about access. Let me seek some further advice – if there is anything to add to that.
All usage and all interactions with the system are obviously recorded, and that is subject to a rigorous audit process. The redaction of names is obviously based on policy and at times case-by-case arrangements, and inappropriate use will be picked up through the auditing and is subject to the fines.
Bev McARTHUR: Minister, this seems unreal. You have got one sector of the health system able to have their privacy protected – that is, the clinicians or those accessing information, because you have said they can have their names redacted, or the institution they are involved in might have a policy where no names are released – yet the patient, who might need to be reminded exactly who provided a service that they are inquiring about, cannot have their privacy protected. Why is there one rule for the clinicians or the institution but another for the individual patient?
Lizzie BLANDTHORN: As I said, the fundamental purpose of this bill is information sharing and being able to be in a position to deliver the best possible care to individual patients and to be able to do that by having access to care that they have received previously and knowing how that impacts on the care that they are receiving. In relation to who interacts with the system, obviously there are ways, as we were in the process of discussing previously, for individuals to have their privacy, particularly in vulnerable circumstances like domestic violence et cetera, and their anonymity protected through aliases or locked records or whatnot. When it comes to who enters the records into the database, that is all recorded and who is accessing it is all recorded. It is all audited, and inappropriate use will be picked up through that process. It is a rigorous process, and there are fines at the end of it in order to deter against inappropriate use of it. There are indeed times when it is appropriate for a number of reasons, as is the case already in hospitals and health services, for names of clinicians to be redacted, but that redaction is a case-by-case process.
Ann-Marie HERMANS: Some of the concerns I have, with mental health claims having significantly risen – obviously my background is in WorkCover – are patients not being given the option to choose whether they want people to access their information and also that they may not be able to find out who has. You did mention that people in vulnerable circumstances may have aliases or the opportunity to withdraw their information. Should a person feel that it would impact their mental health in any way, are there provisions provided to allow this type of patient to withhold their own medical information or restrict professional access because they would consider themselves to be people in vulnerable circumstances?
Lizzie BLANDTHORN: It is unfortunate that you were not here for some of the earlier conversation, because I think we have been over this ground a number of times now. We have talked about both why there is not an opt-out provision and how under the existing law public hospitals can share that health information required in connection with the further treatment of a patient without getting their consent first, and this bill adopts a similar approach to that by allowing health information to be shared for the continued care and treatment of patients. Obviously, the sharing of information to be able to be in the best place to deliver care and service to these patients is dependent on being able to access that previous information. But as we were talking about previously, when members of the crossbench asked similar questions to what you have just asked, of course one of the questions that was asked was in relation to domestic violence survivors and others being able to have security of their information. As we have already said, guidance will be given to health services to ensure that highly sensitive patient information like that of victims of domestic violence will be treated with additional care and confidentiality, and depending on the circumstances, that could include locking down information so that it cannot be viewed or applying an alias to a file, for example.
Ann-Marie HERMANS: Who is going to determine that the circumstances are actually vulnerable? Is it only going to be based on domestic violence, or are there going to be other criteria that determine that somebody is in vulnerable circumstances?
Lizzie BLANDTHORN: As I said, guidance will be given to the health services to ensure that those people directly delivering the care, who are in the best possible position to ensure that the appropriate consideration is given to those factors, find ways to judge the sensitive information of people, such as victims of domestic violence or people who are in similar need of protection.
Ann-Marie HERMANS: Where are these criteria going to come from? Who is determining this? What are the boundaries, and who has the input into who makes that criteria of who is considered to be a person in vulnerable circumstances?
Lizzie BLANDTHORN: This is a conversation that happens already in health services all of the time. Information of patients, particularly vulnerable patients in need of protection, is something that health services make decisions about already all of the time. Guidance will be given to the health services, and that will come in a variety of ways. But really, the health services themselves are the best people placed to make those decisions – and they already do.
Georgie CROZIER: Minister, I just want to return to some issues of today in relation to the IT outage at Eastern Health, which had a severe impact to a number of health services in that area, where clinicians and administrators had to resort to pen and paper. In the past we have in this place spoken about the number of cyber attacks to the Department of Health and others. Can you provide the committee – it might be another question on notice – how many cyber attacks the Department of Health is getting each day or each week? I cannot quite recall what the information we previously got was, whether it was weekly, monthly or daily, but I seem to recall it was on a daily basis. What is the number of cyber attacks that occur but do not actually breach the system?
Lizzie BLANDTHORN: I am advised that there have been no successful attacks, but let me consult with the box.
We can provide some more detailed information on notice. But I am advised that, consistent with a range of health providers everywhere, including across this jurisdiction – and, it is worth saying, all other entities as well – there are hundreds of attempts on almost a daily basis. But in terms of the specific ones, the Department of Health will provide that information on notice.
Georgie CROZIER: Thank you for your response and providing that information, Minister. After the very severe attacks that hit the Victorian health services in the south-west area, and then of course we had the Austin in 2021, the Victorian government put I think around $50 million into cybersecurity. I am just wondering, of that $50 million that was in the budget back in 2021 I think it was, how much of that has been expended into the public health system?
Lizzie BLANDTHORN: I am having flashbacks to Public Accounts and Estimates Committee hearings, but let me check.
I am advised that all of the allocations are spent on exactly that purpose.
Georgie CROZIER: You may have answered this, so I apologise if it is being repeated. It goes to the audit process. I am concerned about medical histories being accessed by doctors that might be looking at other potential employees or healthcare workers that might be working in a health service and their ability to access a service and see such things as – as Mrs Hermans was talking about – mental health, or there could be some other issues around domestic violence or any number of medical conditions. Just in terms of the audit process, would you mind providing the committee again with what that audit process will look like and how often it will be undertaken? Is it undertaken in each health service? If so, how often? Is it done from a department-wide perspective? How would that audit process be conducted?
Lizzie BLANDTHORN: Thank you, Ms Crozier, for the question and thank you for the opportunity also to add slightly to my answer to Mrs Hermans’s question before. There will also be an independent oversight committee, which will go to some of the issues that you were raising, and the broader privacy policy framework will also address some of those particular issues. I will see if there is anything more specific in relation to the finer aspects of your question.
Just to add to that, there will be routine auditing, and that will be at least monthly and it will be within the individual health services themselves.
Georgie CROZIER: Do the individual health services have to provide for those auditors, and is that an extra resource that they will have to provide in terms of every health service will have an auditor? How will that work?
Lizzie BLANDTHORN: That is something that the individual audit teams, which already do exist within each of the health services, will be responsible for. There will be technical support for that coming from the central system.
David LIMBRICK: Does the government have an estimate of approximately how many people will have access to this system? I understand it would only be an estimate, but are we talking 1000 people, 10,000? How many?
Lizzie BLANDTHORN: Just to seek some clarification on your question, Mr Limbrick, do you mean how many health service providers or, through the health service providers, how many staff – workers, clinicians et cetera?
David LIMBRICK: Yes, I am interested in the number of individuals that might have access to this system as part of working in their job.
Lizzie BLANDTHORN: To go back to the original purpose of the bill – and I know I keep referring to it, but it is important in the consideration of all of these questions – the purpose of the bill is information sharing to provide the best possible care for the individual who presents. Obviously, at the point of presentation the relevant and appropriate clinicians can access the information, and at another point in time at a different presentation the relevant clinicians can access the information as appropriate and needed. So it is in many ways very difficult to give an estimate, I think, to the very specific question that you are asking. But I will also return to the central point: that the purpose of the bill is information sharing. One of the things that has been given due consideration throughout it and is reflected in the amendments is the importance of the privacy management framework to ensure that for the information, regardless of the number of people who could potentially have access to it, there is an important privacy management framework in place and a rigorous auditing process and fines at the end of that auditing process for people who do the wrong thing.
David LIMBRICK: I thank the minister for her answer. In the design of any IT system one of the key pieces of information is: how many users is it going to have? Surely the government must have some estimate of the number of users that would have an account on this system and be accessing it.
Lizzie BLANDTHORN: I think the question is twofold, and you were going specifically in your earlier question to numbers of individuals as opposed to numbers of health services. Obviously, the system is being designed in a way that reflects the health services that need to access it and the clinical teams within those health services. If there is more detailed information we can provide you, we will. But in terms of number of any individuals, and for any one patient, that is a variable number and there is no one answer.
David LIMBRICK: I think the minister may have misunderstood my question. I am not talking about the number of individuals who can access any individual one patient, I am talking about the number of workers across the entire system who would have access to it.
Lizzie BLANDTHORN: I do not think we misunderstand the question; it is just a difficult question. ‘Hypothetical’ is not quite the right word, but it is a difficult question to answer. There are 72 health services, and obviously the relevant clinical teams within those health services will have access to that and the capacity to input the information and use the information as needed to deliver care for the patient. The key I think is the privacy management framework to ensure that that information is secure, that the privacy of the individuals is maintained and that there is a rigorous auditing process. And there are the fines at the end of that process in order to deter people from doing the wrong thing.
Georgie CROZIER: Minister, if I could just follow up Mr Limbrick’s question around that, you have just answered with ’72 health services’, but in actual fact it is a lot more than that, isn’t it? We are talking about community health. We are talking about the North Richmond injecting room, for instance; that would be included in this bill. Those clients that go to the North Richmond injecting room through the community health service there would be included in this bill. So it is not just 72 health services. If, as Mr Limbrick has said, you are talking about not just doctors and nurses but those administrators within the 72 public health services that you are referring to, you have got a whole range of other people that are also working in these other services, so there are a very large number of people that will be utilising this system. I think that is what Mr Limbrick is saying. Could you just clarify that, yes, it does include public health services, community health services and –
Bev McArthur interjected.
Georgie CROZIER: Well, I am getting to that. That is clause 4. But now that you have raised it, clause 4 goes to the issue. Maybe if I can just ask that question and come back to my next question, which is that one.
Lizzie BLANDTHORN: There are obviously a large number of health services that are part of the system – that is a given – and the purpose of the bill is to connect patient care across that very large health system. In many respects the number of people is not as important as the privacy management framework which goes to protecting the way in which that system is used, the protection of the data within that system and the protection of the privacy of the individuals as patients.
Georgie CROZIER: Now that we are onto this, as Mrs McArthur was talking about – she wanted to know this – the bill, under ‘definitions’, talks about ‘participating health services’. The majority of this definition encompasses public health services and, as is highlighted, the various schedules, so that is what we were referring to in terms of what would be captured under this: pathology and a whole range of things, as I said – community health services and the like. But in those definitions new subsection (k) says:
a prescribed entity or a prescribed class of entity that provides health services …
Can you rule out that private health services will be captured by this through regulation?
Lizzie BLANDTHORN: There is no intention to do that, Ms Crozier, no.
Georgie CROZIER: The intent is one thing here and now, but will you guarantee that no private service – GPs; private health organisations, such as health providers and a whole range of other providers in the private system; aged care, for instance – will be captured by this bill? I know you say the intent, but I need to get a guarantee.
Lizzie BLANDTHORN: My advice, Ms Crozier, is that the bill does not capture those private providers. Obviously the bill is subject to review in three years. But further to that, there would be some information from private providers that might be included in My Health Record, for example, where they already upload that information to My Health Record. But, no, this bill does not, in the bill itself or through the regulations, apply to the private sector.
Georgie CROZIER: I thank you for that assurance that no private health service will be captured by this bill, but if it is the intent of the bill to be able to share information among services, often a GP will have information of a patient and they will be making referrals to large hospitals, they will be communicating with a large hospital about that patient’s information, so if the government is talking about true patient information sharing, what is the view of not having that system extend into these areas?
Lizzie BLANDTHORN: Thanks, Ms Crozier. It goes to my earlier answer. Already My Health Record captures GPs, for example, but we do not have jurisdiction to be able to implement these same provisions in relation to private providers.
Georgie CROZIER: Yes. I notice on the department’s website where they do talk about My Health Record and they do talk about health services having access to that; it is already on the department’s website about My Health Record and how that works. And you are right, GPs will have access to My Health Record – that is why it was set up – but My Health Record has an opt-out, and again, there is a large degree of inconsistency here around the opt-out. I would just like some confirmation, because when I have looked at the Queensland department of health patient information sharing it does talk about an opt-out system. Admittedly I cannot see when it has been updated recently – it does say some time ago – but it does actually say you can opt out, and I am happy to read that in. Could you provide the committee with some information as to where you got that from about Queensland or when it was updated? They maybe have not updated their website, because on the website it does say you can opt out. Could you provide the committee with where that is?
Lizzie BLANDTHORN: My advice is that they can opt out of providing information to GPs but not to public hospitals.
Georgie CROZIER: I think that is where there is a bit of confusion, because on that site it says:
Opting out
Queensland Health Practitioners will be able to access a range of information regarding your public hospital healthcare.
So you are talking about the GP here.
If you would prefer that your treating Health Practitioner did not have online access to your public healthcare information, you have the right to opt-out.
Your treating health practitioner could be in a community healthcare setting, could be a private GP, could be in a public health service, right? But they are clearly saying to the Queensland public, ‘You have a right to opt out.’ It says:
Opting out means eligible Health Practitioners won’t be able to access information regarding your public hospital healthcare through the Health Provider Portal.
I think that is pretty significant in relation to what they are telling the Queensland community and what you are providing here, and I think there needs to be some more clarity around this, because it clearly says you have the right to opt out. And with ‘your treating health practitioner’, it does not define that that is your GP. Can you comment on that?
Lizzie BLANDTHORN: My advice is that in Queensland you cannot opt out of the information-sharing system for the public health system and that Queensland’s electronic health information sharing arrangements go beyond Queensland’s public health services, though, and also involve other practitioners not working in the public health system, like GPs, private specialists and community pharmacists. These are referred to in the Queensland system as ‘eligible health practitioners’. My further advice is that Queensland Health allows you to opt out of sharing information with these community sector practitioners, but patients cannot opt out of their records being shared with Queensland Health clinicians working in public health services. They can always view patient records through their electronic sharing platform, the Viewer.
Georgie CROZIER: So clearly, if the Queensland government, as you say, have extended into other areas where your information is, there is absolutely no guarantee – I just need to get this really clear – that the Victorian government will not provide for other private providers to be included in this system into the future.
Lizzie BLANDTHORN: My answer remains the same. And just to be clear, there is no intention with this legislation to rope in, for want of a better term, private providers. For discharge summaries and so forth private providers will follow the same processes they already follow in terms of going with the patient in whichever way is deemed appropriate at the time by them and the patient, but there is no intention to rope in private providers of any kind.
David LIMBRICK: Is there a definitive list of organisations which fall under what is called in the bill:
a prescribed entity … that provides health services …
This is in – maybe your advisers can help with this – new section 134ZE(k) under ‘Definitions’. Is there a definitive list of who falls under that?
Lizzie BLANDTHORN: The only addition to the list that is currently in the act is the centre for mental health and wellbeing.
David LIMBRICK: I thank the minister for her answer. A more specific question: will the Victorian Refugee Health Network be caught up under this information-sharing system?
David LIMBRICK: I thank the minister for her answer. Was that an intentional exclusion because of their obvious status, or is there some other reason that they are not caught up in this?
Lizzie BLANDTHORN: It goes to the conversation we were having earlier with Ms Crozier. They are not a public provider. They are a private organisation that is not included in this.
David LIMBRICK: I thank the minister for her answer. Back to the issue around – I think the term used was ‘a highly sensitive patient’. One of the examples given was potentially someone who is experiencing domestic violence issues. Who decides whether that person is a highly sensitive patient or not?
Lizzie BLANDTHORN: There will be an independent oversight committee as part of the process, and that will have a role in that. Obviously guidance will be given to the health services who are dealing directly with the patients. They will have clinical views about that as well. There will be an independent oversight committee.
David LIMBRICK: I thank the minister for her answer. It sounds like that is going to be worked out later; that is fine. What we are talking about here with these highly sensitive, vulnerable groups – isn’t this really just a highly selective and limited opt-out? That is what it sounds like.
Lizzie BLANDTHORN: Obviously the intent of the bill, as we have talked about many times now, is sharing information and protecting privacy in the best interests of the health needs of the patient. For vulnerable patients – particularly those presenting in situations that are impacted by circumstances that go to the protection of the individual, where it is necessary to facilitate the protection of the individual to ensure their health and wellbeing – that is obviously being provided for through these provisions.
David LIMBRICK: I thank the minister for her answer. Related to consultation, did the government consult with the federal digital health agency in the production of this bill?
Lizzie BLANDTHORN: To return to the conversation around consultation, there has been a two-year consultation process, where a range of stakeholders were consulted on the varied aspects of the bill, and that included stakeholders in a range of fields from legal to – the most obvious – medical, but a range of stakeholders were consulted on the various issues within the bill.
Bev McARTHUR: Minister, can you just confirm that, for anybody with private health insurance who attends a private hospital or who attends a private GP or attends a GP in a private capacity or a psychiatrist or when they go to the chemist or any other health professional that they attend in a private capacity, none of their information will be captured by this bill?
Lizzie BLANDTHORN: I will return to my previous answer: private providers of any type are not picked up by this bill.
Georgie CROZIER: There is an inequity issue here in relation to that, is there not: that those that have to attend a public health service – and I am 100 per cent supportive of our public health service; I have worked in some fabulous hospitals here in Melbourne – have no right to opt out. If you attend a private hospital emergency department with that same care, they will not have your information, but if Ambulance Victoria picks you up and takes you to another public hospital, they will have your information. There is an inequity here, is there not?
Lizzie BLANDTHORN: Clearly, the intent of this bill is to ensure that every patient receives the best possible care that is available, and the best way to provide holistic care for a patient is to have access to the information. We do not have jurisdiction to implement this legislation in relation to private providers. We do have jurisdiction to implement this legislation, designed to provide the best possible care to patients, in the public system, and that is what we are doing.
Georgie CROZIER: I appreciate that and I understand that, but again there is no provision for somebody to opt out of the system should they not have the ability to afford private health insurance. I think that those people should have a right to be able to opt out. What I am concerned about is that you will use this argument that I just put, saying there is an inequity, and then move into the private system. So what I ask again is: with that review in place for three years, will that review take into consideration some of these arguments we are putting to you today, or can you guarantee that no private hospital, or no private entity, will be caught up in this legislation?
Lizzie BLANDTHORN: As I have already said, Ms Crozier, no private entity is caught up in this legislation. That said, information from private entities is often entered into My Health Record and will obviously continue to be so. The intent of this legislation and where we have jurisdiction is to provide for information sharing; it is about delivering the best possible care for patients insofar as we can and do have jurisdiction to put that in place.
David LIMBRICK: The records themselves that will be held in this system – who actually owns these digital health records?
Lizzie BLANDTHORN: I will just consult.
The individual health services remain the custodians of the information.
David LIMBRICK: This creates some sort of conflict, though, doesn’t it? The point that I was making before about the possibility of the health service provider and the system being out of sync with each other is definitely a possibility in my mind. Therefore we are saying, if the data is wrong in the central system, it is going to be the health service provider’s fault because they are the owners of that data. Doesn’t this create a problem?
Lizzie BLANDTHORN: As I said, the individual health services remain the custodians of the data for which they are responsible, and the point of the system is sharing that data. But the individual health service, yes, does remain the custodian of the data that it is responsible for.
David LIMBRICK: I thank the minister for her answer. I come back to a question I had before, which we thought we understood. I was asking about refugee health services. It is my understanding that in the Health Services Act, schedule 5, ‘Public health services’, Western Health is one that is included. They are listed in Maribyrnong as providing a refugee health program, so surely they would be caught up in this, wouldn’t they?
Lizzie BLANDTHORN: I will just consult, but I think there is an interpretation.
Where individual public services are offering a refugee health program as part of their public health program, that will obviously be included, but where there is an individual refugee organisation that is a private organisation, that is not proposed to be added to the list.
Ann-Marie HERMANS: Just to help me clarify something, given that it is only for the government hospitals, can private hospitals and services opt in to the electronic patient health information sharing system, and if they do, how will patients know they have opted in? Would there be some sort of way for that to be revealed so that patients could have the choice in a private health system?
Lizzie BLANDTHORN: No. My advice is they cannot opt in. If it is a private organisation, private provider or private entity, it is not included, and if it is public, it is.
Georgie CROZIER: Minister, in your previous answer to the question I asked you, you said that Victoria does not have the jurisdiction to encompass private health services in the bill yet noted Queensland have extended their information sharing into private services. What is stopping Victoria from doing the same?
Lizzie BLANDTHORN: I will seek some advice.
In Queensland my advice and my understanding is that the difference in the jurisdiction or I guess the system is that they have the option to opt in. So in the review with people in three years time we could consider whether we want to give privates the option to opt in, but we cannot require them to opt in.
Georgie CROZIER: So what consultation have you had with the privates, given that you just said that with the review we might give privates that option? What consultation have you had with the private sector now?
Lizzie BLANDTHORN: Just to be clear, I will consult with the box in relation to your additional question regarding consultation specifically, but I did not say that we would. And to go to your earlier question, which I realised after I sat down I did not fully answer, in relation to the review considering all of the issues that have been raised here today – and this is another one – there will be a full review of the legislation in three years time, and all of these issues obviously can be encompassed as part of that review, including whether or not at that point in time people want to consider whether it would be something that could be not required but chosen, opting in. But let me consult regarding any consultation that might have happened.
Two things, one on the point of consultation and one for further clarity regarding the Queensland situation – and obviously I am speaking here as a Victorian minister, not as a Queensland one: my understanding is that in Queensland private GPs can specifically look at information, say, in a public hospital, for example. So it is not that they come into the system so much as they can access the system to see that information that might be relevant to the patient that they are then treating. In regard to consultation, there has not been specific consultation, as far as I am aware, with individual private hospitals or others, but the AMA and other key peak stakeholders have been consulted as part of that two-year consultation on the breadth of issues in relation to the bill as a whole.
Bev McARTHUR: Minister, I just go to this new section in the amendment where the minister has the power to appoint an expert panel of three persons. It does exclude:
(a) a current employee or executive officer of a registered political party … or
(b) a current or former member of Parliament …
Will it also exclude any current or former staff members of members of Parliament or any current or former members of the bureaucracy in relation to health?
Lizzie BLANDTHORN: The exclusions are there and explicit in the bill.
Bev McARTHUR: So, Minister, then it can include any staff of members of Parliament and any staff of bureaucracies?
Lizzie BLANDTHORN: The exclusions are explicit in the bill.
Nicholas McGOWAN: Was it modelled in the business case how many Victorians will not be captured by this bill?
Lizzie BLANDTHORN: Sorry, I do not have the number at hand, Mr McGowan, but obviously anybody presenting to a public service will be captured. I know that does not directly answer your question.
Nicholas McGOWAN: In the example given by another member a brief time ago in respect to an ambulance, if an ambulance picks up a Victorian and takes them to a private facility, because they are going to a private facility are they also captured insofar as their engagement with the ambulance service goes?
Lizzie BLANDTHORN: In that instance, Mr McGowan, the ambulance service data would be captured, but if there was then a presentation at a private hospital, not the private hospital’s. Of course obviously My Health Record does then capture some of that data at that end.
Bev McARTHUR: Minister, just in relation to Mr McGowan’s question, I have got private ambulance cover, so why would my journey be captured?
Lizzie BLANDTHORN: Mrs McArthur, as a public service, despite the fact you might have private cover that pays for that service, it is using a public service and the data from the public service would be captured.
Nicholas McGOWAN: I think I may know the answer to this, but I will ask nonetheless. Does that also stand for a public patient who goes to a public hospital but the public hospital offers to have them as a private patient?
Lizzie BLANDTHORN: Again it goes to the provision of the service rather than who pays for it. If the provision of the service is via a public hospital, then that would be captured.
Nicholas McGOWAN: In drafting this bill, did the government of Victoria consult the protective security policy framework devised by the federal government?
Nicholas McGOWAN: Just to be clear, is that a ‘No’ or a ‘Not sure’ from the advisers?
Lizzie BLANDTHORN: Sorry, could you repeat the question, please, Mr McGowan?
Nicholas McGOWAN: That is okay; I thought I might need to. Did the Victorian government consult the protective security policy framework devised by the federal government?
Lizzie BLANDTHORN: Sorry. For clarity, yes.
Nicholas McGOWAN: Did the government explore a system that would provide an opt-out?
Lizzie BLANDTHORN: Obviously in the development of the bill over two years of consultation lots of considerations were given. Schemes were looked at that included opt-out provisions, but they were considered to be of low clinical utility. The very purpose of the bill is to ensure that they are at the highest possible end of clinical utility, hence the scheme that has been proposed.
Nicholas McGOWAN: Thank you very much for the answer, Minister. In respect to the low clinical utility, are you able to share with the house the parameters which they set for that and what the benchmark was in specific terms? And are you also able to share with this house the brief in that respect?
Lizzie BLANDTHORN: I am advised that no specific numbers were set in relation to that, but it was considered, based on observations of other jurisdictions, that this model was the best model to proceed with.
Nicholas McGOWAN: I thank the minister for her answer. The reason I asked, really, is because it occurs to me that if the federal system had around 90 per cent who opt in, that would seem to be a rather large number. Speaking to Member Somyurek’s references in this house today, it would strike me that it makes both good policy and good politics to provide an opt-out, because with so few people opting out – and in fact in Victoria perhaps you would even get less than that – wouldn’t it have been simpler and perhaps, from my perspective, the right thing to do to provide an opt-out?
Lizzie BLANDTHORN: Look, under the existing law, public hospitals can share health information already if it is required in connection with the further treatment of a patient without getting their consent first. It does indeed happen already, and the bill adopts a similar approach by allowing the health information to be shared for the continued care and treatment of a patient. Obviously it is designed around what is in the best interests of the patient’s wellbeing. The proposed secure health information system will not change the ability of health systems to share that information. That already happens; they can do that, but it will certainly improve the way that information can be accessed, as we have discussed ad nauseam already, so I will not repeat myself. There is security around those arrangements already, and as I said, it is consistent with other jurisdictions.
Nicholas McGOWAN: Minister, thank you again for your answer. Is the minister able to provide a copy to the house of the business case?
Lizzie BLANDTHORN: Mr McGowan, the business case itself is cabinet in confidence. It is part of ongoing discussions and considerations at that level.
Nicholas McGOWAN: Is the minister able to provide any evidence of the department’s consideration in respect to the protective security policy framework?
Lizzie BLANDTHORN: Yes, we can provide on notice evidence of the interactions in relation to that.
Nicholas McGOWAN: Did the department at all consult ASIO in drafting this bill today or previously?
Nicholas McGOWAN: Did the department consult ASIS before they brought this bill to the house today?
Lizzie BLANDTHORN: No, they were not, Mr McGowan. But all federal requirements in relation to security were contemplated in this space.
Nicholas McGOWAN: I thank the minister for her answer. I also ask whether the department consulted the federal police in respect to the bill.
Nicholas McGOWAN: Did the department consult the Australian Signals Directorate in respect to the bill?
Lizzie BLANDTHORN: I am advised, Mr McGowan, that the process, the system, adheres to all Australian Signals Directorate requirements.
Nicholas McGOWAN: Minister, are you able to provide a copy of that or some evidence of that to this house?
Lizzie BLANDTHORN: Yes, we can do that on notice.
Nicholas McGOWAN: Did the department take into consideration at all the potential for an unconscious bias in respect to the information that will be shared and how it is shared when patients are treated?
Lizzie BLANDTHORN: I am advised that it is not directly relevant in the sense that the documents that we are talking about are clinical documents, like pathology results et cetera, as opposed to more subjective things.
Nicholas McGOWAN: I thank the minister for her answer. The unconscious bias is in respect to if a clinician, for example, is treating a patient and they read the file before they consult the patient – that is, while they are waiting for them – that notwithstanding that, there is unconscious bias. So the question I suppose is, as I said previously: have the department taken into consideration the risk that presents to the individual’s health but all Victorians’ health?
Lizzie BLANDTHORN: Yes.
Nicholas McGOWAN: Would you mind sharing the evidence of that as well with the house?
Lizzie BLANDTHORN: On notice; that is fine.
Nicholas McGOWAN: Another question in this respect: did the department take into consideration the potential for confirmation bias when they formulated the bill?
Lizzie BLANDTHORN: Not specifically, I am advised.
Bev McARTHUR: Minister, just going back to your answers in regard to the expert panel, forgive my scepticism, but a minister appointing a panel leaves me with considerable concerns. Could you confirm that somebody potentially like Professor Sutton or Commander Weimar could be appointed to the expert panel?
Lizzie BLANDTHORN: The exclusions for who cannot be appointed to the panel are very clear.
Bev McARTHUR: So they can be, effectively?
Lizzie BLANDTHORN: The exclusions are very clear.
Nicholas McGOWAN: Have the department, Minister, done any assessment in respect to whether they are concerned that this bill may have a push effect onto the private system, given that in the private system patients there are accorded their privacy?
Lizzie BLANDTHORN: Consideration was given to that, and in particular the examples of other jurisdictions were looked at, and there is no evidence of that occurring.
Nicholas McGOWAN: Minister, has the department provided or completed a draft budget in respect to the establishment of this database?
Lizzie BLANDTHORN: Budget considerations remain the consideration of the relevant parts of government.
Nicholas McGOWAN: I pick up on a question asked by one of the Greens members earlier today in respect to IT – I think the language was ‘IT products’ or ‘IT services’, that kind of thing. I was not quite clear what the answer was, because there may be a need in some, say, low-tech – and we have heard a lot today about low-tech – facilities where they do not have computers, for example, and the means by which to provide the information. Has there been any consideration given to providing funding to any number of the outlets that are required to share this information with the department?
Lizzie BLANDTHORN: As I have said already, services will be supported. Funding decisions remain the consideration of government.
Nicholas McGOWAN: In respect of the Health Records Act, has anyone ever been prosecuted for a privacy breach in respect to that act?
Lizzie BLANDTHORN: We will take that on notice and come back to you.
Nicholas McGOWAN: Thank you, Minister. I suspect I know the answer to this question, but I will ask just for purposes of clarity. When we talked earlier about the participating health services, you mentioned the number 72. I would be keen to know whether you also have a collective number for (a) through to (k) in respect to part 2, new section 134ZE. It is under ‘Definitions’.
Lizzie BLANDTHORN: Twenty-two.
Nicholas McGOWAN: So 22 is the number on top of the 72 – so 72 plus 22. Is that correct?
Lizzie BLANDTHORN: Yes.
Nicholas McGOWAN: Has the department, Minister, done any research that you are aware of or have been made aware of in the drafting of this bill on the potential consequences on the health of those who would prefer to opt out but will now no longer seek medical attention?
Lizzie BLANDTHORN: Sorry, can you repeat that question, Mr McGowan?
Nicholas McGOWAN: Has the department done any research or given consideration to the individuals who may have wanted to opt out but will no longer be able to do that in the system, in terms of their possible health outcomes, if they do not engage in the system?
Lizzie BLANDTHORN: Thank you, Mr McGowan, for your question. There is no evidence of that in any of the other states in the research that the department did, and consumers were overwhelmingly supportive.
Nicholas McGOWAN: Is the department able to share that research or that investigation they undertook?
Lizzie BLANDTHORN: Yes.
Nicholas McGOWAN: In respect to the bill itself, just taking a look at that – is there a reason why they have not defined the word ‘centralised’ in part 1, clause 1(a)(i)?
Lizzie BLANDTHORN: ‘Centralised’ refers to those that will be operated by the department, and we can take on notice, if you like, why it was not further defined, if that is helpful.
Nicholas McGOWAN: I thank the minister for her answer. What I am also keen to understand is whether in using the word ‘centralised’ it literally means that it will be centralised in the department or whether the department may look to have that function actually administered and housed outside of the department itself.
Lizzie BLANDTHORN: No, it will be definitely operated by the department – within the secure environment of the department.
Nicholas McGOWAN: So just to confirm: there are no plans, there is no intention in the future, to have that outsourced in any way?
Nicholas McGOWAN: Does that include Cenitex as well?
Lizzie BLANDTHORN: No. Sorry, a double negative there. There is no intention for it to include Cenitex, as you asked.
Nicholas McGOWAN: Minister, in respect to the same section, it refers to ‘specified health services’. I am wondering why they used that because it is not a term defined, although we both know that it refers later to a ‘participating health service’, and in paragraph (k) of that it talks about a ‘prescribed entity’ or ‘prescribed class’. But it seems to have, for some reason I am not quite sure why, ‘specified health services’ undefined in part 1, clause 1(a)(i).
Lizzie BLANDTHORN: Let me double-check my thinking.
Sorry, Mr McGowan. I think we are all getting hard of hearing in the afternoon. Did you say ‘specialised’ or ‘specified’?
Nicholas McGOWAN: Specified, Minister – ‘specified patient health’. It appears twice: in the early part of subparagraph (i) and the later part of subparagraph (ii).
Lizzie BLANDTHORN: Thank you. That is what I thought you said. We will take that on notice specifically. I do not think there is any particular reason – I think it is referring to those public health entities – but we will take that on board.
Nicholas McGOWAN: Thank you, Minister. I appreciate that. Also in respect to part 1, clause 1(a)(ii), again it uses ‘specified health services’. There is no definition. It does not seem to correlate necessarily to the rest of the bill that I can see before me.
Lizzie BLANDTHORN: I will seek some further clarity and come back to you on that. I think it is an oversight.
Clause agreed to; clauses 2 and 3 agreed to.
Clause 4 (16:13)
The DEPUTY PRESIDENT: Ms Crozier has withdrawn her amendments 1 and 2 on her sheet GC43C, so we do not need to deal with those.
Georgie CROZIER: It is Thursday afternoon, and we are all going a bit troppo. Obviously I am going to move my amendment in relation to the opt-out, but I just want to ask some general questions around the notice of health information, around clause 4. On pages 5 and 6, section 134ZH provides that the secretary may specify certain health information be given by participating health services for the information-sharing system. I know that we have been talking about specified health information, and Mr McGowan has asked that and we have clarified a lot of what the intention is here. However, section 134ZH(2) says:
The Secretary may also specify … a relevant date in relation to health information … being not earlier than 3 years before the commencement of …
part 6C. That is February 2024. So is it the intention of the government to include all specified information for the three years prior to the commencement of the bill?
Lizzie BLANDTHORN: Yes.
Georgie CROZIER: So if I look back – and I will use the Premier as an example with his back injury, which was in 2021 I think – would somebody like the Premier have his health information at the Alfred be available, shared across the health information system as the bill outlines, from that time?
Lizzie BLANDTHORN: I am advised that in order for it to be clinically useful we need to go back three years, but there are conventions in place to protect the privacy of people whose privacy needs to be protected.
Georgie CROZIER: So now we have got selective information, Minister; is that what you are saying? With someone like the Premier, who had a great deal of privacy around his accident – nothing wrong with that – are you saying that there would be selective information around various individuals dependent on the privacy aspects of who that individual is? Did I misinterpret you and how you answered that?
Lizzie BLANDTHORN: As I said, health services apply current conventions and those conventions are in place across that breadth of information for everyone, and they will continue to apply going forward.
Bev McARTHUR: Minister, why are medical professionals not given any discretion under the proposed section 134ZI as to whether or not they provide a particular aspect of a patient’s health information to the state government?
Lizzie BLANDTHORN: I am advised, Mrs McArthur, that does not happen currently.
Bev McARTHUR: Does the government believe that there are no circumstances in which it may be reasonable for a medical professional to wish to keep a particular aspect of a patient’s health information private and not provide it to the state government?
Lizzie BLANDTHORN: That is the purpose of the privacy management framework – in order to do that.
Bev McARTHUR: We love frameworks. Is the government aware that the Australian Charter of Healthcare Rights applies to all healthcare services in Victoria, and can it foresee any possible conflict between the charter and the mandate on medical professionals through their employer to provide specified health information to the state government?
Lizzie BLANDTHORN: The charter to which you refer is obviously in place right across Australia, and it has not been an issue in other states or provided for there to be a conflict.
Bev McARTHUR: Sorry. Could you repeat that, Minister?
Lizzie BLANDTHORN: It hasn’t been a problem in other states that have similar systems and then created a conflict. It is a charter that already exists across the country and does not present that type of conflict in other jurisdictions that have similar systems.
Bev McARTHUR: Minister, has the government received advice relating to the interaction between the proposed provisions in the bill and health service providers under the federal Privacy Act 1988?
Lizzie BLANDTHORN: Yes.
Bev McARTHUR: Australian privacy principle 6, under federal privacy law, requires entities to obtain consent from individuals before disclosing information to any other party. So, Minister, how does the government believe this requirement will interact with proposed new section 134ZL, which expressly states that no consent is required for disclosure of the relevant health information to the state government?
Lizzie BLANDTHORN: It is anticipated that the legislation will provide a secure environment in which to provide that protection.
Bev McARTHUR: ‘It is anticipated’. Is that your answer?
Lizzie BLANDTHORN: My advice is that we can potentially get you some further information. But yes, the belief is that the security provisions that are in the bill and the framework will provide for the issue you are speaking of.
Bev McARTHUR: I look forward to receiving that in detail. Has the government sought advice regarding the constitutionality of proposed new section 134ZL, which expressly states that no consent is required for disclosure of the relevant health information to the state government, particularly with respect to its potential inconsistency with federal privacy law?
Lizzie BLANDTHORN: There are exemptions for medical treatment, and where otherwise legally permitted, there are exemptions under the federal privacy law.
Bev McARTHUR: Is it the government’s intention to capture under proposed new section 134ZI health information that has been collected by health service providers solely for research purposes?
Bev McARTHUR: Minister, how does the government interpret the phrase ‘or has received health services from’ in new subsection 134ZI(1)(a), and could it capture the information of participants in research conducted by health service providers?
Lizzie BLANDTHORN: The system is not intended to be used for research, and there are good mechanisms in place to protect it against that use.
Bev McARTHUR: Minister, ‘not intended’ or ‘will not be’?
Lizzie BLANDTHORN: Yes, will not be. There are other mechanisms in place for research.
Bev McARTHUR: Does the government believe that federal privacy law applies to the use of health information on the electronic patient health information sharing system accessed by participating health services under the proposed section 134ZM?
Lizzie BLANDTHORN: I am advised that the Australian and Victorian privacy laws are consistent.
Bev McARTHUR: The proposed sections 134ZM and 134ZN allow for those engaged or employed by participating health services to use and disclose specified patient health information for various purposes, namely providing medical treatment, giving information to the secretary and conducting information security and data management. Is it the government’s understanding that these activities are an exhaustive list of the purposes for which the health information could be used or disclosed?
Lizzie BLANDTHORN: Yes.
Bev McARTHUR: Will the electronic patient health information sharing system in the form to be determined by the secretary under the proposed section 134ZF keep track of the individuals who access and use Victorians’ private health information and for what purpose?
Lizzie BLANDTHORN: Yes, it will capture it all, but it will only be for the purposes of sharing the information as the bill intends or for the purposes of auditing the system.
Bev McARTHUR: Minister, does the fault element of the offence under the proposed section 134ZP, unauthorised persons knowingly accessing the electronic patient health information sharing system, mean that the individual must both know they are accessing the information and know they lack authorisation, or only the former?
Lizzie BLANDTHORN: I will take that on notice, Mrs McArthur.
Bev McARTHUR: What other uses and disclosures under Victorian or federal law would be permitted as exemptions to the offence in the proposed section 134ZR?
Lizzie BLANDTHORN: Again we will come back to you on notice, Mrs McArthur.
Bev McARTHUR: Maybe you could just tell us when you will come back, and then I will ask another question.
Lizzie BLANDTHORN: Sometime today, Mrs McArthur.
Bev McARTHUR: Thank you very much, Minister – much obliged. Minister, presumably the government has considered the extent of the impact of this legislation and therefore the other purposes for which Victorians’ private health information can be used – in which case, can you list any other permitted uses and disclosures under Victorian or federal law which would constitute exceptions to the offence in proposed section 134ZR?
Lizzie BLANDTHORN: We will include that in the information we provide you today.
Bev McARTHUR: What is the policy rationale for the disapplication of the Freedom of Information Act 1982 under proposed section 134ZS?
Lizzie BLANDTHORN: That is as we were discussing earlier today when we went through these FOI issues in clause 1. The disapplication of the FOI aspect remains with the health service other than insofar as we were discussing with Mr McGowan as it relates to the departmental aspect of managing the system as a whole.
Nicholas McGOWAN: My question is in respect to division 1 and in particular the definition – division 1, new section 134ZE(d) – of ‘a multipurpose service’. Is there a definition for that?
Lizzie BLANDTHORN: It is referring to rural health services with residential aged care.
Nicholas McGOWAN: In respect to division 2, new section 134ZF(2), it says:
The Secretary is to keep the Electronic Patient Health Information Sharing System in a form …
Can the minister advise the house what that form will be?
Lizzie BLANDTHORN: It will be in a secure electronic form, as per normal systems.
Nicholas McGOWAN: Might that also, though, include other various forms? Is that yet to be determined?
Lizzie BLANDTHORN: No, insofar as we understand the question, Mr McGowan, it will be stored in a secure electronic form.
Nicholas McGOWAN: In respect to new section 134ZH(3):
A participating health service must give to the Secretary …
This really relates to the information. How does the system anticipate duplicate information? That is, if I go to a GP and ask for a blood test and that GP receives the blood test results but I also go to pathology and pathology get the blood test results, presumably they have also copied in numerous doctors – perhaps a specialist as well – so they have that information. Has the system anticipated duplicate copies of the same information?
Lizzie BLANDTHORN: A health service will only upload the document once. If someone within a short period of time, for example, had had multiple, we would envisage that they would need to all be uploaded in the case that one might be different from the other as such, but for the same document, the same test result, it is envisaged only once.
Nicholas McGOWAN: In respect to clause 4, the same 134ZH, it says that the participating health service must give the health information and unique identification numbers within five days. Why the five days? How was that arrived at?
Lizzie BLANDTHORN: In order to meet the requirements of patient safety it is envisaged within five days.
Nicholas McGOWAN: Was there any other limitation considered by the department to come up with five days? Because it just strikes me that five days is a very short notification period for any organisation.
Lizzie BLANDTHORN: That was envisaged in order for the protection of patient safety.
Nicholas McGOWAN: I understand that, Minister, but given that a health service may be provided up to six months, it seems to be quite a small amount of time for a health service to actually be given to provide that information.
Lizzie BLANDTHORN: Sorry, Mr McGowan, I will ask you to repeat the question. Also, Deputy President, there are lots of different conversations happening around the chamber, and I am struggling to hear.
The DEPUTY PRESIDENT: Yes. I will ask for some quiet in the chamber. And, Mr McGowan, could you just articulate a little bit better; I struggled then too.
Nicholas McGOWAN: The question is in respect to the five days. Given that the health services can obtain with the permission of the secretary up to six months to provide the information, it just seems to me that five days is a very small amount of time, given they might be given up to six months to provide the same information.
Lizzie BLANDTHORN: My advice is that it is principally in relation to patient safety and there might be exceptions where perhaps patient safety will not be compromised by the exception. But let me see if there is any further clarity to add to that for you.
The five days was obviously envisaged in relation to individual patient safety. There will be different capabilities of systems in different health services, and the exception is to allow for those health services that may take longer to onboard onto the system on that basis and need further technical advancement support and so forth.
Georgie CROZIER: Minister, what happens if a health service does not comply with that requirement?
Lizzie BLANDTHORN: That is not envisaged. The health services are all supportive and want this, so it is not envisaged that that will be the case.
Nicholas McGOWAN: Is the minister prepared to delete new section 134ZL from the bill?
Lizzie BLANDTHORN: Let me just double-check.
No. Sorry, I was just clarifying that it was not a trick question and you were not tripping me up in relation to the amendments, but no.
Nicholas McGOWAN: It is always worth asking. In respect of new section 134ZP(2), are paragraphs (a) and (b) superfluous? Couldn’t they just add the word ‘access’ in (b) to (a)?
Lizzie BLANDTHORN: The drafting has been recommended by those who probably know better than us how to give effect to the intention that is being put forward here, and other than the proposed amendments, we are not proposing to change the bill as it stands.
Nicholas McGOWAN: In respect of new section 134ZQ, has there been any consideration given to a definition of ‘unauthorised purpose’?
Lizzie BLANDTHORN: Again, Mr McGowan, ultimately the entirety of this bill is subject to a three-year review, but the bill stands as presented, subject to, of course, amendments that I will move later in the discussion around this clause. But the bill stands as it has been proposed.
Nicholas McGOWAN: I have a question in respect of – and I raised this earlier in the chamber – amendment 2:
Clause 4, page 14, line 17, omit “1982.’.” and insert “1982.”.
What is the correct date that is supposed to appear there, or is that somehow the correct date?
Lizzie BLANDTHORN: I believe that is 1982. Let me just double-check.
It was simply a punctuation issue, Mr McGowan. The year is the correct year. It was a punctuation matter.
Nicholas McGOWAN: I am not quite sure I follow that, because they are just omitting ‘1982’ to then insert ‘1982’.
Lizzie BLANDTHORN: I believe it was a full stop in the wrong place, but let me double-check.
Yes, it was. It was the full stop. It was as I thought.
Nicholas McGOWAN: In respect of proposed new section 134ZT(2) was any consideration given to defining the word ‘consult’ in that paragraph?
Lizzie BLANDTHORN: As I have said before, there was a great deal of consideration given to the drafting of the bill. It stands as proposed, and it is obviously subject to a three-year review.
Nicholas McGOWAN: In respect of the same paragraph and the word ‘should’ in ‘should require different levels of protection under the Privacy Management Framework’, as someone who has applied the law for a very long time now, when I see the word ‘should’ there is a correlating word of three or four letters that goes with that usually because ‘should’ is very discretionary. Is there a reason why the word ‘should’ is there and not ‘must’?
Lizzie BLANDTHORN: As an industrial advocate I take your point, and I will double-check the answer. It is the conventional definition and expression.
Nicholas McGOWAN: Again, the amendment’s new subsection 2(c) talks about ‘participating health services.’ I am just wondering how this is consistent with the rest of the act.
Lizzie BLANDTHORN: As we have discussed a few times, the participating health services are as prescribed and relate to the private entities, and to the extent there is any inconsistency in the expression we will consider that, but the bill is drafted in the way that gives effect to the purpose of the bill.
Nicholas McGOWAN: In respect of the amendment’s new subsection 134ZT(3)(b), it refers to including processes and goes on to talk about safeguards, and (c) talks about facilitating patients accessing reports. Is there a definition for the process or any consideration the department might have made in respect of the processes they are outlining there?
Lizzie BLANDTHORN: I will take some advice. Sorry, Mr McGowan, could you repeat the question please?
Nicholas McGOWAN: The question was in respect of new section 134ZT(3)(b) and (c). The word ‘process’ is included – ‘ include a process to safeguard’ – in (b), and in (c), ‘include a process’. I was asking if there was any elucidation they can provide on those processes.
Lizzie BLANDTHORN: Thank you, Mr McGowan, for your patience. Some of us heard (d), some of us heard (t) and some of us heard (p). I believe we are talking about (t) – yes. It is in reference to the department’s usual processes and diligence around security of information and patient information in particular.
Nicholas McGOWAN: I do not have too many more to go. In respect of new section 134ZT(2)(a):
relevant groups and organisations that represent the interests of patients, carers or health care workers …
Is any consideration given to what those words mean together – ‘relevant groups and organisations’?
Lizzie BLANDTHORN: I am advised that will be based on an appropriate cross-section of interest groups within the community.
Nicholas McGOWAN: Do you know who determines who those groups are? Who is the arbiter of that? Who decides?
Lizzie BLANDTHORN: I am advised that there would be a broad-based consultation process to ensure that all views are captured.
Nicholas McGOWAN: Just finally, in respect to the expert panel, are those positions remunerated, and do they have a tenure that they would be likely appointed for?
Lizzie BLANDTHORN: How long their terms will be, Mr McGowan, will be determined through the privacy management framework, and remuneration will again be part of that process but will depend on their other roles and other considerations.
I move:
1. Clause 4, page 4, after line 26 insert –
“Privacy Management Framework means the Privacy Management Framework established under section 134ZT;”.
As I have already said a number of times, this bill itself goes to saving lives and ensuring that Victorian patients get the best possible care by establishing secure digital health information sharing across the public health system. The information in the system will be protected by robust safeguards, and a privacy management framework will be implemented to restrict access to sensitive information and to provide additional protections for vulnerable groups, as we have discussed here a number of times during the course of today, in particular, for example, in circumstances such as family violence and mental and sexual health conditions.
The establishment of the system will be oversighted by a health information sharing management committee, as we have been discussing, and the committee will have a wide range of expertise, including medical experts and patient advocates. It will also oversee the development of the privacy management framework to make sure that robust policies and safeguards are in place to protect health information and safeguard patient privacy and confidentiality and to reinforce the government’s commitment to transparency, accountability and oversight of the new health information sharing system. I thank crossbench colleagues for working with us to clarify these issues and for the questions that they have asked today in order to clarify these issues.
The first amendment reinforces the government’s commitment to a robust and transparent privacy management framework that will protect the health information of Victorian patients. It ensures that the privacy management framework will undergo rigorous consultation with the people that this system will help the most, including patients, carers and health workers. It reflects the government’s commitment to the privacy management framework being a publicly available document that will detail the many protections for patients’ health information.
The second amendment will ensure that, once established, the system is working as it is intended, and to this end the government provide for an independent review to be conducted on the operation of the system and the privacy management framework. The review panel will be fully independent with relevant experience in one or more of the fields of human rights law, privacy, clinical care, and consumer and patient advocacy. The review will be wide reaching and will examine how information in the system is being protected, any issues of misuse of information, the scope and operation of the system and the experience of health services using it, among others. This review will be tabled in Parliament, and any recommendations made by the review will be carefully considered. I am pleased to move this amendment.
Georgie CROZIER: The opposition will not be opposing these amendments, but I make the point they fall way short of what is required in relation to the concerns of so many stakeholders and so many Victorians around an inability to have an opt-out provision, which obviously my amendments will go to. I further note that these amendments that have come in today are really just to placate the Greens and to get their support to get this bill over the line. I think that those watching this debate will understand the lengths the government has had to go to in relation to that, noting that these amendments have come in today but were widely in the media yesterday, and I think that is very poor form.
David LIMBRICK: The Liberal Democrats also will not be opposing these amendments. As we discovered in committee, most of the things in these amendments the government was planning on doing anyway, so I do not really see that they do a lot extra, but they certainly do not hurt anything either. I agree with Ms Crozier: it does just seem like a way to placate the Greens. But that said, I will not be opposing these amendments.
The DEPUTY PRESIDENT: The question is that the minister’s amendment 1 on her sheet LB05C, which tests her amendments 2 and 3 on the same sheet, be agreed to.
Amendment agreed to.
Georgie CROZIER: I move:
1. Clause 4, page 5, after line 17 insert –
“(3) In establishing and maintaining the Electronic Patient Health Information Sharing System, the Secretary must ensure that there is a mechanism to allow a person to opt-out of the Electronic Patient Health Information Sharing System in accordance with section 134ZLA.”.
2. Clause 4, page 5, line 20, before “The” insert “(1)”.
3. Clause 4, page 5, after line 24 insert –
“(2) The Electronic Patient Health Information Sharing System must not contain any health information about a person who has opted-out of the Electronic Patient Health Information Sharing System in accordance with section 134ZLA.”.
As I have stated previously, the Liberals and Nationals are strongly of the view that there needs to be an opt-out mechanism. That is what these amendments would do. As so many stakeholders have said, the government’s amendments do not go any way towards doing that. My amendments would enable the secretary to have a mechanism to allow a person to opt out of the electronic patient health information sharing system in accordance with section 134ZLA. So that is the amendment that would be included in the bill. It is a necessary aspect if we are truly to have patient autonomy: to allow people to ensure that the information they want shared will be shared, but equally to give those people who feel that they do not want to have that government control the ability to opt out. This amendment will allow that to occur.
It is a very important part of, as I said, a patient having that ability to have that choice, to have that patient autonomy, and whilst we have had the debate around security and the government has allowed tinkering at the edges around some of the issues that were concerning various members of the crossbench, it really does go to the heart of what we require, and that is for Victorians to have greater choice over their patient information and how it is going to be shared. We have that at a national level through the My Health Record. We have heard through the debate today that this legislation will be under review. The government has said it will be in place within 12 months. There are a lot of issues surrounding the ability of the government to do that, and I think that is very concerning as well. So with those few words, I would urge the house to support this amendment. It is an important amendment to provide Victorians with a choice whether their patient information is shared with their consent or whether it is not. I think that is the critical thing.
The DEPUTY PRESIDENT: I also should have explained as we started this that we have two very similar sets of amendments. The first one is from Ms Crozier, which allows for an opt-out mechanism for people to opt out of the scheme. If that passes, we will not deal with Mr Limbrick’s amendments. If that one fails, we will deal with Mr Limbrick’s set of amendments, which is an opt-in mechanism to the scheme.
David LIMBRICK: This opt-out mechanism is something that many, many stakeholders have been calling for. In my view it does not quite go far enough, because it does not address the issue around patient consent. But I do agree with Ms Crozier that it does allow for patient autonomy, allows them to opt out of this system. If they feel that they are a vulnerable person or for whatever reason, they can opt out of this. I think that the government’s proposed method of doing this by reviewing whether someone is a highly sensitive person is not sufficient. Therefore this is far better than what the government is proposing, and I will strongly support it.
Sarah MANSFIELD: While the Greens will not be supporting a blanket opt-out provision as has been proposed, we do understand concerns about privacy, autonomy and data integrity related to this bill. As we have previously said, we spent considerable time consulting with various stakeholder groups. We have worked constructively with the government to see how the bill can better address their concerns, and I thank the government for putting forward the amendments that have now been included in this legislation. I believe they really do strengthen it from a privacy perspective.
We believe that people’s private health information needs to remain just that: private. We need those strong privacy protections, and consumers also must be a part of determining what this looks like. This is particularly the case for people with sensitive or stigmatised conditions and for survivors of family violence. I would like to note that opt out does not automatically protect the privacy and identity of people who have highly sensitive or stigmatised conditions or people at risk of harm. Opt out is a blunt tool. It relies on people to be fully informed, engaged and in a position to advocate for themselves, which is not the case for many in our society. We must ensure that privacy is built into the system for everyone at the outset. That is why we have worked with the government to secure a legislated privacy management framework with a number of things that it must consider outlined in the legislation so that we and the public can have confidence that patient privacy will be central in the development of the platform, not just relying on some individuals to decide to opt out.
Amongst other things, it must create a process to safeguard health information that is highly sensitive and to protect the identity of patients who may be at risk of harm, and that includes survivors of family violence. As has been talked about, health services already have systems in place to manage this, and the privacy management framework will build on those systems. I am really proud that we have managed to work constructively with the government to build those privacy protections into the legislation, so while we will not be supporting the blanket opt-out provisions as have been proposed, the Greens do strongly support protections to privacy and people’s ability to access their own information. We believe that the consumer voice needs to be a fundamental part of shaping these privacy protections, and that is reflected in the amendments that we have worked with the government to secure.
Lizzie BLANDTHORN: Can I thank Dr Mansfield for those remarks and particularly her point that an opt-out provision does not automatically equal privacy and that we do need to build in a framework that provides that level of protection and privacy for everyone. I would also just like to further add that under the existing law public hospitals can and do share health information required in connection with the further treatment of a patient without getting their consent first, and this bill adopts a similar approach by allowing health information to be shared for the continued care and treatment of patients. The proposed secure health information system will not change the ability of health services to share information, but it will, as I said earlier, improve the way in which information can be accessed and the security around sharing arrangements. This approach is consistent with health information sharing arrangements in other jurisdictions.
The DEPUTY PRESIDENT: We are now considering Ms Crozier’s amendments 1 to 3 on her sheet GC367C, which test her amendments 4 to 6.
Council divided on amendments:
Ayes (18): Matthew Bach, Melina Bath, Jeff Bourman, Gaelle Broad, Georgie Crozier, David Davis, Renee Heath, Ann-Marie Hermans, David Limbrick, Wendy Lovell, Trung Luu, Bev McArthur, Joe McCracken, Nicholas McGowan, Evan Mulholland, Georgie Purcell, Adem Somyurek, Rikkie-Lee Tyrrell
Noes (20): Ryan Batchelor, John Berger, Lizzie Blandthorn, Katherine Copsey, Enver Erdogan, Jacinta Ermacora, David Ettershank, Michael Galea, Shaun Leane, Sarah Mansfield, Tom McIntosh, Rachel Payne, Aiv Puglielli, Samantha Ratnam, Harriet Shing, Ingrid Stitt, Jaclyn Symes, Lee Tarlamis, Sonja Terpstra, Sheena Watt
Amendments negatived.
The DEPUTY PRESIDENT: I ask Mr Limbrick to move his amendment 1 on sheet DL44C, which tests his amendments 2 and 3 on that sheet.
David LIMBRICK: I move:
1. Clause 4, page 5, after line 17 insert –
“(3) In establishing the Electronic Patient Health Information Sharing System, the Secretary must ensure that –
(a) there is a mechanism to allow a person to consent to be included in the Electronic Patient Health Information Sharing System in accordance with section 134ZL; and
(b) specified patient health information about a person is only collected, used and disclosed under this Part in accordance with that person’s consent.”.
It was interesting that there were some comments by Dr Mansfield and the minister before. They both made the point that an opt-out system does not automatically cater for patient consent, because they have to be engaged and know how to opt out. That is exactly what my amendment addresses. Consent has to be obtained before using the system. I believe that this brings it in line with the Australian Charter of Healthcare Rights.
Sarah MANSFIELD: What we have here is effectively an opt-in mechanism. While we understand the sentiments behind this, we will not be supporting this amendment. There are practical concerns that have ethical implications for this amendment. Consent must be informed, and to be meaningfully informed involves additional, potentially confusing conversations at every point in clinical care. There is a very real risk that these conversations would be avoided in order to simplify and speed up interactions or that people would just opt in or out to hurry along a conversation. We would all be familiar with this from when we have read a lengthy privacy policy, for example. Again, only the most engaged will be able to make a truly informed decision, while many who are busy just coping with whatever health issue is going on for them, or who perhaps face other communication barriers, may not, and this is not true consent. We know that work done with consumer groups regarding the sharing of health information shows that, while they initially support the idea of opt-in, when presented with what it looks like in real life their support diminishes due to the disproportionally high burden it places on them with the extra contacts and conversations. As I said previously, privacy needs to be built into this bill from the get-go so that everyone is protected from the start and they are not relying on a blunt tool – opt in or opt out – to protect their privacy and protect their sensitive information.
Georgie CROZIER: Whilst I have got some concerns about the government’s approach to this bill and would have preferred an opt-out, as we have just voted on, the Liberal–Nationals will be supporting Mr Limbrick’s amendment. We think that it goes some way to providing patient autonomy. At the moment with what the government is proposing it does not allow that to the extent that it should, so we will be supporting Mr Limbrick’s amendment.
Lizzie BLANDTHORN: Without repeating my comments earlier in relation to the opt-out amendment, I would just say in relation to the opt-in amendment, if we go back to the first principles of this bill – as we have discussed a number of times today in terms of the importance of information sharing to be able to provide the best possible care for the patient in terms of being able to access information about the treatment they have previously received insofar as it relates to treatment they present for – that for that to be clinically useful it is important that that is a system across the board, not an opt-in system.
Council divided on amendment:
Ayes (16): Matthew Bach, Melina Bath, Jeff Bourman, Gaelle Broad, Georgie Crozier, David Davis, Renee Heath, Ann-Marie Hermans, David Limbrick, Wendy Lovell, Trung Luu, Bev McArthur, Joe McCracken, Nicholas McGowan, Evan Mulholland, Rikkie-Lee Tyrrell
Noes (21): Ryan Batchelor, John Berger, Lizzie Blandthorn, Katherine Copsey, Enver Erdogan, Jacinta Ermacora, David Ettershank, Michael Galea, Shaun Leane, Sarah Mansfield, Tom McIntosh, Rachel Payne, Aiv Puglielli, Georgie Purcell, Samantha Ratnam, Harriet Shing, Ingrid Stitt, Jaclyn Symes, Lee Tarlamis, Sonja Terpstra, Sheena Watt
Amendment negatived.
The DEPUTY PRESIDENT: Mr Limbrick, I invite you to move your amendment 1 on your sheet DL45C, which tests amendment 2.
David LIMBRICK: I would like to indicate to the house that I will be withdrawing this amendment as it conflicts with the government house amendment that we received a few hours ago. I had no way of knowing that in advance, but as it conflicts I will be withdrawing it and will not be putting it forward.
Georgie CROZIER: I move:
1. Clause 4, page 13, line 26, omit “141.” and insert “141.’.”.
2. Clause 4, page 14, lines 1 to 17, omit all words and expressions on those lines.
This goes to the ability for a Victorian to FOI the Department of Health to understand actually who has looked at their patient health information. It is a very simple amendment. It is absolutely critical that we have an ability to understand who has accessed patient information. I think that this amendment is a very simple one around that FOI process so that it gives Victorians the right and the opportunity to understand exactly who has accessed their health information. If we are talking about trust, if we are talking about wanting Victorians to have some say in their ability to understand what the department or the government is doing, surely they should have a right to be able to FOI the Department of Health. It is a very simple amendment and would improve this bill out of sight, and I urge all members to support my amendment.
David LIMBRICK: I will also be supporting this amendment. As was indicated in the Scrutiny of Acts and Regulations Committee Alert Digest and as I alluded to earlier in my second-reading speech, there is another example of very sensitive information that is available via FOI, which is the firearms registry. It is I think the government’s explanation that the healthcare provider will be the primary source where you will get the information, but I do foresee situations where that information will go out of sync and there may be other technical information in the information-sharing system, which would mean that they are different, and therefore both should be able to be accessed via FOI.
Sarah MANSFIELD: While, once again, I think we understand the underlying intent of this, and it was something we spent quite a lot of time interrogating to understand better, we do believe that there may be unintended consequences from removing the FOI exemption. We understand the provision was included to prevent departmental bureaucrats or anyone other than those involved in clinical care from accessing records. It actually serves to protect people’s information. If the exemption is removed, in order to action FOI requests department bureaucrats will have to access people’s health information, and it is not in the best interests of people’s privacy. People will be able to obtain, we have been assured and we now have in legislation, an audit trail of who has accessed their information from the central information-sharing platform. They will be able to get a copy of that information via a health service, and we are satisfied that that satisfies the intention of those who have called for a removal of this FOI exemption.
Lizzie BLANDTHORN: Thank you for the contributions we have had thus far. To follow on from Dr Mansfield’s eloquent points, patients currently have the right to access their full medical records from their health service provider under FOI and under privacy legislation, and this bill does not disrupt that. Importantly, the information within the system is not complete medical records but a subset of the information held by the service providers. Making information held in the system accessible under the FOI act would mean that the Department of Health, as Dr Mansfield put it, would be responsible for accessing, assessing and responding to requests from patients, which would not be appropriate. The best source of a patient’s health information is the health services that have provided care and who hold the complete medical history.
David DAVIS: I just want to make a comment here. I think the amendment moved by Ms Crozier is entirely appropriate. Essentially what the minister has just told us is that health officials are able to access this information but the patient is not able to access their own information through this route. The minister has tried to argue that the information can be got through the health service, but the health service may not be aware in all cases of who has accessed the central repository. So that is the point, and Ms Crozier’s amendment is entirely appropriate. The idea that you would actually have health officials in the department able to have access and not be able to be tracked, and patients unable to even oversight that, is not right.
Lizzie BLANDTHORN: It is unfortunate that Mr Davis has not been in the chamber across the course of the discussion today, because I think the issues that he seeks to make a point about would have been adequately clarified for him. But what we are saying is that patients do and should and will continue to, through the existing FOI and privacy legislation, have access to their own records. As we clarified earlier in the debate, we do not believe that the provisions stop FOI insofar as they relate to department officials, and there will be a rigorous auditing process that also includes fines as a deterrent to inappropriately accessing the system. It would have been good, Mr Davis, if these were issues of concern to you, that you had been here for the conversation earlier, but what you have put is not actually the case.
Council divided on amendments:
Ayes (16): Matthew Bach, Melina Bath, Jeff Bourman, Gaelle Broad, Georgie Crozier, David Davis, Renee Heath, Ann-Marie Hermans, David Limbrick, Wendy Lovell, Trung Luu, Bev McArthur, Joe McCracken, Nicholas McGowan, Evan Mulholland, Rikkie-Lee Tyrrell
Noes (21): Ryan Batchelor, John Berger, Lizzie Blandthorn, Katherine Copsey, Enver Erdogan, Jacinta Ermacora, David Ettershank, Michael Galea, Shaun Leane, Sarah Mansfield, Tom McIntosh, Rachel Payne, Aiv Puglielli, Georgie Purcell, Samantha Ratnam, Harriet Shing, Ingrid Stitt, Jaclyn Symes, Lee Tarlamis, Sonja Terpstra, Sheena Watt
Amendments negatived.
Lizzie BLANDTHORN: Again, I am very pleased to move the amendments in my name. I will not go over the ground that we have already discussed other than insofar as to go back, as I have said a number of times today, to the original purposes of this bill, which are obviously ensuring that we have the best possible systems to deliver the best possible care to those who need it and that in so doing we have an information-sharing system that operates as effectively as it can at the same time as protecting the privacy and security of the information relating to individual patients. In doing that, we are very pleased to have worked with the crossbench in relation to these amendments, which give effect to those objectives of ensuring we deliver the best possible care with a privacy and a process management framework around that as well as ensuring that we have an opportunity to in three years review the legislation. So I am very pleased to move these amendments. I move:
2. Clause 4, page 14, line 17, omit “1982.’.” and insert “1982.”.
3. Clause 4, page 14, after line 17 insert –
“Division 6 – Privacy Management Framework
134ZT Minister must establish Privacy Management Framework
(1) The Minister, by order published in the Government Gazette, must establish a Privacy Management Framework for the Electronic Patient Health Information Sharing System as soon as practicable after the day on which this Part comes into operation.
(2) In establishing the Privacy Management Framework, the Minister must consult with the following persons and bodies in relation to whether certain health information or classes of health information should require additional levels of protection under the Privacy Management Framework –
(a) relevant groups and organisations that represent the interests of patients, carers or health care workers;
(b) any relevant public sector body within the meaning of the Public Administration Act 2004;
(c) participating health services.
(3) The Privacy Management Framework must –
(a) specify categories of health information that are sensitive in nature and include a process to safeguard that information; and
(b) include a process to safeguard the identity of patients who may be at risk of harm, including patients who identify as being at risk of family violence; and
(c) include a process to facilitate patients accessing reports that specify who has accessed their health information through the Electronic Patient Health Information Sharing System; and
(d) include a process for regular audits and compliance checks of the Electronic Patient Health Information Sharing System.
(4) The Privacy Management Framework takes effect on –
(a) the day on which it is published in the Government Gazette; or
(b) a later day as specified in the order.
Note
Section 41A of the Interpretation of Legislation Act 1984 provides that the power to make an instrument includes the power to repeal, revoke, rescind, amend, alter or vary the instrument in the exercise of that power.
134ZU Compliance with Privacy Management Framework
Any person who is authorised or permitted under this Part to access the Electronic Patient Health Information Sharing System must comply with the Privacy Management Framework to the extent reasonably practicable.
Division 7 – Independent review of this Part
134ZV Independent review by expert panel
(1) The Minister must cause an independent review of the operation of this Part, including the Privacy Management Framework, to be conducted by an expert panel after the second anniversary of the day on which this Part comes into operation.
(2) The independent review must examine and make recommendations in relation to the following –
(a) whether health information is sufficiently protected;
(b) which health services should be participating health services for the purposes of this Part;
(c) the misuse of specified patient health information;
(d) the costs of compliance and the administrative burden imposed on participating health services by this Part;
(e) whether the Electronic Patient Health Information Sharing System is operating as intended.
(3) The independent review may examine and make recommendations in relation to the following –
(a) current issues and trends relating to health information systems;
(b) data management;
(c) information technology security;
(d) patient privacy;
(e) any other relevant matter.
(4) The independent review must be completed no later than the third anniversary of the day on which this Part comes into operation.
(5) The Minister must cause a copy of a report of the independent review to be laid before each House of Parliament no later than 3 sitting days after the day on which the final report of the independent review is given to the Minister.
(6) The Minister must consider any recommendations made by the independent review, including any recommendations to amend this Act, and within 18 months of receiving the final report –
(a) implement the recommendations made by the independent review; or
(b) advise Parliament why the recommendations have not been implemented.
134ZW Appointment of expert panel
(1) For the purposes of section 134ZV, the Minister must appoint 3 persons to form the expert panel.
(2) The Minister must ensure that each person appointed to the expert panel has experience in one or more of the following –
(a) human rights and privacy matters;
(b) legal and regulatory compliance;
(c) health information systems;
(d) clinical care;
(e) health care quality and patient safety;
(f) consumer or patient advocacy.
(3) The Minister must not appoint a person to the expert panel if the person is –
(a) a current employee or executive officer of a registered political party within the meaning of the Electoral Act 2002; or
(b) a current or former member of Parliament.’.”.
Amendments agreed to; amended clause agreed to; clauses 5 and 6 agreed to.
Reported to house with amendments.
That the report be now adopted.
Motion agreed to.
Report adopted.
Third reading
That the bill be now read a third time.
The PRESIDENT: The question is:
That the bill be now read a third time and do pass.
Council divided on question:
Ayes (21): Ryan Batchelor, John Berger, Lizzie Blandthorn, Katherine Copsey, Enver Erdogan, Jacinta Ermacora, David Ettershank, Michael Galea, Shaun Leane, Sarah Mansfield, Tom McIntosh, Rachel Payne, Aiv Puglielli, Georgie Purcell, Samantha Ratnam, Harriet Shing, Ingrid Stitt, Jaclyn Symes, Lee Tarlamis, Sonja Terpstra, Sheena Watt
Noes (16): Matthew Bach, Melina Bath, Jeff Bourman, Gaelle Broad, Georgie Crozier, David Davis, Renee Heath, Ann-Marie Hermans, David Limbrick, Wendy Lovell, Trung Luu, Bev McArthur, Joe McCracken, Nicholas McGowan, Evan Mulholland, Rikkie-Lee Tyrrell
Question agreed to.
Read third time.
The PRESIDENT: Pursuant to standing order 14.28, the bill will be returned to the Assembly with a message informing them that the Council have agreed to the bill with amendment.