Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Disclaimer: The Parliamentary Library does not warrant or accept liability for the accuracy or usefulness of the transcripts. These are copied directly from the broadcaster's website.
Medicare staff using medical records to spy -

View in ParlViewView other Segments

MARK COLVIN: Meanwhile just as the Government is working to bring in a national identity scheme for
patients, around 400 cases have emerged of unauthorised snooping on people's private records over
the last four years. Documents provided to the privacy commissioner show that as the number of
incidents in which Medicare staff broke the privacy rules.

Medicare says it's implemented privacy controls and that the number of cases of snooping has been
getting smaller but it's brought renewed fears from privacy advocates that healthcare staff can't
be trusted.

Carly Laird reports.

CARLY LAIRD: Patient confidentiality is an absolute in the doctors' creed. You're supposed to be
able to tell your GP or specialist what's wrong with you without the fear that he or she will leak
it to someone else. That's the rule that's been broken on average a hundred times a year inside the
national database at Medicare.

We know that some of the problem was caused by Medicare staff snooping on famous people's medical
records. But we don't know who or how far that information was allowed to spread. In fact Medicare
has given very few details of how it happened and no-one from Medicare was available to speak to PM
this afternoon.

The privacy commissioner Karen Curtis insists that Medicare isn't ignoring the issue.

KAREN CURTIS: Any privacy breach is a concern but actually the fact that Medicare is actually
monitoring and investigating these potential breaches of personal information and they've got
systems in place, that's actually good news.

CARLY LAIRD: Medicare says staff who have been caught snooping in the last four years have been
disciplined. But again it won't give details. This may be of little comfort to people whose privacy
has already been breached.

Juanita Fernando is the chair of the health sub-committee at the Australian Privacy Foundation.

JUANITA FERNANDO: Basically wherever there is a whole range of information collected together
regardless of people's, regardless of their ethics or how good they are they're going to look at
it. And they do it basically out of curiosity.

For instance I know anecdotally of ambulance officers during non-emergency transfers of patients
who sit because they've got nothing else to do and they just read patients' files while they're
sitting and waiting.

And we already know that although Medicare staff are highly trusted by Australian consumers and
patients that Medicare workers are still human and that's why the breaches occurred.

CARLY LAIRD: She's concerned that the privacy breaches at Medicare are a sign of things to come.

The Government has introduced bills for what it calls an "individual health identifier" to
Parliament. They'll go to a Senate inquiry next week. The ID number is used to collate all patient
records in one place so that health providers can gain access to relevant information at the one
time. It's the first stage of the Council of Australian Governments' national electronic health
plan.

Juanita Fernando from the Privacy Foundation again:

JUANITA FERNANDO: It's of real concern to me and to many people who contact the Australian Privacy
Foundation. They're very concerned about it because if I'm a miscreant of some sort I can just use
a single number and access people's records from whatever health service I decide to go into.

CARLY LAIRD: So how do you stop that from happening?

JUANITA FERNANDO: You put in security controls for the known ways that people breach health
information. And you don't develop honey pots. You don't develop huge amassed files with people's
information so that if security is breached then security is breached in one or two instances not
for the entire population of Australia.

CARLY LAIRD: Dr Mukesh Haikerwal is the former head of the AMA and the current head of the clinical
unit at the National E-Health Transition Authority. He says the new system will provide even more
security for patients than currently exists.

MUKESH HAIKERWAL: The way in which the system will be rolled out is far more secure with these new
arrangements than they are with a paper record. With a paper record today you can potentially
wander into a medical records department, anybody can wander in and have a look at somebody's notes
without anybody knowing what's going on.

With the new arrangements the number is only a number and pertains to no medical information. So
the number being generated by Medicare actually has no medical information attached to it. In order
to get access to medical information the person has to be an authorised healthcare provider.

CARLY LAIRD: Juanita Fernando again:

JUANITA FERNANDO: Nobody can say whether it's going to be a more secure system than exists now
because nobody is actually really looking at the facts.

For instance notes about the Medicare data breach are tucked away on the Australian Privacy
Commission's website. We essentially don't know what's going to happen. It's like taking a great
big jump off into the unknown and being comfortable that the Government is going to be trustworthy
and capable enough to take care of us all.

CARLY LAIRD: If the legislation is passed it could be just a matter of months before the ID numbers
are used by healthcare professionals.

MARK COLVIN: Carly Laird.