Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Health & privacy: issues for private hospitals.



Download PDFDownload PDF

Paul Armstr

ong

Director,

Policy

Office of t

h e Fed

e ral

Privacy

Commis

s io ner

Health & Priv

ac y -

Issues for Private Hosp

itals

APHA 21

st Na

ti on

a l Congr

e ss

Sydney, 23 October

2001

Privacy and the Community 47% give

incomplete

personal infor

m ation

when co

mp

let ing for

m s

41%

do not agree with

referral of their health infor

m at

ion between

clinicians without their consent

Community v

iews on priv

acy and health

informat

ion

• Flinders

Univ

ersity Study

shows almost 1 in 10

(9.6%) South Australia

ns are not

confi

d ent

t

h at

healthcare providers k

eep and use information

responsibly • California Health

Care Foundatio

n - 1

i

n

6

Californians have taken special steps (sometimes even to the

exte

nt of risking th

eir health) to ensure their

privacy

Privacy & Business

Upside -

m aking the most of opportunities

Build trust & keep customers

What is

priv

acy?

“The right to

life has come

to mean the r

ight to enjoy life -

the right to be

let alone.”

Lo uise

Brande

is &

S a mue

l W a

rr e n

4 Harvard Law

Revi

ew 1

9 3 (1

89 0)

“Privacy issu

es ar

e often reduced to th

e issu

e of h

a rm

, as if in the b

e lief

that a) p

e ople only care about privacy if and to the

e x tent they

could be

adver

s ely effected; an

d b) conversely, if there is n

o h

a rm

, there is

no

privacy issue

…. The

point is that the inf

o rmation is p

rivate. Period.”

P e rs

on a

l C o

m m

u n ic

a ti on

Mem

b er of

th e

C

a n a

dia n

M e

dica

l As

s o cia

tion

, A u

g u s t

20 01

“It’s

n on

e of their busin

e ss”

-

e asily the most com

m on reason given why

people did not want to provide person

al information.

Privac

y

& th

e Co

m m

unity

OF PC

, J u

ly 200

1

International Developments in Privacy

• A

rticle 12: Universal Decl

aration

of H

u man Rights

-

1948

• A

rticle 17:

Internati

o nal

Covena

nt on Civil and P

o litical Rights

-1980 • O

E C D

Guidelines on the Pr

o te c tion

of Privac

y and

Transborder Data Fl

ows

of P

e rsonal Data -

1980

• E

uropean U

n ion Directive

on pr

ot ect

ion

of individuals with

regard t

o pr

ocessing

of data and

on th

e fr

ee m

o v e

m e nt

of

data -

1995

Priv

acy Amen

d m

ent (

P riv

a t e

Sector)

Act 2000 • L egislate

d privacy protection for health

information -

A ll priv

at e sector health se

rv ice provid

ers

• H igh-level principles + decision maker discretion -

T echnology-neutral

21 December 2001

What information is protected?

Personal Information

Sensitive Information Health Information

What is

Personal Information

?

“…information or an opinion…about an individual whose identity is app

a rent, or can

reasonably be ascertained, from the information or opinion”

Priv

acy Act 1988

What is

Personal Information

?

Marital status

Income

Name

Medical information

Taxation info

Address

Email add

ress

Credit card info

Health Informat

ion is …

Personal information,

or an

opinion, about

:

• a

n individual’s health

or disability (past, pres

ent

or future)

• a

n individual’s expres

s e d

wish

e s ab

out fu

ture h

e alth ser

v ices

• h

ealth

services provided, or

to b

e pr

ovided, t

o an

individual,

or

• a

ny other pers

onal informatio

n

collected w

h ile providing a

health ser

v ice

• a

ny other pers

onal informatio

n

collected in connection with

the d

o nati

on or int

e nd

ed dona

tion

of bod

y part

s

or

substances

Australia’s privacy framework

for the private sector

Default legislat

ion based on

the

NPPs

Sector

al

co des

Code Complaint Body

Sector

al

co des

Code Complaint Body

Privacy

Commissioner handling complai

n t s

Sector

al

co des

OR

National Privacy Principles

NPP 1 -

C ollection

NPP 2 -

U se & Disclosur

e

NPP 3 -

D at

a Quality

NPP 4 -

D at

a Sec

u ri ty

N PP 5 -

O pen

n es

s

NPP 6 -

A ccess & Correction

N PP 7 -

I denti

f iers

N PP 8 -

A non

y mity

NPP 9 -

T r a

ns border D

a ta Flows

NPP 10 -

S ensi

tive

Information

Priv

acy and Health C

a re

“Good privacy enhances good clinical care” Three important aspect

s of

privacy: 1. Consumer control 2. Confid

entiality

3. Data protection

Some issues for health -

C OLLECTION

• C

ollect health information only with consent

• C

ollect only w

h at is n

e cessary for functi

on s &

activit

ie s

• T

ake reason

able st

ep s to e

n sure the con

s u m

er is

aware of:

- Identity of or

gani

sation &

contact detail

s

- T h

a t he/sh

e c

a n g

a in access to th

e information

- P urposes f

o r collection

- O

rgani

s ation

s to which the info. is

u s ually disclosed

- A ny laws req

u iring particul

ar info. to b

e collected

- M

ain con

s equ

e nces

(if any) of not providing full

information

Some issues for hea

lth -

U SE and DISCLOSURE

• P roviding clinical services

- e nsure that expectations of

organisation and consumer are shared • M

anagement, quality assu

rance and clinical audit

activities • If unsure -

s eek the consumer’s consent

• D

isclosure to ‘person respon

sible’ -

w hen consumer lacks

capacity to make own decisions and it is: - N

ecessary to pr

ovide

care or treatment

- F or com

p assionate rea

s ons

Some issues for health -

D ATA SECURITY

NPP 4 -

take reasonable st

eps to protect personal

informat

ion fr

om:

Misuse and loss

Unauthorised access

Unauthorised modifica

tion or disclosure

Levels of computer acc

e ss -

“ the n

e ed

to know”

Wh o can read p

a per files? -

w here

are they stored?

How is d

a ta

transf

erred?

Some issues for health -

A CCESS

Consumer has a gene

ral rig

h t of access

Commi

ssioner recommend

s 3 0

day limit in processing

Charges must not be

excessive

Not prohibit access

Con

s ider the individual’s ab

il ity

to pay

Con

s ider

schedules of fees

(eg . FOI

law, State/Territor

y privacy

laws)

Take reasonable ste

p s t

o co

rrect inaccurate, incomplete

and out-of-date information

Help at hand •

Guidelines to the

Nati

onal Privacy Principles

• Guidelines on Privacy in the Private Heath Sector • Code Development Guidelines

• Information Sheets • Privacy Connections Network

• Continuing focus on education

Health

Guide

lines

Guideline

s on Privacy in the Priv

ate Health Sect

or

•

R eleased 3 October

•

G uideli

nes:

-

A pplication of the NPPs in the he

alth sector

-

O utl

ine hea

lth service pr

oviders’

privacy obligations

- A

d

v i

s o

r y

•

C omplement existing ethica

l standards and codes of

practice in the health sector

What could you do? Information Sheet 2 -

2001

1. Appoint a privacy officer 2. Become familiar wit

h t

h e

NPP

s

3. Conduct a privacy audit

4. Compare practices wit

h

NPP

s

5. Consult relevant peo

p le

6. Establish com

p laints

hand

ling pr

ocess

7. Train staff

Developing a Privacy Plan

Compliance Approach • D

ispute resolution scheme

• W

orking wi

th business and

consumers • S eeking solutions

• P artnership approach

Regulation and Enforcement powers • Investigation of complaints -

A lmost always ADR - Formal d

e terminat

ion used ver

y r a

rely

• O

wn motion investigatio

n

• Injunctions • F

ederal Court

REVIEW IN TWO YEARS Privacy Commissioner

t

o advise Government on the

operation of the legisl

ation -

p ar ticularly the

exemptions -

a fter two years

The purpose of the Office of the Federal Privacy Commissioner An Australian culture that respects

privacy

www.priv www.priv

aa cy.gov.au cy.gov.au