Is there any need for further regulation?

22.19 The Inquiry asked whether, in the specific context of genetic registers, federal, state and territory privacy laws provide an adequate framework for protecting the privacy of genetic samples and information.[24]

22.20 One submission raised concerns about the privacy of information contained on a Huntington’s disease genetic register.[25] The submission stated that identifying information had been transferred in the 1980s from a research institute to a Brisbane hospital, without the knowledge or consent of the individuals to whom the information related.

22.21 The Privacy Act would generally require consent to be obtained prior to such a transfer of health information.[26] However, if the organisations involved are state authorities,[27] the Privacy Act may not apply to the collection or disclosure of the information being transferred[28]—emphasising the need for harmonisation of federal, state and territory privacy laws (see Chapter 7).

22.22 The Inquiry has not been made aware of any other specific concerns about the privacy of genetic samples and information held on genetic registers. The HGSA observed that, in fact, there are very few genetic registers in Australia at the present time and that ‘participation in such registers is with consent’. The HGSA considered that

professional ethics/codes of conduct and mechanisms for censure of health professionals, the Privacy Acts and associated penalties for breach, State privacy laws/regulations, guidelines from the NHMRC and other bodies, the risk management practices of hospitals and the common law appear to provide adequate protection for genetic information collected in the context of genetic registers.[29]

22.23 A similar view was expressed by the Centre for Law and Genetics, which stated that it was not aware of any specific breaches of privacy in dealings with established genetic registers governed by the NHMRC Guidelines for Genetic Registers. The Centre considered that genetic registers and their operation should remain under the regulation of codes of ethical practice.[30]

22.24 However, submissions have focused on a number of practical problems concerning the way in which the Privacy Act and other privacy legislation may overly constrain the operation of genetic registers and the conduct of genetic counselling. These concerns are discussed below in relation to the collection, de-identification, use and disclosure of information on genetic registers.

[24] Australian Law Reform Commission and Australian Health Ethics Committee, Protection of Human Genetic Information, IP 26 (2001), ALRC, Sydney, Question 9–2.

[25]Confidential Submission G126CON, 12 March 2002.

[26] Or, at least, prior to the collection of the information by the new organisation: see Office of the Federal Privacy Commissioner, Guidelines on Privacy in the Private Health Sector (2001), OFPC, Sydney, 47–48.

[27] In terms of the Privacy Act 1988 (Cth) s 6C(3).

[28] Depending on where registers are established and maintained, state or territory privacy legislation may apply.

[29] Human Genetics Society of Australasia, Submission G050, 14 January 2002.

[30] Centre for Law and Genetics, Submission G048, 14 January 2002.