28.1 The Terms of Reference require the Inquiry to report on whether, and to what extent, a regulatory framework is needed to protect the privacy of human genetic samples and information in a number of contexts, including insurance. Chapters 7 and 8 examine the legal framework for the protection of genetic privacy generally and make a number of recommendations intended to promote greater harmony across Australian jurisdictions and to ensure that privacy laws apply to both genetic samples and information. This chapter considers whether those privacy laws provide sufficient protection for genetic information in the context of insurance.

28.2 Chapters 25, 26 and 27 discuss what genetic information is collected by insurers, the way in which it is used to underwrite insurance policies, and problems that can arise from that use, including possible unlawful discrimination. That discussion focuses on the underwriting of mutually rated insurance in which health information is collected and used, such as life insurance. Privacy issues can arise, however, in relation to both mutually rated and community rated insurance. Health insurers in both the public and private sectors also collect health information. For example, the Health Insurance Commission collects health data in the course of administering Medicare payments for medical services and private health insurers collect health information in relation to pre-existing conditions.

28.3 The privacy of health information held by health insurers is protected by a number of laws. Public sector organisations that administer programs at the federal level, such as the Health Insurance Commission, are bound by the Information Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act), as well as by guidelines issued by the Office of the Federal Privacy Commissioner (OFPC) pursuant to the National Health Act 1953 (Cth).[1] Private sector health insurers are governed by the private sector provisions of the Privacy Act. These are discussed further below.

28.4 Submissions received by the Inquiry did not raise concerns in relation to the privacy of genetic information collected in relation to health insurance. However, while the discussion in this chapter focuses on mutually rated life and general insurance, the recommendations made in this chapter are intended to apply to private sector insurers generally.

28.5 Submissions received by the Inquiry did not indicate the existence of major inadequacies in the regulatory framework for protecting the privacy of genetic information in insurance. The OFPC has received a number of complaints in relation to the information handling practices of private sector insurers but is generally of the view, as noted in DP 66, that there is a developed awareness of privacy principles and appropriate personal information handling practices across the insurance industry in Australia.[2] It appears that both the Insurance Council of Australia (ICA) and the Investment and Financial Services Association (IFSA) have been active in promoting these principles to their members and in contributing to the development of sound practices in the insurance industry.

[1] Office of the Federal Privacy Commissioner, Submission G143, 22 March 2002.

[2] Office of the Federal Privacy Commissioner, Submission G294, 6 January 2003.