Medicare and Pharmaceutical Benefits databases

61.36 The Australian Government databases containing personal information collected in connection with claims under the Pharmaceutical Benefits Program and the Medicare Benefits Program are examples of national electronic health records. These databases are subject to specific privacy controls over and above those set out in the Privacy Act, including binding guidelines issues by the Privacy Commissioner.

61.37 Section 135AA of the National Health Act 1953 (Cth)[34] deals specifically with the personal information held in these databases. The section requires the Privacy Commissioner to issue written guidelines covering the storage, use, disclosure and retention of the information.[35] The section applies only to information stored in computer databases—principally those held by Medicare Australia and DOHA—and was introduced to ensure the functional separation of information collected in relation to Medicare claims and information collected in relation to pharmaceutical benefits claims.[36]

61.38 This separation was intended to

accord with the individual patient’s expectation that sensitive health information given in a particular context is used and managed by the recipient in a way that is consistent and in accordance with that context. It gives a practical expression, in the context of information storage systems, to the privacy principle that information should generally only be used for the purpose for which it was collected.[37]

61.39 While the information in the two databases is kept functionally separate, it is possible to disclose the information for research purposes, either with consent from the individuals who are the subject of the information or in accordance with guidelines issued by the National Health and Medical Research Council under s 95 of the Privacy Act. The Department of Health Western Australia has noted that:

Under current legislation and guidelines, it is possible to create linkable MBS and PBS datasets that contain common encrypted identifiers with ethics clearance. The [Data Linkage Unit] has created linkage keys for these datasets and for Residential Aged Care data from the Department of Health and Ageing that enable unidentifiable data to be provided to researchers in approved projects. Research projects are strictly regulated and ‘re-identification’ and unauthorized linkages are forbidden.[38]

61.40 The Privacy Commissioner first issued the Medicare and Pharmaceutical Benefits Program Privacy Guidelines in 1993 and they have been revised on a number of occasions.[39] The most recent revision took place between 2004 and 2007 and the revised Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs will come into force on 1 July 2008.[40] The Guidelines are legally binding and any breach is an ‘interference with privacy’ that may provide the basis for a complaint to the Privacy Commissioner.[41] The Guidelines impose obligations on Australian Government agencies in addition to the Information Privacy Principles (IPPs) in the Privacy Act and the secrecy provisions in the National Health Act 1953 (Cth) and the Health Insurance Act 1973 (Cth).

61.41 The Guidelines require that claims information collected in connection with the Medicare and Pharmaceutical Benefits Programs be stored in separate databases, and specify the circumstances in which data from the two databases may be linked and retained in linked form.[42] The Guidelines impose standards that are in addition to the requirements imposed by the IPPs. In some instances, the Guidelines set a higher standard of protection for claims information than that required under the Privacy Act. The Guidelines also deal with a number of issues not covered by the IPPs. For example, the Guidelines impose specific obligations in relation to the retention and destruction of claims information. Guideline 9 makes it clear that the Guidelines prevail where they impose more restrictive obligations than the IPPs. The Guidelines, however, cannot permit something that is otherwise prohibited by the IPPs.[43]

61.42 The most recent review of the Guidelines by the Privacy Commissioner[44] was prompted by a number of factors, including: a request from DOHA; suggestions that the personal information covered by the Guidelines could be used more effectively by researchers; and suggestions that community attitudes and expectations regarding the handling of personal information, and in particular sensitive health information, may have changed since the Guidelines were issued.[45] An issues paper[46] was released and 35 submissions were received in the course of the review. A number of open forums were held in late 2004 and a Consultative Group was established to assist the Commissioner in considering the issues raised in the review.

61.43 The major issues canvassed in the course of the review were the:

  • separation of claims information collected under the Medicare and Pharmaceutical Benefits programs;

  • circumstances in which claims information from each program may be linked;

  • periods for which claims information may be retained;

  • use of claims information for medical and other research purposes;

  • handling by DOHA of claims information that does not identify individuals; and

  • application of the Guidelines to agencies other than Medicare Australia and DOHA.[47]

61.44 The Privacy Commissioner’s final report was released in August 2006 and included 25 findings.[48] Some of the findings are reflected in the revised Guidelines and others indicate the Privacy Commissioner’s approach to interpretation of the Guidelines. Significant changes to the Guidelines as a result of the review include the:

  • introduction of a new guideline prohibiting any Australian Government agency from combining information obtained from the Medicare Benefits or Pharmaceutical Benefits programs on the one database;

  • variation of the period for which linked datasets may be retained by Medicare Australia from a prescribed period (three months) to a principles-based approach whereby the datasets may be retained for as long as is reasonably necessary to fulfil the purpose for which they were created; and

  • introduction of a requirement that Medicare Australia report annually to the Privacy Commissioner on how many records from each program are linked, under what authority they are linked, how many of these linked datasets were destroyed in the period (or why they were not destroyed).[49]

61.45 In light of this recent comprehensive review, the ALRC does not consider it necessary to conduct another detailed examination of the Guidelines.

Submissions and consultations

61.46 In IP 31, the ALRC asked whether the role provided for the Privacy Commissioner under s 135AA of the National Health Act is an appropriate and effective one.[50] The OPC submitted that the role is appropriate.[51] Other stakeholders were also supportive.[52]

61.47 In contrast, the Department of Human Services stated:

There is a separate and fundamental question about whether there is still a requirement for section 135AA itself. The information in the Medicare and Pharmaceutical Benefits Scheme claims databases is subject not only to the Privacy Act but also to the secrecy provisions of the legislation administered by Medicare Australia. The appropriate application of the privacy principles and secrecy provisions to that information should provide sufficient protection, and as such there is a question about whether there continues to be a need for a separate regime for the handling of the information in those two databases.[53]

ALRC’s view

61.48 Where personal information is held in major national databases that rely on the use of ‘identifiers’ such as the Medicare number,[54] there is a role for the Privacy Commissioner to be involved actively, providing extra oversight and developing binding rules in relation to the handling of that information. In these circumstances, the privacy principles and relevant secrecy provisions may not provide sufficient guidance. Importantly, the current Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs vary the application of some of the IPPs, reflecting the special sensitivity attaching, for example, to linkage, comparison or combination of records from the two regulated databases.

61.49 In Chapter 47, the ALRC considers the role of the Privacy Commissioner more generally in issuing non-binding guidelines and binding rules and expresses the view that the power to issue guidance is an important part of regulating a principles-based regime such as the Privacy Act. The ALRC expresses the view that where guidelines issued by the Privacy Commissioner are binding they should be renamed ‘rules’ and recommends that the Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs issued under s 135AA of the National Health Act should be renamed the Privacy Rules for the Medicare Benefits and Pharmaceutical Benefits Programs.[55]

[34] Inserted into the National Health Act 1953 (Cth) by the Health Legislation (Pharmaceutical Benefits) Amendment Act 1991 (Cth). In addition, s 27(1)(pa) of the Privacy Act 1988 (Cth) provides that the issue of guidelines under the National Health Act is one of the functions of the Privacy Commissioner.

[35] Section 27(1)(pa) of the Privacy Act 1988 (Cth) provides that one of the functions of the Privacy Commissioner is to issue guidelines under s 135AA of the National Health Act 1953 (Cth).

[36] Commonwealth, Parliamentary Debates, House of Representatives, 30 May 1991, 4490 (P Staples—Minister for Aged‚ Family and Health Services).

[37] Office of the Federal Privacy Commissioner, Medicare and Pharmaceutical Benefits Programs Privacy Guidelines: Issued under Section 135AA of the National Health Act 1953 (1997), Commissioner’s Note on cl 1.1.

[38] Department of Health Western Australia, Submission PR 139, 23 January 2006. The use of health information for research is discussed in detail in Ch 58.

[39] Office of the Federal Privacy Commissioner, Medicare and Pharmaceutical Benefits Programs Privacy Guidelines: Issued under Section 135AA of the National Health Act 1953 (1997). The guidelines are disallowable instruments. They must be tabled in the Australian Parliament and are then subject to disallowance for a period of 15 sitting days.

[40] Office of the Privacy Commissioner, Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs: Issued under Section 135AA of the National Health Act 1953 (2008).

[41]Privacy Act 1988 (Cth) s 13(bb); National Health Act 1953 (Cth) s 135AB.

[42] Office of the Privacy Commissioner, Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs: Issued under Section 135AA of the National Health Act 1953 (2008).

[43] Office of the Privacy Commissioner, Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs: Explanatory Statement (2008).

[44] K Curtis (Privacy Commissioner), ‘Media Statement: 2004 Review of the Medicare and PBS Privacy Guidelines Issued under Section 135AA of the National Health Act 1953’ (Press Release, 8 November 2004).

[45] Office of the Privacy Commissioner, Report of the Privacy Commissioner’s Review of the Privacy Guidelines for the Handling of Medicare and PBS Claims Information (2006), 11.

[46] Office of the Privacy Commissioner, Review of the Medicare and Pharmaceutical Benefits Programs Privacy Guidelines: Issues Paper (2004).

[47] Office of the Privacy Commissioner, Report of the Privacy Commissioner’s Review of the Privacy Guidelines for the Handling of Medicare and PBS Claims Information (2006), 14.

[48] Ibid, 8–10.

[49] Office of the Privacy Commissioner, Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs: Explanatory Statement (2008).

[50] Australian Law Reform Commission, Review of Privacy, IP 31 (2006) Question 8–6.

[51] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[52] Australian Privacy Foundation, Submission PR 167, 2 February 2007; Office of the Health Services Commissioner (Victoria), Submission PR 153, 30 January 2007; W Caelli, Submission PR 99, 15 January 2007; A Smith, Submission PR 79, 2 January 2007.

[53] Australian Government Department of Human Services, Submission PR 136, 19 January 2007.

[54] Identifiers are discussed in detail in Ch 30.

[55] Rec 47–2.