Federal Register of Legislation - Australian Government

Primary content

A Bill for an Act to make amendments consequential on the enactment of the Personally Controlled Electronic Health Records Act 2011, and for related purposes
Administered by: Health
For authoritative information on the progress of bills and on amendments proposed to them, please see the House of Representatives Votes and Proceedings, and the Journals of the Senate as available on the Parliament House website.
Registered 25 Nov 2011
Introduced HR 23 Nov 2011
Table of contents.

2010‑2011

 

The Parliament of the

Commonwealth of Australia

 

HOUSE OF REPRESENTATIVES

 

 

 

 

Presented and read a first time

 

 

 

 

 

 

 

 

 

Personally Controlled Electronic Health Records (Consequential Amendments) Bill 2011

 

No.      , 2011

 

(Health and Ageing)

 

 

 

A Bill for an Act to make amendments consequential on the enactment of the Personally Controlled Electronic Health Records Act 2011, and for related purposes

  

  


Contents

1............ Short title............................................................................................. 1

2............ Commencement................................................................................... 1

3............ Schedule(s)......................................................................................... 2

Schedule 1—Consequential amendments                                                                3

Healthcare Identifiers Act 2010                                                                               3

Health Insurance Act 1973                                                                                      10

National Health Act 1953                                                                                        11

 


A Bill for an Act to make amendments consequential on the enactment of the Personally Controlled Electronic Health Records Act 2011, and for related purposes

The Parliament of Australia enacts:

1  Short title

                   This Act may be cited as the Personally Controlled Electronic Health Records (Consequential Amendments) Act 2011.

2  Commencement

             (1)  Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

 

Commencement information

Column 1

Column 2

Column 3

Provision(s)

Commencement

Date/Details

1.  Sections 1 to 3 and anything in this Act not elsewhere covered by this table

The day this Act receives the Royal Assent.

 

2.  Schedule 1

A day or days to be fixed by Proclamation.

However, if any of the provision(s) do not commence by the later of:

(a) 1 July 2012; and

(b) the day this Act receives the Royal Assent;

they commence on the day after the later of those days.

 

Note:          This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.

             (2)  Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.

3  Schedule(s)

                   Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.


 

Schedule 1Consequential amendments

  

Healthcare Identifiers Act 2010

1  After section 4

Insert:

4A  External Territories

                   This Act extends to every external Territory.

2  Section 5

Insert:

Australian Childhood Immunisation Register means the Australian Childhood Immunisation Register kept under section 46B of the Health Insurance Act 1973.

3  Section 5

Insert:

Medicare Benefits Program means the program for providing Medicare benefits under the Health Insurance Act 1973.

4  Section 5

Insert:

participant in the PCEHR system has the same meaning as in the Personally Controlled Electronic Health Records Act 2011.

5  Section 5

Insert:

PCEHR has the same meaning as in the Personally Controlled Electronic Health Records Act 2011.

6  Section 5

Insert:

PCEHR system has the same meaning as in the Personally Controlled Electronic Health Records Act 2011.

7  Section 5

Insert:

PCEHR System Operator means the System Operator within the meaning of the Personally Controlled Electronic Health Records Act 2011.

8  Section 5

Insert:

Pharmaceutical Benefits Program means the program for providing pharmaceutical benefits under the National Health Act 1953.

9  Section 5

Insert:

professional and business details of a healthcare provider includes the healthcare provider’s healthcare identifier.

10  Section 5

Insert:

registered portal operator has the same meaning as in the Personally Controlled Electronic Health Records Act 2011.

11  Section 5

Insert:

registered repository operator has the same meaning as in the Personally Controlled Electronic Health Records Act 2011.

12  Paragraph 10(b)

After “Division 2”, insert “or 2A”.

13  Division 1 of Part 3 (heading)

Repeal the heading, substitute:

Division 1Use and disclosure of identifying information

14  After section 11

Insert:

11A   Use and disclosure of identifying information

                   The service operator is authorised to use, and to disclose to the PCEHR System Operator, identifying information for any purpose for which the PCEHR System Operator is authorised to collect, use or disclose the identifying information under Division 2A.

15  Section 18

Omit “must”, substitute “may”.

16  After section 19

Insert:

19A  Disclosure to PCEHR System Operator

                   The service operator is authorised to disclose a healthcare identifier to the PCEHR System Operator for a purpose for which the PCEHR System Operator is authorised to collect, use or disclose the healthcare identifier under Division 2A.

19B  Disclosure to Chief Executive Medicare

                   The service operator is authorised:

                     (a)  to use a healthcare identifier, and identifying information held by the service operator, of a healthcare recipient; and

                     (b)  to disclose to the Chief Executive Medicare a healthcare identifier, and identifying information held by the service operator, of a healthcare recipient;

for a purpose for which the Chief Executive Medicare is authorised to collect, use or disclose the healthcare identifier under Division 2A.

19C  Disclosure to other Departments

                   The service operator is authorised:

                     (a)  to use a healthcare identifier, and identifying information held by the service operator, of a healthcare recipient; and

                     (b)  to disclose to the Veterans’ Affairs Department, the Defence Department or such other Department as is prescribed, a healthcare identifier, and identifying information held by the service operator, of a healthcare recipient;

for a purpose for which that Department is authorised to collect, use or disclose the healthcare identifier under Division 2A.

17  Subsection 20(1)

After “operator”, insert “or a registration authority”.

18  Subsection 20(1)

After “identifier”, insert “and identifying information”.

19  Paragraph 20(2)(b)

After “use”, insert “and disclose”.

20  At the end of subsection 20(2)

Add:

             ; and (c)  to adopt the healthcare identifier as the entity’s own identifier of the healthcare provider for the purpose of enabling the healthcare provider’s identity to be authenticated in electronic transmissions.

21  After Division 2 of Part 3

Insert:

Division 2ACollection, use and disclosure of healthcare identifiers and identifying information for purposes of the PCEHR System

22A  Collection, use and disclosure by PCEHR System Operator

             (1)  This section applies if a healthcare recipient or a healthcare provider has applied for registration or is registered under the Personally Controlled Electronic Health Records Act 2011.

             (2) The PCEHR System Operator is authorised:

                     (a)  to collect identifying information of the healthcare recipient or healthcare provider from the service operator; and

                     (b)  to collect the healthcare identifier of the healthcare recipient or healthcare provider; and

                     (c)  to use and disclose the identifying information and healthcare identifier;

for the purpose of verifying the identity of the healthcare recipient or healthcare provider and for other purposes of the PCEHR system, subject to the Personally Controlled Electronic Health Records Act 2011.

22B  Adoption by PCEHR System Operator and registered repository operator

                   The System Operator, a registered repository operator or a registration authority is authorised to adopt the healthcare identifier of a healthcare recipient or a healthcare provider as its own identifier of the recipient or the provider, so far as is reasonably necessary for the purposes of the PCEHR system.

22C  Collection, use and disclosure by registered repository operators or registered portal operators

                   A registered repository operator or a registered portal operator is authorised:

                     (a)  to collect the healthcare identifier of a healthcare recipient or healthcare provider; and

                     (b) to use the healthcare identifier; and

                     (c)  to disclose the healthcare identifier to a participant in the PCEHR system;

for the purposes of the PCEHR system, subject to the Personally Controlled Electronic Health Records Act 2011.

22D  Collection, use and disclosure by the Chief Executive Medicare and Departments

             (1)  The Chief Executive Medicare, the Veterans’ Affairs Department, the Defence Department and such other Departments as are prescribed are authorised:

                     (a)  to collect identifying information of a healthcare recipient from the service operator; and

                     (b)  to collect the healthcare identifier of a healthcare recipient; and

                     (c) to use the healthcare identifier and identifying information; and

                     (d)  to disclose the healthcare identifier and identifying information to a participant in the PCEHR system.

             (2)  The authorisation of the Chief Executive Medicare under subsection (1) is limited to collections, uses and disclosures for the purposes of including, in the healthcare recipient’s PCEHR, information about the healthcare recipient:

                     (a)  that is any of the following:

                              (i)  information that relates to the Medicare Benefits Program or the Pharmaceutical Benefits Program;

                             (ii)  information included on the Australian Childhood Immunisation Register;

                            (iii)  information included on the register administered by the Commonwealth that records the decision made by an individual about whether to become an organ and tissue donor for transplantation after death; and

                     (b)  that the healthcare recipient has consented to being included in his or her PCEHR.

             (3)  The authorisation of a Department under subsection (1) is limited to collections, uses and disclosures for the purposes of including, in the healthcare recipient’s PCEHR, information about the healthcare recipient:

                     (a)  that is information prescribed by the regulations; and

                     (b)  that the healthcare recipient has consented to being included in his or her PCEHR.

22E  Regulations may authorise collection, use and disclosure related to the PCEHR system

                   The regulations may authorise a person:

                     (a)  to collect identifying information of a healthcare recipient from the service operator; and

                     (b)  to collect the healthcare identifier of a healthcare recipient; and

                     (c)  to use the identifying information and healthcare identifier; and

                     (d)  to disclose the identifying information and healthcare identifier to a participant in the PCEHR system;

so far as the collection, use or disclosure:

                     (e)  relates to a collection, use or disclosure of health information that is authorised under the Personally Controlled Electronic Health Records Act 2011; or

                      (f)  is reasonably necessary for the performance of a function or the exercise of a power in relation to the PCEHR system.

22  After section 24

Insert:

24A  Collection, use and disclosure of healthcare identifier of healthcare provider with consent

                   The service operator or another entity may collect, use or disclose a healthcare provider’s healthcare identifier for a purpose relating to the provision of healthcare if:

                     (a)  the healthcare provider has consented to the collection, use or disclosure; and

                     (b)  the collection, use or disclosure is in accordance with any limitations to which the consent is subject.

23  After paragraph 36(b):

Add:

                   (ba)  a person (the contractor) performing services under a contract between the contractor and the first entity, if:

                              (i)  the first entity is a participant in the PCEHR system, other than a healthcare provider or a contracted service provider; and

                             (ii)  the purpose relates to the PCEHR system; or

24  Subparagraph 36(c)(i)

After “applies”, insert “or of a contractor to which paragraph (ba) applies”.

25  Subparagraph 36(c)(ii)

Omit “that paragraph”, substitute “whichever of those paragraphs applies”.

Health Insurance Act 1973

26  Subsection 3(1)

Insert:

PCEHR System Operator has the same meaning as System Operator has in the Personally Controlled Electronic Health Records Act 2011.

27  Subsection 3(1)

Insert:

registered consumer has the meaning given by the Personally Controlled Electronic Health Records Act 2011.

28  Subsection 3(1)

Insert:

registered repository operator has the meaning given by the Personally Controlled Electronic Health Records Act 2011.

29  After paragraph 46E(1)(b)

Insert:

                   (ba)  upload to a repository operated by the Chief Executive Medicare or by another registered repository operator, information about the immunisation of a particular child who is a registered consumer, if the consumer consents to that information being uploaded; and

                   (bb)  give information to the PCEHR System Operator about the immunisation of a particular child who is a registered consumer, if the consumer consents to that information being uploaded; and

30  Subsection 130(1)

After “2008”, insert “, the Personally Controlled Electronic Health Records Act 2011 (whether as a delegate or otherwise)”.

National Health Act 1953

31  Subsection 135A(1)

After “indemnity legislation”, insert “or the Personally Controlled Electronic Health Records Act 2011 (whether as a delegate or otherwise)”.

32  After subsection 135AA(5A)

Insert:

          (5B) Nothing in this section, or in the Guidelines issued by the Information Commissioner, prevents the PCEHR System Operator including information to which this section applies in the PCEHR of a consumer.

33  Subsection 135AA(11)

Insert:

PCEHR has the same meaning as in the Personally Controlled Electronic Health Records Act 2011.

34  Subsection 135AA(11)

Insert:

PCEHR System Operator has the same meaning as System Operator has in the Personally Controlled Electronic Health Records Act 2011.