Federal Register of Legislation - Australian Government

Primary content

Guides & Guidelines as made
These Guidelines provide for standards to apply to information about an individual’s claims stored in computer databases, under the Medicare and Pharmaceutical Benefits Programs. The National Health Act (section 135AA(5)) requires that the Guidelines must generally specify the ways in which information may be handled, and prohibits linkage of information except as permitted by the Guidelines. The Guidelines seek to ensure that separation is maintained between the two databases.
Administered by: Health
Registered 18 Sep 2008
Gazetted 08 Dec 1993
Date of repeal 19 Mar 2014
Repealed by Health (Spent and Redundant Instruments) Repeal Regulation 2014

MEDICARE AND PHARMACEUTICAL BENEFITS PROGRAMS:
PRIVACY GUIDELINES 1994

NATIONAL HEALTH ACT 1953
SECTION 135AA

1          Under section 135AA(3) of the National Health Act, 1953 I ISSUE the Medicare and Pharmaceutical Benefits Programs: Privacy Guidelines.

 

2           These Guidelines shall take effect as from 15 April 1994.

Dated    24th November                          1993

KEVIN PATRICK O'CONNOR Privacy Commissioner


MEDICARE AND PHARMACEUTICAL BENEFITS PROGRAMS: PRIVACY GUIDELINES 1994

CONTENTS Introduction

Legal Basis

Scope

 

 

A.                 Health Insurance Commission

Functional Separation of Programs

Maintenance and Disclosure of PIN Information Destruction

 

 

B.                    Department
Use of De-identified Claims Information Name Linkage

 

 

C.                   Research

 

 

D.                   Miscellaneous

 

 

E.                    Meaning of Terms


Introduction

 

 

Legal Basis

These Guidelines are issued by the Privacy Commissioner under section 135AA of the National Health Act.

 

The Guidelines have been developed in consultation with the Health Insurance Commission ("the Commission"), the Department of Health, Housing, Local Government and Community Services ("the Department"), representatives of the pharmacy and medical professions and other relevant organisations.

 

These Guidelines are disallowable instruments under section 46A of the Acts Interpretation Act 1901. They take effect from 15 April 1994 unless disallowed by Parliament. The Guidelines may be replaced or varied by written notice by the Privacy Commissioner at any time. Any such variation would also be subject to disallowance.

 

The Guidelines provide for standards to apply to information about an individual's claims under the Medicare and Pharmaceutical Benefits Programs which is stored in a computer database. The National Health Act (s 135AA(5)) requires that, so far as practicable the Guidelines must:

 

"(a)        specify the ways in which information may be stored and, in particular, specify the circumstances in which creating copies of information in paper or similar form is prohibited; and

(b)         specify the uses to which agencies may put information; and

(c)          specify the circumstances in which agencies may disclose information; and

(d)         prohibit agencies from storing in the same database:

(i)                  information that was obtained under the Medicare Benefits Program; and

(ii)                information that was obtained under the Pharmaceutical Benefits Program; and

(e)        prohibit linkage of:

(i)                  information that is held in a database maintained for the purposes of the Medicare Benefits Program; and

(ii)                information that is held in a database maintained for the purposes of the         Pharmaceutical Benefits Program;

unless the linkage is authorised in the way specified in the Guidelines; and

(f)          specify the requirements with which agencies must comply in relation to old information, in particular requirements that:

(i)                    require the information to be stored in such a way that the personal identification components of the information are not linked with the rest of the information; and

(ii)                   provide for the longer term storage and retrieval of the information; and

(iii)                 specify the circumstances in which, and the conditions subject to which, the personal identification components of the information may later be re-linked with the rest of the information."


Section 135AB of the National Health Act provides that a breach of the Guidelines constitutes an interference with privacy under Section 13 of the Privacy Act. An individual may complain to the Privacy Commissioner under section 36 of the Privacy Act about a practice that may be a breach of the Guidelines. A complaint concerning a breach of the Guidelines will be dealt with in the same way as a complaint of a breach of an Information Privacy Principle.

 

Scope

The National Health Act sets out the information to which the Guidelines apply. Paragraphs 135AA(1) and (2) of the National Health Act provide:

"(1) Subject to subsection (2), this section applies to information that:

(a)                  is information relating to an individual; and

(b)                  is held by an agency (whether or not the information was obtained by that agency or any other agency after the commencement of this section); and

(c)                  was obtained by that agency or any other agency in connection with a claim for payment of a benefit under the Medicare Benefits Program or the Pharmaceutical Benefits Program.

 

(2) This section does not apply to such information:

(a)        so far as it identifies:

(i)                  a person who provided the service or goods in connection with which the claim for payment is made; or

(ii)                a person who, in his or her capacity as the provider of services, made a referral or request to another person to provide the service or goods; or

(b)        so far as it is contained in a database that:

(i)                  is maintained for the purpose of identifying persons who are

eligible to be paid benefits under the Medicare Benefits

Program or the Pharmaceutical Benefits Program; and

(ii)                does not contain information relating to claims for payment

of such benefits; or

(c)        so far as it is not stored in a database."

 

These Guidelines seek to provide privacy protection for Medicare and Pharmaceutical Benefits claims information relating to individuals that is held by any agency under the Privacy Act. Agencies under the Privacy Act include federal and ACT departments and bodies (see section 6 of the Privacy Act for a comprehensive definition).

 

The Guidelines do not apply to information which identifies a provider of a service under the Medicare or Pharmaceutical Benefits Programs or a provider who refers an individual for a service under these programs. Nor do the Guidelines apply to databases aimed at identifying people eligible to be paid benefits under the two programs.

 

The Guidelines apply only to the claims information which is stored on a computer database.

 

These Guidelines apply to all patient claims information collected under the Pharmaceutical Benefits Program and the Medicare Program, and held on a computer database, which is still in existence.

 

These Guidelines do not regulate the disclosure of claims information by the Commission other than:

·                          in relation to any linkage between Medicare and Pharmaceutical Benefits claims information; and

·                          to the extent that the internal personal identification number (PIN) is involved.

The Guidelines should be read in conjunction with the secrecy provisions of the relevant health legislation (in particular section 130 of the Health Insurance Act and section 135A of the National Health Act) and the Information Privacy Principles (in section 14 of the Privacy Act). In some areas the Guidelines set a higher standard for the protection of claims information than is required by the Information Privacy Principles and deal with issues not covered by the Privacy Act (such as the retention, de-identification and destruction of claims information). In these cases the Guidelines override the Information Privacy Principles. Any disclosures of claims information must conform to the Guidelines and the relevant secrecy provisions in health legislation as well as Information Privacy Principle 11 (which limits disclosure of personal information).

 

These Guidelines do not cover information collected and held by the Commission and Department in carrying out functions under s.100 of the National Health Act (such as Human Growth Hormone program and Continuing Medication Program) or the Pharmacy Restructuring program (under Division 4B and 4C of Part VII of the National Health Act).

A. Health Insurance Commission

 

 

The following standards must be observed by the Health Insurance Commission in managing patient claims information in the conduct of the Medicare and Pharmaceutical Benefits Programs.

 

1.          Functional Separation of Programs

1.1 Medicare claims information and Pharmaceutical Benefits claims information must not be held on the same database. Procedures must not be established which permit claims information from either of these programs to be linked, merged or combined, other than in the exceptional circumstances listed in Guideline 1.4.

 

1.2 To ensure that functional separation is maintained between the two programs:

(a)                The claims information relevant to each program must be held in a separate database. This requirement does not prevent the Commission from locating each database within the same computer system.

(b)               Detailed technical standards must be established by the Commission which:

(i)                 specify access controls applying to each database;

(ii)                limit access to each database to those officers or contractors who have a reasonable need for access in order to ensure the effective administration of the particular program; and

(iii)              specify the security procedures and controls which have been included in each database or in the system to prevent unauthorised comparison or merging of records held in either database about the same patient.

 

1.3 These matters must be dealt with in a Technical Standards Report to be held by the Commission and filed with the Privacy Commissioner. Any variations to the technical standards should be the subject of a Variation Report also filed with the Privacy Commissioner.

 

1.4 The Commission may link, compare or combine records or information from either database relating, or expected to relate, to the same patient in the following circumstances:

(a)        for internal use where that use is:

-                    authorised or required by law, and is reasonably necessary, in a specific case or in a specific set of circumstances, for the discharge of the Commission's statutory responsibilities in relation to the enforcement of the criminal law or of a law imposing a pecuniary penalty or for the protection of the public revenue; or

(b)        for the purpose of external disclosure:

-                      in a specific case or specific set of circumstances where that disclosure is required by law; or

(c)                  for the purpose of determining an individual's eligibility for a benefit under one program, where eligibility for that benefit is dependent upon services provided under the other program; or

(d)                  where the Commission believes on reasonable grounds that the linkage is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person.

 

1.5 The discretion referred to in Guideline 1.4 may not be used to establish a data matching program between the two databases.

 

1.6 Where records or information are compared or combined for the purpose of disclosure as permitted by Guideline 1.4 (b), the internal personal identification number must not be included in any information to be disclosed unless it is expressly required by law.

 

1.7 Where records or information relating to the same patient in either database are compared or combined in conformity with Guideline 1.4 (b), (c) and (d) the Commission shall keep a note of that action and include a flag on the database which refers to that note.

 

1.8 Enrolment and entitlement databases must be kept separate from the claims databases. Personal identification details other than the personal identification numbers referred to in Guideline 2 must not be included in the claims databases.


2.                     Maintenance and Disclosure of Personal Identification Number (PIN) Information

2.1 The Commission may maintain an internal personal identification number to the extent necessary to assist it in clearly identifying each patient included in either program.

 

2.2 In assigning an internal personal identification number to a patient the Commission shall ensure that it is not based on or derived from a person's name, date of birth, address, telephone number or Medicare Card number or that it enables an individual's identity to be determined from the internal personal identification number alone. The internal personal identification number must not reveal any health related or other personal information of the patient.

 

2.3 The internal personal identification number may be provided to the Department in conjunction with de-identified details of medical or pharmacy claims. No other official patient identifying number shall be provided except as provided in Guideline 2.7. Any algorithm enabling the internal personal identification number to be decoded so as to reveal the identity of a patient must not be provided in any circumstances although a business algorithm enabling the internal PIN to be validated may be used.

 

2.4 The patient name corresponding to an internal personal identification number may only be provided to the Department where the Commission has received a request from the Department conforming to Guideline 6.

 

2.5 Where the Commission has given the Department a name or number to enable it to re-identify information in accordance with Guideline 6 the Commission shall keep a note of that action.

 

2.6 Where the Commission lawfully discloses information to an agency, organisation or individual other than the Department it must not provide both the name and the internal personal identification number unless it is expressly required by law (for example under warrant or subpoena).

 

2.7 The Commission may also supply the Department with information as to whether the records attaching to a particular personal identification number relate to an individual who is or was a participant in special schemes such as safety net arrangements under the Medicare and Pharmaceutical Benefits programs. That additional information shall not be in a form which reveals the identity of the individual.

 

3.                  Destruction

3.1       The Commission shall destroy Medicare and Pharmaceutical Benefits claims information within five years of receipt except:

(a)                  where there is current action that is pending in relation to an individual that requires the use of the information; or

(b)                  where it is necessary to retain the information because it affects entitlement to a related service which could be rendered more than five years after the service to which that information relates.

 

"Current action" refers to investigations, prosecutions, unresolved compensation matters


and action for recovery of debts current five years after the claim was received by the Commission.

 

3.2 The Commission must make special arrangements for the security of records which have been retained because current action is pending. These arrangements are to be included in the Technical Standards Report.

 

3.3 The Commission must establish procedures to ensure that any information retained for more than five years under Guideline 3.1, is destroyed as soon as practicable after the current action referred to in Guideline 3.1(a) has been completed or the circumstances referred to in Guideline 3.1(b) no longer apply. The Commission must keep the Privacy Commissioner informed of these procedures.

B. Department

 

 

The following standards must be observed by the Department in using claims information received from the Commission.

 

5.           Use of De-Identified Claims Information

5.1 Claims information in computer form provided to the Department by the Commission in de-identified form may be used by the Department as permitted by the Secretary to the Department.

 

5.2 The Secretary must not permit the establishment of a system which maintains the de-identified records from both programs in a combined form on a permanent basis in conjunction with the internal personal identification number.

(a)                  This Guideline does not prevent the use of a new and unrelated number as an identifier of the common record.

(b)                  This Guideline does not prevent Pharmaceutical Benefits and Medicare claims information concerning particular individuals from being temporarily linked by the PIN where:

(i)                     the linkage is necessary for a use permitted by the Secretary; and

(ii)                    claims information identified by the PIN or any personal identification components (defined in section 135AA(11) of the National Health Act) is used solely as a necessary intermediate step to obtain aggregate or de-identified information; and

(iii)                 claims information temporarily linked is destroyed within 1 month of its creation.

Claims information from the two databases shall only be linked in this temporary manner where there is no practicable alternative (such as linkage via an unrelated number).

 

5.3 De-identified claims information may be held indefinitely for policy and research purposes.


5.4 Where the Department discloses claims information relating to patients in a de-identified form (other than in accordance with Guideline 6), the Department must be reasonably satisfied that the recipient is not in a position to re-identify the information.

 

6.          Name Linkage

6.1 An officer of the Department may obtain from the Commission the name and other personal identification components corresponding to the internal personal identification number where that is authorised by the Secretary and is necessary:

(a)                  to clarify which information relates to a particular patient where doubt has arisen in the conduct of an activity involving the comparison or linkage of de-identified information; or

(b)                  for the purpose of disclosing personal information in a specific case or in a specific set of circumstances as expressly authorised or required by law.

 

6.2 The Secretary of the Department must establish procedures which ensure that where information is obtained under paragraph (a) of Guideline 6.1 that information is not retained once the doubt has been clarified.

 

6.3 The Department must maintain and make publicly available a policy statement outlining its usual practices of disclosure in relation to paragraph (b) of Guideline 6.1.

 

6.4 The Secretary of the Department must establish procedures which ensure that a request to disclose identified patient information is usually referred to the Commission and is only handled by the Department where it is not practical for the request to be referred to the Commission for action.

 

6.5 In cases where information is obtained under paragraph (b) of Guideline 6.1, the Secretary of the Department must establish procedures which ensure that

 

(a)                a central record of those transactions is retained by the Department, and

(b)               the central record is held under strict security by a designated officer.

 

6.6 The Secretary must keep the Privacy Commissioner informed of the procedures developed under Guidelines 6.2, 6.4 and 6.5.

C. Research

 

 

7. The Guidelines do not prevent the Commission from disclosing claims information for research purposes where the individuals who are the subject of that information have given free and informed consent to participate in the research project. Nor do the Guidelines prevent the researcher retaining that information after it has become old information provided the researcher continues to have the free and informed consent of the individual. However, the Commission should take reasonable steps to ensure that once the research project has concluded, or if it has notice that an individual has


withdrawn his or her consent, that the claims information is destroyed. D. Miscellaneous

8.         Paper copies, or copies in a similar form, of information contained in either database may be made where it is useful for the purpose at hand. However paper copies, or copies in a similar form, may not be made of the complete or a major proportion of a single database or all relevant databases. Paper copies of information must not be made for the purpose of circumventing the requirements of these Guidelines.

9.         The Commission and the Secretary of the Department must keep the Privacy Commissioner informed of any arrangements that the Commission or the Department make in relation to any delegation or authorisations given that are associated with the implementation of these Guidelines.

10.     The Commission and Department shall take such steps as are reasonable in the circumstances to make all staff aware of the need to protect the privacy of individuals in relation to claims information and of the content of these Guidelines.

11.     To the extent that a Guideline is inconsistent with the Information Privacy Principles the Guideline prevails.


E. Meaning of Terms

 

 

"agency" is defined in section 135AA(11) of the National Health Act 1953 as "having the same meaning as in the Privacy Act 1988" ;

 

"the Commission" means the Health Insurance Commission;

 

"database" is defined in section 135AA(11) of the National Health Act 1953 as "a discrete body of information stored by means of a computer";

 

"the Department" means the portfolio department responsible for the Medicare and Pharmaceutical Benefits Program;

 

"Medicare Benefits Program" is defined in section 135AA(11) of the National Health Act 1953 as "the program for providing Medicare benefits under the Health Insurance Act 1973";

 

"Medicare claims information" refers to the information provided in connection with a claim under the Medicare Benefits Program and includes identification information in respect of the person to whom a service attracting Medicare benefit was provided, the person who provided the service, where appropriate the person who requested the service; and the details of the service provided;

 

"National Health Act" refers to the National Health Act 1953;

 

"old information" is defined in section 135AA(11) of the National Health Act 1953 as "information to which this section [section 135AA of the National Health Act 1953] applies that has been held by one or more agencies for at least the preceding 5 years" ;

 

"patient" refers to a person who received a service for which a claim under the Medicare Benefits Program or the Pharmaceutical Benefits Program has been made;

 

"personal identification components", in relation to information, is defined in section 135AA(11) of the National Health Act 1953 as "so much of the information as includes any of the following:

(a)                the name of the person to whom the information relates;

(b)               the person's address;

(c)                the person's Medicare card number;

(d)               the person's Pharmaceutical entitlements number";

 

"personal identification number" means the internal identification used by the Commission to identify individuals eligible to receive Pharmaceutical or Medicare Benefits. It is an internal reference number, separate and unrelated to the Medicare card number;

 

"Pharmaceutical Benefits claims information" refers to the information provided in


connection with a claim for benefit under the Pharmaceutical Benefits Program and includes identification information in respect of the person to whom pharmaceuticals were supplied, the person who prescribed the service, the person who supplied the benefit; and the details of the service provided;

"Pharmaceutical Benefits Program" is defined in section 135AA(11) of the National Health Act 1953 as "the program for supplying pharmaceutical benefits under Part VII of this [National Health] Act";

 

"Privacy Act" means the Privacy Act, 1988;

Any term used in these Guidelines which is defined in the Privacy Act 1988 has that meaning.