Federal Register of Legislation - Australian Government

Primary content

Healthcare Identifiers Regulations 2010

Authoritative Version
SLI 2010 No. 190 Regulations as amended, taking into account amendments up to Healthcare Identifiers Amendment Regulation 2012 (No. 1)
These Regulations set out provisions relating to the assignment, collection, use, adoption and disclosure of healthcare identifiers.
Administered by: Health
Registered 29 Jun 2012
Start Date 29 Jun 2012
End Date 29 Jun 2013
Date of repeal 28 Aug 2020
Repealed by Healthcare Identifiers Regulations 2020
Table of contents.

Commonwealth Coat of Arms

Healthcare Identifiers Regulations 2010

Select Legislative Instrument 2010 No. 190 as amended

made under the

This compilation was prepared on 29 June 2012
taking into account amendments up to SLI 2012 No. 160

Prepared by the Office of Legislative Drafting and Publishing,
Attorney‑General’s Department, Canberra


Contents

                        1      Name of Regulations [see Note 1]                                    3

                        2      Commencement                                                              3

                        3      Definitions                                                                      3

                        4      National registration authorities                                        4

                        5      Identifying information                                                     4

                        6      Updating healthcare provider information held by service operator    6

                        7      Rules about requesting disclosure of healthcare identifiers from the service operator 7

                        8      Maintaining records about healthcare identifiers disclosed by service operator          9

                       12      Limit on collection, use and disclosure of information     11

                       13      Authorisation of collection, use and disclosure related to PCEHR system—registration of healthcare recipient                                                        11

                       14      Authorisation of collection, use and disclosure related to PCEHR system—healthcare providers                                                                                    12

Notes                                                                                                          13

 


  

  

1              Name of Regulations [see Note 1]

                These Regulations are the Healthcare Identifiers Regulations 2010.

2              Commencement

                These Regulations commence on 1 July 2010.

3              Definitions

                In these Regulations:

Act means the Healthcare Identifiers Act 2010.

evidence of identity process means the process to confirm the identity of a healthcare provider organisation’s responsible officer and organisation maintenance officer undertaken by:

                (a)    if the responsible officer or organisation maintenance officer is an individual healthcare provider who is registered by a registration authority as a member of a health profession—the Australian Health Practitioner Regulation Agency; or

               (b)    in any other case—the service operator.

National Law means:

                (a)    for a State or Territory other than Western Australia — the Health Practitioner Regulation National Law set out in the Schedule to the Health Practitioner Regulation National Law Act 2009 (Qld) as it applies (with or without modification) as law of the State or Territory; or

               (b)    for Western Australia — the legislation enacted by the Health Practitioner Regulation National Law (WA) Act 2010 that corresponds to the Health Practitioner Regulation National Law.

Note   The Intergovernmental Agreement for a National Registration and Accreditation Scheme for the Health Professions that was made on 26 March 2008 provides for the enactment of the State and Territory legislation mentioned in this definition.

PCEHR Act means the Personally Controlled Electronic Health Records Act 2012.

Note   For the definitions of the following terms, see section 5 of the Act:

·      individual healthcare provider

·      network organisation

·      organisation maintenance officer

·      PCEHR System Operator

·      responsible officer

·      seed organisation

·      service operator.

4              National registration authorities

                For section 8 of the Act, each of the following registration authorities is a national registration authority:

                (a)    a National Health Practitioner Board established by the National Law;

               (b)    if it is authorised under the National Law to assign healthcare identifiers to healthcare providers — the Australian Health Practitioner Regulation Agency established by the National Law.

Note   National Health Practitioner Boards and the Australian Health Practitioner Regulation Agency are expected to be established by all States and Territories under the National Law.

5              Identifying information

         (1)   For paragraph 7 (1) (g) of the Act, each of the following is identifying information:

                (a)    an email address;

               (b)    a telephone number;

                (c)    a fax number;

               (d)    the status of the healthcare identifier assigned under paragraph 9 (1) (a) of the Act to the individual healthcare provider.

Example   Active, deactivated or retired.

         (2)   For paragraph 7 (2) (e) of the Act, each of the following is identifying information:

                (a)    an email address;

               (b)    a telephone number;

                (c)    a fax number;

               (d)    the status of the healthcare identifier assigned under paragraph 9 (1) (a) of the Act to the healthcare provider organisation;

Examples   Active, deactivated or retired.

                (e)    if applicable, the organisation’s business name on the register established under section 22 of the Business Names Registration Act 2011;

Note   Also see paragraph 7 (2) (a) of the Act which states that the name of the healthcare provider is also identifying information.

                (f)    the type of healthcare service the healthcare provider organisation provides to another healthcare provider or a healthcare recipient;

Examples   General practice services, public hospital services or diagnostic imaging services.

               (g)    the name, date of birth and date of death (if applicable) of the healthcare provider organisation’s responsible officer and organisation maintenance officer;

               (h)    the work address, email address, telephone number and fax number of the healthcare provider organisation’s responsible officer and organisation maintenance officer;

                (i)    the identifying number assigned to the organisation’s responsible officer and organisation maintenance officer by the service operator;

                (j)    whether an evidence of identity process has been undertaken for a healthcare provider organisation’s responsible officer and organisation maintenance officer;

               (k)    if an evidence of identity process is being undertaken for a healthcare provider organisation’s responsible officer and organisation maintenance officer—the name of the agency or service operator undertaking the process;

                (l)    if an evidence of identity process has been undertaken for a healthcare provider organisation’s responsible officer and organisation maintenance officer—the name of the agency or service operator that undertook the process, the outcome of the process and when the process was undertaken;

              (m)    the record that specifies the network address and technical requirements permitting electronic messages to be sent to the healthcare provider organisation;

               (n)    any other network organisation or seed organisation within the meaning of section 9A of the Act that the healthcare provider organisation is linked to in a network.

Note   Other identifying information may be required by the service operator from a healthcare provider — see section 7 of the Act.

6              Updating healthcare provider information held by service operator

         (1)   This regulation applies to a person:

                (a)    who is any of the following:

                          (i)    a healthcare provider organisation that is an identified healthcare provider;

                         (ii)    a partner in a partnership that is a healthcare provider organisation;

                        (iii)    a trustee of a trust that is a healthcare provider organisation;

                        (iv)    an office holder of an unincorporated association or body that is a healthcare provider organisation;

                         (v)    an individual healthcare provider who is an identified healthcare provider and who is not regulated under the National Law; and

               (b)    for whom the entity mentioned in paragraph (a) that applies to the person, if any, is assigned a healthcare identifier by the service operator.

Note   An individual healthcare provider who is regulated only under the National Law is not subject to subregulations (2) to (4), but must tell the national registration authority that regulates the person of specified events and changes of circumstances — see the National Law.

         (2)   For section 14 of the Act, the person must, within 28 days after becoming aware of the change, tell the service operator about:

                (a)    any change of circumstance that removes the healthcare provider from a class of healthcare providers mentioned in section 9A of the Act unless the change of circumstance is that the healthcare provider no longer has a responsible officer or organisation maintenance officer; and

               (b)    a change of circumstance that is that the healthcare provider no longer has a responsible officer or organisation maintenance officer.

         (3)   For section 14 of the Act, an individual healthcare provider must also tell the service operator about any change to the identifying information of the healthcare provider, other than a change mentioned in paragraph (2) (a) or (b), within 28 days of becoming aware of the change.

         (4)   A person mentioned in subregulation (1) commits an offence if the person does not to comply with paragraph (2) (a).

Penalty:   50 penalty units.

7              Rules about requesting disclosure of healthcare identifiers from the service operator

         (1)   For section 21 of the Act, a healthcare provider is authorised to request the service operator to disclose an identifier that is assigned to a healthcare recipient to the person making the request if:

                (a)    the healthcare provider is:

                          (i)    an identified healthcare provider; and

                         (ii)    within a class of healthcare providers mentioned in section 9A of the Act at the time the request for disclosure is made; and

               (b)    the healthcare provider is to use or disclose the healthcare identifier to manage or communicate information supporting the provision of healthcare; and

                (c)    the person making the request:

                          (i)    provides healthcare; or

                         (ii)    has duties relating to its provision; or

                        (iii)    is an employee of a contracted service provider of the healthcare provider, who has duties relating to the provision of healthcare.

Note   The service operator may disclose healthcare identifiers to an employee of an identified healthcare provider or of a contracted service provider of an identified healthcare provider, for certain purposes, if the healthcare provider has, by notice to the service operator, authorised the employee or contracted service provider to act on its behalf — see section 17 of the Act.

         (2)   Subregulation (3) applies to the following persons:

                (a)    a healthcare provider organisation that is a person;

               (b)    a partner in a partnership that is a healthcare provider organisation;

                (c)    a trustee of a trust that is a healthcare provider organisation;

               (d)    an office holder of an unincorporated association or body that is a healthcare provider organisation.

Note   A person includes a body corporate — see paragraph 22 (1) (a) of the Acts Interpretation Act 1901. A healthcare provider organisation may be a person — see the definition of healthcare provider organisation in section 5 of the Act. A sole practitioner is both an individual healthcare provider and a healthcare provider organisation — see the definition of sole practitioner in section 5 of the Act.

         (3)   A person mentioned in subregulation (2) commits an offence if:

                (a)    the healthcare provider organisation mentioned in subregulation (2) requests disclosure of a healthcare identifier from the service operator; and

               (b)    either:

                          (i)    paragraph (1) (a) or (b) does not apply in relation to the healthcare provider organisation; or

                         (ii)    paragraph (1) (c) does not apply in relation to the person making the request; and

                (c)    the service operator discloses a healthcare identifier to the healthcare provider organisation.

Penalty:   50 penalty units.

         (4)   For section 21 of the Act, a healthcare provider organisation that requests the service operator to disclose a healthcare identifier must ensure that:

                (a)    the service operator has the current names and contact details of the provider’s responsible officer and organisation maintenance officer; and

               (b)    its responsible officer, organisation maintenance officer and any other person authorised to access healthcare identifiers that have been disclosed are aware of their obligations under the Act and these Regulations.

Note 1   A healthcare provider organisation must also comply with section 27 of the Act in relation to the protection of healthcare identifiers. All healthcare providers must comply with the Privacy Act 1988 in relation to the protection of health information as defined in subsection 6 (1) of that Act, or with equivalent State or Territory legislation, to the extent that it applies to them.

Note 2   A breach of the regulations in relation to the healthcare identifier of an individual is taken to be an interference with the privacy of the individual for the purposes of the Privacy Act 1988. The act or practice may be the subject of a complaint to the Privacy Commissioner under section 36 of that Act — see subsection 29 (1) of the Act.

8              Maintaining records about healthcare identifiers disclosed by service operator

         (1)   For section 22 of the Act, a healthcare provider must:

                (a)    at the time of making a request for disclosure of a healthcare identifier — give enough identifying information to ensure the service operator can identify by name the person making the request without having to seek additional information from another person; or

               (b)    if the healthcare provider does not comply with paragraph (a):

                          (i)    keep a retrievable record of each person who accessed, from the service operator, a healthcare identifier for the healthcare provider; and

                         (ii)    give the record to the service operator upon written request from the service operator.

Example for paragraph (a)

Identifying information may be given as part of the data transmitted to the service operator from a healthcare provider’s practice management software.

Note   A healthcare provider that complies with paragraph (1) (a) need not keep records of the identities of the individuals requesting disclosure, or of the identifying information given to the service operator, because the service operator will record the information — see section 10 of the Act.

         (2)   For paragraph (1) (b), the retrievable record must:

                (a)    include the person’s name or other information that can be used to identify the individual; and

               (b)    be kept:

                          (i)    while the person accessing healthcare identifiers for the healthcare provider is authorised by the healthcare provider organisation to access healthcare identifiers; and

                         (ii)    for 7 years starting on the day after the person ceased to be authorised.

Example

The retrievable record may be drawn from a healthcare provider’s own records identifying the authorised person. These records may be kept in logs as part of the healthcare provider’s practice management software.

         (3)   Subregulation (4) applies to the following persons:

                (a)    a healthcare provider organisation that is a person;

               (b)    a partner in a partnership that is the healthcare provider organisation;

                (c)    a trustee of a trust that is the healthcare provider organisation;

               (d)    an office holder of an unincorporated association or body that is the healthcare provider organisation.

         (4)   A person mentioned in subregulation (3) commits an offence if the healthcare provider organisation mentioned in subregulation (3):

                (a)    does not comply with paragraph (1) (a); and

               (b)    does not give the information mentioned in paragraph (2) (a):

                          (i)    if requested by the service operator — in writing; and

                         (ii)    within 14 days after receiving the request.

Penalty:   50 penalty units.

12            Limit on collection, use and disclosure of information

                For paragraph 22D (3) (a), the following information is prescribed:

                (a)    information that relates to the healthcare recipient’s medical and other treatment or benefits received by the recipient through the Repatriation Pharmaceutical Benefits Scheme under the Veterans’ Entitlements Act 1986;

               (b)    information that relates to the healthcare recipient’s compensation and rehabilitation under the Safety, Rehabilitation and Compensation Act 1988;

                (c)    information that relates to the treatment of service injuries and diseases, rehabilitation or compensation of a healthcare recipient under the Military Rehabilitation and Compensation Act 2004.

13            Authorisation of collection, use and disclosure related to PCEHR system—registration of healthcare recipient

                For section 22E of the Act, a healthcare provider is authorised to collect, use and disclose a healthcare recipient’s identifying information and healthcare identifier to the PCEHR System Operator so far as:

                (a)    the disclosure is to assist in applying for registration of the healthcare recipient as a consumer under Division 1 of Part 3 of the PCEHR Act; and

               (b)    the collection, use or disclosure is reasonably necessary for the performance of a function of the PCEHR System Operator in relation to the PCEHR system.

Note   A function of the PCEHR System Operator is to register consumers and participants in the PCEHR system: see paragraph 15 (f) of the PCEHR Act.

14            Authorisation of collection, use and disclosure related to PCEHR system—healthcare providers

                For section 22E of the Act, the following persons are authorised to collect, use and disclose a healthcare provider’s identifying information and healthcare identifier to a participant in the PCEHR system for the purposes in paragraph 22E (f) of the Act:

                (a)    a healthcare provider;

               (b)    the PCEHR System Operator;

                (c)    the service operator.

 


Notes to the Healthcare Identifiers Regulations 2010

Note 1

The Healthcare Identifiers Regulations 2010 (in force under the Healthcare Identifiers Act 2010) as shown in this compilation comprise Select Legislative Instrument 2010 No. 190 amended as indicated in the Tables below.

 

Table of Instruments

Year and
Number

Date of FRLI registration

Date of
commencement

Application, saving or
transitional provisions

2010 No. 190

30 June 2010 (see F2010L01829)

1 July 2010

 

2012 No. 160

28 June 2012 (see F2012L01401)

29 June 2012

Table of Amendments

ad. = added or inserted      am. = amended      rep. = repealed      rs. = repealed and substituted

Provision affected

How affected

R. 3...................................

am. 2012 No. 160

R. 5...................................

am. 2012 No. 160

R. 12.................................

ad. 2012 No. 160

R. 13.................................

ad. 2012 No. 160

R. 14.................................

ad. 2012 No. 160