Federal Register of Legislation - Australian Government

Primary content

National Health (Privacy) Rules 2018

Authoritative Version
Rules/Other as made
These rules concern the handling by agencies, of information obtained by any agency in connection with a claim for a payment or benefit under the Medicare Benefits Program and the Pharmaceutical Benefits Program (‘claims information’). The Australian Information Commissioner is required to issue such rules under section 135AA(3) of the National Health Act 1953.
Administered by: Health
Registered 12 Oct 2018
Tabling HistoryDate
Tabled HR15-Oct-2018
Tabled Senate15-Oct-2018
To be repealed 01 Apr 2022
Repealed by Self Repealing

 

EXPLANATORY STATEMENT

National Health (Privacy) Rules 2018

Issued by the authority of the Australian Information Commissioner under section 135AA of the National Health Act 1953 (the National Health Act).

Purpose and authority

Purpose

The National Health (Privacy) Rules 2018 (the Rules) concern the handling by agencies, of information obtained by any agency in connection with a claim for a payment or benefit under the Medicare Benefits Program and the Pharmaceutical Benefits Program (‘claims information’). The Australian Information Commissioner is required to issue such rules under section 135AA(3) of the National Health Act.

The Rules are legally binding and ensure that claims information is linked and used only for limited purposes and in particular circumstances.  A breach of the Rules constitutes an interference with privacy under section 13 of the Privacy Act 1988 (the Privacy Act). In turn, an individual may complain to the Australian Information Commissioner about an alleged interference with their privacy.

Authority

The authority for making the Rules, and the requirements as to the matters they must deal with, are prescribed in subsections 135AA(3) to (5) of the National Health Act. These are the first ‘Rules’ to be issued, as previously these sections of the National Health Act authorised the making of ‘guidelines’. In 2012, the National Health Act was amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 to provide that the Australian Information Commissioner issue rules, rather than guidelines, under section 135AA.

Subsections 135AA(3) to (5) of the National Health Act provide:

Issuing rules

(3)        The Information Commissioner must, by legislative instrument, issue rules relating to information to which this section applies.

(3A)      The issuing of rules under this section is a privacy function for the purposes of the Australian Information Commissioner Act 2010.

Replacing or varying rules

(4)        At any time, the Information Commissioner may, by legislative instrument, issue further rules that vary the existing rules.

(5)        So far as practicable, the rules must:

(a) specify the ways in which information may be stored and, in particular, specify the circumstances in which creating copies of information in paper or similar form is prohibited; and

(b) specify the uses to which agencies may put information; and

(c) specify the circumstances in which agencies may disclose information; and

(d) prohibit agencies from storing in the same database:

(i) information that was obtained under the Medicare Benefits Program; and

(ii) information that was obtained under the Pharmaceutical Benefits Program; and

(e) prohibit linkage of:

(i) information that is held in a database maintained for the purposes of the Medicare Benefits Program; and

(ii) information that is held in a database maintained for the purposes of the Pharmaceutical Benefits Program;

    unless the linkage is authorised in the way specified in the rules; and

(f) specify the requirements with which agencies must comply in relation to old information, in particular requirements that:

(i) require the information to be stored in such a way that the personal identification components of the information are not linked with the rest of the information; and

(ii) provide for the longer term storage and retrieval of the information; and

(iii) specify the circumstances in which, and the conditions subject to which, the personal identification components of the information may later be re‑linked with the rest of the information.

Relevant provisions of the Privacy Act

Personal information is defined in section 6 of the Privacy Act as:

… information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in material form or not.

Notably, the information to be covered by these Rules is defined in broader terms than the definition of ‘personal information’ in the Privacy Act. This is discussed below (see ‘Information regulated by the Rules’).

In making these Rules, the Australian Information Commissioner has met the statutory obligations under section 29 of the Privacy Act to give regard to the objects of that Act, set out in section 2A. This includes recognising that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities.

Other relevant legislation

The secrecy provisions set out in section 130 of the Health Insurance Act 1973 and section 135A of the National Health Act prescribe rules around the handling of information collected in the course of the activities of both the Department of Health and the Department of Human Services. In making these Rules, the Australian Information Commissioner considered the effect and interaction of these provisions.

Background

The National Health Act was amended in 1993 by the National Health Amendment Act 1993 to introduce section 135AA and section 135AB. The then Privacy Commissioner first issued what were then guidelines under those sections on 24 November 1993, which came into effect on 15 April 1994. 

Guidelines were last issued in 2008 in the National Health Act 1953 – Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs (06/03/2008) (the 2008 guidelines). These guidelines substantively amended previous guidelines to implement the findings of a review. The then Office of the Privacy Commissioner published its Report of the Privacy Commissioner’s Review of the Privacy Guidelines for the Handling of Medicare and PBS claims information (‘Review Report’) in August 2006.

Arrangements relevant to section 135AA of the National Health Act

The Department of Health has indicated that it intends to review the arrangements relevant to section 135AA of the National Health Act as part of a measure to improve Medicare compliance. The Department of Health has indicated it will continue to consult with key stakeholders, including the Office of the Australian Information Commissioner (the Office) on the compliance measure. Related information is available at the Department of Health’s webpage: ‘Guaranteeing Medicare - improving safety and quality through stronger compliance’ at www.health.gov.au/internet/main/publishing.nsf/Content/health-compliance.

Given the intended review of the arrangements relevant to section 135AA, the Australian Information Commissioner has formed the view that it would be inappropriate to undertake a substantive review and remake of the Rules at this time. The Australian Information Commissioner has therefore remade the Rules in substantively the same terms as the 2008 guidelines, subject to updates discussed below.

The Australian Information Commissioner’s intention is therefore that the Rules should maintain the current regulatory arrangements over the short term. Consequently, the Rules contain a self-repealing provision and will sunset in three years on 1 April 2022. A three-year period has been chosen to allow time for the intended review and any outcomes to be implemented, noting that section 135AA requires any remade Rules to be lodged well in advance of the sunset or repeal date.

Changes from the 2008 guidelines

The Australian Information Commissioner has updated the Rules to reflect current administrative arrangements – in particular, those relating to agency names and functions – as set out in the Administrative Arrangements Order on 19 April 2018. These updates include amendments to reflect the machinery of government changes arising from a previous administrative arrangement order – the Administrative Arrangements Order on 30 September 2015. Administrative arrangements orders are available at the Federal Register of Legislation website at www.legislation.gov.au.

The nature of the 2015 machinery of government changes are that health provider compliance functions, vested in the Chief Executive Medicare, are now performed by officers of the Department of Health under delegated powers. The Department of Health now performs compliance functions under various portfolio legislation including: Human Services (Medicare) Act 1973 (HSM Act); Health Insurance Act 1973; National Health Act 1953 and Dental Benefits Act 2008. The functions were conferred on the Chief Executive Medicare and delegated to Health employees under section 8AC of the HSM Act, which relevantly provides that the Chief Executive Medicare may delegate his or her functions under the HSM Act or any other Act to a Departmental employee.

These Rules therefore update the requirements in the 2008 guidelines to more accurately reflect the practical administrative arrangements between the Departments. In particular, the Rules reflect that when health provider compliance functions are exercised, the officers involved – though technically employed by the Department of Health – perform these functions under delegated powers of the Chief Executive Medicare. Information is only accessed by officers assisting the Chief Executive Medicare to perform his or her health provider compliance functions and remains under the control of the Chief Executive Medicare. In these circumstances, there may be no ‘disclosure’ of information to the Department of Health by the Department of Human Services, when these officers perform their work as delegates of the Chief Executive of Medicare.

Throughout these Rules, references to ‘the Department’ or ‘the Department of Health and Ageing’ have been changed to the Department of Health. References to ‘Medicare Australia’ have been changed to the Department of Human Services, or the Chief Executive Medicare. Some references to the Chief Executive Medicare have also been added, to enable the Chief Executive Medicare to carry out certain activities already permitted under the Rules. In addition, some further references to the Department of Health have been added, for the same reasons as for the Chief Executive Medicare (and specifically, to enable the Department of Health to assist or enable the Chief Executive Medicare to carry out the health provider compliance functions).

These Rules have also been updated to reflect current drafting standards, for example those of the Office of Parliamentary Counsel.

Apart from these amendments, the regulatory requirements in the Rules are substantively unchanged from the 2008 guidelines.

Consultation

Before issuing rules, the Australian Information Commissioner is required under section 135AA(6) of the National Health Act to take reasonable steps to consult with organisations, including agencies, whose interests would be affected by those rules. Consultation is also required in accordance with section 17 of the Legislation Act 2003.

The Office has engaged in a targeted consultation process in remaking the Rules. The Office notified the key agencies that will be affected by the Rules, being the Department of Health and the Department of Human Services. These agencies are also subject matter experts in relation to the operation of previous guidelines.

In particular, the Office has provided the Department of Health and the Department of Human Services with draft versions of the Rules, and had regard to their comments concerning updates in relation to:

·         reflecting the relevant machinery of government changes as brought about by the Administrative Arrangements Order on 30 September 2015

·         ensuring the names and definitions of the relevant agencies throughout the Rules reflect the  arrangements in relation to the exercise of the health provider compliance functions

·         the definition of ‘health provider compliance function’.

Given that the changes made to the Rules are limited to those that are non-substantive, or those made to reflect current administrative arrangements, the Office has consulted only with affected agencies, the Department of Health and the Department of Human Services. 

The Australian Information Commissioner is satisfied that this targeted consultation process is appropriate in the circumstances, given:

·         that the Department of Health is consulting more broadly around the arrangements relevant to section 135AA;

·         the limited (non-substantive) nature of the updates made to the Rules; and

·         the short-term application of the Rules.

Information regulated by the Rules

The information to which the Rules apply is set out in subsection 135AA(1) of the National Health Act, being information that:

(a) is information relating to an individual; and

(b) is held by an agency (whether or not the information was obtained by that agency or any other agency after the commencement of this section); and

(c) was obtained by that agency or any other agency in connection with:

(i) a claim for payment of a benefit under the Medicare Benefits Program or the Pharmaceutical Benefits Program; or

(ii) a supply of a pharmaceutical benefit to which subsection 98AC(1) applies.

Section 135AA(2) expressly excludes from the regulation of the rules:

·         information relating to the providers of goods and services about which the claim was made, or the providers of pharmaceutical benefits;

·         information in a database that is maintained for the purpose of identifying individuals who are eligible for entitlements under the two benefits programs; and

·         information that is not stored in a database.

The difference between information regulated by the Rules and information regulated by the Privacy Act is worth noting. The definition of ‘personal information’ for the purposes of the Privacy Act only covers information or an opinion about an identified individual, or an individual who is reasonably identifiable.

In contrast, the Rules apply to a broader category of information that ‘relates to’ an individual, by virtue of section 135AA(1). The Australian Information Commissioner believes that information that ‘relates to’ an individual need not necessarily identify that individual. In this way, claims information that is stripped of its ‘personal identification components’, that is – names, addresses and Medicare card and Pharmaceutical entitlement numbers – would still fall within the scope of the Rules (though may not, in such circumstances, be regulated by the general provisions of the Privacy Act).  

In the Australian Information Commissioner’s view, subsection 135AA(5)(f) of the National Health Act expressly reflects that the rules should apply to this broader category of information. This provision requires that the Australian Information Commissioner make rules regarding how information stripped of personal identification components is to be handled, notwithstanding that such information would not ordinarily be covered by the Privacy Act.

Policy intent of the legislation and Rules

The policy intent of the enabling provision for the Rules, section 135AA of the National Health Act, is to recognise the sensitivity of health information and restrict the linkage of claims information. Such linkages may reveal detailed information on the health status and history of the majority of Australians, beyond what is necessary for the administration of the respective programs. As discussed further below, it should be noted that provision remains for the use of such information for health policy and medical research purposes in certain circumstances.

The purpose of the Rules is to give effect to section 135AA of the National Health Act. The Rules provide specific standards and safeguards for the way that individuals’ claims information is to be handled by agencies when stored in computer databases. These standards are in addition to any requirements that may be imposed by the Australian Privacy Principles (‘APPs’) contained in Schedule 1 to the Privacy Act. 

The key objectives of the Rules are to ensure that claims information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program are held on separate databases, as well as establishing the circumstances under which this information may be linked and retained in linked form. In addition, the Rules prescribe the circumstances in which claims information may be retained in various forms, such as where the claims information is separated from personal identification components (that is, ‘de-identified’). The Rules also put in place regular reporting requirements and a framework for limited retention periods. These are intended to ensure that the linkage and retention of claims information does not result in the de facto combination of the two databases.

Statement of compatibility with human rights

Subsection 9(1) of the Human Rights (Parliamentary Scrutiny) Act 2011 requires the rule-maker in relation to a legislative instrument to which section 42 (disallowance) of the Legislation Act 2003 applies to cause a statement of compatibility to be prepared in respect of that legislative instrument. The statement of compatibility set out below has been prepared to meet that requirement.

General operation and effect of these Rules

Legal status of these Rules

The Rules are legally binding on agencies and ensure that claims information is linked and used only for limited purposes and in particular circumstances.

The Rules ensure that the sensitive health information contained in databases holding claims information is appropriately managed and protected. This protection accords with the legislative intent of section 135AA of the National Health Act. The protection afforded by the Rules applies in addition to the protection given to personal information under the Privacy Act. 

In some instances, the Rules set a higher standard of protection for claims information than that required under the Privacy Act and deal with issues not covered by the APPs  including by specifying obligations concerning the retention, de-identification and destruction of claims information. Section 15 clarifies that the Rules prevail in such cases where they impose more restrictive obligations than the Privacy Act. The Rules cannot, however, permit something that is otherwise prohibited by the Privacy Act.

A breach of the Rules constitutes an interference with privacy under section 13 of the Privacy Act. In turn, an individual may complain to the Australian Information Commissioner about an alleged interference with their privacy.

Explanation of sections

Part 1 – Introduction

Section 1 Name

This section states that the name of the instrument is the National Health (Privacy) Rules 2018.

Section 2 Commencement

This section states that the instrument commences on 1 April 2019.

Section 3 Authority

The section identifies that section 135AA of the National Health Act provides the authority under which the instrument is made.

Section 4 Definitions

This section defines certain terms used in the Rules.

A note to this section explains that a number of terms are defined in section 135AA of the National Health Act. 

Section 5 Repeal of this instrument

This section states that the instrument is to be repealed at the start of 1 April 2022.

Section 6 Repeal of the National Health Act 1953  – Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs (06/03/2008)

This section repeals the National Health Act 1953 –  Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs (06/03/2008).

Part 2 – Australian Government Agencies

This part applies to all Australian Government agencies. Part 2 includes one section only.

Section 7 Handling of claims information

This section applies to all Australian Government agencies. The meaning of ‘agencies’ is as defined in section 6 of the Privacy Act, as provided in section 135AA(11) of the National Health Act. Section 7 gives effect to section 135AA(5)(d), which requires an absolute prohibition against agencies storing claims information on the one database. 

Section 135AA of the National Health Act requires the Australian Information Commissioner to issue rules that, as far as practicable, regulate the handling of claims information by agencies.  The Australian Information Commissioner is satisfied that the term "so far as practicable" refers to the feasibility of using the rules to achieve the objectives set out by the legislation, rather than what "is practicable" for any party affected by the Rules. For example, it may not be practicable to draft rules that prescriptively regulate the minutiae of various processes that occur when claims information is linked.

In regard to section 7, it is practicable for this section to give effect to the clear and express requirement of section 135AA(5)(d). Further, as the provision is drafted without allowance for any exceptions, there would appear to be no discretion to alter the requirement that claims information be kept on separate databases when held by agencies.

While the primary record holders of claims information are the Department of Human Services and the Department of Health, section 7 prescribes the general obligations which all agencies must meet, excluding those agencies not regulated by the Privacy Act.

The extension of this prohibition to all agencies (as defined by the Privacy Act) ensures that the Rules meet the statutory requirements of section 135AA(5)(d). The Australian Information Commissioner has no discretion in making the Rules.

Part 3 – the Department of Health and the Department of Human Services 

Part 3 of the Rules apply to the two agencies that will most commonly handle claims information, these being the Department of Health and the Department of Human Services. 

Section 8 Management of claims information

Sections 8(1) and (8)(2) respectively provide for the separation of claims information in different databases, and the separation of those databases from enrolment and entitlement databases. 

Section 8(3) ensures that claims information in the Medicare Benefits Program and Pharmaceutical Benefits Program databases are stripped of personal identification components, such as name and address information, with the exception of a Medicare card number, or a Pharmaceutical entitlements number.   

Information that is more than five years old is considered ’old information’, and this information must not be stored with any personal identification components, including the Medicare card number or the Pharmaceutical entitlements number. This is reflected in section 11(1)(b).

Section 8(4) requires that the Department of Human Services must establish standards to ensure a range of technical matters are adequately dealt with in designing a computer system to store claims information. This section has been amended to clarify that established technical standards should be maintained. These standards include ensuring adequate security arrangements as required in sections 10(2) and 11(4), and measures to restrict access to the relevant databases; restricting the linkage of information held on the relevant databases, and the means to trace those linkages; and specifying destruction schedules for linked information.

Previously, the 2008 guidelines provided that these technical standards must be provided in a report to the then Privacy Commissioner within six months of the date that those guidelines came into effect. This was a point-in-time requirement which is no longer relevant, and has not been included in these Rules. However, the Rules retain the requirement that where the Department of Human Services vary the technical standards established under section 8(4), it must lodge a Variation Report with the Australian Information Commissioner.  

Section 8 also includes provisions relating to a Medicare personal identification number (‘Medicare PIN’). References to the Medicare PIN have been updated to reflect current terminology, as the 2008 guidelines referred to the ‘Medicare Australia PIN’. Other sections that have been updated in this regard are sections 9(3), 11(2), 13(3)–(4) and 14(1).  

Section 8 includes provisions on the creation of a Medicare PIN that is unique for each individual, and the purposes for which a Medicare PIN may be used or disclosed. It is intended  that any such unique number be kept, as far as possible, within the Department of Human Services and not used as an identifier for other purposes. 

Section 8(6) limits the extent to which a Medicare PIN can be used to identify individuals making claims under the Medicare Benefits Program or the Pharmaceutical Benefits Program.

Section 8 also sets out rules permitting, limiting, or prohibiting disclosures, relevant to claims information, by the Department of Human Services to the Department of Health (sections 8(9) to 8(12) and 8(14)). The previous guidelines have been amended so that sections 8(9), 8(10) and 8(12) reflect and accommodate the current administrative arrangements described above.

Section 8(15) sets out permissible disclosures by the Department of Human Services to agencies, organisations and individuals other than the Department of Health.

Section 9 Linkage of claims information

Section 9 gives effect to section 135AA(5)(e) of the National Health Act, which requires that rules be made prohibiting the linkage of claims information except in authorised circumstances. The previous guideline has been amended so that section 9 now applies to the Department of Health, where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions. Previously the guideline applied only to Medicare Australia (this agency name has been updated to the Department Human Services in these Rules). 

In brief, section 9(1) provides that the purposes for which the Department of Human Services and the Department of Health (where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions) may link claims information are limited to where the linkage:

·       is necessary to enforce a law;

·       is required by law;

·       is for the protection of the public revenue;

·       is necessary to determine an individual’s eligibility for benefits; or

·       is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual

·       for disclosure to an individual when that individual has given their consent.  

Linkages are enabled for the purpose of disclosure to an individual, when the individual consents, permits individuals to receive, at their request, a single report of their Medicare Benefits and Pharmaceutical Benefits programs claims histories(section 9(1)(e)). This provision is not intended to be a consent mechanism to link claims information for unspecified secondary uses.

Section 10 Retention and reporting of linked claims information

Section 10 imposes obligations in relation to retention and reporting of linked claims information. The 2008 guidelines have been amended so that the section now also applies to the Department of Health where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions – previously this section applied to Medicare Australia (now the Department of Human Services) only. This change has been made to accommodate the administrative changes described above.

Section 10(2) requires the Department of Human Services and the Department of Health to make special arrangements for the security of linked claims information. Section 10(1) requires information linked in accordance with section 9(1) to be destroyed as soon as practicable after the purpose of the linkage has been met. 

The practicability of destruction may be determined in part by reference to the destruction schedules specified in section 8(4)(f). For example, where claims information is linked for the purpose of providing a consolidated claims history to an individual, the purpose of that linkage is effectively met at the moment the disclosure occurs.  It may not be practicable for that linked dataset to be destroyed instantaneously, though it may be practicable for its destruction to be effected within a defined destruction cycle of a few days.

Any destruction schedule would only be applicable to the extent that it is consistent with the intent of the enabling legislation and Rules.  In the above example, it would be unlikely to be appropriate for such datasets to only be deleted as part of a cycle that occurs every few months.

As a form of additional oversight, and to promote transparency in how claims information is linked, section 10(3) provides for reporting requirements. In accordance with this section, the Department of Human Services and the Department of Health will be required to submit annual reports to the Australian Information Commissioner on how it has handled linked claims information. These reports may be provided individually or jointly as a single report.  

Such reports must include, for the relevant reporting period:

(a)  the number of records linked;

(b) the number of records linked under each of the permitted circumstances of section 9(1);

(c)  the number of linked records that were destroyed;

(d) the number of records destroyed that were linked under each of the permitted circumstances of section 9(1);

(e)  reasons for the retention of any linked records that were not destroyed during the reporting period; and

(f)  the total number of records linked in accordance with section 9(1) that have been retained from previous reporting periods, and reasons for their retention.

The reporting obligations referred to in section 10(a) and (b) are intended to provide oversight of data linkage activities by requiring information on how many datasets were created and for what purpose.  Reporting obligations in section 10(c) to (f) are intended to provide the Australian Information Commissioner with an indication as to whether linked datasets are being retained for periods of time that may be longer than envisaged, and if so, why. 

In particular, if the number of datasets reported under section 10(d) were to be significant, it could indicate that these datasets were being retained for periods that are inconsistent with the policy intent of the enabling legislation. In such circumstances, it be would open for the Australian Information Commissioner to make further enquiries of the Department of Human Services or the Department of Health (including, where necessary, by exercising formal assessment powers).

Section 11 Linking old information with personal identification components

Section 135AA(5)(f) of the National Health Act requires that the Australian Information Commissioner make rules concerning the handling of ‘old information’. ‘Old information’ is defined as claims information that has been held by one or more agencies for at least five years.  It particularly requires that this old information be stored without its ‘personal identification components’.

Under section 11(1), the Department of Human Services is able to retain claims information indefinitely, but must strip such claims information of its identifying components after five years. 

The previous guidelines have been amended to that sections 11(2) to (5) now also apply to the Department of Health – previously this section applied to Medicare Australia (now the Department of Human Services) only. This change reflects current administrative arrangements, as described above.

The Department of Human Services and the Department of Health (where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions) may only re-link old information to its personal identification components for a limited range of prescribed purposes undersection 11(2). The re-linkage is facilitated by the Medicare PIN.

Once the purpose for which the old information has been linked with its personal identification components is fulfilled, the linked dataset must be destroyed as soon as practicable. As with linked claims information in section 10(1), what is a ‘practicable’ period within which datasets must be deleted may be determined in part by reference to the destruction schedule specified in section 8(4)(f) (although such determination is not bound by this).

The Department of Human Services and the Department of Health must make special arrangements for the security of linked old information (section 11(4)). Section 11(5) places reporting obligations on the Department of Human Services and the Department of Health under which they must report annually to the Australian Information Commissioner on how they have handled old information.

Such reports must include details similar to those required for the linkage of claims information that is not old information (detailed above under section 10) and will be made publicly available.

Section 11(7) permits the transfer of old information from the Department of Health to the Department of Human Services for two reasons: for a purpose listed under section 11(2) and for inclusion into its databases of old information described in section 11(1). Section 11(7) provides a mechanism for old information to be collected progressively by the Department of Human Services, though such information must be stored on a different database to personal identification components.

Section 12 Disclosure of identifiable claims information for medical research purposes

Section 12(1) permits the Department of Human Services to disclose claims information to researchers for the purpose of medical research in certain circumstances. Claims information that identifies an individual may only be disclosed with that individual’s consent or in compliance with the guidelines issued by the National Health and Medical Research Council (NHMRC) under section 95 of the Privacy Act.

These arrangements reflect obligations that would apply under the Privacy Act and related laws regardless of whether this section is made.  However, the Australian Information Commissioner is satisfied that the inclusion of this section clarifies and provides certainty regarding how claims information may be used for medical research purposes.

Section 12(2) places an obligation on the Department of Human Services, as the regulated party, to obtain agreement from the researcher regarding the secure destruction of the records at the conclusion of the research project.

Section 13 Use of claims information

Section 13 relates to the use of claims information by the Department of Health. The previous guidelines have been amended so that sections 13(1) and 13(3) reflect current administrative arrangements, as described above.

Section 13(1) provides that the Department of Health may only use the claims information as authorised by the Secretary of the Department or their delegate, except where it is being used by the Department of Health to enable the Chief Executive Medicare to provide health provider compliance functions in accordance with these Rules.

Section 13(2) provides that the Secretary of the Department of Health or their delegate must not permit the storing of claims information from both programs in a combined form on a permanent basis. This requirement  reflects the obligations on the Department of Human Services in section 8(1). 

Claims information may be held by the Department of Health indefinitely for policy and research purposes in a form that does not include personal identification components (section 13(5)). However, where the information is linked by the Medicare PIN, section 13(3) and 13(4) impose restrictions. Section 13(3) provides that the Department of Health may link the information using the Medicare PIN:

·       where it is necessary for a  use authorised by the Secretary of the Department of Health or their delegate; and

·       where the identified information is used solely as a necessary intermediate step to obtain aggregated data or otherwise de-identified information; and

·       such linked records are destroyed within one month of their creation.

In addition, section 13(4) provides that claims information may only be linked in this temporary manner using the Medicare PIN where there is no practical alternative.

In accordance with section 13(6), the Department of Health must not disclose claims information unless it is reasonably satisfied that the recipient will not be able to identify the individual to whom it relates, unless it is to the Department of Human Services, or the information is released under the secrecy provisions of section 130 of the Health Insurance Act 1973 or section 135A of the National Health Act. 

Section 14 Name linkage

There are circumstances in which it may be necessary for the Department of Health to have access to identified claims information. Section 14(1) allows the Department of Health to obtain the personal identification components that belong to a particular Medicare PIN from the Department of Human Services in certain limited circumstances. 

The Department of Health may link claims information to the individual’s name where authorised by the Secretary of the Department, or delegate, for the purpose of clarification, where a doubt has arisen in relation to linking of de-identified information. However, section 14(2) provides that procedures must ensure that identified information is not retained once the doubt has been resolved. 

Section 14(1) also permits the Department of Health, where authorised by the Secretary of the Department, or delegate, to re-identify information for a disclosure that is expressly authorised or required by law. Section 14(3) provides that the Department of Health is required to maintain, and make publicly available, a policy statement regarding its usual practices where information is identified and disclosed in this way. It must also maintain, under strict security controls, a central record of those linkages.

Additionally, the previous guideline has been amended so that section 14(2) now enables the Department of Health to obtain the personal identification components corresponding to a Medicare PIN, when it is being collected in accordance with section 8(9), to enable the Chief Executive Medicare to perform health provider compliance functions.

Section 14(4) provides that the Secretary of the Department of Health, or delegate, must establish procedures which ensure that a request for identified information is usually referred to the Department of Human Services.

Section 15 Miscellaneous

This section includes a range of provisions that apply to both the Department of Human Services and the Department of Health. The regulatory obligations in this section:

·       prohibit the generation of a paper copy of a complete database or databases, or major proportions of those databases;

·       require that the Australian Information Commissioner be informed of any arrangements made between Department of Human Services and the Department of Health which relate to delegations or authorisations for implementing the Rules; and

·       require Department of Human Services and the Department of Health to educate staff regarding the privacy protections that apply to claims information.

To ensure clarity, section 15(4) also provides that where the Rules provide more restrictive regulation than the requirements in the Privacy Act (such as under the APPs) or the secrecy provisions of relevant legislation as applying to Department of Human Services and the Department of Health, the Rules prevail.

 


 

STATEMENT OF COMPATIBILITY FOR A DISALLOWABLE LEGISLATIVE INSTRUMENT THAT RAISES HUMAN RIGHTS ISSUES

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

National Health (Privacy) Rules 2018

Issued by the authority of the Australian Information Commissioner (Commissioner) under section 135AA of the National Health Act 1953.

This Disallowable Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the National Health (Privacy) Rules 2018

The National Health (Privacy) Rules 2018 (the Rules) are binding rules concerning the handling, by agencies, of information obtained by any agency in connection with a claim for a payment or benefit under the Medicare Benefits Program and the Pharmaceutical Benefits Program (‘claims information’). The purpose of the Rules is to give effect to section 135AA of the National Health Act. The Australian Information Commissioner is authorised, and required, to make rules under this subsection. 

The policy intent of subsection 135AA of the National Health Act is to recognise the sensitivity of health information and restrict the linkage of claims information. Provision remains for the use of such information for health policy and medical research purposes in certain circumstances.

The Rules set out specific standards and safeguards that apply to the handling of individuals’ claims information by agencies when stored in computer databases.

The key objectives of the Rules is to ensure that claims information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program are held on separate databases, as well as establishing the circumstances under which this information may be linked and retained in linked form. In addition, the Rules prescribe the circumstances in which claims information may be retained in various forms, such as where the claims information is separated from personal identification components (that is, ‘de-identified’). The Rules also put in place regular reporting requirements and a framework for limited retention periods.

These Rules do not replace any requirements that may be imposed by the Australian Privacy Principles (‘APPs’) contained in Schedule 1 of the Privacy Act, but operate in addition to these requirements. In some instances, the Rules set a higher standard of protection for claims information than that required under the Privacy Act and deal with issues not covered by the APPs, including by specifying obligations concerning the retention, de-identification and destruction of claims information. A breach of the Rules constitutes an interference with privacy under section 13 of the Privacy Act. 

The Rules replace existing guidelines which were originally made in 1993 and were last made in March 2008. The National Health Act was amended in 2002 to provide that the Australian Information Commissioner is to issue rules, instead of guidelines, under section 135AA.

Human rights implications

This National Health (Privacy) Rules engage the following right:

·       the right to privacy in Article 17 of the International Covenant on Civil and Political Rights.

The right to privacy is positively affected by the registration of the National Health (Privacy) Rules 2018.

The National Health (Privacy) Rules 2018 positively affect the right to privacy by ensuring that claims information held on databases is appropriately managed and protected by agencies. In particular, the Rules:

a)     ensure that claims information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program are held on separate databases;

b)    ensure that Medicare Benefits Program and Pharmaceutical Benefits Program claims information is linked for only for specified purposes and for limited periods of time;

c)     specify agencies’ obligations concerning the retention, de-identification and destruction of claims information; and

d)    enhance the accountability of agencies by imposing specific rules concerning the handling of claims information.

Conclusion

This Disallowable Legislative Instrument is compatible with human rights. It promotes the protection of human rights by providing specific privacy safeguards for individuals’ information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program, where that information is held on a database.