Federal Register of Legislation - Australian Government

Skip to primary navigation Skip to primary content
Federal Register of Legislation Skip to Content
SearchOpen search

Primary content

Bookmark

this version | go to latest

National Health (Privacy) Rules 2021

Authoritative Version
Rules/Other as made
These rules concern the handling by agencies, of information obtained by any agency in connection with a claim for a payment or benefit under the Medicare Benefits Program and the Pharmaceutical Benefits Program (‘claims information’).
Administered by: Health and Aged Care
Registered 16 Nov 2021
Tabling HistoryDate
Tabled HR22-Nov-2021
Tabled Senate22-Nov-2021
To be repealed 01 Apr 2025
Repealed by Self Repealing

 

EXPLANATORY STATEMENT

National Health (Privacy) Rules 2021

Issued by the authority of the Australian Information Commissioner under section 135AA of the National Health Act 1953 (the National Health Act).

Purpose and authority

Purpose

The National Health (Privacy) Rules 2021 (the Rules) concern the handling by agencies, of information obtained by any agency in connection with a claim for a payment or benefit under the Medicare Benefits Program and the Pharmaceutical Benefits Program (‘claims information’). The Australian Information Commissioner is required to issue such rules under section 135AA(3) of the National Health Act.

The Rules are legally binding and ensure that claims information is linked and used only for limited purposes and in particular circumstances. A breach of the Rules constitutes an interference with privacy under section 13 of the Privacy Act 1988 (the Privacy Act). In turn, an individual may complain to the Australian Information Commissioner about an alleged interference with their privacy.

Authority

The authority for making the Rules, and the requirements as to the matters they must deal with, are prescribed in sections 135AA(3) to (5) of the National Health Act.

Sections 135AA(3) to (5) of the National Health Act provide:

Issuing rules

(3)        The Information Commissioner must, by legislative instrument, issue rules relating to information to which this section applies.

(3A)      The issuing of rules under this section is a privacy function for the purposes of the Australian Information Commissioner Act 2010.

Replacing or varying rules

(4)        At any time, the Information Commissioner may, by legislative instrument, issue further rules that vary the existing rules.

(5)        So far as practicable, the rules must:

(a) specify the ways in which information may be stored and, in particular, specify the circumstances in which creating copies of information in paper or similar form is prohibited; and

(b) specify the uses to which agencies may put information; and

(c) specify the circumstances in which agencies may disclose information; and

(d) prohibit agencies from storing in the same database:

(i) information that was obtained under the Medicare Benefits Program; and

(ii) information that was obtained under the Pharmaceutical Benefits Program; and

(e) prohibit linkage of:

(i) information that is held in a database maintained for the purposes of the Medicare Benefits Program; and

(ii) information that is held in a database maintained for the purposes of the Pharmaceutical Benefits Program;

    unless the linkage is authorised in the way specified in the rules; and

(f) specify the requirements with which agencies must comply in relation to old information, in particular requirements that:

(i) require the information to be stored in such a way that the personal identification components of the information are not linked with the rest of the information; and

(ii) provide for the longer term storage and retrieval of the information; and

(iii) specify the circumstances in which, and the conditions subject to which, the personal identification components of the information may later be re‑linked with the rest of the information.

Relevant provisions of the Privacy Act

Personal information is defined in section 6 of the Privacy Act as:

… information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in material form or not.

Notably, the information to be covered by these Rules is defined in broader terms than the definition of ‘personal information’ in the Privacy Act. This is discussed below (see ‘Information regulated by the Rules’).

In making these Rules, the Australian Information Commissioner has met the statutory obligations under section 29 of the Privacy Act to give regard to the objects of that Act, set out in section 2A. This includes recognising that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities.

Other relevant legislation

The secrecy provisions set out in section 130 of the Health Insurance Act 1973 and section 135A of the National Health Act prescribe rules for the handling of information collected in the course of the activities of both the Department of Health and Services Australia. In making these Rules, the Australian Information Commissioner considered the effect and interaction of these provisions.

Background

The National Health Act was amended in 1993 by the National Health Amendment Act 1993 to introduce section 135AA and section 135AB. The then Privacy Commissioner first issued what were then guidelines under those sections on 24 November 1993, which came into effect on 15 April 1994. 

In 2012, the National Health Act was amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 to provide that the Australian Information Commissioner issue rules, rather than guidelines, under section 135AA. The National Health (Privacy) Rules 2018 were issued in 2018.These rules were made in substantively the same terms as the previous guidelines in the National Health Act 1953 – Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs ) (the 2008 guidelines).

Consultation

Before issuing rules, the Australian Information Commissioner is required under section 135AA(6) of the National Health Act to take reasonable steps to consult with organisations, including agencies, whose interests would be affected by those rules. Consultation is also required in accordance with section 17 of the Legislation Act 2003.

The Office of the Australian Information Commissioner (OAIC) has commenced a review to consider the operation of the Rules, which includes targeted and public consultation. The review is ongoing.

The Australian Information Commissioner’s intention is therefore that the Rules should maintain the current regulatory arrangements in the interim period between the self-repeal date in the 2018 Rules (1 April 2022) and the finalisation of the review. Consequently, the Rules extend the self-repealing provision in section 5 of the Rules by three years to 1 April 2025. A three-year period is necessary to allow time for the consultation and redrafting of the rules to be finalised following the review, noting that section 135AA requires any remade Rules to be lodged in advance of the sunset or repeal date.

For the purposes of the 2021 Rules, the OAIC has engaged in a targeted consultation with those agencies that will be directly affected, the Department of Health and Services Australia. The OAIC has provided the Department of Health and Services Australia with draft versions of the 2021 Rules and had regard to their comments about minor amendments to reflect the relevant machinery of government changes brought about by the Administrative Arrangements Order on 1 February 2020.

The Australian Information Commissioner is satisfied that this targeted consultation process is appropriate in the circumstances, given the limited (non-substantive) nature of the updates made to the Rules and the short-term application of the Rules.

Changes from the 2018 rules

The Australian Information Commissioner has updated the Rules to reflect current administrative arrangements – in particular, those relating to agency names and functions – as set out in the Administrative Arrangements Order on 1 February 2020. Throughout these rules, references to ‘the Department of Human Services’ have been changed to ‘Services Australia’.

The Rules extend the self-repealing provision in section 5 by three years to 1 April 2025.

Section 6, which repealed the National Health Act 1953 - Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs (06/03/2008), has been removed from the 2021 Rules because this provision is no longer required.

Minor updates have also been made to ensure the numbering and referencing is correct throughout the Rules.   

Apart from these amendments, the regulatory requirements in the Rules are unchanged from the 2018 rules.

Information regulated by the Rules

The information to which the Rules apply is set out in section 135AA(1) of the National Health Act, being information that:

(a) is information relating to an individual; and

(b) is held by an agency (whether or not the information was obtained by that agency or any other agency after the commencement of this section); and

(c) was obtained by that agency or any other agency in connection with:

(i) a claim for payment of a benefit under the Medicare Benefits Program or the Pharmaceutical Benefits Program; or

(ii) a supply of a pharmaceutical benefit to which section 98AC(1) applies.

Section 135AA(2) expressly excludes from the regulation of the rules:

·         information relating to the providers of goods and services about which the claim was made, or the providers of pharmaceutical benefits;

·         information in a database that is maintained for the purpose of identifying individuals who are eligible for entitlements under the two benefits programs; and

·         information that is not stored in a database.

There is a difference between information regulated by the Rules and information regulated by the Privacy Act. The definition of ‘personal information’ for the purposes of the Privacy Act only covers information or an opinion about an identified individual, or an individual who is reasonably identifiable.

In contrast, the Rules apply to a broader category of information that ‘relates to’ an individual, by virtue of section 135AA(1). The Australian Information Commissioner believes that information that ‘relates to’ an individual need not necessarily identify that individual. In this way, claims information that is stripped of its ‘personal identification components’, that is – names, addresses and Medicare card and Pharmaceutical entitlement numbers – would still fall within the scope of the Rules (though may not, in such circumstances, be regulated by the general provisions of the Privacy Act).  

In the Australian Information Commissioner’s view, section 135AA(5)(f) of the National Health Act expressly provides that the rules should apply to this broader category of information. This provision requires that the Australian Information Commissioner make rules regarding how information stripped of personal identification components is to be handled, notwithstanding that such information would not ordinarily be covered by the Privacy Act.

Policy intent of the legislation and Rules

The policy intent of section 135AA of the National Health Act, is to recognise the sensitivity of health information and restrict the linkage of claims information. Such linkages may reveal detailed information about the health status and history of the majority of Australians, beyond what is necessary for the administration of the respective programs. As discussed further below, it should be noted that provision remains for the use of such information for health policy and medical research purposes in certain circumstances.

The purpose of the Rules is to give effect to section 135AA of the National Health Act. The Rules provide specific standards and safeguards for the way that individuals’ claims information is to be handled by agencies when stored in computer databases. These standards are in addition to any requirements that may be imposed by the Australian Privacy Principles (‘APPs’) contained in Schedule 1 to the Privacy Act. 

The key objectives of the Rules are to ensure that claims information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program are held on separate databases, as well as establishing the circumstances under which this information may be linked and retained in linked form. In addition, the Rules prescribe the circumstances in which claims information may be retained in various forms, such as where the claims information is separated from personal identification components (that is, ‘de-identified’). The Rules also put in place regular reporting requirements and a framework for limited retention periods. These are intended to ensure that the linkage and retention of claims information does not result in the combination of the two databases.

Statement of compatibility with human rights

Section 9(1) of the Human Rights (Parliamentary Scrutiny) Act 2011 requires the rule-maker in relation to a legislative instrument to which section 42 (disallowance) of the Legislation Act 2003 applies to cause a statement of compatibility to be prepared in respect of that legislative instrument. The statement of compatibility set out below has been prepared to meet that requirement.

General operation and effect of these Rules

Legal status of these Rules

The Rules are legally binding on agencies and ensure that claims information is linked and used only for limited purposes and in particular circumstances.

The Rules ensure that the sensitive health information contained in databases holding claims information is appropriately managed and protected. This protection accords with the legislative intent of section 135AA of the National Health Act. The protection afforded by the Rules applies in addition to the protection given to personal information under the Privacy Act. 

In some instances, the Rules set a higher standard of protection for claims information than that required under the Privacy Act and deal with issues not covered by the APPs including by specifying obligations concerning the retention, de-identification and destruction of claims information. Section 14 clarifies that the Rules prevail in such cases where they impose more restrictive obligations than the Privacy Act. The Rules cannot, however, permit something that is otherwise prohibited by the Privacy Act.

A breach of the Rules constitutes an interference with privacy under section 13 of the Privacy Act. An individual may complain to the Australian Information Commissioner about an alleged interference with their privacy in relation to a breach of the Rules.

Explanation of sections

Part 1 – Introduction

Section 1 Name

This section states that the name of the instrument is the National Health (Privacy) Rules 2021.

Section 2 Commencement

This section states that the instrument commences on the later of:

(a)  The day specified under section 135AA(8) of the National Health Act 1953; and

(b) 1 April 2022.

Section 3 Authority

The section states that section 135AA of the National Health Act is the authority under which the instrument is made.

Section 4 Definitions

This section defines certain terms used in the Rules.

A note to this section explains that a number of terms are defined in section 135AA of the National Health Act. 

Section 5 Repeal of this instrument

This section states that the instrument is to be repealed on 1 April 2025.

Part 2 – Australian Government Agencies

This part applies to all Australian Government agencies. Part 2 includes one section only.

Section 6 Handling of claims information

This section applies to all Australian Government agencies. The meaning of ‘agencies’ is as defined in section 6 of the Privacy Act, as provided in section 135AA(11) of the National Health Act. Section 6 gives effect to section 135AA(5)(d), which requires an absolute prohibition against agencies storing claims information on the one database. 

Section 135AA of the National Health Act requires the Australian Information Commissioner to issue rules that, as far as practicable, regulate the handling of claims information by agencies.  The Australian Information Commissioner is satisfied that the term "so far as practicable" refers to the feasibility of using the Rules to achieve the objectives set out by the legislation, rather than what "is practicable" for any party affected by the Rules. For example, it may not be practicable to draft rules that prescriptively regulate the minutiae of various processes that occur when claims information is linked.

In regard to section 6, it is practicable for this section to give effect to the clear and express requirement of section 135AA(5)(d). Further, as the provision is drafted without allowance for any exceptions, there would appear to be no discretion to alter the requirement that claims information be kept on separate databases when held by agencies.

While the primary record holders of claims information are Services Australia and the Department of Health, section 6 prescribes the general obligations which all agencies must meet, excluding those agencies not regulated by the Privacy Act.

The extension of this prohibition to all agencies (as defined by the Privacy Act) ensures that the Rules meet the statutory requirements of section 135AA(5)(d). The Australian Information Commissioner has no discretion in making the Rules.

Part 3 – the Department of Health and Services Australia 

Part 3 of the Rules apply to the two agencies that will most commonly handle claims information, these being the Department of Health and Services Australia. 

Section 7 Management of claims information

Sections 7(1) and 7(2) respectively provide for the separation of claims information in different databases, and the separation of those databases from enrolment and entitlement databases. 

Section 7(3) ensures that claims information in the Medicare Benefits Program and Pharmaceutical Benefits Program databases are stripped of personal identification components, such as name and address information, with the exception of a Medicare card number, or a Pharmaceutical entitlements number.   

Information that is more than five years old is considered ’old information’, and this information must not be stored with any personal identification components, including the Medicare card number or the Pharmaceutical entitlements number. This is reflected in section 10(1)(b).

Section 7(4) requires that Services Australia must establish standards to ensure a range of technical matters are adequately dealt with in designing a computer system to store claims information. This section clarifies that established technical standards should be maintained. These standards include ensuring adequate security arrangements as required in sections 9(2) and 10(4), and measures to restrict access to the relevant databases; restricting the linkage of information held on the relevant databases, and the means to trace those linkages; and specifying destruction schedules for linked information.

Section 7 includes provisions on the creation of a Medicare PIN that is unique for each individual, and the purposes for which a Medicare PIN may be used or disclosed. It is intended that any such unique number be kept, as far as possible, within Services Australia and not used as an identifier for other purposes. 

Section 7(6) limits the extent to which a Medicare PIN can be used to identify individuals making claims under the Medicare Benefits Program or the Pharmaceutical Benefits Program.

Section 7 also sets out rules permitting, limiting, or prohibiting disclosures, relevant to claims information, by Services Australia to the Department of Health (sections 7(9) to 7(12) and 7(14)).

Section 7(15) sets out permissible disclosures by Services Australia to agencies, organisations and individuals other than the Department of Health.

Section 8 Linkage of claims information

Section 8 gives effect to section 135AA(5)(e) of the National Health Act, which requires that rules be made prohibiting the linkage of claims information except in authorised circumstances.

Section 8(1) provides that the purposes for which Services Australia and the Department of Health (where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions) may link claims information are limited to where the linkage:

·       is necessary to enforce a law;

·       is required by law;

·       is for the protection of the public revenue;

·       is necessary to determine an individual’s eligibility for benefits; or

·       is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual

·       for disclosure to an individual when that individual has given their consent.  

Linkages are enabled for the purpose of disclosure to an individual, when the individual consents, permits individuals to receive, at their request, a single report of their Medicare Benefits and Pharmaceutical Benefits programs claims histories (section 8(1)(e)). This provision is not intended to be a consent mechanism to link claims information for unspecified secondary uses.

Section 9 Retention and reporting of linked claims information

Section 9 imposes obligations in relation to retention and reporting of linked claims information. The section also applies to the Department of Health where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions in addition to Services Australia.

Section 9(2) requires Services Australia and the Department of Health to make special arrangements for the security of linked claims information. Section 9(1) requires information linked in accordance with section 8(1) to be destroyed as soon as practicable after the purpose of the linkage has been met. 

The practicability of destruction may be determined in part by reference to the destruction schedules specified in section 7(4)(f). For example, where claims information is linked for the purpose of providing a consolidated claims history to an individual, the purpose of that linkage is effectively met at the moment the disclosure occurs. It may not be practicable for that linked dataset to be destroyed instantaneously, though it may be practicable for its destruction to be effected within a defined destruction cycle of a few days.

Any destruction schedule would only be applicable to the extent that it is consistent with the intent of the enabling legislation and Rules. In the above example, it would be unlikely to be appropriate for such datasets to only be deleted as part of a cycle that occurs every few months.

As a form of additional oversight, and to promote transparency in how claims information is linked, section 9(3) provides for reporting requirements. In accordance with this section, Services Australia and the Department of Health is required to submit annual reports to the Australian Information Commissioner on how it has handled linked claims information. These reports may be provided individually or jointly as a single report.  

Such reports must include, for the relevant reporting period:

(a)  the number of records linked;

(b) the number of records linked under each of the permitted circumstances of section 8(1);

(c)  the number of linked records that were destroyed;

(d) the number of records destroyed that were linked under each of the permitted circumstances of section 8(1);

(e)  reasons for the retention of any linked records that were not destroyed during the reporting period; and

(f)  the total number of records linked in accordance with section 8(1) that have been retained from previous reporting periods, and reasons for their retention.

The reporting obligations referred to in sections 9(3)(a) and 9(3)(b) are intended to provide oversight of data linkage activities by requiring information on how many datasets were created and for what purpose.  Reporting obligations in sections 9(3)(c) to 9(3)(f) are intended to provide the Australian Information Commissioner with an indication as to whether linked datasets are being retained for periods of time that may be longer than envisaged, and if so, why. 

In particular, if the number of datasets reported under section 10(3)(d) were to be significant, it could indicate that these datasets were being retained for periods that are inconsistent with the policy intent of the enabling legislation. In such circumstances, it would be open for the Australian Information Commissioner to make further enquiries of Services Australia or the Department of Health (including, where necessary, by exercising formal assessment powers).

Section 10 Linking old information with personal identification components

Section 135AA(5)(f) of the National Health Act requires that the Australian Information Commissioner make rules concerning the handling of ‘old information’. ‘Old information’ is defined as claims information that has been held by one or more agencies for at least five years.  It particularly requires that this old information be stored without its ‘personal identification components’.

Under section 10(1), Services Australia is able to retain claims information indefinitely, but must strip such claims information of its identifying components after five years. 

Services Australia and the Department of Health (where the Department of Health is enabling the Chief Executive Medicare to perform health provider compliance functions) may only re-link old information to its personal identification components for a limited range of prescribed purposes under section 10(2). The re-linkage is facilitated by the Medicare PIN.

Once the purpose for which the old information has been linked with its personal identification components is fulfilled, the linked dataset must be destroyed as soon as practicable. As with linked claims information in section 9(1), what is a ‘practicable’ period within which datasets must be deleted may be determined in part by reference to the destruction schedule specified in section 7(4)(f) (although such determination is not bound by this).

Services Australia and the Department of Health must make special arrangements for the security of linked old information (section 10(4)). Section 10(5) places reporting obligations on Services Australia and the Department of Health under which they must report annually to the Australian Information Commissioner on how they have handled old information.

Such reports must include details similar to those required for the linkage of claims information that is not old information (detailed above under section 9) and will be made publicly available.

Section 10(7) permits the transfer of old information from the Department of Health to Services Australia for two reasons: for a purpose listed under section 10(2) and for inclusion into its databases of old information described in section 10(1). Section 10(7) provides a mechanism for old information to be collected progressively by Services Australia, though such information must be stored on a different database to personal identification components.

Section 11 Disclosure of identifiable claims information for medical research purposes

Section 11(1) permits Services Australia to disclose claims information to researchers for the purpose of medical research in certain circumstances. Claims information that identifies an individual may only be disclosed with that individual’s consent or in compliance with the guidelines issued by the National Health and Medical Research Council (NHMRC) under section 95 of the Privacy Act.

These arrangements reflect obligations that would apply under the Privacy Act and related laws regardless of whether this section is made.  However, the Australian Information Commissioner is satisfied that the inclusion of this section clarifies and provides certainty regarding how claims information may be used for medical research purposes.

Section 11(2) places an obligation on Services Australia, as the regulated party, to obtain agreement from the researcher regarding the secure destruction of the records at the conclusion of the research project.

Section 12 Use of claims information

Section 12 relates to the use of claims information by the Department of Health. 

Section 12(1) provides that the Department of Health may only use the claims information as authorised by the Secretary of the Department or their delegate, except where it is being used by the Department of Health to enable the Chief Executive Medicare to provide health provider compliance functions in accordance with these Rules.

Section 12(2) provides that the Secretary of the Department of Health or their delegate must not permit the storing of claims information from both programs in a combined form on a permanent basis. This requirement reflects the obligations on Services Australia in section 7(1). 

Claims information may be held by the Department of Health indefinitely for policy and research purposes in a form that does not include personal identification components (section 12(5)). However, where the information is linked by the Medicare PIN, section 12(3) and 12(4) impose restrictions. Section 12(3) provides that the Department of Health may link the information using the Medicare PIN:

·       where it is necessary for a use authorised by the Secretary of the Department of Health or their delegate; and

·       where the identified information is used solely as a necessary intermediate step to obtain aggregated data or otherwise de-identified information; and

·       such linked records are destroyed within one month of their creation.

In addition, section 12(4) provides that claims information may only be linked in this temporary manner using the Medicare PIN where there is no practical alternative.

In accordance with section 12(6), the Department of Health must not disclose claims information unless it is reasonably satisfied that the recipient will not be able to identify the individual to whom it relates, unless it is to Services Australia, or the information is released under the secrecy provisions of section 130 of the Health Insurance Act 1973 or section 135A of the National Health Act. 

Section 13 Name linkage

There are circumstances in which it may be necessary for the Department of Health to have access to identified claims information. Section 13(1) allows the Department of Health to obtain the personal identification components that belong to a particular Medicare PIN from Services Australia in certain limited circumstances. 

The Department of Health may link claims information to the individual’s name where authorised by the Secretary of the Department, or delegate, for the purpose of clarification, where a doubt has arisen in relation to linking of de-identified information. However, section 13(2) provides that procedures must ensure that identified information is not retained once the doubt has been resolved. 

Section 13(1) also permits the Department of Health, where authorised by the Secretary of the Department, or delegate, to re-identify information for a disclosure that is expressly authorised or required by law. Section 13(3) provides that the Department of Health is required to maintain, and make publicly available, a policy statement regarding its usual practices where information is identified and disclosed in this way. It must also maintain, under strict security controls, a central record of those linkages.

Section 13(2) enables the Department of Health to obtain the personal identification components corresponding to a Medicare PIN, when it is being collected in accordance with section 7(9), to enable the Chief Executive Medicare to perform health provider compliance functions.

Section 13(4) provides that the Secretary of the Department of Health, or delegate, must establish procedures which ensure that a request for identified information is usually referred to Services Australia.

Section 14 Miscellaneous

This section includes a range of provisions that apply to both Services Australia and the Department of Health. The regulatory obligations in this section:

·       prohibit the generation of a paper copy of a complete database or databases, or major proportions of those databases;

·       require that the Australian Information Commissioner be informed of any arrangements made between Services Australia and the Department of Health which relate to delegations or authorisations for implementing the Rules; and

·       require Services Australia and the Department of Health to educate staff regarding the privacy protections that apply to claims information.

To ensure clarity, section 14(4) also provides that where the Rules provide more restrictive regulation than the requirements in the Privacy Act (such as under the APPs) or the secrecy provisions of relevant legislation as applying to Services Australia and the Department of Health, the Rules prevail.

STATEMENT OF COMPATIBILITY FOR A DISALLOWABLE LEGISLATIVE INSTRUMENT THAT RAISES HUMAN RIGHTS ISSUES

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

National Health (Privacy) Rules 2021

Issued by the authority of the Australian Information Commissioner (Commissioner) under section 135AA of the National Health Act 1953.

This Disallowable Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the National Health (Privacy) Rules 2021

The National Health (Privacy) Rules 2021 (the Rules) are binding rules concerning the handling, by agencies, of information obtained by any agency in connection with a claim for a payment or benefit under the Medicare Benefits Program and the Pharmaceutical Benefits Program (‘claims information’). The purpose of the Rules is to give effect to section 135AA of the National Health Act. The Australian Information Commissioner is authorised, and required, to make rules under section 135AA. 

The policy intent of section 135AA of the National Health Act is to recognise the sensitivity of health information and restrict the linkage of claims information. Provision remains for the use of such information for health policy and medical research purposes in certain circumstances.

The Rules set out specific standards and safeguards that apply to the handling of individuals’ claims information by agencies when stored in computer databases.

The key objectives of the Rules are to ensure that claims information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program are held on separate databases, as well as establishing the circumstances under which this information may be linked and retained in linked form. In addition, the Rules prescribe the circumstances in which claims information may be retained in various forms, such as where the claims information is separated from personal identification components (that is, ‘de-identified’). The Rules also put in place regular reporting requirements and a framework for limited retention periods.

The Rules do not replace any requirements that may be imposed by the Australian Privacy Principles (‘APPs’) contained in Schedule 1 of the Privacy Act, but operate in addition to these requirements. In some instances, the Rules set a higher standard of protection for claims information than that required under the Privacy Act and deal with issues not covered by the APPs, including by specifying obligations concerning the retention, de-identification and destruction of claims information. A breach of the Rules constitutes an interference with privacy under section 13 of the Privacy Act. 

The Rules replace existing Rules made in October 2018.

Human rights implications

The National Health (Privacy) Rules 2021 engage the following right:

·       the right to privacy in Article 17 of the International Covenant on Civil and Political Rights.

The right to privacy is positively affected by the registration of the National Health (Privacy) Rules 2021.

The National Health (Privacy) Rules 2021 positively affect the right to privacy by ensuring that claims information held on databases is appropriately managed and protected by agencies. In particular, the Rules:

a)     ensure that claims information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program are held on separate databases;

b)    ensure that Medicare Benefits Program and Pharmaceutical Benefits Program claims information is linked for only for specified purposes and for limited periods of time;

c)     specify agencies’ obligations concerning the retention, de-identification and destruction of claims information; and

d)    enhance the accountability of agencies by imposing specific rules concerning the handling of claims information.

Conclusion

This Disallowable Legislative Instrument is compatible with human rights. It promotes the protection of human rights by providing specific privacy safeguards for individuals’ information collected under the Medicare Benefits Program and the Pharmaceutical Benefits Program, where that information is held on a database.