Bills Digest no. 116 2009–10
Healthcare Identifiers Bill 2010
WARNING:
This Digest was prepared for debate. It reflects the legislation as
introduced and does not canvass subsequent amendments. This Digest
does not have any official legal status. Other sources should be
consulted to determine the subsequent official status of the
Bill.
CONTENTS
Passage history
Purpose
Background
Financial implications
Main provisions
Concluding comments
Contact officer & copyright details
Passage history
Healthcare
Identifiers Bill 2010
Date introduced: 10
February 2010
House: House of
Representatives
Portfolio: Health and
Ageing
Commencement: On
Royal Assent
Links: The
relevant links to the Bill, Explanatory Memorandum and second
reading speech can be accessed via BillsNet, which is at http://www.aph.gov.au/bills/.
When Bills have been passed they can be found at ComLaw, which is
at http://www.comlaw.gov.au/.
The purpose of the Healthcare Identifiers
Bill 2010 is to establish a national healthcare identifier system
for patients, healthcare providers and healthcare provider
organisations and to set out the purposes for which healthcare
identifiers can be used.
In 1997, the House of Representatives Standing Committee on
Family and Community Affairs first advocated the assignment of a
unique patient identifier in conjunction with an electronic health
card.[1] The
Committee noted that patient identifiers had begun to be used in
other health systems and lamented that the discussion about the use
of this technology had not progressed more quickly in
Australia.
The following year, Australian Health Ministers agreed to
establish a National Health Information Management Advisory Council
(NHIMAC) to deal with issues relating to the use of information
technology generally in the health sector. NHIMAC developed
the Health Online project which identified personal health
identifiers as a key component of any system that intended to
transfer health information electronically.[2] NHIMAC consequently made the
development of unique personal health identifiers a high priority
issue.
A sub committee of NHIMAC, the National Electronic Health
Records Taskforce, was established in 1999 to advise the Health
Ministers on the development of a national framework for electronic
health record systems. A Taskforce report to the Health Ministers
in 2000 recommended the development of a health information network.[3] The Taskforce report
noted:
New information and communication technologies
create opportunities both to improve patient care and
simultaneously give consumers more control over health care
decisions that vitally affect them. The use of these new
technologies can also lead to better quality information about our
health services, allowing better planning and the provision of more
cost-effective health care services, including for people living in
regional Australia.
The key to this opportunity is the potential
for new technology to provide the right health care information,
wherever it is needed, when it is needed.[4]
The report emphasised that a health
information network would need to provide absolute certainty about
the identity of the person to whom the information related, as well
as the identity of the identity of the person who created the
information and the location from which the information
originated.
Apart from an obvious benefit in
greatly improving patient safety, the report listed a number of
benefits that could result from being able more accurately to
identify health consumers. These included: improved continuity of
care and administrative efficiency and enhanced privacy as
identifiers were used to coordinate test results and other
information, rather than names and addresses. It also warned that
there were dangers associated with developing
identifiers—unauthorised use of an identifier, for
example—and that appropriate measures need to be put in place
to address such risks.
The Howard Government established HealthConnect, a
project to develop a national system for collecting, storing and
exchanging health records in 2001. HealthConnect trials in
various states and the Northern Territory led to the introduction
of a HealthConnect Implementation Strategy released in
July 2005. One aspect of HealthConnect involved the
introduction of a Medicare ‘smartcard’ in 2004. The
card not only to provide access to standard Medicare services, but
also to give people access to certain records pertaining to them,
such as organ donation and immunisation records.[5] It was not envisaged, however,
that smartcards would be able to store the detailed information
contained in HealthConnect records, and the card was
abandoned in May 2006 after the Government announced a policy to
introduce an access card to replace a number of welfare
cards.
In July 2004, Health Ministers endorsed the formation of a
National E-Health Transition Authority (NEHTA), which was jointly
funded by the state, territory and federal governments. NEHTA was
to be the body responsible for establishing a national health
information management and information and communication technology
entity and working on the national priorities in these areas. One
of its fundamental projects was to be development of a patient
identification system, which together with a product and medicines
database and a national provider index was to contribute to a
national shared e-health record (EHR).[6]
COAG agreed to accelerate work on a national electronic health
records system in 2006, providing funding of $130 million to June
2009.[7] In
2007, a further $218 million was provided over three years.[8]
Weeks after the Rudd Government was
elected in November 2007 a contract was signed between NEHTA and
Medicare Australia for the development of the Unique Healthcare
Identifier (UHI) service.[9] Under the contract with NEHTA, Medicare Australia
was to be responsible for the design, building and testing of the
UHI service. The Ministers for Health and Ageing and Human Services
labelled the project as ‘a significant collaboration between
state and federal governments to provide the building blocks for
Australia’s e-health future’.[10]
E-health experts welcomed this move
and COAG’s plan to engage a consultant to develop a strategic
framework to guide national coordination and collaboration. There
was concern, however, that the time frame set by government for
development of such a complex task was too short.[11] Deloitte Touche Tohmatsu, the
company contracted in April 2008 for the task consulted extensively
with health stakeholders before reporting to COAG in
September.[12]
The Deloitte report noted that a
growing amount of research had highlighted the important role
e-health may be able to lay in delivering ‘a higher quality,
safer, more equitable and more efficient health system’. This
could be achieved for example by reducing medical errors associated
with lack of access to patient information and adverse drug events
or time and cost associated with duplicate, unnecessary and
dangerous treatments and tests.[13] Tangible benefits
associated with the implementation of an Australian e-health
strategy were estimated by Deloitte annual savings to the health
system of approximately $2.6 billion in 2008–09 dollar terms.
More importantly, however, according to Deloitte:
The ultimate benefit achieved from
implementation of a national E-Health Strategy will be a safer and
more sustainable health system that is suitably equipped to respond
to emerging health sector cost and demand pressures. Improvements
in the Australian health care system will also drive stronger
workforce productivity and will therefore be integral to
Australia’s long run economic prosperity.[14]
The Government released the
National E-Health Strategy in December 2008. The strategy set out
an incremental and staged approach to developing e-health
capabilities. This approach was to leverage on existing e-health
strategies, manage the variation in capacity across the health
sector in general and in the various states and territories, and
include scope for changes as technology developed further. It
reinforced existing collaboration of Commonwealth, state and
territory governments and identified priority areas where this
could be improved. It provided flexibility for individual states
and territories and the public and private health sectors to
determine how e-health was implemented within a common framework
and set of priorities to maximise benefits and
efficiencies.[15]
The Final Report of the Rudd
Government’s National Health and Hospital Reform Commission
(NHHRC), released six months later in June 2009, endorsed the
proposed directions set out in the National E-Health
Strategy.[16] The
NHHRC also made a number of recommendations relating to e-health.
These included a recommendation that a person-controlled electronic
health record should be in place for all Australians by 1 July
2012, with unique personal, professional and organisation
identifiers set up by 1 July 2010.[17] The NHHRC made it clear, however,
that it supported personal health records that would at all times
be owned and controlled by individuals and access to those records
would need to be approved by the owners.[18]
One issue that has stood in the way of realising
person-controlled health records as suggested by the NHHRC is the
question of privacy. It has been asked in a number of instances how
secure the information kept on these records will be, who will be
able to access information and even whether so-called electronic
health records will actually be a means to achieve what has been
labelled ‘function creep’. While in a slightly
different context, this latter concern has surfaced from time to
time in various guises, for example, the Howard Government’s
Medicare smartcard was criticised because it was argued that
patient data on the card could potentially be used for other
purposes or shared with other agencies.[19]
On 13 July 2009, the Australian
Health Ministers’ Conference announced that national
consultations on the legislative framework to underpin the
governance, privacy and agreed uses for national healthcare
identifier numbers would take place.[20] A discussion paper was released and
public consultations on legislative proposals were
undertaken.[21] Submissions to the discussion paper were
supportive of improved management of health records. However,
a number expressed concerns about proposals for healthcare
identifiers. These included concerns about the proposed
role envisaged for Medicare in managing identifiers and potential
misuse of information. The Privacy Commissioner noted for example
that the challenge in introducing individual health identifiers is
to ensure
… such a highly reliable identifier is
not usurped for purposes beyond the health system and the clinical
care of individuals. If such identifiers were used expansively
outside of the health system, particularly in ways the community
may be uncomfortable with, then the trust individuals place in the
system may be undermined.[22]
The Commissioner noted that this
‘function creep’ which was experienced in relation to
Canada’s Social Insurance Number which was looked upon as a
piece of identification and property owners asked for it on
apartment rental applications, video stores required it as security
for movie rentals, universities and colleges requested it on their
application forms and pizza places even used it as a customer
number for their delivery system.[23]
Other issues raised included the
Consumers Health Forum (CHF) claims that consumers are unhappy with
the level of control they have over their health information. CHF
sought greater control for consumers including controls over who is
able to access patient information and what information is able to
be accessed. Any instances needed also to be fully reportable to
consumers.[24] The Australian Privacy Foundation considered that
a health identifiers scheme would be ‘highly privacy
invasive’, and considered that it showed a remarkable
similarity ‘to earlier attempts to introduce mandatory
national identity systems.[25]
Australian Health Ministers considered the feedback from this
consultation process and on 13 November 2009 announced that the
identifiers concept had been clarified to strengthen patient
privacy. Legislation would therefore limit the use of healthcare
identifiers to information management and communication for the
purposes of delivering a healthcare service. National privacy
arrangements and appropriate governance would underpin the system
and penalties would apply for misuse of identifiers. Further,
implementation would be reviewed after two years.[26]
The Ministers affirmed their commitment to the introduction in
2010 of national healthcare identifier numbers and released an
exposure draft of the Healthcare Identifiers Bill 2010.[27] Further comment was
received on the exposure draft, some of which continued to express
concerns that the privacy of individuals would not be adequately
protected by the legislation. The Australian Privacy Foundation
believed the legislation was ‘deeply flawed’ and
delivered incomplete and inadequate privacy protection.[28] While
other submissions were less critical, there was concern raised
about the lack of provision in the legislation for a service
provider to disclose an individual’s healthcare identifier
and other information held by the service provider to that
individual.[29]
At the time of writing, the Bill has not been referred to a
committee.
A number of health stakeholders have expressed concern for some
time over the slow progress in the implementation of e-health
measures. In 2008, for example David Roffe, chief information
officer of St Vincent's and Mater Health in Sydney, likened it to
being stuck in a bog in a two wheel drive.[30] At the same time, consumer groups
have consistently expressed concern about how certain aspects of
e-health, such as healthcare identifiers will affect people. Their
express fear is that the national healthcare identity numbers for
patients and medical providers will be locked into what they
believe is a flawed state, federal, private-public sector privacy
system.
The Australian Privacy Foundation
has been a particular critic of the Government’s healthcare
identifiers proposals. Following a report in the Courier
Mail in January 2010, the Foundation wrote to the Government
to clarify an interpretation of the exposure draft which claimed
legislation intended to give options to ‘well-known
personalities’ to use pseudonyms in relation to the
healthcare identifiers but not to the public in general.[31] In a
response to the Foundation, the Department of Health and Ageing
confirmed that there may be some circumstances in which individuals
may be able to access health services using a pseudonym, but that
it considered these would be supported by the existing health
privacy framework. The Department noted also that there are a
number of ways in which individuals can currently receive
healthcare under a pseudonym.[32]
Following introduction of this Bill, the Foundation again expressed
concern that privacy would not be adequately protected under the
legislation.
When attending the Stakeholder conference in
Canberra last November, an audience member asked about direct
patient access to their HI and personal information stored about
oneself. The audience was advised that no arrangement for direct
access had been made and there were no plans to implement such. Yet
government personnel present at a conference where I spoke
yesterday asserted the policy had been updated to enable direct
consumer access. At the same time, the HI Bill introduced to
Parliament this week makes no reference to direct consumer access
to the information. Thus I write to ask for clarification of the
mechanisms that have evidently been established to enable direct
consumer access to HIs and the linked personal information.
[33]
Civil liberties group, Liberty Victoria, have expressed concerns
about a number of issues relating to e-health. Many practical
failings of e-health were made obvious by a pilot program in
Tasmania according to Liberty. The lack of doctor consistency in
recording illness for example—what one sees as a cold,
another may diagnose as an upper respiratory tract
infection.[34]
Liberty notes also that an interim report of an e-health pilot
scheme for referral and management of patient records being
conducted in Hunter Health in New South Wales is due to be released
March or April 2010, after this legislation may already have been
passed. Liberty is of the view that without vital information from
the Hunter trial we may be ‘setting forth on a national and
expensive scheme, without knowing if it will deliver the key
outcomes’.[35]
Further, Liberty remains unconvinced that healthcare identifiers
will not be used for other purposes:
The methods chosen to deliver the e-Health
Initiative contain all the elements of a national identification
scheme. Every adult will be identified and their medical details
and contact details will be linked. The first stage has all medical
practitioners moving to storing their records in a form that is
consistent and searchable by the new number.
Later external searches of practitioners’
databases will be possible to ensure up-to-date clinical
information at the venue where the patient presents. Many of these
details are not confirmed but are inherent in the design proposed.
The possibility of function creep, both within the Health and
Social Security Department and in ‘whole of
government’, is very real. No attempt at placing limits on
the information to be gained is included in the design.[36]
In a similar vein, David Vaile, executive director at the
Cyberspace Law and Policy Centre at the University of New South
Wales sees the healthcare identifiers legislation as ‘about
politics and what you can get away with before other regulatory
issues are resolved’.[37] That is, as Health journalist Karen Deane points
out, before the ‘promised rewrite of the Privacy Act for the
digital age, based on the recommendations of the Australian Law
Reform Commission’. Deane is of the view that ‘Roxon's
bill will lock in the present confused patchwork of legal
requirements’.[38]
While Senator Nick Xenophon agrees that there are potential
benefits from e-health, he too is concerned about its ramifications
for privacy and wants a Senate Inquiry into the concerns
raised.[39] The
Government insists the identifiers will not be able to be used for
other purposes.[40]
One journalist has pointed out other possible problems with the
proposed scheme:
… bureaucrats running the system
yesterday could not say how it would confirm that a person trying
to access your health ID number is actually a doctor. Nor can they
say how computers will know you gave permission to share health
data with others. They confirmed that some people, perhaps
celebrities and domestic violence victims, will be able to have
pseudonyms attached to their number to hide their identity. And the
Government will not send any correspondence telling you your health
number either if you want to know you will have to ring a Medicare
office and ask.[41]
Consultant and health commentator, Dr David More, has been
critical of NEHTA for not providing more information record content
and access and how health providers will be authenticated.[42] Mater Hospital chief
information officer, and member of the NEHTA Stakeholder Reference
Forum Malcolm Thatcher, is of a similar view. Thatcher has concerns
about the extent to which the Government and NEHTA have thought
through the need for providing a user-held token for the storage of
the individual (patient) health identifier to avoid incorrect
retrieval of patient identifiers based on demographic data and the
human error.[43]
According to software developer Peter West, warnings to NEHTA that
centralised information will be easier for hackers to access and
potentially more open to abuse by medical staff, have been
consistently ignored.[44]
On the other hand, NEHTA clinical lead and
former Australian Medical Association President, Dr Mukesh
Haikerwal, has argued:
… the good thing about the healthcare
identifier is that it not only makes the system safer, more
accurate and up-to-date, it also carries with it additional
safeguards over and above what exists today…There is also a
very strict audit trail so that any individual can know that
someone has accessed their record in the system which is an
additional layer of security…You will never satisfy everyone
in regards to privacy, but I have far more confidence in the future
of e-health and the security of its records than I do in the
current system.[45]
NEHTA Chief Executive, Peter Fleming,
acknowledges that it is a difficult and complex task to centralise
the identifier projects in place across the states and territories.
Nonetheless, he supports Haikerwal’s claims that the outcome
will be safer healthcare.[46]
The Royal Australian College of General Practitioners welcomed
this legislation and stated that ‘the national Healthcare
Identifiers Service is the cornerstone to make e-health
work’.[47] It
noted, however, that there must be clarity regarding privacy
safeguards, such as, who will have access to patient information
and informed consent, and when to apply anonymous health care
identifiers. The RACGP also sought more information on the
implementation process and issues including integration into
general practice software and funding for general practices to
support required software and business changes.[48]
The Australian Medical Association has made no official comment
since this legislation was introduced. However, as journalist
Julian Bajkowski points out, the support of clinicians is essential
if the identifiers system is to be workable. Days before the
introduction of this Bill AMA President Dr Andrew Pesce agreed with
the Law Council that new audit and oversight powers of the Privacy
Commissioner needed to be codified. Pesce believed it was
reasonable to expect regular audits of health identifiers and that
breaches should be subject to ‘significant sanctions’.
But Pesce also was clear that he wanted to see e-health happen and
that privacy issues and red tape should not be used as obstacles to
its realisation.[49]
It has been reported that while the Opposition is insistent that
it supports e-health in principle, it intends to oppose any
Government moves to ‘fast track reforms’, with health
spokesperson, Peter Dutton, arguing that such significant reforms
need to be reviewed in more depth.[50]
In the opinion of some health commentators, however, the plan to
introduce a coordinated, national e-health scheme will not succeed
in Australia. An Ovum Research report released in early February
2010 claims that years of investment in uncoordinated and
unconnected strategies has produced system so fragmented that the
cost of integration will prove prohibitively high.[51] While clearly the cost of
implementing a complex scheme will be high, the existence of a
number of variations is not unsurmountable as the British have
already discovered (see the box below).
|
Overseas implementation
example—the United Kingdom
Personal Demographic Service (PDS) with information on over 48
million health consumers has been in the process of implementation
in the United Kingdom since July 2004.
The PDS will replace a number of locally held data bases in the
various National Health Service (NHS) regions.
Each person's PDS care record comprises demographic information,
such as name, address, date of birth and NHS number as well as
medical information. The PDS does not hold any clinical health
information or sensitive data such as ethnicity or religion.
The PDS includes information governance controls protecting
patient information, such as registration and authentication
processes to identify actions taken by particular healthcare
professionals, controls on the information available to healthcare
professionals and privacy controls to check who has accessed or
amended patient records. The level of access to patient records is
determined by the role an NHS staff member has in dealing with
patients—for example, a consultant is able to see more
information than a medical receptionist. There are logs kept of
those who access patient care records. These show who has accessed
the records and what they added or changed. Patients can ask to see
this information. It is expected that eventually patients will be
able to check their own details through a secure NHS web
service.
Disciplinary action can be taken for unauthorised access to patient
information. This can include criminal action under the United
Kingdom Data Protection Act or civil action for breaches of
confidentiality.[52] |
Benefits
NEHTA has noted a number of benefits of a national e-health
system:
- improved safety and quality of healthcare
- increased involvement of consumers in their own health
- improved access for healthcare providers to reliable health
information when and where it is needed
- enhanced shared care of complex medical problems and chronic
disease
- reduced burden on Australia’s health sector through
better health management
- innovation to deliver improvements in health sector
productivity
- improved healthcare planning by ensuring resources are directed
to where they are needed most
- lives saved through better decision support, increased access
to information, and reduction in adverse events.[53]
Risks
On the other hand, as the National Electronic Health Records
Taskforce has pointed out, there are a number of risks that have to
be recognised and appropriate counter measures put in place to
manage those risks within acceptable limits.
These risks include:
- potential breaches to privacy and confidentiality
- unauthorised access to health information
- unauthorised use of a health identifier
- inadequate/incorrect identification through lack of agreed
standards for identification and
- widening of uses over time ('function creep').
The Taskforce considered that strict criteria for counter
measures needed to be in place to ensure these problems would not
eventuate. These included:
- limiting the use of patient identifiers to the health
sector
- absolute transparency and accountability—with control
over an identifier’s use residing with the consumer
- participation by consumers and providers to be voluntary
- a robust privacy/legislative framework which limited
circumstances in which a health identifier could be used (with
appropriate penalties for misuse)
- appropriate security measures and standards in place throughout
the health sector to maintain privacy and confidentiality of health
information and
- agreed standards to provide assurance of the integrity and
quality of information that is exchanged
electronically.[54]
The Healthcare Identifiers Service
which will implement the system of healthcare identifiers is to be
funded to 30 June 2012 as part of $218 million allocated by the
Council of Australian Governments to NEHTA in November
2008.[55] Under the
National Partnership Agreement on E-Health, funding is
contributed to by the Commonwealth, state and territory
governments.[56]
NEHTA has allocated $52.02 million
to fund the operation of the Healthcare Identifiers Service by
Medicare Australia for 2010–11 and 2011–12.[57]
In addition, the Commonwealth has
provided funding of $0.5 million for 2010–11 and
2011–12 to the Office of the Privacy Commissioner to provide
regulatory oversight and advice on the introduction of healthcare
identifiers.
Funding for the Healthcare
Identifiers Service from 30 June 2012 will be determined through
discussion between the Commonwealth, states and territories.
There are seven parts to this Bill.
Part 1—Preliminary
Part 1 of the Bill (clauses 1–4) contains
preliminary information relating to the title of the Act to be
enacted, commencement and the purpose of the Act. Clause
4 provides that the Act will bind the Crown in right of
Commonwealth and the states and territories, but and they will not
be liable to prosecution for any offence under the Act.
Clause 5 lists definitions of terminology used
in the Bill. Key definitions used are:
healthcare: means health service
within the meaning of subsection 6(1) of the Privacy Act
1988.
healthcare identifier has the meaning
given by section 9 of the Bill (see below).
healthcare provider means:
(a) an individual who:
(i) has provided, provides, or is to provide, healthcare or
(ii) is registered by a registration authority as a member of a
particular health profession or
(b) an entity, or a part of an entity, that has conducted,
conducts, or will conduct, an enterprise that provides healthcare
(including healthcare provided free of charge).
healthcare recipient means an
individual who has received, receives, or may receive,
healthcare.
health information has the meaning
given by subsection 6(1) of the Privacy Act 1988.
Clause 6 defines the Chief Executive Officer of
Medicare Australia as the (Healthcare Identifiers) service
operator, but allows that alternative operator can be
specified in the regulations. Clause 33 requires
the Minister to consult with the Ministerial council before the
regulations are made by the Governor General under clause 39.
Clause 7 defines the information which will be
required by the service operator in order to assign and maintain
healthcare identifiers to healthcare providers and individual
healthcare recipients. Personal information, such as name, address,
gender and date of birth will be required for individuals. Name,
address and CAN, ABN and other information as prescribed in the
regulations will be required by healthcare providers. Other
information, such as a Medicare number may be required.
Clause 8 describes a national registration
authority as one prescribed in the regulations.
Part 2—Assigning healthcare identifiers
Part 2 (Clauses 9 and 10) provides information
on assigning healthcare identifiers. Sub clause
9(1) will authorise the service operator to assign a
unique healthcare identifier number to a healthcare provider (as
prescribed in the regulations), or to an individual. The service
operator will determine whether to assign an identifier
(Subclause 9(4)) irrespective of the wishes of the
potential assignee.
As the Explanatory Memorandum to the Bill notes, from July 2010
a national scheme will be established for the registration of
health professionals in ten professions.[58] These national registration bodies
will be able to, under certain circumstances, assign healthcare
identifiers to individual healthcare providers under
subclause 9(2). Individual health care
provider identifiers for health care providers who are not included
in the national registration and accreditation scheme will be
provided by the service operator subject to the individual
providers meeting criteria set out in the regulation and to their
providing identifying information as set out in clause
7(1).[59]
Subclause 9(3) will provide that health care
identifiers will be able to be assigned to individual healthcare
providers, enterprises that provide health care and to individuals.
The regulations may provide requirements for assigning healthcare
identifiers (Subclause 9(5)).
Subclause 9(6) will provide that health care
identifiers are subject to the National Privacy Principle
7.[60] This
principle provides that a private organisation must not adopt as
its own an identifier of an individual that has been assigned by
the Commonwealth Government.
Clause 10 will require the service operator to
establish and maintain an accurate record of assigned healthcare
identifiers and information relating to those identifiers,
including requests made to disclose those identifiers (under
Division 2 of Part 3).
Part 3—Use and disclosure of healthcare identifiers and
other information
Part 3 refers to proposals for the use and disclosure of
healthcare identifiers and other information. This part provides
for limited authorisation for private organisations to use and
disclose healthcare identifiers.
Division 1 - Use and disclosure of identifying
information for assignment of healthcare identifiers
Clauses 11–15 refer to use and disclosure
of identifying information for assignment of healthcare identifiers
by healthcare providers, data sources and national registration
authorities.
Subclauses 11(1) and (2) will authorise a
healthcare provider to disclose identifying information about an
individual healthcare recipient to the service operator for the
purpose of assigning a healthcare identifier to the individual. The
service operator will be authorised to collect the information and
use it for assigning an identifier.
Subclauses 12(1) and (2) will
authorise a data source (Medicare Australia, the Veteran
Affairs’ Department or an entity prescribed by the
regulations) to disclose identifying information it holds about an
individual healthcare recipient or healthcare provider for the
purpose of assigning a healthcare identifier. The service operator
will be authorised to collect the information and use it for this
purpose.
Subclauses 13(1) and (2) will authorise a
national registration authority to disclose a health care
identifier or information relating to a healthcare identifier to
the service operator for the purpose of establishing or maintaining
the healthcare identifiers record referred to in Clause
10.
Clause 14 enables the making of regulations to
require healthcare providers to provide the service operator with
up-to-date information about themselves.
Clause 15(1) provides that a person commits an
offence if the person, without appropriate authorisation, discloses
or uses information collected under Part 2 or Division 1 of Part 3.
The penalty is two years or 120 penalty units ($13 200) or both. A
body corporate may be subject to a fine of up to 600 penalty units
($66 000). Subclause 15(3) is similar and relates
to a person who acquires information in contravention of
subsection 15(1) and uses and discloses the
information.
Division 2 - Disclosure of healthcare identifier by
service operator
Subdivision A
Clause 16 will authorise a healthcare provider
to disclose identifying information about a healthcare recipient to
the service operator to obtain the recipient’s healthcare
identifier.
Subdivision B
The service
operator will be authorised to disclose healthcare identifiers to
an identified healthcare provider or an authorised employee of such
a provider. The health care provider must notify the service
operator about which employees are so authorised. The healthcare
provider or authorised employee will be authorised to collect the
healthcare identifier information (Clause
17).
Clauses 18 will require the service operator to
disclose to the healthcare recipient (or the person responsible for
the healthcare recipient under subclause 2.5 of National Privacy
Principle 2) the person’s healthcare identifier or
information that relates to the person and which is included in the
service operator’s record maintained under section
(clause) 10.
The service operator will be authorised under clause
19 to disclose a healthcare provider’s healthcare
identifier to a registration authority so that the authority may
register the provider.
Clause 20 will authorise the service operator
to disclose a health care provider’s identifier to an entity
to enable the provider’s identity to be confirmed in
electronic transmissions.
Clauses 21 and 22 allow for the regulations to
prescribe rules about the disclosure of healthcare identifiers by
the service operator, and to require an entity to which information
has been disclosed to provide certain information relevant to that
disclosure to be made to the service operator. The regulations may
provide for the imposition of a penalty of up to 50 penalty units
($5 500) for contravention of a regulation.
Division 3 - Use, disclosure and adoption of healthcare
identifier by a health care provider
Clause 23 will authorise a healthcare provider
to disclose a healthcare recipient healthcare identifier to the
recipient or to a person responsible for the recipient.
Clause 24 sets out the proposed terms for
disclosure and other uses.
Paragraph 24(1)(a) sets out the proposed
permitted uses and disclosures of healthcare identifiers by
healthcare providers for the purpose of communication or management
of information as part of:
- providing healthcare to a person or
- the management, funding, monitoring or evaluation of
healthcare; or
- provision of indemnity cover for the healthcare provider
or
- research approved by a human research ethics committee.
Paragraph 24(1)(b) authorises a healthcare
provider to use or disclose healthcare identifiers if the provider
reasonably believes it is necessary to lessen or prevent a serious
threat to an individual’s life, health or safety or a serious
threat to public health or public safety.
As the Explanatory Memorandum notes, ‘express authority
permitting a healthcare provider to use or disclose healthcare
identifiers is necessary in light of the restrictions under
National Privacy Principle 7 of the Privacy Act on private sector
organisations using and disclosing Commonwealth government assigned
identifiers’.[61] A note to the clause indicates that Division 3
does not apply to personal health information other than that
specified. Collection, use, disclosure or adoption of other
personal information is dealt with in other legislation.
Subclause 24(2)
provides that where a healthcare provider discloses a healthcare
identifier to another entity for a purpose defined by subclause
24(1), the entity is authorised to collect, use or disclose it to a
healthcare provider for the purpose for which it was disclosed to
the entity.
Subclause 24(4)
provides that a healthcare identifier cannot be used by an insurer
to underwrite health insurance or determine eligibility or cover
level for health insurance or for the purpose of employment.
Clause 25 will
provide for healthcare providers to adopt an identifier of a
healthcare recipient as their identifier to that healthcare
recipient. As the Explanatory Memorandum points out, this authority
is needed because of the prohibition under National Privacy
Principle 7 of the Privacy Act that prevents private sector
organisations adopting Commonwealth government assigned
identifiers.
Division 4 -
Unauthorised use and disclosure of healthcare
identifiers
Clause 26 sets out
offences and penalties proposed for the unauthorised use and
disclosure of healthcare identifiers. Subclause
26(1) will make it an offence if a healthcare
identifier is disclosed to a person and that person uses or
discloses the healthcare identifier. The penalty for this offence
as committed by an individual is a fine of 120 penalty units,
imprisonment for two years or both. If the offence is committed by
a corporation, a fine of 600 penalty units will apply.
Under Subclause
26(2) this penalty will not apply if a person is
authorised to use or disclose the healthcare identifier and the use
and disclosure is in accordance with the purposes defined in
subclause 24(1), the use or disclosure is
authorised under another law, or the person discloses the
healthcare identifier for the purpose of, or in connection with,
the person’s personal, family or household affairs (within
the meaning of section 16E of the Privacy Act 1988).
Division 5 - Protection of
Healthcare Identifiers
Clause 27 proposes
that an entity holding a healthcare identifier must protect it from
misuse, loss, unauthorised access, modification or disclosure.
Additional requirements may be imposed under regulations.
Part 4—Interaction with the
Privacy Act 1988
Clause 28 proposes
that an authorisation to collect, use or disclose a healthcare
identifier under this legislation will also be considered an
authorisation for the same purpose under the Privacy Act
1988.
Under subclause
29(1), an act or practice which contravenes the
legislation or regulations (once enacted) will be considered as a
breach of privacy under the Privacy Act 1988.
Subclause 29(3)
will allow the Privacy Commissioner to undertake audits of
healthcare identifiers under the Privacy Act in relation to
personal information.
The Privacy Commissioner will be
required to prepare an annual report on compliance and enforcement
activities undertaken in relation to the Healthcare Identifiers
Service. A copy of the report must be provided to the Ministerial
Council by 30 September of each year clause 30). A
copy of the report must be tabled in each House of parliament
within 15 days sitting days after the report is submitted to the
Minister.
Part 5—Healthcare Provider
Directory
Subclause 31(1)
will require the service operator to establish and maintain a
Healthcare Provider Directory. This will detail the professional
and business details of healthcare providers who have consented to
having these details included in the Directory.
Under subclause
31(2) the service operator will be able to disclose
details from the Healthcare Provider Directory to other
participating healthcare providers or employees, authorised to act
on the healthcare provider’s behalf.
The Explanatory Memorandum cites
the establishment of the Healthcare Provider Directory as a key
benefit of the Healthcare Identifiers Service as it aims to improve
communication between healthcare providers by providing ‘a
reliable source of identifying and contact information about other
participating healthcare providers’.[62]
Part 6—Oversight role of the
Ministerial Council
This part proposes that the
responsible Minister in consultation with the Ministerial Council
is able to issue written directions by legislative instrument to
the service operator in relation to the operation of the Healthcare
Identifiers Service (clause 32). Under the
proposed clause 33 the Minister responsible will
be required to consult with the Ministerial Council prior to the
Governor General making regulations.
Clause 34 will
require the service operator to prepare an annual report and to
provide that report no later than 30 September each year. The
Minister must table the report in Parliament within 15 sitting days
after the service operator has submitted it to the Minister. A
review of the operation of the legislation within three years is
proposed under clause 35.
The Explanatory Memorandum explains
that a review will be required to provide necessary regulatory
support to enable the Healthcare Identifiers Service to operate
efficiently and effectively and to assess Medicare
Australia’s role as the service operator.
It also notes that requiring
consultation with the Ministerial Council recognises the important
role states and territories play in managing the operation of the
Healthcare Identifiers Service to ensure it appropriately supports
the needs of national public health policy.[63]
Part 7—Miscellaneous
Clause 36 proposes
that the authorisation for a particular purpose which applies to an
entity under this Bill applies to a person employed by the entity.
This would be subject to the requirement under clause
17 of the legislation.
Relationship to state and
territory laws
Under subclause
37(1) it is proposed that laws of the states and
territories will operate concurrently with the healthcare
identifiers legislation to the extent to which those laws are
‘capable’ of doing so. The Government considers this
will allow existing privacy arrangements in the states and
territories to continue to operate if they do not conflict with the
provisions of the Bill. If an offence under this legislation is
also an offence under state and territory law then a person will
only be able to be convicted of one of the offences
(subclause 37(2)).
Subclause 37(3)
will ensure that nothing in this Bill (once enacted) limits,
restricts or otherwise affects any right or remedy a person would
have had if this Act had not been enacted.
Under subclause
37(4) if the Minister responsible for the administration
of the health identifiers legislation makes a declaration relating
to specific provisions and specified public bodies of a state or
territory under subclause 37(5), the provisions
referred to will not apply to those authorities.
Subclause 37(5)
will oblige the Minister to declare that certain provisions of this
Bill will not apply to relevant state or territory public bodies if
both a state of territory Minister requests such a declaration in
writing, and the Minister is satisfied that an appropriate
law is in force in that state or territory that has provisions that
have been agreed by the Ministerial Council.
Subclause 37(6)
will oblige the Minister to revoke a declaration made under
subclause 37(4) where a Minister of a state or
territory makes a request or where a state or territory law
previously agreed to by the Ministerial Council is amended without
their agreement.
Under subclause
37(7) neither section 42 (disallowance) nor Part 6
(sunsetting) of the Legislative Instruments Act 2003 will
apply to a declaration or revocation made under subclauses 37(5)
and 37 (6).
Clause 38
Severability –
additional effect of Parts 3 and 4
Clause 38 will
provide that the legislation ‘is given the widest possible
operation consistent with Commonwealth constitutional legislative
power’.[64]
Subclause 38(1) proposes that without
limiting the effect of the Act, Parts 3 and 4 will also have the
effect as provided by subclauses 38(2) to 38(10)
relying on different elements of Commonwealth power.
Clause 39 –
Regulations
Subclause 39(1)
will provide that the Governor-General is able to make regulations
which may be required, necessary or convenient for the operation
of, or giving effect to, the Bill
(once enacted). Consultation with
the Ministerial Council will be required prior to the making of
such regulations. Regulations will be able to be made in relation
to a number of areas.
Subclause 39(2)
proposes that regulations may provide for the imposition of a
penalty for not more than 50 units ($550).
There appears to be general agreement that e-health has the
potential to improve the delivery of healthcare for consumers and
healthcare providers alike. Healthcare Identifiers have been
recognised as a fundamental part of the national infrastructure
required to deliver secure electronic communications across the
health system.
Concerns have been raised, however, that patient privacy will be
compromised by technology. Consumer groups in particular have been
critical of identifiers because they believe these will be misused
and the privacy of individuals will be breached from the onset.
Additionally, they consider there is the possibility that in the
future, the identifiers may be used for purposes other that
healthcare. It is of particular concern also for these groups that
the legislation will be in place before it is clear how the
Privacy Act 1988 will be updated to address the impact of
electronic technologies on the privacy of individuals
While this Bill appears to make serious attempts to address
these issues, critics are not fully satisfied that the proposed
legislation is sufficiently rigorous to ensure there are no adverse
consequences for health consumers. Supporters of the legislation on
the other hand, are convinced that the introduction of healthcare
identifiers is indeed a first and vital step towards creating a
safer health system which ensures that ‘the right people have
access to the right information at the right time’.[65]
Members, Senators and Parliamentary staff can obtain further
information from the Parliamentary Library on (02) 6277 2429.
[1].
House of Representatives Standing
Committee on Family and Community Affairs, Health on line: a report on
health information management and telemedicine, Australian
Government Publishing Service (AGPS), Canberra, 1997, pp.
90–92, viewed 12 February 2010, http://www.aph.gov.au/house/committee/fca/tmreport.pdf
[2].
National Health Information
Management Advisory Council (NHIMAC), Health Online: a health
information action plan for Australia, NHIMAC, 1999. Not
available online. Revised version 2001, viewed 12 February
2010,
http://www.health.gov.au/internet/hconnect/publishing.nsf/content/7746b10691fa666cca257128007b7eaf/$file/actplan2.pdf
[3].
National Electronic Health Records
Taskforce, A health information network for Australia: report
to Health Ministers by the National Electronic Health Records
Taskforce, July 2000, viewed 12 February
2010,
http://www.health.gov.au/internet/hconnect/publishing.nsf/Content/7746B10691FA666CCA257128007B7EAF/$File/ehrrept.pdf
[4].
Ibid.
[5].
T Abbott (Minister for Health and
Ageing), Medicare smartcard launched, media release, 28
July 2004, viewed 16 February
2010,
http://parlinfo/parlInfo/download/media/pressrel/SX9D6/upload_binary/sx9d62.pdf;fileType=application/pdf#search=%22medicare%20smartcard%20launched%22
and Medicare Australia, Medicare smartcard brochure, May
2005.
[6].
Archived website for
HealthConnect, information on National E-Health Transition
Authority (NEHTA) website, viewed 15 February
2010,
http://www.health.gov.au/internet/hconnect/publishing.nsf/Content/nehta-1lp
[7].
The Commonwealth and the states and
territories contributed on a 50/50 basis to this
funding.
[8].
Senate Community Affairs Committee,
Answers to Estimates Question on Notice, Health and Ageing
Portfolio, Supplementary Budget Estimates 2009–2010, 21
October 2009, Question: E09–244.
[9].
N Roxon (Minister for Health and
Ageing), and J Ludwig (Minister for Human Services),
Federal-state collaboration advances electronic health
agenda, joint media release, 12 January 2008, viewed 15
February 2010,
http://www.health.gov.au/internet/ministers/publishing.nsf/Content/mr-yr08-nr-nr006.htm?OpenDocument&yr=2008&mth=1
[10].
Ibid.
[11].
R LeMai, ‘Too much haste not good for
e-health’, MIS Financial Review, 15 February 2008,
viewed 15 February 2010, http://www.misaustralia.com/viewer.aspx?EDP://20080215000020304888
[12].
Deloitte, National E-Health and Information
Principal Committee, National E-Health Strategy,
2008, viewed 15 February 2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/604CF066BE48789DCA25751D000C15C7/$File/National%20eHealth%20Strategy%20final.pdf
[13].
Australian Institute of Health and Welfare
findings in Australia’s Health 2002, which cite
statistics as quoted in Deloitte, National e-health
strategy, op. cit.
[14].
Deloitte, National e-health strategy, op.
cit.
[15].
Ibid.
[16].
National Health and Hospitals Reform Commission
(NHHRC), A healthier future for all Australians, final
report, June 2009, viewed 15 February
2010,
http://www.health.gov.au/internet/nhhrc/publishing.nsf/Content/1AFDEAF1FB76A1D8CA257600000B5BE2/$File/Final_Report_of_the%20nhhrc_June_2009.pdf
[17].
Ibid.
[18].
Ibid.
[19].
S Mitchell, ‘Privacy warning on Medicare
smartcard’, The Australian, 22 November 2005, p. 2,
viewed 15 February 2010,
http://parlinfo/parlInfo/download/media/pressclp/2W0I6/upload_binary/2w0i64.pdf;fileType=application/pdf#search=%22privacy%20warning%20on%20Medicare%20smartcard%22
[20].
Australian Health Ministers’ Conference,
First step taken towards national e-health system, media
release, 13 July 2009, viewed 15 February 2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/pacd-ehealth-consultation/$File/AHMC%20-%20out%20of%20session%20eHealth%20communique%2013%20July%2009%20FINAL.pdf
[21].
Australian Health Ministers’ Advisory
Council, Healthcare identifiers and privacy: discussion paper
on proposals for legislative support, July 2009, viewed 15
February 2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/pacd-ehealth-consultation/$File/Typeset%20discussion%20paper%20-%20public%20release%20version%20070709.pdf
[22].
Office of the Privacy Commissioner, Healthcare
identifiers and privacy: Discussion paper on proposals for
legislative support, submission to the Australian Health
Ministers’ Conference, August 2009, viewed 15 February
2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/eHealth-061
[23].
Ibid.
[24].
Consumers Health Forum of Australia (CHF),
CHF Submission on the Healthcare identifiers and privacy:
discussion paper on proposal for legislative support, August
2009, viewed 15 February
2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/eHealth-030/$FILE/030_Consumers%20Health%20Forum%20of%20Australia%20pt%201_14-08-09.pdf
[25].
Australian Privacy Foundation (APF), APF
response to AHMAC paper: Healthcare Identifiers and privacy:
discussion paper on proposals for legislative support, viewed
15 February 2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/eHealth-018/$FILE/018_Australian%20Privacy%20Foundation_03-08-09.pdf
[26].
Australian Health Ministers’ Conference,
Communique, 13 November 2009, viewed 15 February 2010,
http://www.ahmac.gov.au/site/media_releases.aspx
[27].
Exposure draft, Healthcare Identifiers Bill
2010, viewed 15 February 2010, http://www.health.gov.au/internet/main/publishing.nsf/Content/E7C1554B9FBFB924CA25768400812AAF/$File/Exposure%20Draft.pdf
[28].
Australian Privacy Foundation, submission to
Exposure draft, Healthcare Identifiers Bill, viewed 15 February
2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/eHealth2-044/$FILE/044_Australian%20Privacy%20Foundation_07-01-10.pdf
[29].
Australasian College of Health Informatics,
Response to request for comment on the draft health identifier
legislation, January 2010, viewed 15 February
2010,
http://www.health.gov.au/internet/main/publishing.nsf/Content/eHealth2-045/$FILE/045_The%20Australasian%20College%20of%20Health%20Informatics_07-01-10.pdf
[30].
K Dearne, ‘E-health logjam frustrates
health providers’, The Australian, 9 September 2008,
p.27, viewed 19 February 2010,
http://parlinfo/parlInfo/download/media/pressclp/ETHR6/upload_binary/ethr60.pdf;fileType%3Dapplication%2Fpdf
[31].
Reference to report by R Viellaris,
‘Health ID cover-up for some exposes risks’, The
Courier Mail , 20 January 2010 and ABC Radio morning program,
20 January 2010, presenter Madonna King in letter from Australian
Privacy Foundation Chair, Health Sub Committee, Dr J Fernando, to
Minister for Health and Ageing, viewed 19 February
2010, http://www.privacy.org.au/Papers/Roxon-HI-100122.pdf
[32].
Letter to the Australian Privacy Foundation from
Liz Forman, Assistant Secretary, eHealth Branch, Department of
Health and Ageing, on behalf of Minister for Health and Ageing, 9
February 2010, viewed 19 February 2010, http://www.privacy.org.au/Papers/RoxonResponse-100209.pdf
[33].
Letter from Australian Privacy Foundation Chair,
Health Sub Committee, Dr J Fernando, to Liz Forman, Assistant
Secretary, eHealth Branch, Department of Health and Ageing, 12
February 2010, viewed 19 February 2010, http://www.privacy.org.au/Papers/Hlth-PatientAccess-100212.pdf
[34].
T Warner, Is the e-Health initiative
healthy? Victorian Council for Civil Liberties, Liberty
website, viewed 19 February 2010, http://www.libertyvictoria.org/node/134
[35].
Ibid.
[36].
Ibid.
[37].
K Dearne, ‘Compromised
confidentiality’, The Weekend Australian, 13
February 2010, p. 12, viewed 15 February 2010,
http://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22media%2Fpressclp%2FL0WV6%22
[38].
Ibid.
[39].
Quoted in S Dunleavy, ‘Health number ID for all:
patients have no choice’, The Daily Telegraph,
17 February 2010 p.11, viewed 19 February 2010,
http://parlinfo/parlInfo/download/media/pressclp/04XV6/upload_binary/04xv60.pdf;fileType=application/pdf#search=%22health%20number%20id%20for%20all%22
[40].
Dunleavy, ‘Health number ID’, op.
cit
[41].
Ibid.
[42].
D Pauli, e-health news sparks more
criticism, Computerworld website, 21 January
2010 viewed
19 February 2010,
http://www.computerworld.com.au/article/333262/e-health_news_sparks_more_criticism/
[43].
Ibid.
[44].
T Shepherd, ‘No privacy: expert claims
health records can’t be kept secret’, The Adelaide
Advertiser, 19 January 2010, p. 1, viewed 19 February
2010,
http://parlinfo/parlInfo/download/media/pressclp/9BOV6/upload_binary/9bov60.pdf;fileType=application/pdf#search=%22no%20privacy%22
[45].
Pauli, op. cit.
[46].
K Dearne, ‘State plans to build on patient
identifier on imaging, radiology’, The
Australian, 9 February 2010, p. 29, viewed 19 February
2010,
http://parlinfo/parlInfo/download/media/pressclp/AHUV6/upload_binary/ahuv60.pdf;fileType=application/pdf#search=%22state%20plans%20to%20build%20on%20patient%20identifier%20on%20imaging,%20radiology%22
[47].
Royal Australian College of General
Practitioners (RACGP), College of GPs welcomes new step
for e-health, media release, 10 February 2010, viewed 19
February 2010, http://www.racgp.org.au/media2010/36073
[48].
Ibid.
[49].
J Bajkowski, ‘Privacy push for e-health
data’, The Australian Financial Review, 9 February
2010, p. 31, viewed 19 February 2010,
http://parlinfo/parlInfo/download/media/pressclp/LDUV6/upload_binary/lduv60.pdf;fileType=application/pdf#search=%22Privacy%20push%20for%20e-health%20data%22
[50].
R Bolton, ‘Electronic health system on
sick list’, The Australian Financial Review, 2
February 2010, p. 1, viewed 19 February
2010,
http://parlinfo/parlInfo/download/media/pressclp/70SV6/upload_binary/70sv60.pdf;fileType=application/pdf#search=%22Electronic%20health%20system%20on%20sick%20list%22
[51].
Ovum research, National e-health strategy
progress in Australia, report cited in Bolton, op. cit. Report
is not publicly available.
[52].
More information is available on the Personal
Demographics Service on the National Health Service website,
viewed 22 February
2010,
http://www.connectingforhealth.nhs.uk/systemsandservices/demographics/pds
[53].
NEHTA Strategic Plan, 2009–2012,
viewed 19 February
2010,
http://www.nehta.gov.au/about-us/strategy
[54].
National Electronic Health Records Taskforce,
A health information network for Australia, op.
cit.
[55].
Council of Australian Governments’
Meeting, 29 November 2008, Outcomes, Attachment A, Health and
Ageing, viewed
12 February
2010,
http://www.coag.gov.au/coag_meeting_outcomes/2008-11-29/attachments.cfm
[56].
That is, the Commonwealth contributes just over
40 per cent and the states and territories contribute on a
proportional basis, the remaining funding. Council of
Australian Governments (COAG), National partnership agreement
on e-health, viewed 12 February 2010,
http://www.coag.gov.au/coag_meeting_outcomes/2009-12-07/docs/npa_e-health.pdf
[57].
Funding will be $26.01million in both financial
years. Explanatory Memorandum, Healthcare Identifiers Bill 2010 and
Healthcare Identifiers (Consequential Amendments) Bill 2010, viewed
12 February 2010,
http://parlinfo.aph.gov.au/parlInfo/download/legislation/ems/r4299_ems_b3f370a9-21fa-4d53-a227-65c1fcaad5df/upload_pdf/339202.pdf;fileType=application%2Fpdf
[58].
The professions are: medical, nursing and
midwifery, pharmacy, physiotherapy, dental, psychology, optometry,
osteopathy and chiropractic. A further four
professions—Aboriginal and Torres Strait Islander health
practice, Chinese medicine, medical radiation practice,
occupational therapy are expected to be added to the scheme in 2012
and other professions may be added in the future. Explanatory
Memorandum, p. 10. See also the Intergovernmental agreement for a
national registration and accreditation scheme for the health
professions, signed 26 March 2008 , viewed 16 February
2010,
http://www.nhwt.gov.au/documents/National%20Registration%20and%20Accreditation/NATREG%20-%20Intergovernmental%20Agreement.pdf
.
[59].
Explanatory Memorandum, p. 11.
[60].
The National Privacy Principles can be found in
Schedule 3 of the Privacy Act 1988, viewed 16 February
2010,
http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/sch3.html
[61].
Explanatory Memorandum, p. 18.
[62].
Ibid., p. 21.
[63].
Ibid., p. 23.
[64].
Ibid., p. 24.
[65].
N Roxon, ‘Second reading speech:
Healthcare Identifiers Bill 2010’, House of Representatives,
Debates, 10 February 2010, pp. 3–5, viewed 22
February 2010,
http://parlinfo/parlInfo/genpdf/chamber/hansardr/2010-02-10/0013/hansard_frag.pdf;fileType=application/pdf
Rhonda Jolly
24 February 2010
Bills Digest Service
Parliamentary Library
Back to top