The government’s proposed Medicare data-sharing scheme will put the privacy of all Australians at “serious risk”, a data privacy expert has said.
The Coalition unveiled draft legislation for the Health Amendment (Data-matching) Bill 2019, which would facilitate data-matching on health information between departments and agencies for the purpose of cracking down on fraudulent Medicare claims, in September.
The Bill greatly expands the data-matching scope to include data from the Medical Benefits Scheme, Pharmaceutical Benefits Scheme, Veteran Affairs, Home Affairs, the Australian Health practitioner Regulation Agency and the Therapeutic Goods Administration, with private insurers also potentially involved.
The government ran consultations on the new scheme and accepted submissions until 11 October. Just two weeks later, the legislation was introduced to Parliament.
In a submission to government, Vanteum chief executive Alistair Muir said the way the data-sharing scheme had been constructed, and the outdated methods utilised, unnecessarily puts the privacy of Australians at risk.
“Without a more comprehensive set of provisions for privacy assurance, every Australian citizen will have their privacy put at serious risk in order to achieve the public good that this bill aims to achieve. Our guiding principle is that citizens’ privacy and public good need not be mutually exclusive,” Mr Muir said in the submission.
The legislation needs to better take into account the privacy of citizens and “more contemporary models and technologies” used around the world for the use of public data, he said.
The privacy mechanisms proposed by the government are “insufficient and incomplete”, Mr Muir said, and this put the “identities of every Australian at considerable risk”.
These risks could be mitigated through a better designed system and the implementation of privacy-preserving data-sharing capabilities based on modern methods, he said.
Different methods can be used to ensure that this highly personal information doesn’t have to be moved, centralised or decrypted, he said, but the government’s approach to individual privacy is based on “old and flawed paradigms”.
The submission called on the government to redraft the legislation to better address the challenges of malicious exfiltration, insider threats and accidental disclosure, and for the creation of a sharing control system limiting the availability of information.
The bill needed to move away from terms like “provide to”, “obtain by” and “disclose”, the submission said.
“We suggest that a greater familiarisation with contemporary global data collaboration best practices is required to prevent a bill being drafted that is not based on outdated models and the prescription of out-of-date technology to achieve the intended means,” Mr Muir said.
The standard technology security frameworks included in the legislation are also “critically out of date”, he said, with some being more than 10 years old and missing some major “paradigm shifts”.
If the model remains as it is in the legislation, there will be significant risks of intentional and accidental misuse of medical data, he said.
“The intentional misuse by staff and third parties cleared to view the raw data is a constant risk and one which can only be mitigated by the use of techniques provided by privacy preserving protocols,” Mr Muir said.
“The accidental misuse of data / human error is unfortunately a common occurrence globally and offers the same risk profile as intentional misuse. When certain privacy preserving protocols are used the raw data is never decrypted and therefore mitigates this risk.”
The legislation was introduced to the House on 23 October by Health Minister Greg Hunt, who said it “strikes the right balance” between the public good and protecting privacy.
“The government acknowledges the importance of protecting an individual’s privacy and the trust placed in the government by Australians to manage their health data appropriately. Protecting the privacy of an individual’s health and other data is central to this bill,” Mr Hunt said.
“I will be required to put in place governance arrangements for data-matching for Medicare compliance purposes through a legislative instrument that prescribes how information for data-matching will be handled,” he said.
“The legislative instrument will ensure that the use, storage, access and handling of data protects privacy.”