Personally Controlled Electronic Health Records Bill

16 February, 2012

As a member from a rural and regional area, I certainly understand, as members on this side do, the benefits and opportunities provided by e-health.

But the issue facing the government is whether it can actually deliver a workable framework for e-health. A timely warning for the government is the UK experience-£12 billion spent on their e-health system since 2005, and it has since been scrapped.

I believe that security, accountability, reliability and transparency are the most important issues we should be considering in relation to this legislation. Both patients and health organisations are dependent on getting the technology and framework right.

I know that the health IT industry has expressed concerns about the government’s ability to deliver this program by the 1 July target date, as is evidenced by the submissions to the Senate inquiry. For example, the Medical Software Industry Association told the inquiry:

There is evidence of a lack of probity, ineffective governance and an inability to deliver targeted programs.

It also suggested:

The program risks falling into disuse from the very first day of live operation.

I believe the risk to the security of patients’ information arises from two avenues: firstly, access by unauthorised persons, and, secondly, the broader cybersecurity risk. The government has to guarantee that this system will under no circumstances give other people access to individual or collective-I think that is a real issue-medical records.

I am aware that computer experts have said that the technology needed to guarantee security does not actually exist. I note the measures mentioned in the bill focus on managing the process after the records have been accessed and place this responsibility on healthcare bodies. Well, the damage will have already occurred for the patient at that point.

I am sure everyone in this place is aware of how important the doctor-patient relationship is and how important the issue of confidentiality is. The AMA’s submission to the Senate inquiry said:

Confidentiality is regarded as one of the most important aspects of good medical practice.

The integrity of the confidentiality of the patient medical record is absolutely essential to developing, enhancing, and underpinning the therapeutic relationship between medical practitioners and their patients. This confidentiality secures the necessary trust and openness that characterises the ongoing communication between doctors and their patients to optimise patient care.

There is no doubt that this trust between doctor and patient fundamentally underpins the integrity of our health system. People have to have complete confidence that the personal information they share with their doctor will always remain private.

As I have said previously, I have concerns about security of patients’ information, firstly, through unauthorised access, secondly, through the broader cybersecurity risk and, thirdly, because of the critical importance in this environment of patients’ medical records and the issue of trust between the doctor and patient.

In Australia health is a multibillion dollar industry with multibillion dollar rewards for companies and individuals who are best prepared for health trends. I am aware that e-health is a voluntary sign-up, but there is no doubt that the information contained in people’s health files is and will be of considerable value, especially if it can be collated to identify either local, regional or national health trends. For practical purposes there will be a central electronic government repository full of people’s private details and information.

I also believe that the government is ignoring the broader cyber risk. Cyberattacks cause direct financial losses to consumers and businesses from the theft of information or through extortion. The information in electronic health records has to be protected. It has to protect the rights and privacy of the patient. We know that hackers have been able to breach some of the world’s most secure internet sites. I was a member of the House of Representatives Standing Committee on Communications when it reported on cybercrime.

The evidence we took was a very graphic but very chilling reality check. As we said in our report, cybercrime is now a sophisticated transnational threat that operates on an industrial scale. The cybercriminal is no longer the nuisance hacker and is more likely to be part of a network of hackers, middlemen and organised criminals who combine to commit large-scale online crimes for significant profit.

Cybercrime is highly prevalent and directly affects a significant number of Australians. In fact, the manager of the Australian Computer Emergency Response Team, AusCERT, said:

Cybercrime in Australia is getting out of control and we are losing. And I think that, with the pressures coming on us over that next few years, if nothing is done to change the current direction we will lose faster.

Given the collective and individual value of health records, how will the government ensure that the private health records of Australian citizens remain totally secure. What responsibility will the government accept when an inevitable breach occurs?

This bill appears to impose all of this responsibility on health organisations and none of it on the government itself.

Breaches will be possible at all stages, both directly through unauthorised access and through sophisticated hacking. The government’s NBN will facilitate internet access and internet crime at speeds we have never before experienced in this country. A report by the Kokoda Foundation, entitled Optimising Australia’s response to thecyberchallenge, released on 4 February last year at the National Press Club, said that ‘cybersecurity has become the fundamental weakness in Australia’s national security’ and that ‘the threat is poorly understood by politicians, business people and the general public’.

The report was co-authored by former Deputy Chief of Air Force John Blackburn and identified that Australia has reached the point where our ability to respond to internet attack is being rapidly outpaced by advances in cyberattack and cyberterrorism. The foundation also stated:

A case in point is the mooted National Broadband Network (NBN). The report notes that once the network is built, taking high-speed broadband services through fibre-optic cable to an estimated 93 per cent of households, responsibility for maintaining cyber-security will rest with retail service providers rather than NBN Co.

I believe that this unprecedented growth in cyberthreat should be considered very seriously as a risk and as something that needs to be managed with the e-health system. The generation of these electronic records will require the goodwill of medical practitioners inputting the data into the system.

Given the size of the medical workforce across Australia and the workload they have, it will require an enormous effort and cost to transfer medical records to a new database. Most medical practices today have electronic databases and so have copies of records in digital form. Indeed, the computerisation of general practice increased from 17 per cent in 1997 to 94 per cent in 2007, achieved through a $740 million investment under the coalition government.

But will medical practices be able to transfer the desired information directly to the government’s e-health records database with the push of a button? I presume not, especially given that a wide range of medical software is in use in practices across Australia. Many may well not be compatible, not only with each other but with the new system.

I am aware that in my electorate alone there are so many different forms of software currently in use. Thus considerable time will have to be committed to transferring information to the new database. There will be issues with costs, training, support and assistance. But at this point there does not appear to be any government acknowledgment or support for that function, so we are left to assume that the individual medical practice will have to absorb the cost and the work. Without some streamlining and rationalisation of electronic medical record keeping, this problem of double data entry will not go away and could continue into the future.

There will always be someone putting the data in to the practice’s database and then repeating the process, perhaps for the government database. Having single-entry data storage is obviously the ideal outcome for efficiency, but will the government acknowledge the needs related to software in non-compatible medical computer systems? Or will the government assume that doctors or their staff will enter the information twice into different databases?

I want those who use digital technology in the medical field to be able to do so with absolute confidence. As I said previously, the relationship between doctor and patient in this nation underpins our whole medical system and is, in my view, sacred.

A number of reports indicate that using digital medical records and instructions can save lives. As a member from a rural and regional electorate I well understand, as I said earlier, the benefits this can bring to electorates like my own.

The Howard government initiated steps in 1999 toward the implementation of a national e-health policy through a national health information advisory council. As I said, I do want the public to have absolute faith in their electronic health records, but the government and this legislation need to be able to deliver a secure, accountable, reliable and transparent system.

I saw something in the newspapers today that concerned me. I am concerned about the government’s incapacity to deliver projects and programs on time and on budget. A report today shows that spending on Labor’s personally controlled health records system has already blown out by $300 million.

Ms Plibersek: Mr Deputy Speaker, I rise on a point of order. I was wondering whether I can take a point of order about misrepresentation when a newspaper article is wrong and includes double-counted figures. The newspaper article the member is referring to has some glaring inaccuracies in it. I am seeking your guidance about whether it would be possible to make a personal explanation with regard to that.

The DEPUTY SPEAKER ( Hon. DGH Adams ): The minister is quite entitled to take the matter up in another way. It is not a point of order.

Ms MARINO: I see that the figure used there was a blow-out of $300 million. Given the previous efforts of this government in so many of its programs and project delivery in which we have seen continual waste and spending of taxpayers’ funds, I and a number of my colleagues would not have confidence that that will not be the case with these electronic records.

I place on record my very serious concerns about the cybersafety matters I have raised, the issue of the integrity of the information that is contained in patients’ records and my very genuine concerns, which have been demonstrated historically by this government’s inability to deliver projects on time and on budget.