Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
5.2 Privacy
The privacy concepts supported by the PCEHR System are modelled on the National Privacy Principles (NPPs) found in the Commonwealth Privacy Act 1988.Currently, depending on where the PCEHR System is operated and used, different privacy laws could apply. The PCEHR System will be subject to appropriate privacy requirements.
The core privacy concepts to be supported by the PCEHR System are outlined Table 1.
Table 1: How core privacy concepts are supported
| Privacy Concept | Summary of how the concept is supported |
|---|---|
| Collection | The PCEHR System will only collect personal information for the purposes of providing individuals with access to their own personal health information and enabling them to make this information more readily available to their chosen healthcare providers. Any information collected as part of the identity verification process will be limited to the minimum information required for proof of record ownership to be effective. The kinds of information proposed to be collected by the PCEHR System are defined in Section 4. Proof of record ownership is discussed in Section 5.4. |
| Use and disclosure | The personal health information within an Individual’s PCEHR is intended for use and disclosure by the individual, their representatives and their healthcare providers for the purposes of the individual’s healthcare. Whilst the PCEHR is primarily about providing healthcare to the Individual during their lifetime, if the Individual includes their Organ Donor Status in their PCEHR, this information may also be used and disclosed for the purpose of administering their organ donor preferences. Information contained within the PCEHR System will also be reported against for operational and management purposes, e.g. to ensure that the system is running effectively or to monitor audit trails. How information is used and disclosed (including reporting) by the PCEHR System is described in Section 4. Research and other permissible uses are described in Section 5.2.3. |
| Data quality | The PCEHR System will use new and existing conformance, compliance and accreditation processes to ensure that the information it collects, uses or discloses is of sufficient quality to support safe and effective care. The approach to data quality is defined in Section 4.2.1. |
| Data security | The PCEHR System will protect the personal information it holds through strong authentication of individuals and users, provision of access controls, auditing, security testing and education and training of users. Security is discussed further in Section 5.3. |
| Openness | The PCEHR System Operator will implement policies on its management of personal information. Once developed, these policies will be publicly available. In addition to being able to access the full set of terms and conditions in an easy to read manner, any related terms and conditions will be presented in a ‘just in time’ approach at the relevant point of data entry or when a particular choice about access control is made. |
| Access and correction | All personal health information held within an Individual’s PCEHR will be accessible to the individual concerned via a consumer portal. If an individual believes that information within the system is incorrect they will be able to instigate corrective action. The consumer portal is discussed further in Section 6.3.1. Correction is discussed further in Section 4.2.2. |
| Identifiers | The PCEHR System will adopt the identifiers supplied by the HI Service operated by the Department of Human Services for individuals, healthcare providers and healthcare organisations. The HI Service provides reliable identifiers and is backed by strong legislation and oversight by government. |
| Anonymity | Individuals have the option of applying for a pseudonym with the HI Service in the event that they wish to use a pseudonymous identity for the purposes of healthcare. |
| Transborder data flows | All elements of the PCEHR System infrastructure and any connected conformant repositories, conformant portals and contracted service providers must operate according to the forthcoming PCEHR legislation and be subject to Australian law. |
| Sensitive information | Individuals will be able to request that certain information is not made available on the PCEHR System. Individuals will also be able to control access and limit disclosure to that information once it has been uploaded. Limiting disclosure of information is discussed further in Section 5.5. |
Development of privacy protections will also be informed by a Privacy Impact Assessment (PIA), which will be undertaken by DOHA. The PIA will involve further stakeholder consultation on specific privacy related matters.
