Comparing the proposed Healthcare Identifier to the doomed 1980s Australia Card is a cliché, I know, but it’s spot on. The Healthcare Identifiers Bill currently making its way through parliament is sketchy at best, and health minister Nicola Roxon has already been forced into releasing an equally sketchy draft of the accompanying regulations on Friday.
The legislation authorises Medicare to issue a new 16-digit healthcare ID number, central to the government’s eHealth strategy, to every Australian and every healthcare provider from July 1. But that’s about all it does. It fails to address in any real detail what protections will be implemented when this one identifier provides the key to everything from an appointment with your masseur or your dentist to your s-xual or mental health records.
The legislation also allows the disclosure of healthcare identifiers for “monitoring or evaluation of healthcare” and “conduct of research that has been approved by a Human Research Ethics Committee” without the individual’s consent being required, and in cases where “the healthcare provider reasonably believes that the use or disclosure is necessary to lessen or prevent … a serious threat to public health or public safety”.
Needless to say, there are privacy concerns.
“The government has just given us this kind of tiny, weeny taste of what in fact this supposed e-health scheme is supposed to look like, but in fact at this stage nobody knows what it’s going to look like,” Dr Juanita Fernando, chair of the Australian Privacy Foundation’s health sub-committee, told Crikey.
Your Individual Healthcare Identifier (IHI) will be issued whether you consent to the electronic integration of your health records or not. Your first experience of it will come when you first seek medical care after July 1 and the receptionist starts asking for more detailed personal information so they can match you back to your IHI.
“You may not want people listening in the waiting room to hear that your former name was ‘Brown’ or that you lived somewhere else, or you don’t want a violent ex-partner to come chasing you,” Dr Fernando said. “There is research that already indicates the kind of pressure that consumers experience when they are asked to reveal private information in a public area.”
Legislation can change over time, and the government might well be tempted to indulge in a little scope creep once the national database is in place. Nevertheless, the real threat might not be from Big Brother but from a thousand Little Brothers.
“The fact that there is a really complete up-to-date honeypot database of Australians is really scary,” Dr Fernando said.
Only last week the Senate was told there have been 70 substantiated privacy breaches by Medicare employees in 2008-09. When everyone working in healthcare, some 500,000 people, potentially has access to your IHI some will surely be tempted by curiosity or the offer of some, erm, “supplemental income”.
It doesn’t have to be this way.
The Austrian health system, for example, allows people to generate a different but consistent “pseudonym” ID for each healthcare provider and other government interactions.
“When you get to hospital, you’ve broken your arm, then they will know you as ‘the broken arm’, being an Austrian broken arm, so therefore you will receive treatment. But they don’t know who you are,” said Danish identity technologist David Simonsen, who explained the system to the Patch Monday podcast last month.
According to Dr Fernando, other systems called “just-in-time interconnection” only link the health data when it’s needed.