AMA sounds alarm over new data sharing scheme

25 Mar 2021

The AMA has raised concerns about proposed new data sharing laws, warning that there are no minimum privacy protections and that private health information could be shared with insurance firms. 

The Data Availability and Transparency Bill would allow a significant expansion of the sharing of public sector data between agencies and private organisations, sometimes without consent, and with no opt-out options for individuals. 

“It is impossible to overstate the importance of this Bill and the level of concern that the AMA holds regarding significant elements of the proposed legislation,” the AMA said in its submission to the Senate inquiry into the draft legislation. 

The legislation “overrides existing Commonwealth, State and Territory statutory secrecy provisions, overrides the restrictions on disclosure in the Privacy Act, and provides no minimum privacy protections – a standard of privacy governance well below community expectations expressed during the 2018 Senate review of the My Health Record system.” 

The AMA’s main concern is that the Bill provides no minimum privacy protections, with agencies allowed to determine their own privacy settings for sharing data. 

“This means that, unless an agency had no regard to the data sharing principles or failed to comply with other procedural requirements, it would be difficult to ‘second guess’ their decision,” the AMA submission said. 

“This leaves the public with little comfort that they will have redress – or that the officials and agency will be penalised – if decisions are made recklessly or negligently.” 

The AMA called on the government to make amendments requiring all of the data principles be satisfied before any data is shared, for decisions to share data to be subject to review by the Administrative Appeals Tribunal and for the Commissioner to have more powers to intervene. 

The AMA said the new powers could see Medicare and other healthcare information being shared with private health funds for “their own purposes”, which is currently prohibited by law. 

“It makes no sense to preclude My Health Record data from the data sharing scheme, but then permit the same MBS/PBS data to be directly shared with private health insurers. This is not consistent with the public’s expectations and has the potential to undermine the community-rated private health insurance system,” the submission said. 

“It is entirely foreseeable that this exception will be used to justify the disclosure of MBS and PBS datasets of identified or identifiable sensitive health information without patient consent. 

“The well-publicised privacy breaches involving Medicare provider numbers and Myki travel information demonstrate well-intentioned officers may not be trained to appropriately anonymise personal information.” 

The scheme does not allow individuals to make complaints about the sharing of their data, with the only avenues being the Commonwealth Ombudsman and the Office of the Australian Information Commissioner. 

The Senate committee is expected to report next month. 

You can read the AMA submission in full here.