Personally Controlled Electronic Health Record System Operator: Annual Report 2012-2013

4. Security, privacy and confidentiality

Page last updated: 10 April 2014

Given the sensitive nature of information held in the eHealth record system, a combination of legislative and technical mechanisms is used to safeguard privacy.

Many of the protections imposed by the PCEHR Act and the technical infrastructure are about ensuring that people have strong protection of their digital records.

In order to ensure that the privacy of health information is not compromised the PCEHR Act established a specific privacy regime for the eHealth record system, drawing heavily on the National Privacy Principles of the Privacy Act 1988. The PCEHR Act does not generally override state or territory privacy and health information laws except where those laws are inconsistent with the PCEHR Act.

The key privacy protections provided by the PCEHR Act include:

  • the ability for a person to control which healthcare provider organisation can access information in their eHealth record
  • closely defined limits on the circumstances in which information can be accessed outside of those controls
  • the ability to view an audit trail of all access to a person’s eHealth record
  • civil penalties for unauthorised access to eHealth records
  • requirements to report data breaches.
Existing criminal provisions in the Criminal Code 1995 and criminal offences for related matters, such as cybercrime, work together with the eHealth record system’s civil penalty regime to deter misuse of the system without discouraging participation.

Mechanisms to address or investigate any interference with privacy also remain available under the Privacy Act 1988 and the OAIC serves a critical role as an independent regulator of the eHealth record system. As part of a Memorandum of Understanding with the OAIC, key OAIC activities in 2012-13 included:

  • development of privacy fact sheets for the public and organisations providing guidance on privacy matters and appropriate handling of health and personal information within the eHealth record system
  • finalising an Information Sharing and Complaint Agreement with state and territory regulators
  • development of draft guidelines for system participants regarding notification of data breaches.

Information on a wide range of privacy topics relevant to the public and system participants is available on the eHealth website in a ‘Frequently Asked Questions’ format.

The System Operator, and any person acting on behalf of the System Operator, is only permitted to collect, use or disclose information contained in a person’s eHealth record in specific circumstances prescribed by the PCEHR Act.

The eHealth record system is also protected by technology, data management controls and ongoing reviews of system activity, supplemented by advanced security measures to identify and prevent unauthorised access to eHealth records.

The system leverages DHS’s identity and authentication capabilities, including the Healthcare Identifiers Service, MyGov and the National Authentication Service for Health (NASH) to identify and authenticate individuals and participants.

To preserve the confidentiality, integrity and availability of eHealth records under the custodianship of the System Operator, the eHealth record system is maintained in accordance with the Australian Government’s Security Policies defined in the Information Security Manual and Protective Security Policy Framework. This includes implementation of an ongoing work program to improve security and address threats in a rapidly changing cyber environment.

The System Operator and participating repository operators, portal operators and contracted service providers are prohibited from holding, taking, processing or handling eHealth records and related information outside Australia. The System Operator is only permitted to take and process non-personal and non-identifying information outside Australia for administrative and software programming purposes.

The eHealth record system is managed and operated by security vetted and authorised staff located at accredited sites within Australia.

There have been no incidents resulting in a compromise of the integrity or security of the eHealth record system.