Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Tail of e-health must not wag the dog of personal health care: report

Protection of the individual is the primary function of personal health care data, says APF

The protection of the individual is the primary function of personal health care data and the tail of health administration and research must not be permitted to wag the dog of personal health care, according to an Australian Privacy Foundation (APF) policy position document.

The document, eHealth Data and Health Identifiers, sets out the APF principles for assessing eHealth initiatives and eHealth regulatory measures.

“Calls for a general-purpose national health record are for the benefit of tertiary users (administration, insurance, accounting, research, etc), not for the benefit of personal health care,” the document reads.

"The tail of health and public health administration and research must not be permitted to wag the dog of personal health care."

Among the specific criteria in the document:

  • The health care sector must remain a federation of islands
  • Consolidated health records must be the exception not the norm
  • Identifiers must be at the level of individual applications
  • Pseudo-identifiers must be widely-used
  • Anonymity and persistent pseudonyms must be actively supported
  • All accesses must be subject to controls
  • All accesses of a sensitive nature must be monitored
  • Personal data access must be based primarily on personal consent
  • Additional authorised accesses must be subject to pre- and post-controls
  • Emergency access must be subject to post-controls
  • Personal data quality and security must be assured
  • Personal access and correction rights must be clear, and facilitated

The AFP has a particular focus on e-health. Last year, it awarded the NSW Department of Health the Most Invasive Technology prize in is Big Brother Awards, the ‘Orwells’. The department won for introducing its electronic health record system Health-e-Link with only an opt-out for patients instead of the opt-in requirement of the Health Privacy Law.

“The failure to allow partitioning of sensitive health information, the lack of controls on authorised users, and failure to pilot both opt-in as well as opt-out systems could threaten public trust in what could be an immensely valuable tool for improving both individual and population health,” said Orwells judge, Associate Professor at the Faculty of Law, University of Sydney, Dr Roger Magnusson.

Nominations are now open for this year’s Big Brother awards at www.privacy.org.au.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Brother, Department of Health, NSW Department of Health, NSW Department of Health, Privacy Foundation, University of Sydney, University of Sydney
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: AFP, data privacy, e-health, government, privacy, security
Latest Blog Posts
Whitepapers
  • Best Practices for Oracle License Management: Optimise Usage and Minimise Audit Liability
    With Oracle audits on the rise, organisations that can best align license agreements with actual database and option usage can reduce their financial risk and maximise the value of their Oracle investments. The goal is to “right-size” Oracle across the enterprise and gain control over the entire license management process – from accurate needs projections and licensing negotiations, to deployments and audit preparation. Read on.
    Learn more »
  • Virtual Certainty - Best Practices for Gaining Monitoring Clarity in VMware Environments
    The benefits of virtualisation are unassailable: increased agility, scale, and cost savings to name but a few. However, so too are the monitoring challenges posed by these environments—including complexity, lack of visibility and control, and inefficiency. This white paper reveals the best monitoring practices to employ in virtualized environments—best practices that are essential in enabling organizations to overcome their monitoring challenges so they can get the most business value from their virtualisation investments.
    Learn more »
  • Oracle Enterprise Gateway
    Oracle Enterprise Gateway is a standards-based, policy-driven, standalone software security solution that provides first line of defense in Service-Oriented Architecture (SOA) environments. Learn more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments