The Privacy Act of 1988, covers the privacy of an individual’s, group’s or institution’s personal information through embodying eleven Information Privacy Principles (IPP's):
- Principle 1 - Manner and purpose of collection of personal information
- Principle 2 - Solicitation of personal information from individual concerned
- Principle 3 - Solicitation of personal information generally
- Principle 4 - Storage and security of personal information
- Principle 5 - Information relating to records kept by record-keeper
- Principle 6 - Access to records containing personal information
- Principle 7 - Alteration of records containing personal information
- Principle 8 - Record-keeper to check accuracy etc of personal information before use
- Principle 9 - Personal information to be used only for relevant purposes
- Principle 10 - Limits on use of personal information
- Principle 11 - Limits on disclosure of personal information
(See appendix for short summaries of the above IPPs)
These IPPs extend not only to personal information given to private and public agencies and governments, but also extends to both private and public health organisations. The Privacy Act 1988 is not the only act assisting in the privacy of health records, National Health Act of 1953 was specially designed for the privacy of personal information through all health organisations.
Beginning December 2001, the private sector came under the regulation of the Privacy Amendment (Private Sector) Act 2000, which amended the Privacy Act 1988. The introduction of the Privacy Amendment (Private Sector) Act 2000 paved the way for better privacy protection of the patients in the private clinics and hospitals. The law now offers privacy protection and choice to patients while balancing this with the need for health service providers to share information for the provision of quality health care.
The privacy Amendment Act 2000 is an extension of the Privacy Act 1988 and it regulates the private health sector. This introduced The National Privacy Principles (NPPs). These principles were designed with the aim to deliver promotion of greater openness between health service providers and patients regarding the handling of health information. They cover the whole information lifecycle from collection to storage, maintenance, use and disclosure. Under the law, health service providers can only collect information if the patients have given consent. This Privacy Amendment Act 2000 gives individual a right to know what information an organisation holds about and a right to correct that information if it is wrong. (Jawahitha Sarabdeen 2008; Mohamed Mazahir Mohamed Ishaky 2008)
Information Security
But what is it that keeps personal information private?
When changing clothes, people want privacy. To have privacy, one would put up curtains. In a similar manner, to keep personal information private, forms of barriers are put in place. This form of protection is called Information Security or Infosec.
Department of Defense defines Infosec as: “the protection of information and information systems against unauthorized access or modification of information, whether in storage, processing, or transit, and against denial of service to authorized users. Information security includes those measures necessary to detect, document, and counter such threats. Information security is composed of computer security and communications security.” (Department of Defence 2009)
In short, Infosec relates to the security of any information that is stored, processed or transmitted in electronic or similar form. To the average person, "security" goes hand in hand with ensuring that information is available only to those who are authorized to receive it. However, "security" increasingly includes a number of other important factors:
- Integrity - which ensures that information has not been changed or tampered with;
- Availability - which ensures that communications and computing systems are not disrupted in their normal operations;
- Authentication - which ensures that a person accessing or providing information is actually who they claim to be; and,
- Non-repudiation - which ensures that a person is not able to deny the receipt of information if they have in fact received it.
These factors are rapidly growing in importance as day-to-day life continues.
(Department of Defence-Intelligence and Security 2010)
Advantages of Healthbook
Healthcare Information and Management Systems Society defines E-Health as, “the application of internet and other related technologies in the healthcare industry to improve the access, efficiency, effectiveness, and quality of clinical and business processes utilized by healthcare organizations, practitioners, patients, and consumers to improve the health status of patients.” As published in HIMSS News, Volume 13 Number 7, pg 12.
If E-Health were to be implemented, it would without doubt improve the access, efficiency, effectiveness, and quality of clinical and business processes utilized by healthcare organizations, practitioners, patients, and consumers to improve the health status of patients. Owing to the fact that:
- Health records would be found anywhere, anytime by medical practitioners around Australia, as well as across geographical and technological boundaries.
- The speed at which practitioners would be able find the records would increase greatly, as all records would be streamlined and patient’s records could be found by simply entering of the patient’s identification number into the Graphical User Interface (GUI) provided by Telstra.
- E-health will also make quality information easier and quicker to access. This means that GPs spend less time tracking down or exchanging information, giving them more time to spend actually treating patients.
- The patient would be able to access his or her health records from the safety of their home. Giving the patient the ability to update their present health status, which would subsequently be seen by all a patient’s medical consultants, seeing that they would all be pulling up the same profile and health records from this e-health cloud system.
- The health records would stand to be correct, in most cases, since the patient has verified it and is viewing it at least a few times a year.
- Patients would have electronic access to the information they need to better manage and control their personal health situation and thus their outcome.
- NEHTA’s initiative to create secure messaging between patient and medical practitioners would allow equity for all Australians, as a result from allowing better access to health care services in remote, rural and disadvantaged communities.
(Anonymous3 2010)
- A GP will be simply able to send prescriptions to a secure e-health repository which the patient’s pharmacist will access electronically.
- If a rushed diagnosis and treatment is crucial, a patient could use the secure messaging and e-prescription capabilities that an e-health system would be able to provide. For example, if someone is in urgent need of medical advice and treatment then the internet may be the fastest way to get that immediate care rather than making an appointment for three months from now to see a specialist, seeing that some people may not be able to afford to wait that long. Also, for low income earners the internet maybe able to offer them free advice and treatment.
(Forum 2006-2010)
- Instead of travelling back to your doctor after a diagnostic test with a paper report and X-Ray film, your doctor will be able to access your results and reports via the secure electronic transfer of health information.
(Anonymous4 2010)
- Only authorized people will have access to certain information, insuring information is secure by server access. (see disadvantages for interception of information on its way to the server)
(NEHTA 2010)
Disadvantages of Healthbook
If E-Health were to be implemented, it would without doubt improve the access, efficiency, effectiveness, and quality of clinical and business processes utilized by healthcare organizations, practitioners, patients, and consumers to improve the health status of patients. However, while it brings these new opportunities to the table, it also brings with it a range of issues, risks and disadvantages. Disadvantages being:
START UP COSTS - Start up costs are enormous, from buying equipment to record and store patient charts and training GPs and medical personnel on electronic medical record software. Some physicians do not see any immediate benefit to their practice in the short run and beginning to drag their feet at the mention of the implementation of E-Health. Not only this for at least the first decade the immediate benefits will be to the Australian society and loss to the providers and constructers of E-Health.
REDUCED PATIENT-DOCTOR TIME - Unfamiliarity with the new technology interfaces could significantly reduce patient time due to the GP struggling with unfamiliar equipment. Many patients report visits with doctors where the doctor has to divert focus to figuring out how to enter things electronically and thus has less time for the patient or the next.
ROOM FOR ERROR - It becomes easy to miss recording relevant details, or to type in incorrect information, owing to the fact that the GP has yet to learn how to enter information through the new interface.
(Tricia Ellis-Christensen 2010)
IMPERSONLISATION - electronic medical records and their accompanying systems, such as e-consulting and secure messaging between patient and doctor, have depersonalized doctor visits. This can lead to incorrect assessments of health and subsequently death. Also a patient may act as if he or she is sick through the e-consulting or secure messaging services provided by e-health, to claim malpractice or gain prescriptions of drugs.
FRAUDULENT CONCERNS – If individuals are able to update their own health records patients may change their health records to commit fraud, such as claiming insurance due to being sick or having a disability.
(Anonymous5, 2010)
PRIVACY CONCERNS - There will always been privacy issues and concerns in the healthcare system on who has access to your medical records. But in a situation where your information is sent to a centralized information repository in digital format, all bets are off. This privacy concern is a big issue with many people and will continue to be an issue until it is addressed to the standards that are necessary.
(Conrad Arito 2009)
INTEGRITY (relates to privacy concerns also) - Whenever a piece of data is sent over an electronic link, particularly if it’s wireless, it may get truncated, compressed or transformed. If it is accepted by a PC or phone application on the way, it might be converted to different units, averaged, corrected or manipulated in some way. By the time it has passed through a number of different stages to get to the final medical record, it may have undergone a set of “Chinese whispers“, affecting the integrity and reliability of the data.
(Anonymous5 2010)
Protection of Healthbook Data Records
The trusted exchange of clinical information requires an agreed approach to information security that meets the expectations and obligations for transferring and storing personal health information. This includes addressing two fundamental concerns:
- Consumer confidence in e-health systems that the necessary standards and controls are in place to protect privacy and secure information about patient’s health data as it is created, stored, accessed and exchanged;
- Confidence required by clinicians and health end-users, specifically the issues of medico-legal indemnity and accountability.
In order to address this, NEHTA is continuing to develop a Security and Access Framework (SAF). The SAF will provide both conceptual and implementation guidance for managing the:
- Consistent control and monitoring of access to consumer health information as it transitions through independent organisations, business processes, and systems in the Australian Health sector; and
- Traceable provenance of health information from creation at a verifiable trusted source through its transition and possible augmentation on route to its destination/s.
As illustrated in Figure 3, in the appendix, it will provide guidance on the full lifecycle of identity and access management.
(NEHTA 2010)
Security experts also recommend that a system be put in place when transferring data to and/or from the server, that applies an integrity stamp to the data itself and also end to end encryption be applied till destination of the data has been reached. (If this data was changed by anyone but the patient, the stamp would be removed and the signature of the modifier would be applied to the data and a flag raised.
Furthermore, in the place of using passwords as a security measure, security measures like biometric logon systems should be used, owing to the fact that passwords are not truly secure as it is nothing but letters, numbers and symbols.
Along with essential and basic information security, such as firewall, antivirus software and monitoring systems, real time protection, and other such security protocols, the following should be put in place:
- Access controls - any mechanism by which a system grants or revokes the right to access some data
- Encryption
- Auditing - allows you to track user activity, including administrator activity
- Physical security
- Backup System and Generator
(Tanya Beccam 2009)
Conclusion
Despite the widespread implementation of e-health systems and failure of many of them since 2001, worldwide, the potential for e-health to streamline and improve medical care in Australia remains excellent, and continues to grow day by day.
While realizing the potential health benefits that could be gained from the implementation of e-health, Australia’s e-health system must rise where other systems have fell if it is to succeed and assist the nation’s health care system.
Ultimately it comes down to one question, ‘Is it time E-Health be implemented into Australian health care?’
After analysing and evaluating the current advantages, disadvantages and infosec strategies it is recommended that E-health be put back for a few years till the foundations, architectures and frameworks are solid and infosec security is beefed up enough to please any privacy, security and integrity concerns civilians, patients and doctors may have. At the moment it is agreed that the advantages of an E-Health system would immensely assist health care in Australia, while outnumbering the disadvantages, the disadvantage of security risks outweigh any advantages that could be seen. Owing to the fact that if the E-Health central system is breached all of the advantages would be nullified.
At the end of the day, it is too early to have the E-Health system implemented and it is recommended that the E-Health system be implemented closer to 2015, when all aspects of the system have been solidified. It is also recommended that before its implementation the E-Health system be trialled in a major city, as well as hiring hackers to attempt to breach the system.
Reference List
Jane Sarasohn-Kahn, 2008. The Wisdom of Patients: Health Care Meets Online Social Media, [Online]. Available at: [accessed 12 June 2005].
Dr David Moore, 2008. Healthbook - An Idea Whose Time has Come?, [Online]. Available at: [accessed 12 June 2005].
Department of the Prime Minister and Cabinet, 2009. Responding to the Australia 2020 Summit, [Online]. Available at: [accessed 4 June 2005]
Anonymous1, 2010. RACGP signs e-health agreement with Telstra, [Online]. Available at: [accessed 12 June 2005].
Anonymous2, 2010. Telstra to Build E-Health Cloud, [Online]. Available at: [accessed 12 June 2005].
Jawahitha Sarabdeen, 2008; Mohamed Mazahir Mohamed Ishaky, 2008. E-health Data Privacy: How far is it protected?, [Online]. Available at: [accessed 12 June 2005].
Department of Defence, 2009. Information Security, [Online].
Available at: [accessed 12 June 2005].
Department of Defence - Intelligence and Security, 2010. What Information Security Means, [Online]. Available at: [accessed 12 June 2005].
Anonymous3, 2010. Benefits of E-Health, [Online]. Available at: [accessed 4 June 2005]
Multiple (Forum), 2006-2010. Discussion Disadvantages of E-Health, [Online]. Available at: [accessed 4 June 2005]
Anonymous4, 2010. Visiting a Doctor, [Online]. Available at: [accessed 4 June 2005]
NEHTA, 2010. Chapter 5, 6, 7, 8 - Future Capabilities, Architecture, Change and Adoption, Risks and Challenges it, [Online]. Available at: [accessed 4 June 2005]
Tricia Ellis-Christensen, 2010. What are the disadvantages of electronic medical records?, [Online]. Available at: [accessed 12 June 2005].
Anonymous5, 2010. Visiting a Doctor, [Online]. Available at: [accessed 4 June 2005]
Conrad Airto, 2010. Disadvantages of Electronic Health Record System?, [Online]. Available at: [accessed 12 June 2005].
Tanya Beccam, 2009. Making Database Security an IT Security Priority, [Online]. Available at: [accessed 12 June 2005].
Appendix
Privacy Act 1988 – Eleven Information Privacy Principles (IPPs):
1. Collection
A collector shall only collect personal information for inclusion in a record or generally available publication where it is necessary for a lawful purpose. A collector shall not collect personal information by unlawful or unfair means
2. Solicitation from the Individual Concerned
Where personal information is solicited from the individual concerned, the collector shall ensure that person is aware of the purpose for which it is being collected, of any legal obligation to comply with the request, and of disclosure practices relating to it
3. Solicitation of Personal Information Generally
When personal information is solicited, the collector shall ensure that it is relevant to the purpose of collection, up to date and complete, and that the collection is not unduly intrusive
4. Storage and Security
A record-keeper shall ensure that records are secure against loss, unauthorised access, use, modification or disclosure, and against other misuse
5. Public Access Rights
A record-keeper shall enable any individual to ascertain the nature, main purposes and subject access procedures relating to any personal information held, and shall maintain a record of such details
6. Subject Access Rights
The individual concerned shall be entitled to have access to a record that contains personal information, except to the extent that the record-keeper is required or authorised to refuse
7. Subject Alteration Rights
A record-keeper shall make reasonable alterations to ensure that records of personal information are accurate, relevant, up to date, complete and not misleading, and where unwilling to make an alteration, shall allow the individual concerned to attach to a record a statement of the alteration sought
8. Quality of Information Used
A record-keeper shall not use personal information without taking reasonable steps to ensure that it is accurate, up to date and complete
9. Relevance of Information Used
A record-keeper shall not use personal information unless it is relevant
10. Use Limitations
A record-keeper shall only use personal information for the purpose for which it was obtained, and for such additional purposes as are consented to by the individual, are authorised by law, are necessary in an emergency, and are reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue
11. Disclosure Limitations
A record-keeper shall only disclose personal information if the individual to whom it relates should have been aware that it was subject to disclosure, or the disclosure has been consented to by the individual, authorised by law, or is necessary in an emergency, or is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue. In the last three cases a note to that effect shall be included in the record. The recipient of the information shall not use or disclose the information except for the purpose for which it was given it
http://www.rogerclarke.com/DV/PaperPrivacyActShort.html
Figure 1: E-Health Community Model
http://www.nehta.gov.au/about-us/nehta-blueprint (Chapters 1 and 2 - Introduction and Blueprint Overview)
Figure 2: Two Parallel Worlds
http://www.nehta.gov.au/about-us/nehta-blueprint (Chapter 5, 6, 7, 8 - Future Capabilities, Architecture, Change and Adoption, Risks and Challenges)
Figure 3: SAF Aspect