House debates

Tuesday, 11 October 2016

Bills

National Cancer Screening Register Bill 2016, National Cancer Screening Register (Consequential and Transitional Provisions) Bill 2016; Consideration in Detail

5:54 pm

Photo of Ms Catherine KingMs Catherine King (Ballarat, Australian Labor Party, Shadow Minister for Health) Share this | | Hansard source

by leave—I move opposition amendments (1) to (3):

(1) Clause 26, page 22 (line 16), omit "The Minister", substitute "(1) The Minister".

(2) Clause 26, page 22 (lines 16 and 17), omit "a person", substitute "a permitted entity".

(3) Clause 26, page 22 (line 20), at the end of the clause, add:

  (3) In this section:

permitted entity means:

     (a) a Department of the Commonwealth, a State or a Territory; or

     (b) a body (whether incorporated or unincorporated) established for a public purpose by a law of the Commonwealth, a State or a Territory; or

     (c) a person in the service or employment of a Department mentioned in paragraph (a) or a body mentioned in paragraph (b); or

     (d) a person who holds or performs the duties of an office or position established by or under a law of the Commonwealth, a State or a Territory; or

     (e) an entity (whether incorporated or unincorporated) established for a charitable purpose.

  (4) This section has no effect to the extent (if any) to which its operation would result in the acquisition of property (within the meaning of paragraph 51(xxxi) of the Constitution) otherwise than on just terms (within the meaning of that paragraph).

These are very important amendments. They go to the heart of Labor's concerns with the National Cancer Screening Register Bill 2016. This is a very serious debate we are having here in this chamber this evening. This is a debate about not only who will hold some of the most sensitive health information but the future possibilities of the private, for-profit sector in the health space. We have known for a long time—it happened to us when we were in government—that there are a lot of very large for-profit companies circling our health system. Our system is largely delivered by the public sector. It is delivered currently through Medicare and the Department of Human Services. These companies have been circling for a long time to try to get a slice of that pie. They want a slice of that pie because it is very lucrative and it will make them money. There is a reason why we have suddenly seen a telecommunications company set up the Telstra Health arm. They are not the only ones in this space. There are other large companies that are very keen and have been circling the space of Medicare.

In this bill for the first time we have had a register—the national bowel cancer screening register, which is currently run by the Department of Human Services—contracted to a for-profit company. We also have the cervical cancer screening registers that have been run in the states and territories by their departments or in the case of Victoria and South Australia by a not-for-profit organisation, the Victorian Cytology Service, which has been running that since 1989 in Victoria at least. This is really at the heart of what this government has done.

We know that they have been giving very clear signals to the private sector that there is money to be made here—'We want you to start coming up with ideas to make money out of health.' Labor thinks there is a problem with that. It is a fundamental problem, which needs to have a proper debate. We started to say that we have some concerns about this. Remember that this government signed a contract with a for-profit company to run the Australian government's National Cancer Screening Register—something we support; we want to see the Cancer Screening Register—four days before the election was called. There was no announcement that that was what they had done. They signed the contract before they went into caretaker mode. They did not announce it during the election campaign—we thought they were going to—and then they actually said, 'We are not privatising Medicare at all.' This is a thin-end-of-the-wedge argument. This is where we are starting to see the creep of for-profit companies into what the government is already delivering—the delivery of government services. This is a very substantial change that the government is making. The amendments I have moved say that that is not okay. We do not believe that this new National Cancer Screening Register—part of which is the national bowel cancer screening register, which is already run by the Department of Human Services—is an appropriate service for a for-profit company to run.

We had a Senate inquiry. The government said, 'The world is going to end if you have a Senate inquiry.' Hopefully, we have improved this legislation through the proper processes of this parliament. We have seen this government decide that it is right for a for-profit entity to hold data about you—your Pap smear results and your bowel cancer screening results. They will know a whole heap of information about individuals—your Medicare data, whether you are a transgender individual and a lot of very sensitive information.

The government are also saying that they do not think the Department of Human Services is up to running this sort of register. That is basically what they are saying. We saw this government during the Ebola crisis, for example, give $20 million to a for-profit, private company rather than actually back in our AUSMATs. We saw the government take that $20 million decision. This is another decision they have taken. It is a $200 million contract over five years, with an option of 10, to give a for-profit company an edge when it comes to our healthcare system. The amendments I have moved very strongly say that we do not believe that we should have a for-profit company running this register. I want to make it very clear that we will be moving these amendments in the Senate as well. These are amendments that I believe the House should support because if we do not it is the thin end of the wedge when it comes to this government privatising our Medicare system. (Time expired)

Photo of Tony SmithTony Smith (Speaker) Share this | | Hansard source

The question is that the amendments be agreed to.

6:10 pm

Photo of Ms Catherine KingMs Catherine King (Ballarat, Australian Labor Party, Shadow Minister for Health) Share this | | Hansard source

by leave—I move opposition amendments (1) to (9) together:

(1) Clause 4, page 6 (line 12), after "personal information", insert ", key information".

(2) Clause 11, page 9 (lines 24 and 25), omit paragraph (e), substitute:

(e) claims information, to the extent that the information relates to whether or not the individual has undergone or should undergo screening;

(3) Clause 12, page 11 (lines 5 and 6), omit paragraph (1) (n).

(4) Clause 12, page 11 (line 7), omit paragraph (1) (o), substitute:

(o) any other purpose that is directly related to a purpose mentioned in one of the above paragraphs.

(5) Clause 17, page 18 (after line 21), after paragraph (3) (g), insert:

(ga) the person does so:

  (i) for the purposes of conducting medical research, and in accordance with the Australian Privacy Principles or any guidelines issued by the CEO of the National Health and Medical Research Council under subsection 95(1) of the Privacy Act 1988; or

  (ii) in a permitted health situation, as defined in subsection 16B(2), (3) or (4) of the Privacy Act 1988; or

(6) Clause 18, page 19 (line 8), omit "120 penalty units", substitute "600 penalty units".

(7) Page 20 (after line 16), at the end of Part 3, add:

22A Data breaches

(1) This section applies to an entity if:

(a) the entity is:

  (i) the Commonwealth, the Minister or the Commonwealth Chief Medical Officer, performing functions under this Act; or

  (ii) engaged by the Minister, on behalf of the Commonwealth, to perform services for or on behalf of the Commonwealth in connection with functions of the Commonwealth, the Minister or the Commonwealth Chief Medical Officer under this Act; or

  (iii) any other person performing work relating to the purposes of the register; and

(b) the entity becomes aware that:

  (i) a person has, or may have, contravened this Act in a manner involving an unauthorised collection, recording, disclosure or other use of information about an individual; or

  (ii) an event has, or may have, occurred (whether or not involving a contravention of this Act) that compromises, may compromise, has compromised or may have compromised, the security or integrity of the register; or

  (iii) circumstances have, or may have, arisen (whether or not involving a contravention of this Act) that compromise, may compromise, have compromised or may have compromised, the security or integrity of the register; and

(c) the contravention, event or circumstances directly involved, may have involved or may involve the entity.

Note: This section applies to an entity when the entity becomes aware of a matter referred to in paragraph (b) regardless of when that matter arose or occurred or if the matter is ongoing at the time the entity became aware of the matter.

Notifying the Information Commissioner

(2) The entity must, as soon as practicable after becoming aware of the contravention, event or circumstances, notify the Information Commissioner of the contravention, event or circumstances.

Civil penalty: 600 penalty units.

(3) If an entity has given notice under subsection (2) on becoming aware that a contravention, event or circumstances may have occurred or arisen then, despite subsection (2), the entity need not give notice again on becoming aware that the contravention, event or circumstances has occurred or arisen.

Steps to be taken if contravention, event or circumstances may have occurred or arisen

(4) The entity must, as soon as practicable after becoming aware that the contravention, event or circumstances may have occurred or arisen, do the following things:

(a) so far as is reasonably practicable contain the potential contravention, event or circumstances;

(b) evaluate any risks that, if the contravention, event or circumstances has occurred or arisen, may be related to or arise out of the contravention, event or circumstances;

(c) if there is a reasonable likelihood that the contravention, event or circumstance has occurred or arisen and the effects of the contravention, event or circumstances might be serious for at least one individual—notify all individuals who would be affected.

Civil penalty: 600 penalty units.

Steps to be taken if contravention or event has occurred or the circumstances have arisen

(5) The entity must, as soon as practicable after becoming aware that the contravention or event has occurred or the circumstances have arisen, do the following things:

(a) so far as is reasonably practicable, contain the contravention, event or circumstances and undertake a preliminary assessment of the causes;

(b) evaluate any risks that may be related to or arise out of the contravention, event or circumstances;

(c) notify all affected individuals;

(d) if a significant number of individuals are affected—notify the general public;

(e) take steps to prevent or mitigate the effects of further contraventions, events or circumstances described in paragraphs (1) (b).

Civil penalty: 600 penalty units.

(6) If an entity has given notice under paragraph (4) (c), then despite paragraph (5) (c), the entity need not give notice under paragraph (5) (c).

(8) Page 20, after Part 3, insert:

Part 3A—Interaction with the Privacy Act 1988

22B Contravention of this Act is an interference with privacy

(1) An act or practice that contravenes this Act in connection with personal information or key informationabout an individual included on the register is taken to be:

(a) for the purposes of the Privacy Act 1988, an interference with the privacy of the individual; and

(b) covered by section 13 of that Act.

(2) The respondent to a complaint under the Privacy Act 1988 about an act or practice, other than an act or practice of an agency or organisation, is the individual who engaged in the act or practice.

(3) In addition to the Information Commissioner's functions under the Privacy Act 1988, the Information Commissioner has the following functions in relation to the register:

(a) to investigate an act or practice that may be an interference with the privacy of an individual under subsection (1) and, if the Information Commissioner considers it appropriate to do so, to attempt by conciliation to effect a settlement of the matters that gave rise to the investigation;

(b) to do anything incidental or conducive to the performance of those functions.

(4) The Information Commissioner has power to do all things that are necessary or convenient to be done for or in connection with the performance of his or her functions under subsection (3).

Note: An act or practice that is an interference with privacy may be the subject of a complaint under section 36 of the Privacy Act 1988.

22C Information Commissioner may disclose details of investigations to the Minister

The Information Commissioner is authorised to disclose to the Minister any information or documents that relate to an investigation the Information Commissioner conducts because of the operation of section 22B, if the Information Commissioner is satisfied that to do so will enable the Minister to monitor or improve the operation or security of the register.

(9) Clause 26, page 22, after subclause (1), insert:

(2) Ownership of information included in the register or otherwise obtained under, or in accordance with, this Act is retained by the Commonwealth despite any agreement under subsection (1).

I understand that the government has its own amendments which largely support Labor's amendments. I look forward to the government actually supporting these amendments, but I suspect not. Again, these are all improvements to the bill that have occurred through Labor's intervention to make sure the Senate had proper scrutiny of these bills.

When we raised concerns about data breaches, they said I was engaging in some hysterical tirade. Apart from the nature of the gendered language that imbues, I have to say that the government now has, embarrassingly, a bit of egg on its face. It now has to come into this place—or it will do shortly—and move substantial amendments to this bill, which go to the heart of data protection. In the amendments we are moving today we believe very firmly that, when there are breaches of data, the individuals who are affected by those breaches of data need to be informed about them. You could get no more sensitive data than is in this bill: your Pap smear results; your bowel screening cancer results; your Medicare item number usage when it comes to cancer testing, cancer screening and cancer treatment. Or perhaps you are a transgender individual; or you may have had some other issues in relation to sexually transmitted diseases. You could not get more sensitive data. We accept that the government wants the Privacy Commissioner to decide whether to disclose that data that has been breached to the individual. We believe that you should, but it should be occur automatically.

We do not believe that the penalties in this bill or in the government's amendments go far enough. We have recently seen a massive breach of healthcare data where the Department of Health put Medicare item number data up on myGov. The way this government handled it was frankly appalling. Some 16 days after they were notified of the breach, on the floor of the Royal College of General Practitioners conference, the minister goes to all of the GP providers—some of whom potentially had had their provider numbers breached by the downloading of this data—and says: 'I'm really sorry about it and 16 days later we're going to inform you. We haven't informed the individual providers, the individual GPs who may have had that data breached. We'll do an investigation. We're going to try and close a loophole in the law.' It was not good enough. The doctors themselves have to inform their patients if there has been a breach of their privacy, but the government itself took 16 or 17 days to basically inform GPs that their data may have been breached. We think there needs to be mandatory data breach reporting. We have actually tried to get the government to do that in the previous parliament. We really think they need to move on it.

When it comes to the penalties, particularly given that the government signed a contract with a for-profit provider four days before the election, they are miniscule in this bill—$21,000 for a breach of data for a for-profit organisation like Telstra is simply not good enough. So the amendments that we are moving say very clearly that there needs to be higher penalty units within the bill itself and they should not deferred by seeking reparation through the Privacy Act.

We actually think they need to be within this bill itself.

We understand that the government has come some way to accepting some of Labor's amendments. But it has had, literally, the government's own body—its own body—having to inform it that it has some problems with this bill. We have through the Senate process managed to get the government to come part way, but again that we are moving these amendments here this afternoon because we do not think the government amendments go far enough.

As I said, penalty units of $21,600 when you come to a for-profit provider are simply not enough to discourage the potential misuse of this data—this highly sensitive data. I think, again, that when it comes to breaches of data the government has not protected individuals enough—not within its own legislation. It is all very well and good to inform the Privacy Commissioner that you have breached. We have seen that the government has form on this, with the recent health data breach, and we simply think that individuals have a right to know if this data has got into the public domain. If it has got into the public domain it should not be that the first time individuals know about it is when they read about it on the front page of a newspaper. I commend the amendments to the House.

Photo of Tony SmithTony Smith (Speaker) Share this | | Hansard source

The question is that the amendments be agreed to.

Question negatived.

6:24 pm

Photo of Sussan LeySussan Ley (Farrer, Liberal Party, Minister for Sport) Share this | | Hansard source

I present a supplementary explanatory memorandum to the bill and I ask leave of the House to move government amendments (1) to (12) on sheet HE125, as circulated, together.

Leave granted.

by leave—I move government amendments (1) to (12):

(1) Clause 4, page 3 (after line 20), after the definition of commercial-in-confidence, insert:

contracted service provider has the meaning given by subsection 22A(10).

[data breaches]

(2) Clause 4, page 6 (lines 1 and 2), omit the definition of prescribed body.

[prescribed body]

(3) Clause 11, page 9 (line 25), at the end of paragraph (e), add "associated with a designated cancer".

[claims information]

(4) Clause 12, page 11 (line 6), omit "cancer;", substitute "cancer.".

[purposes of the register]

(5) Clause 12, page 11 (line 7), omit paragraph (1) (o).

[purposes of the register]

(6) Clause 17, page 17 (line 15), omit subparagraph (3) (a) (iv).

[prescribed body]

(7) Clause 17, page 18 (after line 36), at the end of the clause, add:

(5) Collection, recording, disclosure or use of personal information for the purposes of research of a kind to which guidelines approved under section 95 or 95A of the Privacy Act 1988 relate is authorised under paragraph (3) (a) or (f) only if the collection, recording, use or disclosure is in accordance with the guidelines.

[research guidelines]

(8) Page 20 (after line 16), at the end of Part 3, add:

22A Data breaches

Notification of contraventions and possible contraventions

(1) If the Secretary becomes aware (otherwise than because of a notice under subsection (2)) that a person has, or may have, contravened section 18 in a manner involving an unauthorised recording, use or disclosure of personal information included in the register, the Secretary must, as soon as practicable, notify the Information Commissioner.

Note: This subsection applies when the Secretary becomes aware of the contravention or possible contravention, regardless of when it occurred or whether it is ongoing.

(2) If a contracted service provider or a former contracted service provider becomes aware that a person has, or may have, contravened section 18 in a manner involving an unauthorised recording, use or disclosure of personal information included in the register, the contracted service provider or former contracted service provider must, as soon as practicable, notify:

(a) the Secretary; and

(b) the Information Commissioner.

Note: This subsection applies when the contracted service provider or former contracted service provider becomes aware of the contravention or possible contravention, regardless of when it occurred or whether it is ongoing.

Civil penalty: 100 penalty units.

(3) A notice given under subsection (1) or (2) must set out the following:

(a) a description of the contravention that has occurred or may have occurred;

(b) the kind or kinds of information concerned;

(c) if the notice is given under subsection (2)—the identity and contact details of the contracted service provider or former contracted service provider.

Handling possible contraventions

(4) If the Secretary, or a contracted service provider or former contracted service provider, becomes aware that a person may have contravened section 18 in a manner involving an unauthorised recording, use or disclosure of personal information included in the register, the Secretary, or the contracted service provider or former contracted service provider, must do the following:

(a) so far as is reasonably practicable, contain the possible contravention;

(b) evaluate any risks that, if the contravention has occurred, may be related to or arise out of the contravention;

(c) if there is a reasonable likelihood that the contravention has occurred and the effects of the contravention might be serious for at least one individual whose details are included in the register:

  (i) in the case of the Secretary—consult the Information Commissioner about notifying individuals who may be affected; or

  (ii) in the case of a contracted service provider or former contracted service provider—ask the Secretary to consult the Information Commissioner about notifying individuals who may be affected.

Note: This subsection applies when the Secretary, contracted service provider or former contracted service provider becomes aware of the possible contravention, regardless of when it occurred or whether it is ongoing.

Handling contraventions

(5) If the Secretary, or a contracted service provider or former contracted service provider, becomes aware that a person has contravened section 18 in a manner involving an unauthorised recording, use or disclosure of personal information included in the register, the Secretary, or the contracted service provider or former contracted service provider, must do the following:

(a) so far as is reasonably practicable, contain the contravention and undertake a preliminary assessment of the causes;

(b) evaluate any risks that may be related to or arise out of the contravention;

(c) in the case of the Secretary—consult the Information Commissioner about notifying individuals who may be affected;

(d) in the case of a contracted service provider or former contracted service provider—ask the Secretary to consult the Information Commissioner about notifying individuals who may be affected;

(e) take steps to prevent or mitigate the effects of further contraventions.

Note: This subsection applies when the Secretary, contracted service provider or former contracted service provider becomes aware of the contravention, regardless of when it occurred or whether it is ongoing.

Secretary ' s duty

(6) The Secretary must comply with a request under subparagraph (4) (c) (ii) or paragraph (5) (d).

No need to report or consult if already done

(7) A person is not required to comply with subsection (1) or (2) in relation to a contravention that has occurred if the person has already given notice under that subsection that the contravention may have occurred.

(8) A person is not required to comply with paragraph (5) (c) or (d) in relation to a contravention if the person has already consulted, or asked the Secretary to consult, the Information Commissioner under paragraph (4) (c) in relation to the contravention.

(9) A contracted service provider or former contracted service provider is not required to comply with subsection (2), subparagraph (4) (c) (ii) or paragraph (5) (d) in relation to a contravention that has, or may have, occurred if another person has already:

(a) given notice in relation to the contravention under subsection (1) or (2); or

(b) consulted, or asked the Secretary to consult, the Information Commissioner in relation to the contravention under paragraph (4) (c) or (5) (c) or (d).

Contracted service providers

(10) In this Act:

contracted service provider means a person who:

(a) is engaged under an agreement referred to in section 26; and

(b) obtains protected information in the course of performing services under the agreement.

[data breaches]

(9) Page 20, at the end of Part 3 (after proposed clause 22A), add:

22B Contravention is an interference with privacy

(1) An act or practice that contravenes section 18 or subsection 22A(1), (2), (4), (5) or (6) is taken to be:

(a) for the purposes of the Privacy Act 1988, an interference with the privacy of an individual; and

(b) covered by section 13 of that Act.

(2) The respondent to a complaint under the Privacy Act 1988 about an act or practice, other than an act or practice of an agency or organisation, is the person who engaged in the act or practice.

(3) In addition to the Information Commissioner's functions under the Privacy Act 1988, the Information Commissioner has the following functions in relation to the register:

(a) to investigate an act or practice that may be an interference with the privacy of an individual under subsection (1) and, if the Information Commissioner considers it appropriate to do so, to attempt by conciliation to effect a settlement of the matters that gave rise to the investigation;

(b) to do anything incidental or conducive to the performance of those functions.

(4) The Information Commissioner has power to do all things that are necessary or convenient to be done for or in connection with the performance of his or her functions under subsection (3).

Note: An act or practice that is an interference with privacy may be the subject of a complaint under section 36 of the Privacy Act 1988.

[interference with privacy]

(10) Page 20, at the end of Part 3 (after proposed clause 22B), add:

22C Information Commissioner may disclose details of investigations to the Secretary

The Information Commissioner is authorised to disclose to the Secretary any information or documents that relate to an investigation the Information Commissioner conducts because of the operation of section 22B, if the Information Commissioner is satisfied that to do so will enable the Commonwealth to monitor or improve the operation or security of the register.

[interference with privacy]

(11) Clause 27, page 23 (lines 1 to 3), omit subclause (2), substitute:

(2) The Secretary may, in writing, delegate his or her functions or powers under:

(a) paragraph 17(3) (g) (about disclosing information); or

(b) section 22A (about data breaches);

to an SES employee, or an acting SES employee, in the Department.

[data breaches]

(12) Clause 28, page 23 (after line 13), after subclause (1), insert:

(1A) Before making rules for the purposes of:

(a) paragraph (l) of the definition of key information in section 4; or

(b) paragraph 11(g);

the Minister must consult the Information Commissioner in relation to matters that relate to the privacy functions (within the meaning of the Australian Information Commissioner Act 2010) and have regard to any submissions made by the Information Commissioner because of that consultation.

[consultation with Information Commissioner]

As members know, the need for these bills arose from the 2015-16 federal budget announcement to establish a National Cancer Screening Register aimed at saving more lives through increased detection, treatment and prevention of some of the country's biggest killers. The National Cancer Screening Register Bill provides for the establishment of the register and authorises the collection, use and disclosure of information for the purposes of the register and certain other purposes. It will allow Medicare enrolment and claims data and healthcare identifiers for individuals and healthcare providers to be collected by the register for the initial system build as well as on an ongoing basis.

The Turnbull government is serious about increasing cancer screening rates in the fight against cancers, as well as to improve survival rates. This legislation is critical for this government priority. These bills will serve to benefit the health of Australians through more efficient cervical and bowel screening pathways made possible by the establishment of a national register. The bills will facilitate monitoring of the effectiveness, quality and safety of screening and diagnoses associated with bowel cancer and cervical cancer. They will assist general practitioners and healthcare providers in their clinical decision making and contribute to cancer detection, treatment and prevention. They are very important.

I have proposed some changes to the National Cancer Screening Register Bill to provide clarity in some of its provisions, as discussed with the Office of The Australian Information Commissioner. These include a new provision requiring the contracted service provider to notify data breaches to the secretary of my department and to the Information Commissioner, and for the secretary of my department to notify data breaches to the Information Commissioner and for certain actions to be taken in relation to data breaches. These amendments will achieve an appropriate balance between protecting privacy and retaining the flexibility required to deliver these world-class screening programs.

The protection of personal information held in the register is of paramount importance. I have proposed to make unauthorised recording, use or disclosure of personal information in the register, or a contravention of the requirement to notify data breaches, an interference with privacy for the purpose of the Privacy Act 1988. Although the department or affected individuals would have recourse to engage the Information Commissioner in any matter related to a privacy breach, this amendment would make it explicitly clear that the Information Commissioner could undertake an investigation as required.

The opposition has proposed amendments to the legislation to limit operation of the register to a not-for-profit organisation or government agency. Successive governments have successfully partnered with the private sector to deliver many programs. This amendment would be an extraordinary limitation on government's ability to continue with these partnerships, and it would send a concerning message to the private sector.

Changes to the National Cervical Cancer Screening Program from 1 May 2017 will introduce a more effective cervical cancer test, the human papillomavirus test, to replace the two-yearly Pap test. Cervical cancer claims the lives of 250 women a year, despite being one of the most preventable cancers.

Bowel cancer is the second most common cause of cancer deaths in Australia, with about 4,000 Australians dying each year. The expanded National Bowel Cancer Screening Program will roll out a free, at-home bowel cancer screening kit to Australians aged 50 to 74 years every two years by 2020.

I know that the heart of this legislation, the principles and the creation of the register, is not disagreed by the opposition, and I appreciate that. Quite frankly, it is a no-brainer that this legislation get passed and that this register come into operation. Everyone who appeared before the Senate committee inquiry initiated by the opposition said those things. They expressed their views and concerns, as they should, about privacy, and sought those reassurances which I believe my department has provided but which I am happy to strengthen with these amendments that I am moving. While all of those messages took place at the Senate inquiry, the very strong view of all those who appeared before it was that we need this legislation passed. We need the register in place because the current system is not geared to take on the five-yearly HPV test for cervical cancer.

It is quite clear that this legislation, this register, will save women's lives, and I look forward to its smooth passage through the other place. I commend my amendments to the House.

6:30 pm

Photo of Ms Catherine KingMs Catherine King (Ballarat, Australian Labor Party, Shadow Minister for Health) Share this | | Hansard source

I want to be very clear about what has actually just happened here. Labor do support the establishment of a National Cancer Screening Register—we have said that from the start—but, only a scant few weeks after the government introduced its legislation, the government has had to move 12 amendments to its own legislation because we have pointed out, through the Senate, as we should do, holes in this legislation. That is what this parliament is designed to do.

When we referred these bills to a Senate inquiry, what did this minister say? It was that, 'Labor is being hysterical. There is a hysterical tirade from Labor about these bills.' What we have just seen is the minister having to come to the dispatch box and say, 'I did get it wrong. We rushed this legislation. We have not thought about this properly, and I have now had to move amendments to my own legislation.' Perhaps it would be better, Minister Ley, if you actually talked to us in the first place before you introduced legislation. We can tell you what our issues are going to be. We are going to have debates about you deciding that something should be contracted in this way, because, frankly, it is not the best process when we have to amend and force the government to actually come to this dispatch box and amend its own legislation in this way. The Department of Health might have briefed us about what they were planning to do, but it is not until you get into the detail that you get an opportunity to say, 'There are some problems here.' That is what the Senate inquiry did.

We will support these amendments. We do not want to hold up this legislation. We know that this is a problem of the government's own making. They took the decision to sign a contract with Telstra in the dying days of the last government. They took that decision. Why? We do not know. We suspect it was something to do with an election announcement that they backed away from. This government took that decision. They have now had to retrospectively introduce legislation to allow that to happen. It is a disgrace, frankly, that they signed a contract before this parliament had passed legislation to establish the register of which the contract was the subject.

We are seeing a complete shambles when it comes to introducing health law in this country, an inability to actually get the legislation right in the first place, leaving it to the last minute—this is something that came, from memory, out of the 2015 budget; it was in not the 2016 budget that they wanted to establish an National Cancer Screen Register—and then having to amend their own legislation on the floor of the chamber.

We are happy, through this process, that we have improved these bills, apart from the two areas that I mentioned in our amendments. We do believe very firmly that there should be mandatory data breach reporting not just to the Privacy Commissioner but to the individuals affected, particularly when you look at the information that is there. Imagine if that information got into the public domain and you as in individual did not know about it. Imagine if that happened. Recently, with the data breach, there were 16 to 17 days from notification of the breach to the Department of Health—individuals still do not know if their data has been breached or not—before the minister reported it to the general practice sector. It is simply not good enough. We also absolutely contend that the penalties are still not good enough. As I said, we will support these amendments, but we will seek to continue to prosecute our case in the other place.

I particularly want to reiterate the issue that this is really a very large debate about what the role of the for-profit sector is in the delivery of government services. It is a very big debate and a very big decision that this government has made, for the first time, to give a for-profit provider a national cancer screening register. As far as I am aware, this is the first time a for-profit telecommunications company has had control of such a register. It is a big call that the government has made. We will be looking, with great interest, at the capacity of Telstra to actually deliver on its contractual promise on the delivery date it has promised. We are hearing already that there are some major problems around that. That has nothing to do with the passage of legislation; it has to do with the capacity of the organisation. This is something that we will continue to prosecute because this government, at every single opportunity, has given preference to the private sector when it comes to Medicare. It has wanted to privatise Medicare, and this is just an example of what is to come.

Question agreed to.

Bill, as amended, agreed to.