Nola Marino (Forrest, Liberal Party) Share this | Hansard source

As I have said previously, I have concerns about security of patients' information, firstly, through unauthorised access, secondly, through the broader cybersecurity risk and, thirdly, because of the critical importance in this environment of patients' medical records and the issue of trust between the doctor and patient.

In Australia health is a multibillion dollar industry with multibillion dollar rewards for companies and individuals who are best prepared for health trends. I am aware that e-health is a voluntary sign-up, but there is no doubt that the information contained in people's health files is and will be of considerable value, especially if it can be collated to identify either local, regional or national health trends. For practical purposes there will be a central electronic government repository full of people's private details and information.

I also believe that the government is ignoring the broader cyber-risk. Cyberattacks cause direct financial losses to consumers and businesses from the theft of information or through extortion. The information in electronic health records has to be protected. It has to protect the rights and privacy of the patient. We know that hackers have been able to breach some of the world's most secure internet sites. I was a member of the House of Representatives Standing Committee on Communications when it reported on cybercrime. The evidence we took was a very graphic but very chilling reality check. As we said in our report, cybercrime is now a sophisticated transnational threat that operates on an industrial scale. The cybercriminal is no longer the nuisance hacker and is more likely to be part of a network of hackers, middlemen and organised criminals who combine to commit large-scale online crimes for significant profit.

Cybercrime is highly prevalent and directly affects a significant number of Australians. In fact, the manager of the Australian Computer Emergency Response Team, AusCERT, said:

Cybercrime in Australia is getting out of control and we are losing. And I think that, with the pressures coming on us over that next few years, if nothing is done to change the current direction we will lose faster.

Given the collective and individual value of health records, how will the government ensure that the private health records of Australian citizens remain totally secure. What responsibility will the government accept when an inevitable breach occurs? This bill appears to impose all of this responsibility on health organisations and none of it on the government itself.

Breaches will be possible at all stages, both directly through unauthorised access and through sophisticated hacking. The government's NBN will facilitate internet access and internet crime at speeds we have never before experienced in this country. A report by the Kokoda Foundation entitled Optimising Australia's response to thecyberchallenge, released on 4 February last year at the National Press Club, said that 'cybersecurity has become the fundamental weakness in Australia's national security' and that 'the threat is poorly understood by politicians, business people and the general public'. The report was co-authored by former Deputy Chief of Air Force John Blackburn and identified that Australia has reached the point where our ability to respond to internet attack is being rapidly outpaced by advances in cyberattack and cyberterrorism. The foundation also stated:

A case in point is the mooted National Broadband Network (NBN). The report notes that once the network is built, taking high-speed broadband services through fibre-optic cable to an estimated 93 per cent of households, responsibility for maintaining cyber-security will rest with retail service providers rather than NBN Co.

I believe that this unprecedented growth in cyberthreat should be considered very seriously as a risk and as something that needs to be managed with the e-health system. The generation of these electronic records will require the goodwill of medical practitioners inputting the data into the system.

Given the size of the medical workforce across Australia and the workload they have, it will require an enormous effort and cost to transfer medical records to a new database. Most medical practices today have electronic databases and so have copies of records in digital form. Indeed, the computerisation of general practice increased from 17 per cent in 1997 to 94 per cent in 2007, achieved through a $740 million investment under the coalition government. But will medical practices be able to transfer the desired information directly to the government's e-health records database with the push of a button? I presume not, especially given that a wide range of medical software is in use in practices across Australia. Many may well not be compatible, not only with each other but with the new system.

I am aware that in my electorate alone there are so many different forms of software currently in use. Thus considerable time will have to be committed to transferring information to the new database. There will be issues with costs, training, support and assistance. But at this point there does not appear to be any government acknowledgment or support for that function, so we are left to assume that the individual medical practice will have to absorb the cost and the work. Without some streamlining and rationalisation of electronic medical record keeping, this problem of double data entry will not go away and could continue into the future. There will always be someone putting the data in to the practice's database and then repeating the process, perhaps for the government database. Having single-entry data storage is obviously the ideal outcome for efficiency, but will the government acknowledge the needs related to software in non-compatible medical computer systems? Or will the government assume that doctors or their staff will enter the information twice into different databases?

I want those who use digital technology in the medical field to be able to do so with absolute confidence. As I said previously, the relationship between doctor and patient in this nation underpins our whole medical system and is, in my view, sacred. A number of reports indicate that using digital medical records and instructions can save lives. As a member from a rural and regional electorate I well understand, as I said earlier, the benefits this can bring to electorates like my own.

The Howard government initiated steps in 1999 toward the implementation of a national e-health policy through a national health information advisory council. As I said, I do want the public to have absolute faith in their electronic health records, but the government and this legislation need to be able to deliver a secure, accountable, reliable and transparent system.

I saw something in the newspapers today that concerned me. I am concerned about the government's incapacity to deliver projects and programs on time and on budget. A report today shows that spending on Labor's personally controlled health records system has already blown out by $300 million.

See this speech in context