David Gillespie (Lyne, National Party) Share this | Hansard source

It is my pleasure to rise in support of the My Health Records Amendment (Strengthening Privacy) Bill 2018. The bill will amend the My Health Records Act 2012 to strengthen its privacy protections and will once and for all remove any doubts as to how seriously the coalition government takes the security of information that is stored in the system.

Before I proceed, I would like to remind members of the House and the broader Australian public of the history of the Personally Controlled Electronic Health Record, now known as the My Health Record. It was a creation of the former Labor government and it has been in place since 2012. Before the opt-in system was changed to opt-out, six million people had enrolled in it. I might add the very important fact that in that time no law enforcement officer or judicial process had sought access to the system.

I understand that the change from an opt-in to opt-out system caused a flurry of excitement and generated a flurry of outrage and fear. It's surprising that most of it was generated from my colleagues on the other side of the House. In 2015, when the bill changed the name to the My Health Record and put in place regulations to change from an opt-in to opt-out system, that was supported by the other side. It has been through the Senate before. The very essence of the My Health Record is to enable better health care: to allow the avoidance of drug allergies, to know serious illnesses and to have the important operations and events in a person's record available when they're seeing other health practitioners besides their regular health practitioner.

I might add, to reassure people on the other side, that there is a certain level of very, very high security in the system already. One has to get access through the myGov site with a unique username and password. There is then a one-time generated PIN, or personal identification number, that is then required beyond that. A medical practitioner will be accessing it; a random person can't do that. You need specially embedded software and, again, it has to be compatible with the system that the Digital Health Agency runs. They need to have a compatible ID, username and password. Similarly, they need a PIN. The extensive original documents reside with the primary practitioner or the person who enrols you. Other practitioners have to go through that process with your approval to get the information.

In a situation where there is an emergency, this very creation—which everyone here supported in a bipartisan fashion back in 2012, and as the good member for Macarthur has pointed out—will improve safety, will improve efficiency, will prevent duplication and will prevent critical information from being lost in emergencies. It's only used in a break-the-glass situation, where there is an emergency. Say you get wheeled into the Royal Canberra Hospital with some major event and your practitioner is up at Moree or wherever, and they can't get on to her. They then have the ability to get into the system, but that would trigger the Digital Health Agency inquiring who is accessing it. The repository of all your fine details, and every blow and change in your history resides, with your main practitioner. But the My Health Record becomes a repository of key health information, whether it's pathology tests; medications; operations; most importantly, your allergies; or whether you want to be an organ donor or not. It is a very useful tool.

Now, as I said, and as the member for Goldstein outlined, we are fixing up a lot of things that weren't sorted out when it was originally designed. As I said, that was when the other side was on the government benches, so they can't get too rich in their criticism of it. We're fixing problems that the Labor Party left behind time and time again. It gives the user and the owner of the information, which is the patient, the ability to remove details completely or add details. It has the ability to be locked, of course. It has the ability to give permission to use de-identified data for research. The power to delete has been changed, in these changes in these amendments, so that you can actually delete it forever. Under the old regulations, it could be deleted; but it wasn't erased. It will be a great addition to the security and the strength of everyone's privacy concerns.

Like many other people in the chamber, I support the initiative. I must admit it has had a very long gestation, and there's been an awful amount of public money put into developing it. I don't think it's efficient to go back to square one and start all over again. That would be ludicrous, crazy and a waste of money, but these amendments to the bill do address all those privacy concerns. We'll be left with a very robust system. People can still opt out of it if they have a philosophical objection to it. By all means, go and do that. I think it will just be great, because everyone knows Australians are great travellers and we go all around the country. As you all know, grey nomads in caravans as well as families and children are travelling all over this country because we love exploring and we love doing things. But accidents happen. Just the other day, I was in a car accident in a remote part of Western Australia with my wife. The bus rolled over, and some of our fellow passengers had to go off to hospital. Fortunately, there were no serious injuries, so everyone could verbally give their record, but I thought, 'It's pretty much time for me to get back to my GP and update everything in the system for me in case I do end up in a strange hospital in Derby where no-one knows my history.' It is such a good idea, and these privacy changes will increase the robustness of it.

I will make a few final comments about the member for Ballarat's concern about someone fleeing a violent situation. You have the ability to delete or block access; you have your username, your password and a PIN. In such a case, that person should be advised to go in and deny access. They should use the system that's already there, so that the estranged or violent partner, who is possibly legally separated or has an AVO against them, can't trace them through it. But it's very hard not to support this. I can follow the philosophical objections and the concerns raised by changing from an opt-in to an opt-out system, but, all in all, everyone can exercise their rights. They've got until November at least. Reports from Senate committee inquiries will be tabled in due course, but, for the time being, I want to reassure the people in the Lyne electorate that it is a very robust system that has been in place for six years and they're in good company with at least six million other Australians. I wouldn't throw the baby out with the bathwater. It is a great system and a great innovation, and it will deliver good health outcomes for the broader Australian public and for individuals.

See this speech in context