Annette Hurley (SA, Australian Labor Party, Shadow Minister for Citizenship and Multicultural Affairs) Share this | Hansard source

I wanted to use this opportunity, when the issue of private health information comes up in the Privacy Legislation Amendment Bill 2006, to talk about an experience of mine which I think illustrates the importance of having provision for privacy. I was applying for personal income insurance in case of disability through my superannuation provider, AGEST—Australian Government Employees Superannuation Trust—and was required to get medical information to support that insurance. I went to my general practitioner, had quite a comprehensive blood test and an assurance from her that I was quite a healthy person, and I sent that off to AGEST. AGEST then came back to me and said that they wanted a full medical examination beyond the blood test.

When I got the details of that examination, I found that it asked for extremely detailed information. I have to say that the blood test included not only the usual iron levels, cholesterol and that kind of thing but I also had to have an AIDS test and a hepatitis test and be cleared on those things. That was all sent in. The further medical information I was asked to provide included information on whether I had ever been a prostitute and whether I had engaged in anal sex. It asked me the medical history of my family. It asked for complete doctors’ accounts of any illness that I had had in my entire life and of any illnesses in my family that might affect my health.

When I looked further at this medical information, I discovered that AGEST were outsourcing assessment of my insurance to the Commonwealth Bank. When I read the privacy information on that medical information, I discovered that the Commonwealth Bank were able to give that to their legal or financial counsel or anyone that they outsourced any of these activities to. So I discovered that, rather than dealing with my superannuation provider, AGEST, with whom I had a financial relationship, I was then dealing with an outsourced agency of the Commonwealth Bank. Suddenly that very detailed private information widens out to a huge level of people.

I thought I would rather not make three or four more visits to the doctor to get all this information and provide information that, given the detailed nature of the form, is probably incomplete and that my insurance would be refused in any case. So I wrote to AGEST stating that I wanted to withdraw my application for personal income insurance. I had not realised that my personal information could possibly be disseminated quite so widely through not only AGEST but also the entire Commonwealth Bank and anyone who was contracted by the Commonwealth Bank. I believe I wrote that letter approximately five or six weeks ago. I had no response. I went through the usual call centre process, where I was unable to talk to anyone actually in AGEST about the situation. I had asked for my application to be withdrawn and for my medical records to be sent back to my doctor and for any copies to be destroyed.

When I finally got through to someone in the call centre at AGEST, I was told that all that information had already gone to the Commonwealth Bank and that they were waiting on a reply. I asked if I could speak to someone in the Commonwealth Bank to ensure that I got my information back and was given a call centre number for the Commonwealth Bank and told that I probably would not get through to the relevant agency in any case. So my detailed blood tests are being circulated around the Commonwealth Bank and it appears that I have no ability to get in touch with anyone who can give me any information about where they are, whether they will be returned or whether any copies have been made.

I am only grateful that I did not fill in the even more detailed medical information that they were requiring. I would urge people to look more carefully at where their medical information is heading in these days of outsourcing, when we need to sign away such a wide-ranging waiver of our privacy requirements, I think we all need to be a bit more careful about what we do. We have seen instances just recently where people in the Taxation Office and also in Centrelink have been found to be accessing records that they should not be accessing. We all know that, in these days of computer databases, people can get access to records that they should not have access to as part of their job. When that privacy waiver is so broad, when any legal or financial people in the Commonwealth Bank can access my records officially—much less those who might be able to unofficially—and when in fact the waiver states that any of my own personal financial advisers contacted by the Commonwealth can access those records, when I may not necessarily want my accountant to know the status of my AIDS test, then I think we all need to be much more careful in this era of outsourcing.

I certainly commend the privacy legislation that is proposed and urge people to be very careful about their own privacy considerations. I wish to assure the house that my AIDS and hepatitis tests came up negative, so I had nothing in particular to worry about. It is the principle of the issue which concerns me.