Brett Mason (Queensland, Liberal Party, Shadow Minister for Universities and Research) Share this | Hansard source

Yes, and former Liberal Party senator and former President of the New South Wales Anti-Discrimination Board as well—appointed by a state Labor government. What he said was very interesting. He said that just like the internet, once the information is out there it will always be available to someone somewhere, regardless of restrictions and limitations. That, of course, is the problem. There is an oft-quoted saying among IT people that goes along these lines: information wants to be set free, but that does not mean that people necessarily want information to be free. Sometimes that is for good reasons—like patients wanting to protect their data—or sometimes for the wrong reasons, like authoritarian governments wanting to maintain their grip on power. It simply expresses the significant reality that once a genie is out of the bottle it is impossible to put it back in. When information is out, when it is set free, you cannot put it back in, because—guess what?—it is everywhere, particularly today with the promiscuous exchange of information, garnered by the internet, social media and other media enterprises. The fact is that these days information when leaked or when out is out forever. The information to be contained within this system is of an intensely personal and private nature, much of which may never leave the inner sanctum of a doctor's surgery. Given that the personal electronic health records system will, by its nature, exponentially increase the number of people with access to these details, it is not unreasonable for patients to fear that the risk of information being obtained by someone other than their doctor will also increase—and that is the concern. People are entitled to be concerned that their medical history could fall into hands in which it does not necessarily belong. Let us face it: in the profession many of us work in, the profession of politics, health records could devastate or potentially even destroy a political career. As examples take evidence of mental illness or evidence that someone is suffering from cancer or evidence that perhaps a woman at one stage even had an abortion or evidence that someone has contracted a sexually transmitted disease at some stage. All of these could be very embarrassing and would certainly be compromising and potentially they could destroy a political or a corporate or a legal or other career. That is why these records are so important and why their protection is absolutely and utterly vital. If they are released, even if they are released inadvertently, people would become subject to prejudice or subject potentially to blackmail. It could have detrimental impacts on their relationships, their work or their insurance and so on. There must be no unauthorised access.

It was not long ago, as you would recall, Madam Acting Deputy President, that we had the example of the stolen laptop in the United Kingdom, and this is not the only story of its kind. In about the middle of last year a laptop containing health information on over 8½ million patients and 18 million hospital visits, operations and procedures was stolen from a National Health Service building in London. The data did not contain names but it did include postcode, gender and age details. There were concerns at the time that the information could be used against the subjects by, for example, blackmail over sensitive medical issues and so forth. That is the sort of problem that is possible, hence the enormous concern as to privacy.

I note Senator Polley, when speaking before, mentioned the United States health system. The United States electronic health record system has been described as 'Wikileaks on steroids'. But while Australia's privacy laws generally do offer greater protection than do those in the United States, it is an interesting and concerning analogy for this kind of system. It is certainly a concerning analogy at least. Even with access to information by authorised users, so by those authorised to look at the information, there are still privacy concerns. Who owns the information? Can I change information that I deem to be wrong or inaccurate? Can I do that? Can I do that unilaterally? Can I restrict access by others to certain types of information? For example, I might not want my GP to know about my mental illness—