Natasha Stott Despoja (SA, Australian Democrats) Share this | Link to this | Hansard source

It gives me a great deal of satisfaction to see the amendments in the Privacy Legislation Amendment Bill 2006 before the parliament today. One aspect of the legislation before us is the issue of, finally, protecting in law genetic information. I have previously apologised in debates such as this for sounding like a broken record, but I have long campaigned for the protection of genetic information in law and to ensure that at some stage we outlaw discrimination on the basis of people’s genetic information.

In the debate on the original legislation, or the legislation that extended the Privacy Act to the private sector, I moved comparable amendments to these amendments in an attempt to protect genetic privacy. As I recall, on that occasion the Australian Labor Party supported those amendments but unfortunately they were rejected by the House of Representatives and, when they came back to the Senate, the Labor Party folded on those particular amendments. So it has taken a long time to get these protections in law, but I congratulate the government on finally acting.

The most recent impetus for these amendments has been the groundbreaking, comprehensive and world-class work that has been done by the Australian Law Reform Commission, specifically their report Essentially Yours: The Protection of Human Genetic Information in Australia. This examined the protection of genetic information in Australia. That report, No. 96, actually reported in March 2003. It has been a long process to see some of those recommendations find their way into legislation. I introduced a private member’s bill in 1998, which seems a rather long time ago now—the Genetic Privacy and Non-discrimination Bill 1998—in an attempt to deal with the issue of genetic privacy and opposition to and prohibition of genetic discrimination. At that time, as I recall, we did not actually have documented cases of discrimination on the basis of people’s genetic information. That is no longer the case. There are well-documented cases in Australia where people have been discriminated against—whether it is for employment purposes, insurance purposes or others—based on their genetic information. I wonder how different things might have been had we actually introduced legislation—whether it was as a stand-alone model, as the one that I proposed, or amendments to various aspects of current law, an approach that is preferred by the ALRC. I wonder if things would have been different. So this may be eight years too late, but it is better late than never. I am glad to see that Australia will protect on a Commonwealth level people’s genetic information.

There is more to this legislation. I have agreed with the government to this legislation being debated in this non-controversial timeslot not only in order to facilitate debate but also because of my sheer desperation to ensure that the genetic privacy amendments are not held up. I want to place on record very strongly on behalf of the Democrats that we do have concerns with and indeed opposition to schedule 1. I will not be moving an amendment to that effect, but, in fact, calling on the government to consider some proposals. In relation to this bill generally, it ensures that medical practitioners can continue to access relevant health information available through the PSIS without breaching the underlying foundations of the national privacy principles. Obviously it ensures that genetic information is covered by the national privacy principles and provides for health professionals to disclose genetic information to genetic relatives where there is a serious risk to the genetic relative.

The amendments that I feel strongly about, primarily covered under schedule 2, are those recommendations by the ALRC in relation to genetic information—that is, ensuring that the definition of health information and sensitive information expressly includes human genetic information about an individual. Another recommendation is to permit a healthcare professional to disclose genetic information about their patient to a genetic relative of that patient where disclosure is necessary to prevent a serious health threat to an individual. I am not suggesting that that has ever been anything but quite a complex debate, but certainly I acknowledge and agree with that recommendation. That is under schedule 2 of the bill. I note for the record that there are around 140 recommendations contained in that ALRC report. I know that the government has put on record that it will not be supporting some of them and that it needs more time to examine a number of them. I thought the government’s response to the report could have been more comprehensive. Nonetheless I do put on record that there are a number of recommendations still to be considered, implemented or enshrined in law in some way. I strongly recommend that the government reconsider a number of those recommendations. I will not address those in detail today.

I want to talk about the first schedule in this legislation and some of the concerns that the Democrats have. I understand that those concerns are not necessarily shared by other parties in the chamber and that is why I am not going to bring this to a vote and am thus dealing with it in a non-controversial way. The amendments to schedule 1 not only remove the need for an explicit balancing of privacy and other interests by the Privacy Commissioner through the public interest determination, the PID, process under the Privacy Act but also, by allowing for the collection of sensitive health information without consent wherever authorised by or under the law, mean that the opportunity for consideration of the balance in specific circumstances is lost. The amendments provide for the Prescription Shopping Information Service, the PSIS. They actually go further. I believe that they actually reduce the protection of sensitive health information in the private sector. So some of those key strengthened provisions, the provisions that were introduced when the legislation was extended to the private sector, are actually being undermined. You no longer require consent in those cases. I think it will be much more difficult to identify legislative provisions which may later be used as the basis for the collection of any sensitive health information without consent. I am not sure if the government are going to comment on those issues today. I am quite happy to put on notice to the government whether or not they would consider a backup amendment, if you like.

I know that there was an approach put forward by the Australian Privacy Foundation. They have argued, and I quote:

It would be much more difficult if not impossible to identify in advance legislative provisions or other authorities which may later be relied on as the basis for the collection of sensitive health information without consent.

The fact that the consent test will only remain for health information that is used outside health care seems entirely unjustified considering the test was considered good enough for health care in 2000. I guess I would like to know from the government: what exactly has changed? How is this being justified by the government? I am happy to treat that as a question on notice, for obvious reasons. The preferable approach that was put forward by the Australian Privacy Foundation—and I understand that this is a document that the Attorney-General’s Department have in relation to this legislation—was, and I quote:

We believe that a preferable approach that correctly balances privacy and other interests is to leave national privacy principle 10.2 unchanged and instead to legislate a requirement for the relevant approved suppliers to collect information where appropriate from the PSIS. This would put the PSIS on a proper legislative footing and also give the opportunity for conditions and other safeguards such as regular reporting, auditing et cetera.

They go on:

We consider it important to bear in mind that prescription information can be highly sensitive and the PSIS can potentially be used not just by the 11,000-plus registered medical practitioner prescribers but also by an unqualified number of pharmacists in a wide range of healthcare and welfare professions and other organisations.

The privacy implications of that schedule are concerning for the Australian Democrats.

I have a couple of amendments that are, I am sure, unsurprising to those in the chamber. They deal with the exemptions that are currently provided for in the legislation—exemptions that the Democrats have railed against before and have attempted to amend in the past. Indeed, in at least one case, we have a private member’s bill that deals with that. The first one relates to the exemption for, essentially, political acts and practices or political parties. I think it is high time that we ensure that any privacy legislation that applies to most businesses and other organisations in Australia, private and public sector, should also apply to us. I know that there will always be arguments that some professions have special circumstances, but I have yet to be convinced that we, as members of parliament or members of a political party—or even candidates, if we are talking about more recent privacy legislation—somehow deserve an exemption. People should be able to expect that their information is subject to the same privacy principles that it would be if treated by a business, a service or any other organisation.

So I will seek to remove that exemption again. I do not expect that will be successful, but it is important to maintain opposition to the exemption when I get the opportunity with privacy legislation. It is an absolute hypocrisy that we are exempt from the privacy laws that we expect everyone else to adhere to. Indeed, there is a small business exemption. This debate has been had a number of times in the parliament. I know this concern is shared by a number of other individuals and certainly political parties, but an attempt to remove that exemption is before you today as well. The other amendments, as outlined, are consequential.

As indicated, despite my concerns and the concerns of others, including the Australian Privacy Foundation, I will not be opposing schedule 1—but I do put on record that the Democrats do not support that schedule. The amendments that enshrine the ALRC recommendations in relation to genetic privacy in law are welcome and long overdue, but I feel a real sense of satisfaction today: it may have taken eight years, but this issue is a serious one. We now have to take the next step: to examine the issue of discrimination on the basis of genetic information.

It is one thing to protect it, ensure that it is made private and recognise that it is different from other health or sensitive information, but now we need to ensure that people are not discriminated against on the basis of their genetic information. We understand just how special that type of information is, the fact that it is different from health information in a general sense, the fact that it can be predictive and the fact that there are familial implications in terms of your genetic information, your data and how that can be used, and indeed used against, you. I urge the government to make that the next area for examination and, indeed, for action. I commend the amendments in my name, which I will be happy to move in the committee stage of this bill.

Annette Hurley (SA, Australian Labor Party, Shadow Minister for Citizenship and Multicultural Affairs) Share this | Link to this | Hansard source

I wanted to use this opportunity, when the issue of private health information comes up in the Privacy Legislation Amendment Bill 2006, to talk about an experience of mine which I think illustrates the importance of having provision for privacy. I was applying for personal income insurance in case of disability through my superannuation provider, AGEST—Australian Government Employees Superannuation Trust—and was required to get medical information to support that insurance. I went to my general practitioner, had quite a comprehensive blood test and an assurance from her that I was quite a healthy person, and I sent that off to AGEST. AGEST then came back to me and said that they wanted a full medical examination beyond the blood test.

When I got the details of that examination, I found that it asked for extremely detailed information. I have to say that the blood test included not only the usual iron levels, cholesterol and that kind of thing but I also had to have an AIDS test and a hepatitis test and be cleared on those things. That was all sent in. The further medical information I was asked to provide included information on whether I had ever been a prostitute and whether I had engaged in anal sex. It asked me the medical history of my family. It asked for complete doctors’ accounts of any illness that I had had in my entire life and of any illnesses in my family that might affect my health.

When I looked further at this medical information, I discovered that AGEST were outsourcing assessment of my insurance to the Commonwealth Bank. When I read the privacy information on that medical information, I discovered that the Commonwealth Bank were able to give that to their legal or financial counsel or anyone that they outsourced any of these activities to. So I discovered that, rather than dealing with my superannuation provider, AGEST, with whom I had a financial relationship, I was then dealing with an outsourced agency of the Commonwealth Bank. Suddenly that very detailed private information widens out to a huge level of people.

I thought I would rather not make three or four more visits to the doctor to get all this information and provide information that, given the detailed nature of the form, is probably incomplete and that my insurance would be refused in any case. So I wrote to AGEST stating that I wanted to withdraw my application for personal income insurance. I had not realised that my personal information could possibly be disseminated quite so widely through not only AGEST but also the entire Commonwealth Bank and anyone who was contracted by the Commonwealth Bank. I believe I wrote that letter approximately five or six weeks ago. I had no response. I went through the usual call centre process, where I was unable to talk to anyone actually in AGEST about the situation. I had asked for my application to be withdrawn and for my medical records to be sent back to my doctor and for any copies to be destroyed.

When I finally got through to someone in the call centre at AGEST, I was told that all that information had already gone to the Commonwealth Bank and that they were waiting on a reply. I asked if I could speak to someone in the Commonwealth Bank to ensure that I got my information back and was given a call centre number for the Commonwealth Bank and told that I probably would not get through to the relevant agency in any case. So my detailed blood tests are being circulated around the Commonwealth Bank and it appears that I have no ability to get in touch with anyone who can give me any information about where they are, whether they will be returned or whether any copies have been made.

I am only grateful that I did not fill in the even more detailed medical information that they were requiring. I would urge people to look more carefully at where their medical information is heading in these days of outsourcing, when we need to sign away such a wide-ranging waiver of our privacy requirements, I think we all need to be a bit more careful about what we do. We have seen instances just recently where people in the Taxation Office and also in Centrelink have been found to be accessing records that they should not be accessing. We all know that, in these days of computer databases, people can get access to records that they should not have access to as part of their job. When that privacy waiver is so broad, when any legal or financial people in the Commonwealth Bank can access my records officially—much less those who might be able to unofficially—and when in fact the waiver states that any of my own personal financial advisers contacted by the Commonwealth can access those records, when I may not necessarily want my accountant to know the status of my AIDS test, then I think we all need to be much more careful in this era of outsourcing.

I certainly commend the privacy legislation that is proposed and urge people to be very careful about their own privacy considerations. I wish to assure the house that my AIDS and hepatitis tests came up negative, so I had nothing in particular to worry about. It is the principle of the issue which concerns me.

Sandy Macdonald (NSW, National Party, Parliamentary Secretary to the Minister for Defence) Share this | Link to this | Hansard source

In response to Senator Stott Despoja’s proposed Democrat amendment, I have a couple of things I wish to say. Firstly, the proposed amendment on the national privacy principle would allow the collection of health information where it is necessary to provide a health service to an individual and where it is required or authorised by law. The Prescription Shopping Information Service is the only service currently authorised by law. It is possible that a health law in the future may authorise an additional collection of information. However, any new provisions authorising the collection of information will be subject to parliamentary scrutiny, either directly through parliamentary debate on a legislative amendment or through the disallowance process for legislative instruments. In either case, there would be specific opportunity for parliament to consider the privacy implications of any new provision authorising the collection of information. I advise Senator Stott Despoja that the government will provide her with additional information in writing as she requests or as is requested.

Question agreed to.

Bill read a second time.