IHI senate submission
9 Mar 10: Lockstep's submission on the Health IDs bill is published.
Lockstep made a brief submission to the Senate Community Affairs committee which is currently reviewing the draft Health Identifiers Act. The submission has been published at the committee inquiry website and is attached below.
To summarise Lockstep's position, it appears that the bill has been drafted around one particular centralised architecture, and contemplates only one use case, in which an authorised person retrieves the IHI for a given patient by sending identifying information about that patient to the identifier service.
"There are alternative, more patient-centric architectures that could augment the IHI service and mitigate ... privacy risks. Decentralised means for carrying IHIs in cards, smart phones and like devices can improve privacy (as well as performance) and therefore improve consumer acceptance. As previous health & welfare IT programs have shown, serious attention to privacy is key to public acceptance.
"We submit that the healthcare identifier system and legislation should anticipate the advent of personal security technologies for protecting IHIs. In legislating, government should seek to avoid enshrining a single centralised architecture for managing identifiers."
"The IHI service as contemplated in the Act would intrinsically lead to information about patients’ consultations with healthcare professionals being disclosed to the government. It would create an audit trail outside the clinical environment of every point where a provider accesses the IHI service, such as initial consultations, hospital admissions and emergency department admissions. As a consequence, participation in treatment by certain types of patients (e.g. those with mental health conditions, drug & alcohol dependency, or sexually transmitted diseases) could be jeopardised if their personal details are to be routinely disclosed to the HI service. Some patients in these categories will simply forego treatment rather than have their personal information escape the trusted local clinical environment.
"We submit that options must be provided where a patient is able to disclose a reliable copy of their IHI directly to the healthcare professional, so as to minimise the extraneous disclosure of information about the clinical encounter."