Background to the Act
On 9 March 2023, the Health Legislation Amendment (Information Sharing) Act 2023 (the Act) was passed by the Victorian Government. The Act was developed following recommendations from the Targeting Zero report to support the Victorian hospital system to eliminate avoidable harm and strengthen quality of care.
The Second Reading Speech noted that most Victorian patients will visit more than one health service for health care and treatment, which has led to:
- Sharing clinical health information in Victoria being outdated;
- Treatment often becoming fragmented and inconsistent with modern health record sharing including that performed by other states;
- Clinicians not having a complete and integrated picture of a patient’s history; and
- A failure to correctly identify patients across health services, leading to poor health outcomes for patients.
The Act establishes a centralised Electronic Patient Health Information Sharing System (the System) for participating health services to share certain health information for the purpose of improving patient safety, decreasing avoidable harm and deliver person-centred care. It will enable hospitals and health services to quickly access accurate patient information in one centralised location.
The System will include health information, including but not limited to medical images, laboratory results, medication lists and patient allergies.
Pursuant to s6C of the Act, the System will be accessible by ‘participating health services’ including:
- Ambulance services;
- Denominational hospitals;
- Metropolitan hospitals;
- Multipurpose services;
- Public hospitals;
- Registered community health centres;
- Residential care services; and
- Mental health services.
The System can only be accessed by a participating health service and clinical staff for the purpose of providing medical treatment. Insurance companies will not have access to the System, and there are penalties for unauthorised access to the System ($44,300 or two years imprisonment).
Issues relating to the Act
Pursuant to s 134 ZL of the Act, a patient’s consent is not required for the collection, use of disclosure of their health information which is permitted or authorised by the Act. Therefore, the Act creates a centralised database for medical records of patients to be stored without patient consent and patients cannot ‘opt out’.
The idea that a patient can ‘opt out’ is based on the Federal My Health Record Scheme, as in that case, patients can withdraw consent to have their health information being uploaded to the system at any time. In addition, the System is said to have created a privacy risk of having confidential health information available to participating health services without adequate safeguards in place.
The Victorian Government has recognised “both the sensitive nature of health information and the importance of having critically strict safety, security and privacy measures put in place to ensure it is protected”. As such, they have planned to implement safeguards, frameworks and audit processes to securely manage patient data and protect patient privacy.
In this regard, the Act establishes a Privacy Management Framework by delegating such power to the Minister. The Privacy Management Framework is intended to safeguard sensitive health information and develop a process for regular audits and compliance checks. However, the specifics of the safeguard or compliance check process are not outlined in the Act.
Benefits of the Act
The benefits of the Act are:
- It will facilitate public hospitals and other relevant health services to share health information between each other efficiently and securely, for the purpose of providing safe, effective and informed medical treatment and care to patients;
- It will allow quick access to vital patient information in an emergency, where that patient has received care elsewhere;
- It will assist patients with language barriers; and
- It will provide better support for health services with regards to telehealth consultations.
Whilst supporting the Act, the Victorian Government has noted that “secure health information sharing will deliver Victorians the same benefits that patients around the country are already getting, ensuring they receive the best possible care”.
The Act will assist with the fragmentation of patient health information and improve the ability of clinicians to start treatment with greater efficiency and reliability. Further, the Act brings Victoria into line with other Australian states who have successfully implemented health information sharing, such as NSW, Queensland, ACT and South Australia.
It is ultimately the responsibility of the participating health service to ensure information stored on the System is accessed and used appropriately. We recommend health services and practitioners review the Privacy Management Framework to ensure they have developed a process for regular audits and compliance checks.
In addition, we remind practitioners that accessing information held on the System will only be permitted for the purposes of providing medical treatment. Practitioners should therefore use their discretion in accessing patient records on the System for those patients with highly sensitive health information such as sexual health issues, mental health issues, family violence and child protection.
You can read more about the dangers of accessing health records without consent here.
This article was originally published in the winter edition of AMA Victoria’s VicDoc publication.
Read other items in the Australian Healthcare Brief – September 2023