STAT6001: Public Health Informatics - Ethical and Legal Challenges
VerifiedAdded on 2022/09/16
|8
|1936
|21
Report
AI Summary
This report examines the critical aspects of data privacy and protection within the Australian eHealth landscape, focusing on the legal and ethical challenges associated with patient data. The study delves into the regulatory framework, including the Privacy Act 1988, the My Health Record system, and other relevant legislation, highlighting the balance between data availability and patient privacy. The report addresses key ethical and legal challenges, such as data breaches, data ownership, and access to health information. It also discusses limitations in Australian privacy laws compared to those in the EU, particularly concerning new technologies and the need for stronger sanctions. The report concludes by emphasizing the importance of eHealth systems being based on laws that explicitly define how eHealth information needs to be accessed and utilized by Healthcare Providers (HCPs).
Running head: PUBLIC HEALTH INFORMATICS 1
Public Health Informatics
Name
Institutional Affiliation
Public Health Informatics
Name
Institutional Affiliation
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PUBLIC HEALTH INFORMATICS 2
Privacy and Data Protection
Introduction
Australian eHealth landscape is rapidly developing. Key to Australian eHealth system is
the timely accurate information availability. Patient health information availability to correct
health provider (HCP) remains important issue. Poor patient information availability results in
severe medical and medication errors. However, making patient information increasingly
available raises series ethical and legal issues in respect of information privacy which focuses on
personal information regulation and hence a complex issues in regards to healthcare information.
This is due to the fact that privacy requirements of patient data and information requirement of
healthcare provider remain two competing concerns, and arriving at a suitable balance stays
challenging (Esposito, De Santis, Tortora, Chang & Choo, 2018).
How patient data is adequately protected according to privacy law?
Australia is regulating data privacy and protection via the blend of state, territory and
federal laws. Australian Federal Privacy Act 1988 (Cth) or Privacy Act alongside Australian
Privacy Principles (APPs) is applied to private sector. Privacy Act mandates the Privacy
Commissioner to perform probe that include its motion probe for Privacy Act enforcement and
further pursue penalties (civil) for egregious alongside serious violations or for recurrent APPs
violation when the entity fails to implement mechanism for remedy.
The patient data is specifically protected by other parts of federal legislation relating to
protection of data health records. Australia has laws on data protection and privacy for particular
data types and precise activities including Health Records and Information Privacy Act (2002),
National Health Act 1953 (Cth), the Health Records Act (2001) (Vic) deal with the privacy and
data protection related to health information.
Privacy and Data Protection
Introduction
Australian eHealth landscape is rapidly developing. Key to Australian eHealth system is
the timely accurate information availability. Patient health information availability to correct
health provider (HCP) remains important issue. Poor patient information availability results in
severe medical and medication errors. However, making patient information increasingly
available raises series ethical and legal issues in respect of information privacy which focuses on
personal information regulation and hence a complex issues in regards to healthcare information.
This is due to the fact that privacy requirements of patient data and information requirement of
healthcare provider remain two competing concerns, and arriving at a suitable balance stays
challenging (Esposito, De Santis, Tortora, Chang & Choo, 2018).
How patient data is adequately protected according to privacy law?
Australia is regulating data privacy and protection via the blend of state, territory and
federal laws. Australian Federal Privacy Act 1988 (Cth) or Privacy Act alongside Australian
Privacy Principles (APPs) is applied to private sector. Privacy Act mandates the Privacy
Commissioner to perform probe that include its motion probe for Privacy Act enforcement and
further pursue penalties (civil) for egregious alongside serious violations or for recurrent APPs
violation when the entity fails to implement mechanism for remedy.
The patient data is specifically protected by other parts of federal legislation relating to
protection of data health records. Australia has laws on data protection and privacy for particular
data types and precise activities including Health Records and Information Privacy Act (2002),
National Health Act 1953 (Cth), the Health Records Act (2001) (Vic) deal with the privacy and
data protection related to health information.
PUBLIC HEALTH INFORMATICS 3
The patient data is also protected under the My Health Records Act (2012) (Cth), My
Health Records Rules 2016 (Cth) as well as My Health Records Regulation (2012) (Cth) that
establish the legislative framework for the government’s My Health Records System and the
Healthcare Identities Act 2010 (Cth) that regulates the utilization and disclosure of the healthcare
identifiers.
Australia has the best privacy laws that adequately protect the patient data which has
made Australia the leading country in the globe in the PCEHR. According to the Digital Health
Evidence Review published by the Australian Digital Health Agency, Australia remains amongst
the few economies that is leading the way in the providing people personal control of their
individual EHR (Thompson, Ravindran & Nicosia, 2015).
My Health Record system is effectively regulated by the My Health Records Act (2012)
(Cth), My Health Records Rules 2016 (Cth) alongside My Health Records Regulation 2012 (Cth)
which have established the My Health Records System’s the legislative framework used by
Australian government. The utilization and revelation of healthcare identifiers in My Health
Record System is properly regulated by Healthcare Identities Act 2010 (Cth) thus ensuring that
the patient information or data remains private and protected from access by any unauthorized
individuals. My Health Record systems remains a centralized “cloud” database which has
ensured effective control (Nøhr, Parv, Kink, Cummings, Almond, Nørgaard & Turner, 2017).
However, there are certain limitations with the Australian privacy law governing the
protection of patient data. As opposed to the New Zealand, the Australian’s information privacy
(IP) laws have not been pronounced as giving “an adequate level of data protection” in Article
25(2) of the European Union Directive 95/46/EC. Also, such laws (IP) shall never get an
identical pronouncement as per GDPR.
The patient data is also protected under the My Health Records Act (2012) (Cth), My
Health Records Rules 2016 (Cth) as well as My Health Records Regulation (2012) (Cth) that
establish the legislative framework for the government’s My Health Records System and the
Healthcare Identities Act 2010 (Cth) that regulates the utilization and disclosure of the healthcare
identifiers.
Australia has the best privacy laws that adequately protect the patient data which has
made Australia the leading country in the globe in the PCEHR. According to the Digital Health
Evidence Review published by the Australian Digital Health Agency, Australia remains amongst
the few economies that is leading the way in the providing people personal control of their
individual EHR (Thompson, Ravindran & Nicosia, 2015).
My Health Record system is effectively regulated by the My Health Records Act (2012)
(Cth), My Health Records Rules 2016 (Cth) alongside My Health Records Regulation 2012 (Cth)
which have established the My Health Records System’s the legislative framework used by
Australian government. The utilization and revelation of healthcare identifiers in My Health
Record System is properly regulated by Healthcare Identities Act 2010 (Cth) thus ensuring that
the patient information or data remains private and protected from access by any unauthorized
individuals. My Health Record systems remains a centralized “cloud” database which has
ensured effective control (Nøhr, Parv, Kink, Cummings, Almond, Nørgaard & Turner, 2017).
However, there are certain limitations with the Australian privacy law governing the
protection of patient data. As opposed to the New Zealand, the Australian’s information privacy
(IP) laws have not been pronounced as giving “an adequate level of data protection” in Article
25(2) of the European Union Directive 95/46/EC. Also, such laws (IP) shall never get an
identical pronouncement as per GDPR.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PUBLIC HEALTH INFORMATICS 4
Moreover, the sanctions alongside penalty under the Australian information privacy laws
remain relatively weak as compared to EU, specifically when compared to those sanctions under
GDPR. Further, unlike GDPR, Australian’s information privacy laws are yet to be reinvigorated
by bestowal of new rights which are now more significant for protection of privacy in respect of
the Big Data or identical technologies. For example, no ‘right” to be forgiven, no right to object
personal information processing (profiling) and no ‘data portability” rights.
Therefore, at the level of a Commonwealth, Australian information privacy laws are
lagging behind the developments in the European and the introduction of novel technologies
which challenge the current protection forms. The administration has assumed Open Data
policies which sees “de-identified” personal data of patient published yet with inadequate
consideration to the intrinsic restrictions of techniques of de-identification. Compulsory data
violation notification laws which were enforced in February 2018 never covered significant share
of private sector and solely calls for the affected entities to get notification within sensible
duration. Australia has not considered any reform activity on the influence of Big Data on the
privacy laws of Australia.
Australia has simultaneously enacted certain far-reaching national security laws of any
western democracies which have allowed the law enforcement alongside national agencies to
access metadata even in the absence of warrant and exempt form privacy laws (Chan, Di Iorio,
Kuziemsky, Liaw, de Lusignan & Russo, 2016). At the Territory and State level, the public
sector privacy protection remains increasingly diluted by the latest legislative amendments which
have mandated information-sharing between agencies of the government and provide for
personal information to being made available to the appointed chief data officers of government
Moreover, the sanctions alongside penalty under the Australian information privacy laws
remain relatively weak as compared to EU, specifically when compared to those sanctions under
GDPR. Further, unlike GDPR, Australian’s information privacy laws are yet to be reinvigorated
by bestowal of new rights which are now more significant for protection of privacy in respect of
the Big Data or identical technologies. For example, no ‘right” to be forgiven, no right to object
personal information processing (profiling) and no ‘data portability” rights.
Therefore, at the level of a Commonwealth, Australian information privacy laws are
lagging behind the developments in the European and the introduction of novel technologies
which challenge the current protection forms. The administration has assumed Open Data
policies which sees “de-identified” personal data of patient published yet with inadequate
consideration to the intrinsic restrictions of techniques of de-identification. Compulsory data
violation notification laws which were enforced in February 2018 never covered significant share
of private sector and solely calls for the affected entities to get notification within sensible
duration. Australia has not considered any reform activity on the influence of Big Data on the
privacy laws of Australia.
Australia has simultaneously enacted certain far-reaching national security laws of any
western democracies which have allowed the law enforcement alongside national agencies to
access metadata even in the absence of warrant and exempt form privacy laws (Chan, Di Iorio,
Kuziemsky, Liaw, de Lusignan & Russo, 2016). At the Territory and State level, the public
sector privacy protection remains increasingly diluted by the latest legislative amendments which
have mandated information-sharing between agencies of the government and provide for
personal information to being made available to the appointed chief data officers of government
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PUBLIC HEALTH INFORMATICS 5
for analysis. Such officers have been accorded powers that override the ones of Privacy
Commissioners.
What are the key ethical and legal challenges?
The common key ethical and legal challenge of the patient data protection and privacy is
common breaches of privacy laws and ethical guidelines. The clinicians face ethical dilemmas
when it comes to sharing of personal information of a patient between the treating team members
or between different treating practitioners (Rezaeibagha, Win & Susilo, 2015). It is always a
common and essential practice to share such information in healthcare delivery for the benefit of
the patient. However, all the transfers of patient data without his or her knowledge requires
careful ethical consideration to maintain the confidentiality and privacy of the patient (Behrendt,
Ir, Debus & Kolh, 2018).
The law and ethics requires that patients be provided as much prospective information as
feasible regarding the kind of people to whom their health information might consequently be
disclosed to avoid number of cases in which the implicit consent for routine information or data
transfer is depended on. However, there are always many cases of violating the confidentiality in
the healthcare setting (Brown, Ferrante, Randall, Boyd & Semmens, 2017).
The legal challenges areas include data ownership and patient control of health
information, access and sue of health information, data breach notification, transaction logs, and
resolving disputes. A challenge with data ownership and patient control is that it is hard to
protect the interest of the public via legislative reform and guaranteeing patient retain control
over who access their personal health information. The federal laws hold that health information
remains under the HCP ownership who are creating and managing data. However, despite such
an ownership by HCP, patient still retain rights to access such health information. Thus, the laws
for analysis. Such officers have been accorded powers that override the ones of Privacy
Commissioners.
What are the key ethical and legal challenges?
The common key ethical and legal challenge of the patient data protection and privacy is
common breaches of privacy laws and ethical guidelines. The clinicians face ethical dilemmas
when it comes to sharing of personal information of a patient between the treating team members
or between different treating practitioners (Rezaeibagha, Win & Susilo, 2015). It is always a
common and essential practice to share such information in healthcare delivery for the benefit of
the patient. However, all the transfers of patient data without his or her knowledge requires
careful ethical consideration to maintain the confidentiality and privacy of the patient (Behrendt,
Ir, Debus & Kolh, 2018).
The law and ethics requires that patients be provided as much prospective information as
feasible regarding the kind of people to whom their health information might consequently be
disclosed to avoid number of cases in which the implicit consent for routine information or data
transfer is depended on. However, there are always many cases of violating the confidentiality in
the healthcare setting (Brown, Ferrante, Randall, Boyd & Semmens, 2017).
The legal challenges areas include data ownership and patient control of health
information, access and sue of health information, data breach notification, transaction logs, and
resolving disputes. A challenge with data ownership and patient control is that it is hard to
protect the interest of the public via legislative reform and guaranteeing patient retain control
over who access their personal health information. The federal laws hold that health information
remains under the HCP ownership who are creating and managing data. However, despite such
an ownership by HCP, patient still retain rights to access such health information. Thus, the laws
PUBLIC HEALTH INFORMATICS 6
never cover full degree of ownership of data and control of information concerns in respect of
health information.
Access and use of health information is also a legal challenge despite the
recommendation of ACRC for a nationally consistent policy to handle health information. The
PCEHR Act defines the utilization and revelation of health information. PCEHR Act s states that
users of health information of the PCEHR system must adhere to the set access control
established by registered consumer (patient) every time when gathering, using and disclosing
health information with exemption in certain conditions as outlined in PECEHR Act (2012), and
Health Identifiers Act 2010 (Abouelmehdi, Beni-Hssane, Khaloufi & Saadi, 2017).
Conclusion
AeH system most significant aspect is that health information must be available to correct
HCP without stringent limitations to access and identify explicit purposes for such access. A
HCP is permitted to override the access policies provided his professional role, however,
intentional misuse attracts punishment and thus AeH system must be based on laws that
explicitly define how eHealth information need to be accessed as well as utilized by HCPs.
never cover full degree of ownership of data and control of information concerns in respect of
health information.
Access and use of health information is also a legal challenge despite the
recommendation of ACRC for a nationally consistent policy to handle health information. The
PCEHR Act defines the utilization and revelation of health information. PCEHR Act s states that
users of health information of the PCEHR system must adhere to the set access control
established by registered consumer (patient) every time when gathering, using and disclosing
health information with exemption in certain conditions as outlined in PECEHR Act (2012), and
Health Identifiers Act 2010 (Abouelmehdi, Beni-Hssane, Khaloufi & Saadi, 2017).
Conclusion
AeH system most significant aspect is that health information must be available to correct
HCP without stringent limitations to access and identify explicit purposes for such access. A
HCP is permitted to override the access policies provided his professional role, however,
intentional misuse attracts punishment and thus AeH system must be based on laws that
explicitly define how eHealth information need to be accessed as well as utilized by HCPs.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PUBLIC HEALTH INFORMATICS 7
References
Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., & Saadi, M. (2017). Big data security and
privacy in healthcare: A Review. Procedia Computer Science, 113, 73-80.
Behrendt, C. A., Ir, A. J., Debus, E. S., & Kolh, P. (2018). The challenge of data privacy
compliant registry based research. European Journal of Vascular and Endovascular
Surgery, 55(5), 601-602.
Brown, A. P., Ferrante, A. M., Randall, S. M., Boyd, J. H., & Semmens, J. B. (2017). Ensuring
privacy when integrating patient-based datasets: new methods and developments in
record linkage. Frontiers in public health, 5, 34.
Chan, T., Di Iorio, C. T., Kuziemsky, C., Liaw, S. T., de Lusignan, S., & Russo, D. L. (2016).
The UK National Data Guardian for health and care’s review of data security, consent
and opt-outs: leadership in balancing public health with rights to privacy?. BMJ Health &
Care Informatics, 23(3), 627-632.
Esposito, C., De Santis, A., Tortora, G., Chang, H., & Choo, K. K. R. (2018). Blockchain: A
panacea for healthcare cloud-based data security and privacy?. IEEE Cloud
Computing, 5(1), 31-37.
Nøhr, C., Parv, L., Kink, P., Cummings, E., Almond, H., Nørgaard, J. R., & Turner, P. (2017).
Nationwide citizen access to their health data: analysing and comparing experiences in
Denmark, Estonia and Australia. BMC health services research, 17(1), 534.
Rezaeibagha, F., Win, K. T., & Susilo, W. (2015). A systematic literature review on security and
privacy of electronic health record systems: technical perspectives. Health Information
Management Journal, 44(3), 23-38.
References
Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., & Saadi, M. (2017). Big data security and
privacy in healthcare: A Review. Procedia Computer Science, 113, 73-80.
Behrendt, C. A., Ir, A. J., Debus, E. S., & Kolh, P. (2018). The challenge of data privacy
compliant registry based research. European Journal of Vascular and Endovascular
Surgery, 55(5), 601-602.
Brown, A. P., Ferrante, A. M., Randall, S. M., Boyd, J. H., & Semmens, J. B. (2017). Ensuring
privacy when integrating patient-based datasets: new methods and developments in
record linkage. Frontiers in public health, 5, 34.
Chan, T., Di Iorio, C. T., Kuziemsky, C., Liaw, S. T., de Lusignan, S., & Russo, D. L. (2016).
The UK National Data Guardian for health and care’s review of data security, consent
and opt-outs: leadership in balancing public health with rights to privacy?. BMJ Health &
Care Informatics, 23(3), 627-632.
Esposito, C., De Santis, A., Tortora, G., Chang, H., & Choo, K. K. R. (2018). Blockchain: A
panacea for healthcare cloud-based data security and privacy?. IEEE Cloud
Computing, 5(1), 31-37.
Nøhr, C., Parv, L., Kink, P., Cummings, E., Almond, H., Nørgaard, J. R., & Turner, P. (2017).
Nationwide citizen access to their health data: analysing and comparing experiences in
Denmark, Estonia and Australia. BMC health services research, 17(1), 534.
Rezaeibagha, F., Win, K. T., & Susilo, W. (2015). A systematic literature review on security and
privacy of electronic health record systems: technical perspectives. Health Information
Management Journal, 44(3), 23-38.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PUBLIC HEALTH INFORMATICS 8
Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data
governance: Lessons learned from a public sector application audit. Government
information quarterly, 32(3), 316-322.
Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data
governance: Lessons learned from a public sector application audit. Government
information quarterly, 32(3), 316-322.
1 out of 8
