On 25 May 2018, the European Union’s new data protection framework – the General Data Protection Regulation (‘GDPR’) – took effect. Despite some similarities with the Privacy Act, many APP entities will need to implement new processes to be GDPR-compliant.
The Health Records Act 2001 (Vic) and the Privacy and Data Protection Act 2014 (Vic) have been amended to provide exceptions in relation to the collection of particular health and personal information under the Family Violence Protection Act 2008 (Vic).
The Victorian Data Sharing Act 2017 (Vic) has introduced a new legal framework to facilitate the sharing of Victorian public sector data to improve policy-making whilst ensuring the privacy of the data.
The Victorian Civil and Administrative Tribunal found that the use of a person’s health information for the purpose of considering a request for clinical supervision and for the purpose of an intervention order proceeding did not interfere with the privacy of the applicant by breaching the Health Privacy Principles.
The Privacy Act 1988 (Cth) (Act) has been amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (the amending Act). The amending Act introduces a mandatory data breach notification regime where an ‘eligible data breach’ occurs. The amendments will commence on 23 February 2018, unless they are proclaimed to commence earlier.
On 12 September 2016, researchers at the University of Melbourne alerted the Commonwealth Government that it was possible to re-identify ostensibly “de-identified” Medicare Benefits Scheme (MBS) data that had been released for public access and analysis. The MBS Re-identification Event attracted significant media attention, generated an Australian Office of the Information Commissioner (OAIC) investigation and resulted in the introduction of the Privacy Amendment (Re-identification Offence) Bill 2016 (Cth). The MBS Re-identification Event is a reminder of the importance of considering the privacy implications of big data analytics.
The New South Wales Civil and Administrative Tribunal found that certain hospital CCTV footage could be released under freedom of information legislation, despite public interest and privacy concerns, if the faces, heads, necks and any tattoos or other identifying marks of persons in the footage were pixelated.
The Freedom of Information Amendment (Office of the Victorian Information Commissioner) Act 2017 (Vic) has amended the Freedom of Information Act 1982 (Vic) (the FOI Act) making significant changes to the way in which Freedom of Information (FOI) matters are dealt with in Victoria. The FOI act is amended effective 1 September 2017.
The consultation draft of the ‘Guide to Big Data and the Australian Privacy Principles’ was released by the Office of the Australian Information Commissioner in May. The consultation period closed in July and we can expect a finalised Guide in the coming months. It is therefore timely to consider some of the key concepts in the big data and privacy conversation and how they apply to health services.