Privacy Impact Assessment Of The Personally Controlled Electronic Health Record System
Response To Recommendations By The Department Of Health And Ageing
The Department has committed to a thorough and robust examination of the Personally Controlled Electronic Health Record (PCEHR) system, throughout its development. As part of this commitment, the Department engaged Minter Ellison Lawyers, in conjunction with Salinger Privacy, to conduct a privacy impact assessment (PIA) of the current design of the system and legislation.
The PIA identifies a wide range of privacy positives and risks for the PCEHR system, and puts forward 112 recommendations for managing the identified risks. The Department has accepted the majority of recommendations in full, with many others accepted in principle or in part. A breakdown of the Department’s response into categories is provided in the table below.
| Response type | Accept | Accept in principle | Accept in part | Supported | Under consideration | Not accepted |
|---|---|---|---|---|---|---|
| Number of responses | 75 | 20 | 6 | 2 | 1 | 8 |
The Department has approached the recommendations in the following way:
- Accepted – the Department accepts the recommendation in full;
- Accepted in principle – the Department accepts the recommendation’s intent and general framework. This response most commonly occurs when a recommendation involves content being included in principle legislation, when the Department considers that subordinate legislation or contractual arrangements are a more appropriate vehicle for the enforceable obligations;
- Accepted in part – the Department substantially accepts only some of the components of the recommendation;
- Not accepted – the Department does not accept the recommendation, however in the six cases where implementation would be feasible the Department would seek the views of the Senate Community Affairs Committee in conducting its inquiry into the PCEHR Bills;
- Under consideration – the Department is investigating further before making a response. This response reflects situations, for example, where the recommendation needs to be tested for technical feasibility; and
- Supported – the Department considers the recommendation has merit, but it relates to the actions of other organisations such as the Australian Information Commissioner and Healthcare Identifiers Service Operator.
The Department provides a response to each recommendation individually below (See Table of Contents at right).