The Advertiser states that nine in ten GP practices have already handed over de-identified patient data (gaining an aggregate $20.3 million) and 395 practices were granted an exemption over concerns about data security.
The expectation is that data on e information on diabetes status, smoking, weight classification, alcohol use and influenza immunisation status will enable the tracking of treatment and improve the management of patients with key chronic health conditions.
Given concerns regarding the potential ease of re-identification the Australian General Practice Alliance (AGPA) has unsurprisingly stated “the likelihood that it could be re-identified in the event of a breach is very high”.
The Advertiser states
Under the guidelines for the program GPs are meant to ask their patients for permission to transfer the data but this has not been happening and patients are not being given the chance to opt out. Asked whether patients’ permission was being sought, Royal Australian College of General Practitioners (RACGP) president Dr Harry Nespolon said the short answer was “no”. The collection of the data was covered by legislation that allows doctors to collect quality assurance type data. “As long as it’s de-identified you can do it,” Dr Nespolon, pictured, said. ...
The Department of Health said participating practices have to be accredited in accordance with the RACGP Standards for General Practices which outlines requirements for patient consent.“All current software extractors have opt out features as part of their system. Practice participation ... is voluntary,” the department said.Concerns about consent and inappropriate sharing were highlighted in my (2019) 16(6) Privacy Law Bulletin article earlier this year regarding the HealthEngine litigation.