19 February 2022

Radiography

In Inquest into the death of Peta Hickey the Victorian Coroner comments that the patient - 

 died as a result of substandard clinical judgement from doctors at the beginning and end of this programme, combined with a misalignment of incentives amongst the various business entities that facilitated the process. It may be somewhat of an oversimplification, but the snapshot provided by this Inquest has revealed an industry putting profits over patients. 

That comment is reflected in a recommendation regarding exploration by The Australian Competition & Consumer Commission. 

 The Coroner states 

The Cardiac Health Assessment Programme (CHAP) was a snapshot test of Australia’s system of private diagnostic imaging practices, sending scanning referrals, insufficient in both clinical details and follow up contact information, to an almost random selection of practices throughout Australia. Despite these deficiencies, every scan was performed and the checks and balances the industry believed were present failed. 

Ms Peta Hickey, wife, mother of two young children and successful business executive, found herself amongst this unfortunate cohort, even though she had no history of heart problems. 

In early June 2018, a labour hire firm called Programmed sought a provider to deliver a ‘medical assessment program for heart health’ for its executives, via a ‘corporate deal’. Programmed contacted a corporate booking service, operating in the health area, Priority Care Health Solutions (Priority), to facilitate and co-ordinate the programme. 

In early June and July of 2018, Programmed was told by a doctor of a potential medical assessment programme for heart health that could be offered to their executives, being a combination of heart check tests – a “Coronary artery CT calcium scores with angiogram”. 

Ultimately, Programmed was advised these tests were the CT coronary angiogram (CTCA) and a Coronary Artery Calcium score (CAC). Both tests were to be performed more or less simultaneously, in the one sitting. ... 

On 26 October 2018, Programmed formally engaged Priority to co-ordinate the CHAP for the first cohort of Programmed participants, which included the CT scan. 

At some time in late 2018, Priority engaged Jobfit, a company which provides corporate or ‘bulk medical assessments’ involving occupational health medical services (including pre-employment fitness assessments), throughout Australia and New Zealand. Jobfit was engaged to review the CT scan test results of Programmed executives and to allocate executives to their doctors for this purpose. 

A doctor employed by Jobfit, Dr Doumit Saad, performed CT scan test result reviews for the first and then a second cohort of Programmed participants. 

In March 2019, Programmed invited Peta, by email, to undergo the CHAP. A Priority email to Peta set out the steps of the CHAP and stated that a company named MRI Now will arrange the “diagnostic imaging referral”. 

MRI Now is a Medical Image booking concierge service that also provides independent radiological opinions via their network of radiologists (MRI Now). MRI Now does not provide medical assessments, so in the case of the CHAP, it assisted patients to find options to attend an Imaging Centre for their CT scan. 

So, Priority referred CT scan bookings to MRI Now. MRI Now then engaged various imaging providers to facilitate the scans, including the Future Medical Imaging Group, a private radiology practice with six locations in Victoria. So it was ultimately MRI Now who assisted Peta to find an imaging centre to attend, being the Future Medical Imaging Group clinic located in Moonee Ponds (FMIG). 

The form used to book Peta into FMIG for the CT scan procedure was headed “MRI Now – Booking Confirmation” dated 12 March 2019 (the booking form). 

The booking form appears to include an MRI Now ‘referral form’ (the referral), received by MRI Now from Priority, bearing Saad’s name as the referring doctor and Saad’s electronic signature. The referral did not include any clinical notes. 

Dr Saad had not had any involvement in Peta’s care prior to the CT scan. 

Peta had no medical history of cardiac problems but agreed to undergo the CT scan. 

On 1 May 2019, Peta attended FMIG for the CT scan. ... 

Following the administration of the IV contrast dye for the CTCA, Peta suffered an allergic reaction to the contrast dye. 

A call to emergency ‘000’ call was placed by FMIG office manager, Liezl Samakovski, to the Emergency Services Telecommunications Authority (ESTA), seeking the assistance of Ambulance Victoria. ... 

Peta did not regain consciousness and died on 9 May 2019. ... 

Peta died as a result of substandard clinical judgement from doctors at the beginning and end of this programme, combined with a misalignment of incentives amongst the various business entities that facilitated the process. It may be somewhat of an oversimplification, but the snapshot provided by this Inquest has revealed an industry putting profits over patients. 

Two main issues arise from the circumstances surrounding Peta’s death: whether she should have undergone the CTCA scan at all and whether FMIG staff should have been able to better manage her anaphylactic reaction to prevent her death.

The Coroner's recommendations are 

radiologists 

1. That the Royal Australian and New Zealand College of Radiologists (RANZCR) implement a mandatory requirement that radiologists working in settings where contrast is administered without other expert medical support undertake specific training in the recognition and management of severe contrast reactions and anaphylaxis every 3 years. 

2. That RANZCR, the Australasian Society of Clinical Immunology and Allergy (ASCIA) and the Australian Resuscitation Council (ARC) develop and implement a comprehensive training and certification programme for radiologists in the recognition and management of severe contrast reactions and anaphylaxis and the provision of CPR and basic life support including airway management with equipment available in radiology practices.

3. That RANZCR implement a register of severe contrast reactions, their management and outcomes to enable an assessment of the effectiveness of training and compliance with guidelines. 

4. That RANZCR amend its contrast reaction management guidelines for display in rooms where contrast is administered to specifically highlight:  (a) that adrenaline is potentially life-saving and must be used promptly. Withholding adrenaline due to misplaced concerns of possible adverse effects can result in deterioration and death of the patient.  (b) the role of glucagon in reactions in patients undergoing cardiac CT who have received beta-blocking medication. 

5. That RANZCR amend their Standard 5.3.2 with regard to requests for non- emergency and invasive investigations or procedures, or procedures including administration of contrast dye, so that referrals containing no or inadequate clinical information regarding the test or procedure are rejected or referred back to the requesting doctor if that doctor cannot be directly contacted to provide their clinical indication for requesting the test or procedure. 

6. That RANZCR prepare a joint position statement with the Cardiac Society of Australia and New Zealand regarding when ‘screening’ is an acceptable indicator for a CT angiogram or other invasive cardiac tests. 

7. That RANZCR prepare joint position statements with other relevant bodies on when ‘screening’ is an acceptable indicator for other imaging procedures. 

8. That, after these statements are prepared, RANZCR update its standards and guidelines regarding both clinical requests and consent procedures to address the increasing prevalence of ‘screening’ requests, and to ensure that imaging procedures are not performed for ‘screening’ when lower-risk alternatives might achieve the same end. 

radiographers 

9. That the Medical Radiation Practice Board (MRPB) review and update its set of Professional Capabilities for Medical Radiation Practitioners to ensure that emergency response is adequately addressed within them, including both proficiency in recognition of reactions, administration of necessary treatments, and playing an active role in emergency response, including raising issues with more senior staff when required. 

10. That the MRPB update their CPD guidelines to require that all radiographers who work with contrast media ensure they are consistently trained in emergency response to severe reactions and anaphylaxis. 

11. That RANZCR, ASCIA, Australian Resuscitation Council and the Australian Society of Medical Imaging and Radiation Therapy (ASMIRT) develop and implement a training and certification programme for radiographers in the recognition and management of severe contrast reactions and anaphylaxis, CPR and Basic Life support with a triannual recertification requirement, including: (a) the ability to administer adrenaline via autoinjector when encountering a patient experiencing a severe reaction; and (b) playing an active role in emergency response, including raising issues with more senior staff when required. 

12. That the MRPB, RANZCR and ASMIRT consider expanding radiographers’ scope of practice to include training in the preparation and administration of medications appropriate to their practice, including drugs used to treat medical emergencies encountered in radiology, either under the supervision of a medical practitioner or, in emergencies, without the supervision of a medical practitioner. 

private diagnostic imaging practices 

13. That FMIG stock adrenaline auto-injectors (in addition to vials of adrenaline) as a means to enable the rapid administration of an accurate dose of adrenaline by the correct route. 

14. That FMIG revise their consent process to include a consent form for CTCA and other contrast procedures that is clearly identified as a consent form requiring witnessing by an appropriate person (radiographer or radiologist) and which includes specific reference to items in the RANZCR guideline including radiation risk and alternatives appropriate to their individual circumstances. 

15. That RANZCR update its standards regarding radiology practices to ensure:

1. (a) That adrenaline auto-injectors (in addition to vials of adrenaline) are accessible in every room where contrast medium is injected as part of a diagnostic imaging procedure. 

2. (b) That policies and procedures for responding to inappropriate requests specify that the response must occur promptly after receipt of the request. 

3. (c) That the information required to be given to patients during consent procedures include alternatives which may be appropriate to their individual circumstances. 

4. (d) That all radiographers are trained in the recognition and management of anaphylaxis and severe contrast reactions. 

5. (e) That practice staff, including but not limited to radiographers, are trained and empowered to play an active role in emergency response, including raising issues with more senior staff when required. 

6. (f) That practices have onboarding systems for new radiologists which include an orientation with regard to the location of emergency equipment as well as an assurance of the recency of training with respect to recognition and management of severe contrast reactions and anaphylaxis. 

7. (g) That all rooms where contrast medium is administered are to have a contrast reaction treatment guideline prominently displayed. 

16. That the Diagnostic Imaging Accreditation Scheme (DIAS) Advisory Committee review the current DIAS Practice Accreditation Standards and propose revised standards, or means of applying the current standards, that ensure: 

(a) That adrenaline auto-injectors (in addition to vials of adrenaline) are accessible in every room where contrast medium is injected as part of a diagnostic imaging procedure. 

(b) That policies and procedures for responding to inappropriate requests, as required in Standard 2.1, specify that the response must occur promptly after receipt of the request. 

(c) That the information required to be given to patients under Standard 2.2 include alternatives which may be appropriate to their individual circumstances. 

(d) That Standard 2.4 requires that all radiographers are trained in the recognition and management of anaphylaxis and severe contrast reactions. 

(e) That Standard 2.4 requires that practice staff, including but not limited to radiographers, are trained and empowered to play an active role in emergency response, including raising issues with more senior staff when required. 

(f) That practices have onboarding systems for new radiologists which include an orientation with regard to the location of emergency equipment as well as an assurance of the recency of training with respect to recognition and management of severe contrast reactions and anaphylaxis. 

(g) That all rooms where contrast medium is administered are to have a contrast reaction treatment guideline prominently displayed. 

17. That RANZCR and the DIAS Advisory Committee consult each other on the best distribution of efforts to achieve the aims in the previous two recommendations, and that they work together to develop a programme for communicating any changes to radiologists and diagnostic imaging practices. 

18. That FMIG review their compliance with the DIAS Practice Accreditation Standards, in particular Standard 2.1. 

19. That the Commonwealth Minister for Health undertake an audit of all Australian accredited diagnostic imaging practices regarding their compliance with DIAS Practice Accreditation Standard 2.1. 

20. That the Commonwealth Minister for Health produce and promulgate standard forms for referrals to diagnostic imaging practices, ensuring that referrals include clinical information and effective contact information, and that the Minister consider whether measures should be taken to mandate the use of such forms. 

the workplace health industry 

21. That the Australian Competition and Consumer Commission consider whether enforcement action is appropriate against Priority Care Health Solutions, MRI Now or related corporate entities for unconscionable, misleading and/or deceptive conduct in their businesses which:  

(a) gave clients the impression that the business directly employs medical practitioners, when it does not; and   

(b) gave the impression to diagnostic imaging practices that a medical practitioner has reviewed a patient before requesting a scan, when they have not. 

22. That the Royal Australian College of General Practitioners (RACGP) and the Australasian Faculty of Occupational & Environmental Medicine (AFOEM) of the Royal Australasian College of Physicians prepare a joint position statement on whether practitioners engaged in workplace health have different obligations to ‘clients’ or ‘candidates’, for whom they are undertaking a limited review of information, than they do toward their ‘patients’, as was suggested by Dr Saad. 

23. That the RACGP and the AFOEM prepare a joint position statement on the appropriateness of a practitioner authorising, or otherwise allowing, their signature to be used in referring individuals (whether ‘patients’, ‘clients’ or ‘candidates’) for tests when neither the patient, nor any information specific to the patient, has been reviewed. 

emergency services 

24. That Ambulance Victoria (AV) issue a practice advisory highlighting that adrenaline be administered as soon as practicable to patients who have acutely deteriorated within a short time of receiving radiological contrast at a radiology clinic. 

25. That AV issue a practice advisory highlighting the possibility of beta-blocking medication being present in a patient experiencing anaphylaxis to radiological contrast whilst undergoing cardiac CT, and that consideration should be given to administering glucagon in these circumstances if the patient is unresponsive to adrenaline. .

18 February 2022

COVID and Fraud

The Joint Committee on Law Enforcement report on Vaccine related fraud and security states 

 COVID-19 vaccines have emerged as the primary tool being used to combat the health impacts to individuals by variants of coronavirus. The integrity of the COVID-19 vaccination program is therefore vital to ensure the success of public health initiatives to reduce the mortality and morbidity caused by coronavirus. ... 

There are a number of different elements to ‘vaccine related fraud and security’. For the purposes of this report:

  • Vaccine related fraud refers to organised crime groups undertaking fraud using peoples’ uncertainty or desire for vaccines as the ‘bait’. 

  • Vaccine security refers to the integrity of the individual vaccine dose being injected in a person. 

  • Vaccination related fraud (as distinct from ‘vaccine related fraud’) refers to groups or individuals seeking to subvert the Australian Government’s COVID-19 vaccination program or state and territory governments’ vaccination related public health restrictions. 

Vaccine related fraud 

Vaccine related fraud was examined in detail in the committee’s interim report of this inquiry. As explained in the interim report, concerns held early on in the pandemic were that: …a significant proportion of COVID-19 related crime will be where criminals use vaccine-themed telephone and online phishing scams to obtain personal identification information to exploit for future fraud, with cyber criminals ‘preying on citizens’ anxieties and uncertainties, along with less secure [working from home] conditions to take advantage of the COVID‑19 vaccine rollout through online scams’. 

As outlined in the interim report: …the actual levels of pandemic-related fraud experienced by Australians has to date been less than expected. This has been particularly true in relation to vaccines, largely due to the no-cost public health nature of Australia’s COVID-19 vaccination program. 

Since the release of the interim report, no evidence has been provided to the committee to cause it to revise that finding. This final report will therefore not re-canvass issues of vaccine related fraud, and the committee instead refers interested readers to the interim report which covered this topic extensively. 

Vaccine security 

As outlined above, vaccine security refers to the physical security of the supply chain and the integrity of the vaccine dose to be injected in an individual—is it legitimate or is it counterfeit, black market or otherwise tampered with? 

Early in the pandemic there were concerns that ‘Australia may prove to be particularly vulnerable to illegal COVID-19 black markets, with one of the world’s highest concentrations of darknet drug vendors per capita’. 

The interim report for this inquiry provided extensive detail on the steps being taken by various government law enforcement and health agencies to ensure the integrity of vaccines to be administered to individuals, underpinned by the measures put in place by pharmaceutical companies and health professionals themselves, such as pharmacists, nurses and medical practitioners. 

As with vaccine related fraud discussed above, the interim report found there was little manifestation of vaccine security concerns and reported that ‘the widespread distribution of no cost COVID-19 vaccines mitigates the organised crime threat in Australia, with the most likely remaining threats limited to scam attempts and small-scale black-market activity’. 

Since the publication of that interim report in August 2021, the committee has continued to keep a watching brief on the security of vaccines and is confident that the situation remains the same, with no physical security or vaccine integrity concerns being actualised. This final report will therefore not re-canvass vaccine security issues and, as with vaccine related fraud, the committee refers interested readers to its interim report. 

However, it is important to note the continued work of the Australian Government to protect Australian essential services by strengthening the security and resilience of critical infrastructure. Amendments to the Security of Critical Infrastructure Act 2018 (the SOCI Act), enacted on 22 November 2021, introduced mandatory cyber incident reporting (Part 2B of the SOCI Act) and provided government assistance in response to significant cyber attacks that impact Australia’s critical infrastructure assets. Further changes have been proposed under the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022, introduced into the House of Representatives on 10 February 2022, which would enact: [C]ritical infrastructure risk management programs for critical infrastructure assets (proposed Part 2A of the SOCI Act); and enhanced cyber security obligations for those assets most important to the nation, described as systems of national significance (proposed Parts 2C and 6A of the SOCI Act). 

These amendments are intended to help address threats to Australia’s critical infrastructure during events such as the COVID-19 pandemic, but also broader threats ‘ranging from natural hazards (including weather events) to human induced threats (including interference, cyber attacks, espionage, chemical or oil spills, and trusted insiders). 

Vaccination related fraud 

Increased population-wide uptake of COVID-19 vaccinations can allow governments to reduce reliance on other disease suppression methods, such as lockdowns, travel and site attendance restrictions and face masks. As such, the Australian and state or territory governments implemented a range of measures designed to encourage greater uptake of COVID-19 vaccinations which, apart from the reduced health risks to the vaccinated individual, largely centred on vaccinated people having fewer public health related movement or activity restrictions. It is important to note that these public health restrictions, with the exception of entry to Australia, are the responsibility of state and territory governments and are enacted and enforced via the laws and policies of those jurisdictions. 

To ensure compliance with various proof-of-vaccination requirements, governments have required a reliable system for individuals to prove their vaccination status. To support this, the Australian Government expanded the existing Australian Immunisation Register (AIR) system—the national database that tracks the immunisation records of Australians—to include COVID-19 vaccinations. As with other vaccinations, individuals book a COVID-19 vaccination with a registered health professional who then logs the vaccination onto the AIR system. Individuals can download a certificate showing their vaccination status onto personal digital devices or in printed form, which can then be shown when COVID-19 vaccination proof is required. The digital certificate was designed to be integrated with state and territory check-in apps, so that those jurisdictions are able to control how they work in conjunction with QR codes and locally set health restrictions. 

There are some Australians who are opposed to COVID-19 vaccinations and/or vaccination mandates. It is important to note that there are people who do not wish to be vaccinated but are nonetheless compliant with other COVID‑19 related public health restrictions, such as mask wearing, contact tracing, and movement or workplace restrictions. 

However, within the cohort of people who do not want to be vaccinated against COVID-19 evidence and reports suggest that many also wish to avoid other public health restrictions. Some of these people are engaging in various forms of fraud, not to avoid vaccination—which is not itself mandatory—but to avoid other public health restrictions. These fraud activities can be broken down into three broad categories:

  • Vaccination status (certificate) fraud, where a person uses a forged certificate to fraudulently claim to be vaccinated. 

  • Vaccination exemption fraud, where a person or medical practitioner fraudulently claims an exemption from vaccination. 

  • Vaccination administering fraud, where a medical professional fraudulently registers administering a vaccination to an individual, or where an individual takes a vaccination under another person’s name. 

These three key types of vaccination fraud are discussed in detail below. 

It is important to note that, at time of writing, many of the public health restrictions that some unvaccinated people have sought to avoid have recently been relaxed or lifted—with further easing expected in the near future. There are exceptions to this general trend, including, for example, in Western Australia, where additional movement and work restrictions have recently been introduced for unvaccinated people. However, to the extent that restrictions on unvaccinated people are reduced or removed, this will likely correspond to a decrease in the incidence of fraudulent activity such as that described below. 

Vaccination certificate fraud 

The Australian Government has responsibility for vaccination programs under its public health role, including maintaining a register of vaccinations. As outlined above, proof of COVID-19 vaccination status uses the existing AIR system, which was expanded by the Australian Government to include COVID-19 vaccinations. 

With the exception of vaccination mandates for workers within aged care facilities, the Australian Government does not impose any restrictions on people in Australia based on their COVID-19 vaccination status. Any such restrictions are instead the responsibility of state and territory governments, which rely on Australian Government vaccination registers to monitor and ensure compliance with local laws. 

The Department of Health has responsibility for establishing what constitutes proof of vaccinations status, and Services Australia has responsibility for maintaining the AIR system. Services Australia informed the committee that: Since the inception of the AIR Act [Australian Immunisation Register Act 2015], vaccination provider compliance has always been high. 

Services Australia submitted that the approach taken to designing the system for registering COVID-19 vaccinations was to manage a ‘balance of providing consistent security features, appearance and format for vaccination certificates across all channels, while also considering customer experience and accessibility’. 

Services Australia outlined the existing measures taken to protect the integrity and accuracy of immunisation records: Contemporary cybersecurity measures are in place across the Agency’s AIR system to protect data and people’s personal information. The Agency continues to invest in a cyber-skilled workforce, modern cyber technologies, advanced threat intelligence systems, next generation firewalls and industry best practice. As technology changes and new challenges emerge, the Agency routinely subjects its online systems to independent security testing, to ensure systems are kept secure and up to date to mitigate threats. 

Proof of COVID-19 vaccination status is available via a digital certificate accessible via myGov through Medicare and the Medicare Express Plus app or via a person’s My Health Record. The certificate can be stored on a mobile device or printed. Services Australia outlined to the committee prior to the rollout that it was ‘working closely with the Australian Signals Directorate and the Australian Cyber Security Centre on managing vulnerabilities with the mobile applications used to generate and display digital certificates’.  Services Australia further informed the committee that digital certificates contain security measures such as a ‘shimmering Coat of Arms that shifts position when tilting or moving the mobile device (a parallax effect) … an animated tick, as well as a live clock showing the current date and times’. 

Services Australia also informed the committee that AIR data is protected by restricting access to the system to officers of the agency and approved vaccination providers and their delegates with formal registration. Further, users can only download their own information via the ‘Provider Digital Access system to ensure secure access to government online services, including the AIR, via a username, password and verification code log on’. 

Paper-based certificates 

Users can also print their certificate, have one mailed to them or collect one from a Services Australia service location. Printed certificates contain ‘a Commonwealth Coat of Arms watermark, and every digital certificate displays a unique “document number” which can be used to verify the authenticity of certificates in the future’. Services Australia noted these security measures are consistent with other government documents, such as birth and citizenship certificates.   

Concerns have been raised regarding the risks posed by paper-based vaccination certificates, given the ability to more easily forge them combined with the fact that, generally, those certificates are being used in informal settings such as shops, hairdressers, restaurants and cinemas. Services Australia informed the Senate Select Committee on COVID-19 that help lines were established to assist businesses and individuals with any concerns regarding potentially fraudulent behaviour.   

According to the U4 Anti-corruption Resource Centre (U4), as paper‑based certificates are susceptible to alterations and falsification, digital‑based vaccination certificates can counter these limitations, allowing countries to reopen more safely. However, the centre also noted that while ‘QR codes with digital signatures make it far more difficult to falsify vaccine certificates, they are not entirely foolproof’. 

Certificate fraud: perceived risks 

The Royal Australian College of General Practitioners (RACGP) perceived the risk posed by fake vaccine certificates in Australia as relatively small and submitted there is ‘unlikely to be significant financial benefit in producing fake certificates, unless done on a large scale by criminals selling these to people who do not wish to be vaccinated.’ 

Aged & Community Services Australia (ACSA) raised concerns that ‘there may be adverse implications for the aged care sector from the use of fake vaccine certificates’ because the ‘employment of potentially unvaccinated aged care workers … would create increased vulnerability for older persons who are consumers of aged care as well as creating risk for providers not meeting Public Health Orders requiring workers to be vaccinated’. 

To reduce this risk, ACSA recommended threefold that the Australian Government ‘introduce penalties for use of fraudulent certificates as a deterrence’, ‘ensure that robust technology is in place … enabling aged care workers to readily access clear evidence of their vaccinations’ and finally to publish information to ‘assist providers in recognising fake certificates and processes implemented to allow providers to report concerns’.  However, it is notable that ACSA did not point to any actual cases of certificate fraud, only that should such fraud occur, it could have adverse impacts. 

Likewise, the Pharmacy Guild also recommended ‘there should be standardised reporting procedures as well as legislated penalties for individuals engaging in this type of behaviour, both for the citizen and the healthcare professional.’  Penalties, akin to those that apply to quarantine breachers and those who ignore mandatory vaccination orders, should also apply to those seeking to bribe a vaccinator to falsify records or to manipulate records, either digitally or by having someone else get vaccinated in their place. 

The committee notes the Australian Government has already introduced penalties in relation to such offences. Services Australia submitted that ‘with the emerging adult vaccine requirements there may be potential risk around forging of vaccination records’ and to address this risk there are ‘harsh penalties in place’. Penalties for a vaccination provider not complying with or contravening obligations under the AIR Act is ‘a civil penalty of 30 penalty units’, currently $222 for offences committed on or after 1 July 2020. Additional penalties exist for both vaccination providers and the general public for ‘an offence committed relating to protected information, which can be a penalty of imprisonment for 2 years or 120 penalty points, or both’.  Additionally, Services Australia publishes information to assist businesses and individuals in recognising legitimate or fraudulent vaccination certificates. 

States and territories are also able to impose their own penalties for fraud in relation to vaccination status. For example, in October 2021 the NSW Government introduced laws that a person must not ‘provide, display or produce to another person information or evidence, including vaccination evidence, purporting to show the person is a fully vaccinated person, unless the information or evidence is true and accurate’. The maximum penalty for such an offence is 100 penalty units—$11 000 and/or six months imprisonment—with a further possible penalty of $5500 for each day the offence continues. 

The Pharmacy Guild also recommended that ‘any national digital solution for proving a person’s vaccination status, for travelling or entering venues for example, should primarily rely on AIR data as the single source of truth to mitigate fraud relating to vaccination status. 

As outlined earlier in this section, AIR data is being used as the system for proving COVID-19 vaccination status. As such, all recommendations provided to this inquiry as to ensuring the robustness of COVID-19 vaccination status proof, have been enacted. 

Certificate fraud: experienced 

While there have been some media reports of the use of fraudulent vaccination certificates, such fraud does not appear to be widespread and, in cases to date, appears to have been conducted in an inexpert manner that is quickly identified. These instances include individuals engaging in forgery as well as websites that allow users to input data to generate a fake certificate or check-in proof. A cyber security expert noted that these fake certificates have limited application as they cannot be used to enter locations using integrated check-in apps, and further relied on busy situations ‘where the differences between real and fraudulent certificates wouldn’t be noticed’. 

As noted above, there is a reduced risk of vaccination certificate fraud moving forward, at least to the extent that many of the movement and site attendance restrictions have been lifted, or are expected to be in the near future.  Remaining restrictions are largely around travelling between states and work-place vaccination mandates, both of which entail assessing proof of vaccination status in formal settings where the likelihood of successfully using a forged certificate is significantly lower. 

International certificate fraud 

There have been globally coordinated efforts in developing an International COVID-19 Vaccination Certificate that works in conjunction with existing ePassport technology already working across the globe. This certificate allows easy outbound and inbound international travel to and from countries that recognise the existing International Civil Aviation Organisation standards, using Visible Digital Seal technology. 

There is also some vulnerability to Australia from vaccination certificate fraud undertaken overseas, and then used to enter Australia. U4 listed a number of instances of COVID-19 certification fraud related to international travel, however it is important to note that these instances occurred in areas with significantly high rates of other types of fraud, including Russia, Central America, Zimbabwe, South Africa 

U4 noted that: Fraud cases are on the rise as security concerns around the Certificate mount. The main perpetrators include organised crime networks, corrupt healthcare workers, and anti-vaxxers. 

In Italy, several online fraud schemes peddling fake vaccine certificates, with fake QR codes and vaccine batch numbers, were closed down. In France, real certificates, with real QR codes were being sold, allegedly obtained from health workers with official access to the health databases. In Greece, a doctor who was himself an anti-vaxxer and ‘Covid denier’ was caught red-handed, giving fake inoculations to obtain certificates for his Covid-sceptic friends. We are seeing how security flaws in the European Certificate make it easy for those with the know-how and the right connections to forge and obtain fake certificates. 

Despite these instances of fraud overseas, no evidence was provided to the committee to suggest the current occurrence of forgery of international vaccination certificates had been used for entry into Australia. 

Vaccine exemption fraud 

Vaccine exemption fraud is where a person fraudulently claims to have a medical condition that warrants exemption, or where a medical practitioner (doctor) grants an exemption in breach of the guidelines established by the Australian Technical Advisory Group on Immunisation (ATAGI). 

There are existing systems to ensure the integrity of exemptions to vaccinations, which have been expanded to include reviewing COVID-19 vaccination exemptions. The primary integrity mechanism is that vaccination exemptions can only be granted by registered medical practitioners. 

Medical practitioner fraud 

Medical practitioners are regulated by the Australian Health Practitioner Regulation Agency (AHPRA), which has published information on laws and policies that medical practitioners must follow in relation to COVID-19 vaccinations, as have many other medical practitioner organisations. This includes guidance for those who may have a conscientious objection to COVID-19 vaccinations that they must not ‘discourage their patient or client from seeking vaccination’ and must ‘ensure appropriate referral options are provided for vaccination’. Thus medical practitioners are able to personally object to COVID-19 vaccinations while remaining compliant with relevant public health laws and policies. 

Any vaccination exemptions must be reported by the practitioner to the Department of Health, which monitors the numbers and types of exemptions granted. Suspected breaches of law or policy regarding COVID‑19 vaccination exemptions are referred for investigation to AHPRA, with sanctions for breaches including a caution, education, limits to perform certain procedures or in extreme circumstances, a temporary or permanent ban from practice. 

The RACGP submitted that there have been a few reported cases of medical practitioners who fraudulently granted an ineligible person an exemption to taking a COVID-19 vaccine. The RACGP noted it would be ‘exceptionally rare for someone to not be able to receive any COVID-19 vaccine’ because ‘those who have a contraindication to one vaccine have other vaccine options available to them’. 

here are limited grounds for an exemption, such as a major medical condition or past anaphylaxis to an ingredient of the vaccine.  Anti-vaccination groups published details of certain medical practitioners who were willing to provide such exemptions. Some of these medical practitioners ultimately were the victims of their own success, when the large numbers of people attending their practices tipped off authorities, with investigations resulting in their suspension from practising medicine. 

Patient fraud 

There have been media reports of medical practitioners being pressured by patients to provide exemptions for COVID-19 vaccinations. Early on in the vaccination rollout, anti-vaccination groups published information that anxiety about vaccination could be considered a ‘major medical condition’ and advised people to seek exemption on these grounds. The President of the RACGP, Dr Karen Price, reported that some patients become ‘aggressive and abusive, demanding an exemption when not fitting the clear criteria’. 

As outlined above, health organisations provide a wealth of supporting information for medical practitioners and nurses on COVID-19 vaccinations, including tips on holding difficult conversations with vaccine-hesitant people.  It must be noted that medical practitioners receive a great deal of training and support as the role often includes navigating difficult consultations, such as when patients exhibit drug-seeking behaviours. COVID‑19 vaccination hesitancy, or outright refusal, is just one of the many difficult medical situations that medical professionals navigate in their profession. Dr Price also reported that in many instances, doctors were able to talk to patients about their concerns, resulting in that person agreeing to be vaccinated. 

Vaccine administering fraud 

Vaccine administering fraud refers to a health professional lying about having administered a vaccination so the patient can fraudulently claim to have been vaccinated. As such, it requires a level of conspiracy between two or more people—one of whom is a registered doctor, nurse or pharmacist—and is therefore rare. 

Vaccine administering fraud can also be where an individual takes a vaccination under another person’s name. The Pharmacy Guild of Australia (Pharmacy Guild) outlined vaccination processes that reduced risk of this type of fraud: Community pharmacy actively contributes to reducing the risk of vaccination certificate fraud with the implementation of strict processes and procedures for COVID-19 vaccine administration. These include processes and procedures for confirming the identity of individuals presenting for vaccination, as well as assessing an individuals’ eligibility for vaccination by checking the Australian Immunisation Register before administration of a vaccine.43  

The Pharmacy Guild submitted that following these processes had ‘enabled pharmacists to identify instances of potential vaccination fraud and address the situation by denying administration of a COVID-19 vaccine to the individual involved.’ 

The Pharmacy Guild noted further protective factors against fraud being that ‘pharmacists are adept at reporting prescription fraud and having difficult conversations with individuals potentially partaking in fraudulent behaviour’. 

Administering fraud experienced 

There have been a few media reports of medical staff who have been involved in a conspiracy to commit fraud by declaring a person as having been vaccinated for COVID-19 when in fact that no vaccine was administered. 

A nurse in Western Australia was accused of pretending to vaccinate a 15-year old boy, with further accusations she had elected to administer vaccines for the purpose of committing such fraud for a number of family and friends. The nurse was charged with fraud, with those charges later dropped due to lack of evidence. However, after investigation by AHPRA, the nurse agreed to surrender her registration and is now unable to work as a nurse in Australia.  As with the case cited earlier in this chapter of doctors granting false exemptions, suspicions were raised by the number of people attending the clinic and asking for the nurse by name, triggering notifications and ultimately the arrest of the nurse. 

The Pharmacy Guild submitted that there have been a small number of reports by pharmacists of being offered ‘significant’ bribes to ‘falsify Australian Immunisation Register records such that an individual may obtain a genuine COVID-19 vaccination certificate issued by the Australian Government’.  The Pharmacy Guild further submitted: Another concern is reports of individuals other than the person who has made the vaccination booking presenting for vaccination at a pharmacy for the purpose of enabling a vaccine hesitant person to obtain a genuine COVID-19 vaccination certificate without receiving the vaccine. 

The Pharmacy Guild recommended ‘establishing a dedicated system for COVID-19 vaccination providers to report potential COVID-19 vaccination fraud’. Such a system has already been established. COVID-19 vaccination fraud can be reported via existing fraud reporting systems of Services Australia, a system already well-known to health professionals, and information on how to report is also provided on the Services Australia website. 

Antitrust, Trade, Privacy

'Atomistic Antitrust' by Mark A. Lemley and Robin Feldman comments 

Antitrust is atomistic: deliberately focused on trees, not forests. It pays attention to the consequences of individual acts alleged to be anticompetitive. 

That focus is misplaced. Companies and markets don’t focus on one particular act to the exclusion of all else. Business strategy emphasizes wholistic, integrated planning. And market outcomes aren’t determined by a single act, but by the result of multiple acts by multiple parties in the overall context of the structure and characteristics of the market. 

The atomistic nature of modern antitrust law causes it to miss two important classes of potential competitive harms. First, the focus on individual acts, coupled with the preponderance of the evidence standard for proving a violation, means that antitrust can’t effectively deal with what we might call probabilistic competitive harm: multiple acts, any one of which might or might not harm competition. Second, atomistic antitrust tends to miss synergistic competitive harm: acts which are lawful when taken individually but which combine together in an anticompetitive way. 

Unfortunately, modern antitrust law has strayed too far down the atomistic pathway. Courts and agencies too often take a narrow, transaction-specific focus to challenged conduct. Instead of asking “is the overall behavior of this company reducing competition in the market,” they focus on a particular merger or challenged monopolistic practice in isolation. Courts and agencies need to move beyond atomistic antitrust and take a more holistic look at the circumstances and effects of an overall pattern of conduct. Our goal in this article is to set out a framework for integrated antitrust, in which individual actions can be understood not just on their own but also as part of a comprehensive whole. Only by doing so can the legal system both return antitrust to its roots and bring antitrust into the modern context of the business decisions that courts must analyze today. 

'Privacy and/or Trade' by Anupam Chander and Paul M. Schwartz comments 

International privacy and trade law developed together, but now are engaged in significant conflict. Current efforts to reconcile the two are likely to fail, and the result for globalization favors the largest international companies able to navigate the regulatory thicket. In a landmark finding, this Article shows that more than sixty countries outside the European Union are now evaluating whether foreign countries have privacy laws that are adequate to receive personal data. This core test for deciding on the permissibility of global data exchanges is currently applied in a nonuniform fashion with ominous results for the data flows that power trade today. 

The promise of a global internet, with access for all, including companies from the Global South, is increasingly remote. This Article uncovers the forgotten and fateful history of the international regulation of privacy and trade that led to our current crisis and evaluates possible solutions to the current conflict. It proposes a Global Agreement on Privacy enforced within the trade order, but with external data privacy experts developing the treaty’s substantive norms.

17 February 2022

Rights

'The Limitations of Privacy Rights' by Daniel J. Solove comments 

Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure, right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms. 

In this article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than they are capable of doing. Rights can only give individuals a small amount of power. Ultimately, rights are at most capable of being a supporting actor, a small component of a much larger architecture. I advance three reasons why rights cannot serve as the bulwark of privacy protection. First, rights put too much onus on individuals when many privacy problems are systematic. Second, individuals lack the time and expertise to make difficult decisions about privacy, and rights cannot practically be exercised at scale with the number of organizations than process people’s data. Third, privacy cannot be protected by focusing solely on the atomistic individual. The personal data of many people is interrelated, and people’s decisions about their own data have implications for the privacy of other people. 

The main goal of providing privacy rights aims to provide individuals with control over their personal data. However, effective privacy protection involves not just facilitating individual control, but also bringing the collection, processing, and transfer of personal data under control. Privacy rights are not designed to achieve the latter goal; and they fail at the former goal. 

After discussing these overarching reasons why rights are insufficient for the oversized role they currently play in privacy regulation, I discuss the common privacy rights and why each falls short of providing significant privacy protection. For each right, I propose broader structural measures that can achieve its underlying goals in a more systematic, rigorous, and less haphazard way.