The average reading time for this Alert is five minutes.
If your organisation is a public health service, public hospital, multi-purpose service, denominational hospital, private hospital, or day procedure centre, as well as other prescribed entities (together, health service entities), it may be affected by the recent changes to data sharing under the Health Services Act 1988.
The Health Legislation Amendment and Repeal Act 2019 came into effect on 12 September 2019. It provided for changes to the Health Services Act 1988 to commence on 27 August 2020. These changes introduce a new Part 6B ‘Information sharing for quality and safety purposes’.
What has changed and why?
Currently, there are no specific authorisations in the Health Services Act 1988, Health Records Act 2001 and Privacy and Data Protection Act 2014 (Health Acts) permitting health service entities to disclose confidential information for quality and safety purposes. The new provisions are intended to increase the flow of information to identify deficiencies in care and focus attention on opportunities for improvement.
Part 6B permits health service entities to disclose ‘confidential information’ to the Secretary or a prescribed ‘quality and safety body’, and also to other health service entities where requested by the Secretary or a quality and safety body, for a ‘quality and safety purpose’, where:
- Confidential information includes health information, personal information, sensitive information or unique identifiers within the meaning of the Health Acts. However, it does not specifically relate to patients, and can include the confidential information of clinicians or staff at a health service entity;
- Quality and safety purposes means:
- collecting and analysing information relating to the quality and safety of health service entities;
- monitoring and review of the quality and safety of health service entities and associated risks;
- reporting to the Secretary or to a quality and safety body in relation to the—
- performance of a health service entity; or
- risk to an individual or the community associated with the performance of a health service entity;
- incident reporting and performance reporting in relation to health service entities; and
- incident response, including case review, in relation to health service entities;
- Quality and safety has not been further defined to ensure that its meaning is not limited in the future to its present meaning.
Confidential information may also be shared if authorised by the Minister. For example, the Minister has, by instrument, authorised the sharing of confidential information between health service entities for the purpose of a review of an adverse patient safety event where patient care was provided by multiple health service entities.
Furthermore, the position of a ‘special adviser’ is created, which may collect, use and disclose confidential information for a specified quality and safety purpose.
What does this mean for you?
Health service entities will not be required to share information under the Part 6B information sharing regime. The changes are intended to provide better quality improvement and safety systems in the health sector.
For the purposes of information sharing under Part 6B, health service entities may no longer be required to:
- collect information directly from the person to whom it relates;
- notify that person when their information is shared; nor
- seek that person’s consent to share their information.
This is because privacy principles contained in the Health Records Act 2001 and Privacy and Data Protection Act 2014 are “turned off” to specifically exempt the collection, use and disclosure of information under Part 6B of the Health Services Act 1988.
As a result of these changes, information does not need to be de-identified prior to sharing it with authorised health service entities, the Secretary, a quality and safety body or a special adviser. This is important, because confidential information may be essential to resolving a quality and safety purpose, for example identifying if a particular clinician has been involved in underdosing or to identify variations in clinical practices.
The requirements regarding data security and storage under the Health Acts will continue to apply.
Protections for health service entities
Health service entities can be assured that they will not be breaching any professional standards or privacy requirements. There are specific carve outs for the collection, use or disclosure of confidential information under Part 6B so that any action taken in good faith and with reasonable care will not constitute a breach of professional standards or privacy legislation.
- Your organisation may be requested to share specific information to address one of the quality and safety purposes. Part 6B does not specify a right to refuse to share information, although the Department of Health and Human Services’ guidance indicates that there is no compulsion to share information.
- Patient outcomes are at the heart of this change, which seeks to drive better quality improvement and safety systems in the health sector. Health service entities are not permitted to share a person’s entire health record or a staff member’s entire personnel file to the extent the full record or file is not relevant to address a specific quality and safety purpose.
- Sharing information except in accordance with the requirements of Part 6B can amount to a breach of privacy legislation, and will be managed in this way. Persons may complain to the Health Complaints Commissioner or Office of the Victorian Information Commissioner if they believe that their information has been shared improperly.
How we can help
For further information on telehealth services and the associated legal risk, please contact Michael Gorton AM, Rebecca Olle or another member of our expert Health Law team.
If you'd like to stay up to date with Russell Kennedy's Insights, please sign up here.