abstract-luminous-dna-molecule-doctor-using-tablet-and-check-with-picture-1900x500

Health Bulletin June 2023

The latest insights from our Health Law team:

If you'd like to stay up to date with Russell Kennedy's insights, please sign up here. 

Fluorescent guide can help detect tumour left behind after surgery

Investigators at Mass General Cancer Center are seeing promising results from a new technique designed to help surgeons identify and remove residual tumour tissue during breast-conserving surgeries.

The new technique involves injecting pegulicianine, a fluorescent dye, into breast cancer patients prior to surgery. Following the removal of the initial tumour, surgeons are able to use a handheld probe to scan the cavity for additional tumour. Image analysis software is used to display any fluorescent signal on the screen which indicates where the remaining tumour tissue is located. Surgeons are then able to remove any residual tumour during surgery.

The clinical trial is being held across 14 sites in the United States, where 406 patients are undergoing lumpectomy surgeries for stages 1 to 3 invasive breast cancer or ductal in situ carcinoma (the earliest form of breast cancer).

Trial results have revealed the new technique has assisted in reducing the number of second surgeries in 10% of patients, with others able to undergo a standard lumpectomy procedure to remove the residual tumour cells.

Director of the Breast Program at Mass General Cancer Centre and head of the Breast section in the Department of Surgery, Barbara Smith, MD, PhD, noted "the goal of our research is to evaluate ways to improve the effectiveness of lumpectomy surgery, reduce the burden of patients and to help surgeons to get clean margins".

Investigators will continue with ongoing studies to calculate sensitivity more precisely, and will look in greater detail at how effectively the technique clears margins.

For more information, please click here.

Telehealth crackdown imminent

The Medical Board of Australia is developing changes to telehealth regulations that may result in doctors being prohibited from prescribing drugs to online patients whom they have not previously met. This development is driven by concerns over the rise of start-up businesses selling weight loss medication without fully verifying the patient identity's or conducting video calls.

The Medical Board is expected to release new telehealth prescribing rules soon, which will particularly affect online weight loss medication providers such as Midnight Health, Juniper and Pilot. Midnight Health has announced plans to strengthen its procedures by requiring photos or video calls for all weight loss prescriptions. Woolworths, an investor in Juniper's parent company, Eucalyptus, has expressed that it expects higher standards of compliance with regulations from the companies it invests in.

For more information, please click here.

NDIS participants unable to receive support they require due to lack of access

New data from the Australian Federation of Disability Organisations (AFDO) has revealed that participants in the National Disability Insurance Scheme (NDIS) are not able to access the services they require, despite having available funding, due to a lack of approved providers.

This is particularly prevalent in regional and rural areas, with the data revealing that while remote regions have attracted the highest average plan value, participants spend less of their allocated funds.

Ross Joyce, the AFDO chief executive, has confirmed that no participant is getting 100 per cent of the support for which they are eligible, with utilisation rates at approximately 70 to 80 per cent in most cases.

The First Nations participants are disproportionately impacted according to the data. Participants in the East Arnhem Regional Council area are only utilising 29 per cent of their allocation, the lowest utilisation rate in the country.

The First Peoples Disability Network chief executive, Damien Griffis, has advised the current model has not worked for regional and rural Australia. Mr Griffis stated that investing in community lead support in First Nations communities is a possible solution.

To read more, click here.

Cancer centre is the latest cybercrime victim

Crown Princess Mary Cancer Centre in Westmead Hospital in New South Wales is the most recent target for a cybercrime attack. The Cancer Centre was attacked by Medusa, a cyber-criminal gang who have stolen thousands of files and is holding them at ransom.

The gang is using double extortion, demanding a ransom whilst threatening to publicise the data if payment is not made. The gang has asked for US$10,000 to delay the release of information by 24 hours, and US$100,000 to download or delete the data from the gang.

Cyber criminals have generally avoided schools and health care organisations, but this no longer seems to be the case. Knowing the health care sector holds critical information is an incentive, as it is more likely they will pay the ransom given people’s lives may be at risk.

Some recent attacks include Medibank, Melbourne Heart Group and Eastern Health. The Eastern Health attack resulted in elective surgeries needing to be postponed. According to Microsoft, the health care sector and similar industries have become top targets for cyber criminals.

A recent study from 2016 to 2021 showed that during this time, US health care providers experienced 374 ransomware attacks, exposing the data of 42 million patients. As a result, health care services experienced system downtime, cancelled appointments and ambulance diversions.

The estimated impact prediction of cybercrime for 2023 is more than US$8 trillion.

While the risk cannot be entirely eliminated, steps can be taken to reduce the likelihood of an attack. These include protecting systems, training staff on basic cyber hygiene and seeking advice where appropriate.

For more information, please click here.

Concerns raised about ovulation apps and data privacy

Period trackers and ovulation apps monitor menstrual cycles and provide helpful insights into users’ fertility window and patterns of period symptoms. Popularity of these trackers and apps has led to their incorporation in fitness trackers like Garmin and Fitbit, and the Apple Health app.

However, Flinders University law experts Professor Tania Leiman and Lydia Chia have warned that increased usage of ovulation apps have legal implications regarding the access and use of personal data as users are bargaining their intimate privacy and data security for the convenience of the apps. 

The regulation of processing, sharing and storage of personal information varies greatly depending on where the company is domiciled. For instance, the European Union (EU) has stringent data processing and third-party sharing laws under the General Data Protection Regulations. However, many jurisdictions outside of the EU do not have such strict standards. 

Under the Australia Privacy Act data collected by ovulation apps is protected as “personal”, and “sensitive” health information but may not be regarded as “biometric information” or a “biometric template”.

In the US, some companies have made data from ovulation apps available to the users’ employers, highlighting the need for de-identification and anonymisation of data with regards to third party sharing.

Leiman emphasised that ovulation apps routinely sharing data with insurance companies could lead to changes in health insurance premiums, based on individual’s medical history, location and demographics.

Leiman extolled the importance of careful consideration of the data generated by ovulation apps and stressed there are competing values and differences in negotiating power between individual users and corporate data users.

To read more on this issue, click here.

Privacy breach in Northern Territory Health: Call for stronger privacy laws

The Northern Territory (NT) government found itself at the centre of a privacy breach concerning thousands of identifiable health files. The incident occurred during a software system upgrade between 2018 and 2019, with over 50,000 patients' records inadvertently sent to a global software vendor, Intersystems.

While cyber security experts argue that impacted individuals should be promptly notified, NT Health insists that it is up to individuals to check if their privacy has been compromised.

5 key points to takeaway surrounding the breach are as follows:

  1. The breach came to light when the Australian Broadcasting Corporation (ABC) reported that identifiable health files had been sent between NT government departments and Intersystems. Approximately 3,000 records were transmitted to the global software vendor, including highly sensitive data such as: psychology reports, termination of pregnancy records, and electroconvulsive therapy records.
  2. Natasha Fyles, who held the position of Health Minister during the incident, failed to make the privacy breach public. Cybercrime expert Richard Buckland asserts the government should have proactively reached out to affected individuals.
  3. NT Health argues that concerned individuals should take initiative to contact their privacy department if they suspect their medical records have been compromised. Cyber security expert Dr Vanessa Teague believes that impacted individuals are left with limited recourse, emphasising the necessity for stronger privacy laws.
  4. According to NT Health, the identifiable data was promptly deleted after the breach, and internal controls were reinforced to minimise the risk of a similar incident occurring in the future. In corroboration, Chris Hosking, acting chief executive of the Department of Corporate and Digital Development, attempted to downplay the severity of the privacy breach, asserting most files were stored securely with restricted access and suggests that only a limited number of authorised individuals from Intersystems were involved.
  5. Dr Vanessa Teague calls for updating the NT's privacy laws to hold accountable those who engage in irresponsible practices with personal data, arguing that without stronger regulation and meaningful consequences, privacy breaches will continue.

The privacy breach within NT Health has raised concerns about individual privacy and the need for stronger privacy laws. While NT Health places the responsibility on individuals to monitor their own records, experts argue for a comprehensive legal framework that imposes penalties on those who mishandle personal data. As this incident highlights the importance of robust privacy regulations, it serves as a reminder for governments and organisations to prioritise data protection and safeguard individual privacy in an increasingly digital age.

Read the ABC’s coverage on this issue on 25 May 2023 and 26 May 2023.

How we can help

For more information, please contact the Russell Kennedy Health Team.

Learn more about Russell Kennedy's expertise in the Health sector here.

If you'd like to stay up to date with Russell Kennedy's Insights, please sign up here.

View related insights

Overseas trained doctors 1900 x 500

Medical Board of Australia issues proposed registration standard for specialist registration of overseas trained doctors

13 Jun 2024

Following discussion amongst COAG (Australian and State and Territory Governments) the Medical Board of Australia (MBA) has now issued proposed new registration standards for specialist overseas docto ...

View
Health Natural Justice Alert 360 x 240

Disciplinary Action by Committees in the Health Sector - The need for "Natural Justice"

11 Jun 2024

If someone had made allegations against you, how would you wish them to deal with you in any proposed disciplinary proceedings? Would you expect to be dealt with fairly?

View
AI and Health 360 x 240

Navigating AI's Role in Healthcare: Legal Implications

9 May 2024

Much has been written on the introduction of Artificial Intelligence (AI) into many aspects of our lives, our work and our leisure. Given that so much in medicine is based on the “precautionary ...

View