Dr Dianne Heriot, the head of the Parliamentary Library, is adamant that she independently decided to revise a blog post about how law enforcement agencies could access My Health Record data following complaints from Health.
“I made a decision,” she told Senator Penny Wong, who raised the issue in supplementary estimates hearing yesterday. “I did not feel pressured to make that decision.”
Heriot revealed that not only did the department’s chief operating officer relay the unusual demand in a phone call followed by several “URGENT” emails, as we’ve previously reported, it was considered so important and pressing matter that Health secretary Glenys Beauchamp had to speak to her personally.
The Parliamentary Librarian and the head of her research branch, Johnathan Curtis, both said there was no indication at their end of any involvement from Health Minister Greg Hunt or his office, but Wong is sceptical.
‘A frankly pedantic argument’
The actual complaint — that the Privacy Act already allows doctors to release health information to law enforcement agencies without a warrant — was “a frankly pedantic argument” in the senator’s view.
She suspects Hunt probably was the source of the pressure on the library, given the departmental secretary called Heriot personally about what was a relatively minor issue, in a factual and legal sense, but a big political headache for the minister, though there is no clear evidence to prove it.
“But certainly the secretary of the department is putting the weight on the Parliamentary Library to change information that is provided to the parliament because, frankly, there’s a fair amount of political controversy associated with the bill,” said Wong.
“Your independence is of great importance to the parliament. And it has been – I’ve sat on that side of the table and this side of the table … and it has always been frankly something, across the parliament, on a bipartisan basis – perhaps Mr Hunt doesn’t agree – but that the independence of the library is extremely important to the parliament.
Heriot told Wong she was “acutely aware” of her role in defending the independence of the library, which is an agency of the Parliamentary Service. As such, she did not have to accede to the public service department’s surprisingly urgent request but said she did so because she agreed with its argument, after being asked to consider the Privacy Act.
The library was correct to say the Australian Digital Health Agency had a policy not to release MHR data without a warrant, according to the Health Minister, rather than a legislative requirement.
Wong made the point that while the legal threshold may technically not have been reduced, there is a big difference between a medical practitioner releasing a limited amount of health record information to police, and access being provided to a “new set of information aggregated and held by government in the way that this record is” and noted the privacy regulations preceded centralisation of this information in the MHR system.
“OK, there may not actually be reduction [in the legal threshold] but there is an increase in the data that can be utilised, and that is the point,” said Wong. Heriot agreed with her on that point.
“My concern was that, as drafted, the FlagPost suggested a greater statutory protection for data in the hands of private medical practitioners than was in fact there in law, because a lot of it came from custom and practice,” she said.
“Your point about the concentration of the data is entirely correct and I was simply concerned that the technical description of the other legal regime was adequately reflected.”
Maintaining the highest possible standards
The Parliamentary Librarian said that nevertheless, she accepted “there was a technical error in law” in the original.
“I take your point about the other broader policy things, and of course, you may think that I made the wrong decision. It was, however, my decision, made independently to ensure that it was technically correct.
“And I did not feel pressured, I was actually grateful for having the error pointed out to us because it’s important that we maintain the highest possible standards for the information we produce.”
Curtis, who fielded the emails from Health COO Matt Yannopoulos, initially declined to make any changes, and defended the accuracy of the original post. Wong asked what changed after that.
“What changed was, the key issue was then the [technically incorrect] statement that the [My Health Records Act] represented a significant reduction of the legal threshold,” said Heriot.
“However, having then been directed to the Privacy Act, I noted … that the Australian Privacy Principles, on very similar terms, authorise but do not compel a private medical practitioner to release information for an enforcement purpose.”