The revelation in July this year that Medicare card numbers were for sale on the so-called ‘darknet’ — left some in government in a panic. Presumed at the time to be a wholesale leak from too loose controls of health providers’ access to the 14.1 million card records, an expert panel was tasked with reviewing that access.
But the response to this breach of privacy and security needs to be proportionate says the expert panel in its final report, made public on Saturday:
“On the one hand, it is important to ensure access to treatment by all individuals entitled to subsidised Medicare care and to reduce the administrative burden placed on health professionals; on the other, it is imperative to maintain the privacy of personal information and to reduce the potential for fraud or identity theft.”
The experience for Australians and visitors who are eligible for a Medicare card should stay largely the same. The review recommends a tightening of the controls on health professionals with access to Health Professional Online Services (HPOS) and limiting how many card numbers can be requested to a default maximum of 50 per day.
However, the biggest risk of fraudulent access to Medicare numbers is through the phone channels provided by the Department of Human Services. The verbal security check could be easily fooled, and so the entire channel should be phased out, the review recommends.
The review team was led by Professor Peter Shergold, and supported by the head of the Royal Australian College of General Practitioners, Dr Pastian Seidel and deputy chair of the Australian Medical Association Council of General Practice, Dr Kean-Seng Lim. The panel took briefings from the Department of Human Services, Health, Attorney-General’s and the Australian Digital Health Agency, before witnessing the current accessibility of private information for themselves in a DHS call centre and a general practice.
- The Medicare card be retained as a form of secondary evidence for identity purposes.
- The Department of Human Services, working with industry and consumer organisations, undertakes a public awareness campaign encouraging individuals to protect their Medicare card details, and reminding organisations that hold that information of their obligation to protect it.
- As a condition of claiming Medicare benefits on behalf of patients, health professionals should be required to take reasonable steps to confirm the identity of their patients when they are first treated.
- Health professionals should be required to seek the consent of their patients before accessing their Medicare numbers through HPOS or by telephone.
- Individuals should be able to request the audit log of health professionals who have sought access to their Medicare card number through the HPOS ‘Find a Patient’ service.
- The Department of Human Services undertake a Privacy Impact Assessment when implementing the Review recommendations, identifying the impact of changes on the privacy of individuals.
- Delegations within HPOS should require renewal every 12 months, with a warning to providers and their delegates three months before the delegation expires.
- Batch requests for Medicare card numbers through HPOS should be more tightly controlled (50 card numbers per batch request, and only one batch request per day), unless healthcare providers apply in writing to the Chief Executive Medicare, demonstrating a clear business need for a higher limit.
- Authentication for HPOS should be moved from Public Key Infrastructure (PKI) to the more secure Provider Digital Access (PRODA) expeditiously, with the transition completed within three years.
- HPOS accounts that have been inactive for a period of six months should be suspended, following a warning to users after three months of inactivity.
- The process of opening and reactivating a HPOS account should be administratively straightforward.
- The Terms and Conditions for HPOS, PKI and PRODA should be simplified and presented to users in a form that ensures that they fully appreciate the seriousness of their obligations.
- In order to provide greater security and availability, the Department of Human Services should actively encourage health professionals to use HPOS as the primary channel to access or confirm their patients’ Medicare card numbers, and that telephone channels be phased out over the next two years except in exceptional circumstances.
- During the phasing down of the telephone channels, conditions for the security check for the release or confirmation of Medicare card information by telephone should be strengthened, with additional security questions having to be answered correctly by health professionals or their delegates.