From panic over a possible wholesale leak of Medicare card numbers, to a ‘proportionate’ solution from one of government’s trusted former mandarins, the Turnbull government has decided it prefers the latter.
The government’s respond to the independent review, chaired by Professor Peter Shergold into the sale of potentially up to 14.1 million Medicare card numbers on the so-called ‘darknet’, was published on Friday, indicating a preliminary implementation plan.
Medical professionals will need patient consent before accessing their Medicare details, and patients will shortly be able to request an audit of which medical professionals have accessed their records. The Department of Human Services will communicate the new requirements to health professionals through its usual information channels.
Limits on how many Medicare numbers can be searched will be implemented. However, “The Department will also develop policies that identify circumstances in which the Government or the Chief Executive Medicare may allow a higher limit motion, such as in the case of an emergency or natural disaster.”
There will most likely be a gradual phase out of telephone lines for health providers confirming Medicare eligibility — government only agreed in principle to this recommendation, pending further consultation.
It will, however, be revoking accounts of non-active providers and deregistered health professionals. Over the next three years accounts that still use an older authentication certificate that is vulnerable to a certain range of attacks will be switched to one that is significantly more secure.
Human Services also plans to encourage further public awareness about the importance of protecting Medicare details, both for individuals and organisations:
“The Department of Human Services is developing a Communications Plan and associated Stakeholder Engagement Strategy, to outline public awareness activities to be implemented throughout 2018 and 2019 and on an ongoing basis.
“These activities will encourage members of the public to take a more active role in protecting their Medicare information, including asking why their Medicare information is being collected, and how it will be used and protected. Activities targeted at organisations will remind them of their obligation to protect Medicare information, and consider whether they really need to collect it and how they will store it safely.
“The Department will use existing communication channels to promote these messages to individuals and organisations, including its social media accounts, website, letters and stakeholder liaison. It will also identify government agencies and organisations which are undertaking related communications activities, so that communications activities can be combined for greater impact and similar messaging can be leveraged.