National Cancer Screening Registry raises data privacy concerns

In this speech I talked about the Registry, data privacy concerns, issues about the manner of the entry into the contract with Telstra, and other matters.

Ms BUTLER (Griffith) (13:01): It was very useful to listen to the member for Moreton who, of course, is a very strong advocate for his community and for community access to health care that is quality, that is accessible and that is affordable—and, of course, that is safe and secure for people, including in relation to their privacy. He is a very fine member, and someone who I am very grateful to have as a neighbour in Brisbane because, of course, our electorates border each other. So I wanted to thank the member for Moreton for his contribution on this National Cancer Screening Register Bill 2016

Mr Deputy Speaker Mitchell, as you know, this bill is about the National Cancer Screening Register. Obviously—I think it probably goes without saying, but just to avoid any possibility of doubt—we on the Labor side strongly support the establishment of the National Cancer Screening Register. We also strongly support improvements to cancer-screening programs that the new register will support. But we do hold some concerns about this particular bill. This bill relates to the establishment of the register, and it should be noted that the register will hold people's most sensitive health data, like the results of cervical cancer testing and the results of bowel cancer testing. So, given the sensitivity of the health information that will be contained in the register, it is very important that this parliament gets the framework right. That is why we have such serious concerns about the government's shambolic approach to this legislation.

I think it is really quite disappointing that this government pre-empted the election and pre-empted the legislation coming before the parliament by actually signing a $220 million contract just before the election was called—on the eve of the election being called—to outsource the register to Telstra. We had not even seen the legislation in this parliament when they signed that contract.

It is a massive amount of money—$220 million—and to sign up to a contract in relation to this register without having the legislative framework even before the parliament, and in the dying days of the 44th Parliament just before the election was called, I think speaks for itself. It was deliberately intended to try to lock the government into a position and to try to force that position on this parliament without really any thought being given to the possible ramifications for privacy.

Let's just talk about the sort of information that will be contained on this register. It will have your Medicare number. It will have your Medicare claims information, which could show important information about the appointments that you have had. It would have your preferred GP or other healthcare provider—and there are some people who go to very specific forms of healthcare services and who would not necessarily want that in the public domain.

It has your HPV vaccination status, this data. In other words, it has the status of whether you have been immunised for HPV. It has screening test results and it has cancer diagnoses—very, very highly personal types of data. The sensitivity and personal nature of that data are important to everyone. It is important to everyone that they can be assured that their data will be kept private if it is on a register.

It is particularly important that people do not fear for the privacy ramifications to the extent where they do not go and get the screening done or they do not go and get the testing done because they are so worried about privacy ramifications. So people need to feel that there is a very robust privacy framework in relation to very highly sensitive health information. People need confidence that their privacy will be protected.

For example, Mr Deputy Speaker: as you know, I have portfolio responsibility for equality. I am concerned that this bill will create a framework where highly personal information about a trans man who has a cervix will be kept in this register, and this register will be in the hands of a private firm. I am concerned about that for obvious reasons.

One of the reasons that this is such a difficult issue, of course, is because the government has been completely hopeless when it comes to protecting people's privacy and protecting data. In fact, it was in February 2015 that there was a report of the Parliamentary Joint Committee on Intelligence and Security recommending that mandatory data breach notification legislation be introduced into the parliament by the end of 2015. And it was in March 2015 that the government response to that report agreed to that report. They agreed to that report.

Of course, in the previous parliament we had introduced mandatory data breach notification legislation, but it had not gone through in time before the election and had lapsed. The government then took office in September 2013 and did not even agree until March 2015 to bring forward data breach notification provisions. And it was not until 30 November 2015 that the government produced an exposure draft of its proposed mandatory data breach notification legislation.

That is a very, very long time. More than two years after they were elected, the Attorney-General finally brought forward into the public domain, in draft, proposed mandatory data breach notification legislation. He then conducted a consultation process. That consultation process ended in March 2016. A year after they had agreed to bring forward mandatory data breach notification legislation by the end of 2015, we finally had the end of the consultation process.

After that process, the Attorney-General said, 'Alright—we will be bringing this legislation forward in the winter 2016 settings.' It did not happen, did it? No, it did not happen. There was no mandatory data breach notification legislation brought forward in the winter 2016 settings. The most recent reporting indicates that the Attorney-General is now saying that we will be seeing this legislation in the spring sittings. There was a media report on 4 October in which the outlet reported that Data Governance Australia was calling for the bill not to proceed, but the Attorney-General's Department was saying that it would be introduced in the spring sitting. That remains to be seen, because, as is entirely obvious from the really tortuous process that I have just described, the Attorney-General has been utterly hopeless at bringing forward mandatory data breach notification legislation to this parliament.

We are seeing the consequences of that right now. They have signed a contract with a private firm to host the National Cancer Screening Register well in advance of bringing forward the legislation and even on the eve of the last election, as I mentioned. But there is no mandatory data breach notification legislation in place, so what has happened? There has been an outcry about this bill. I might say that full credit needs to be given to the shadow minister for health. The shadow minister for health is an excellent, tenacious shadow minister who has worked extremely hard to shine a light on the outrageous conduct of this government in relation to the Cancer Screening Register. It was through her work that the concerns about privacy have been raised.

The government has now conceded that she is right to have those concerns about privacy by indicating that it will have legislative amendments to this bill to deal with data breach notification. But they are inadequate amendments. It is very unfortunate that this government thinks it is okay just to have some reporting programs in place, not to the people whose personal information has inadvertently or otherwise been leaked, but to a government agency. The amendments are not good enough. It is because this government has been so completely hopeless when it comes to data breach notification laws that these amendments to this bill have to be brought in in this ad hoc manner.

I mentioned how effective and thorough the shadow minister for health has been in relation to the concerns about this legislation. She has certainly been very, very firm in holding the government to account on all matters to do with health care. This secret contract signing became public on 26 May 2016 in an article in Fairfax. You will recall that the shadow minister, through public comment at the time, made very clear her concerns that this was yet another example of this government's intention to outsource functions of Medicare.

At the time, she blew the whistle on the fact that the health minister was going to try to announce that Telstra would be given control of the private medical details of millions of Australians by being awarded the contract. She made very clear our concerns about the fact that this was going to go to a private firm, when in fact there are not-for-profit entities in existence that already have significant expertise in relation to cancer screening registries. She has been very firm on our concerns about this specific registry, but also on our concerns that this is the thin end of the wedge. The Prime Minister has made no secret of the fact that he wants us all to pay more for our health care, whether it was early support for the GP tax; the couple of billion dollars worth of cuts to health in the form of freezes to the MBS schedule; the hundreds of millions of dollars in cuts to pathology, which will see people needing breast screens or melanoma scans paying hundreds of dollars, or possibly more, for those tests; the increase in the cost of PBS medicines for everyone, including pensioners. There are a range of concerns that we have about this government's approach to hollowing out Medicare and hollowing out universal health care in this country. This idea that you should privatise and outsource the Cancer Screening Registry is another example of that, on top of the privatisation task force that the Turnbull government had previously established.

It is regrettable that the Prime Minister's only plans for Medicare, the government's only plans for Medicare, the Liberals' only plans for Medicare and the Nationals' only plans for Medicare are to hollow it out and cut it. It is a disgrace. What we need in this country is universal health care. What we need in this country is health care that depends on your Medicare card, not on your credit card. What we need in this country is a situation where the circumstances of your birth, your income, your family background and your cultural background do not affect the quality of health care that you can have access to. We will always stand up for those principles, because Labor created Medicare and defends Medicare. The Liberals attack Medicare, but we will always stand up for universal health care.

I want to be very clear about our concerns with this piece of legislation, which I believe I have done. But I am also concerned about the broader questions of data security that arise from this government's failure to bring forward mandatory data breach notification provisions. This is a very, very acute situation, where it is highly personal and sensitive information, like your cervical cancer history, your cancer screening history, your cancer diagnosis history or the question of whether you are a trans man with a cervix. But there are other areas also affected by the failure to bring forward mandatory data breach notification provisions.

 

Specifically, there are concerns about the government's intention to look at outsourcing or privatising some other forms of data that are presently held by government, and, of course, some of those have been in the news recently and are the subject of some controversy.

Beyond speaking about that issue, I do think that this is an opportunity to speak about what a shame it is that this government has so comprehensively stuffed up the process for this bill. There is such strong bipartisan support for a National Cancer Screening Registry. There is such strong bipartisan support for the improvements to the cancer screening program—improvements that will actually see a situation where we will have an estimated 140 additional early diagnoses and preventions of cervical cancer every year. Those are the things that we strongly support for which there is strong bipartisan support. But to have a sneaky process of secretly doing a deal to set up a contract with a private firm before the election was called—on 26 May that become public—well in advance of any legislation tabled in this parliament for debate so that the Australian people could not even see the legislative framework that was going to surround this contract, and then to do so in a way that the health minister had to then rush out and defend it because she had done it behind closed doors and had not been straight with the Australian people, is a very great shame. To have so comprehensively failed to be able to help people in relation to their data security is also a very great shame.

Be the first to comment

Please check your e-mail for a link to activate your account.

Volunteer

connect

get updates