Have you Noticed Your Control of Your Personal Private Information is Vanishing?

In this article I am going to suggest that the race to maximise Government intrusion in citizens lives is presently being comprehensively won by the UK (with its multi-biometric compulsory national ID Card). Even worse, in the last day or so we learn from e-Health Insider that the UK Government wants to move to link many of its databases to simplify administration and reduce errors – to ensure not a single move you make goes unrecorded!.

The US is presently managing to come second in my view with the vagaries of the US Health Insurance Portability and Accountability Act (HIPAA) permitting large amounts of identified health information to move between service providers and payers with essentially no control on the part of the individual, almost daily leaks of identified information on the web or from mislaid lap-top computers and recently discovered privacy invasions such as warrantless wiretaps and covert house searches on the basis of perceived protection of “National Security”.

Sadly, however, we also now have our own Governments working out how best it can catch up and minimise the number of barriers that exist to a complete individually detailed dossier being built on all of us.

In previous articles I have made the point that it seems to me that unless citizens are certain private health and, possibly more important, genetic information can be safely confided to healthcare providers, with essentially no risk of disclosure, virtually all efforts in the e-health domain will be put at risk. Simply put citizens will not confide in organisations and individuals they do not feel they can trust.

The lack of trust that exists in the community has been made clear by two recent events.

On January 21, 2007 the Australian Privacy Foundation announced the 2006 Orwells which are awarded for the worst privacy intrusions of the year. The awards went to the following – as reported in their press release:

“The ‘Orwells’ as they are known around the world after the author of ‘1984’, have been awarded for privacy intrusions including:

electronic health records without consent, leading BBA judge Dr Roger Magnusson to warn that “[this] could threaten public trust in what could be an immensely valuable tool for improving both individual and population health"

• negligent disclosure of international financial transactions to US authorities

• the ‘access card’ – in reality a national identity card

• a business that uses GPS units to track junk mail deliverers

‘reverse search’ phone directories, outflanking their supposed prohibition

• insensitive collection of sexual health data in a university research study

• federal legislation that turns thousands of private sector employees into government snoops

• call centre nurses interrogating employees about sick leave


Commenting on the overall awards, BBA judge Laura Sigal said “The more our information is available to the prying eyes of government and corporate interests, the less freedom we enjoy."

It is of note that violations in the Health Sector featured so prominently and that the first listed (HealtheLink) was noted as having just the risk I have identified in earlier blog articles.

The second event has been the release of an initial batch of comments regarding the exposure draft of the Human Services (Enhanced Service Delivery) Bill 2007 just a few days ago. The Office of Access Card received over 120 submissions responding to the draft bill.

It is interesting that the Access Card was nominated for the People’s Choice Award Orwell.

Big Brother Award judge Dean Wilson felt this well-deserved for the: “relentless campaign of disinformation and doublespeak surrounding the Access Card project.”

On the basis of the submissions made so far it would seem the campaign has not satisfied the concerns of virtually all interest groups, except those with something to sell to Government.

Among those who offered many criticisms were all the ‘usual suspects’ who have had long standing concerns about the whole project (The Privacy Foundation, EFA etc) but also some much less aligned entities such as the AMA, the Privacy Taskforce set up by the Access Card program and even the Office of the Commonwealth Privacy Commissioner (OCPC).

Among the major concerns raised were (besides the near universal condemnation of having a truncated consultation period over the Christmas / New Year period):

1. The drafting of the Bill has left a lot of important, highly privacy sensitive issues, up to the discretion of the bureaucrats without providing firm legislative direction as to how things are to be done.

2. The Bill says the citizen owns the physical Access Card but the Data held is owned by the Commonwealth. It is totally unclear just how anyone is assisted by that.

3. The fact that Medicare payments require use of the Access Card meant that for all practical purposes virtually everyone would need a card and that it really is a de-facto National ID Card.

4. The lack of strength in the wording of the draft Bill that the card was not to be an ID Card. As it stands it says “It is not an object of this Act that access cards be used as national identity cards”, rather than something like “It is an object of this Act to ensure that the Access Card is not used as and does not become a national identity card.”

5. The apparently expanding (and unannounced until now) amount of information to be displayed on the front of the card (title, Date of Birth, Place of Birth etc) which is turning it more and more into an ID Card.

6. The lack of appeal mechanisms from Government decisions in a number of areas.

7. The apparent inability of citizens to block access to address information to protect themselves from harassment, stalking, attack and so on.

8. The apparent liability of a clinician who asks whether they can have your Access Card to access your (voluntary) health information to huge fines and gaol.

9. An apparent lack of clarity on the retention policy regarding identity documents which are provided to achieve registration. Not deleting them would create an unprecedented database on most of Australia’s citizens which has not existed previously.

10. Apparent conflict between the Draft Bill and current practice as to what age an Access Card can be issued to an individual.

11. Total failure to appreciate delivery of services that are to be reimbursed but which need to be provided anonymously (e.g STD services, HIV Testing etc) for the protection of the individuals privacy and to ensure treatment is sought.

There are obviously many more details that could be discussed but from this list it is clear to me that the proposed legislation is deeply flawed and needs to be re-thought based on a much narrower expectation of what the card is to do (i.e. provide access to services) and not what it may morph into unless more clearly defined (i.e. a National ID Card).

All these issues are, of course, separate from the concerns of those who fear all this numbering and identifying the Australian citizenry is simply an unwarranted and dangerous intrusion into individual’s rights to personal privacy and autonomy. We in Australia are ever so lucky to have both the Access Card Project and NEHTA busily working away to allocate us all a range of apparently un-co-ordinated identifiers! Frankly it is a farce.

It seems to me the concerns of entities such as the OCPC, the AMA and the Access Card Privacy Task Force should be taken exceptionally seriously and if they are not fully addressed by alterations to the proposed Bill the public should be more than a little concerned.

Without being apocalyptic about it there is a real sense that some core Australian freedoms are under threat with this present draft. There is also a real risk that the vulnerable and the infirm will fall through the cracks and suffer disproportionately if all their possible problems are not fully and sensitively addressed.

David.

0 comments:

Post a Comment