Legislative Assembly for the ACT: 2005 Week 11 Hansard (Thursday, 22 September 2005) . . Page.. 3523 ..
The bill proposes to include minimum prescribed time frames for keeping health records. At present the current act does not proscribe a minimum period of time for keeping health records. The proposed amendments to the act will prescribe a minimum standard for retaining health records: for persons 18 years of age or more, seven years from the date the last entry was made and, for persons less than 18 years of age, seven years from the time the person turns 18.
The time frames proposed in the bill are consistent with the National Health Privacy Code, as well as current practice. It is also a reasonable time in which any clinical issue may arise. In relation to children, the time frames proposed will allow them time to bring a legal action once they are legally able to do so as an adult. The time frames proposed are a minimum standard and other legislative or administrative requirements can override them. There may be occasions where it is appropriate to keep health records for a longer period or, for example, when a patient has had a hereditary condition or a complex medical history or complex event. As the time frames are a statutory minimum, there may well be other circumstances where it is appropriate, or even obligatory, to maintain health records for a longer period of time, for example, in relation to genetic information. These situations will not be affected by the proposed time frames in this bill.
The proposed amendments in the bill also include a similar provision to the National Health Privacy Code in relation to the destruction of ACT health records. The National Health Privacy Code makes it clear that people or organisations who are not health service providers should destroy or de-identify personal health information once it is no longer needed. In this bill it proposed to impose an obligation on people or organisations to destroy such information once it is no longer needed, as opposed to the current provisions requiring them to take only “reasonable steps” to destroy the records.
The National Health Privacy Code also requires the record keeper to create and maintain a register of destroyed, deleted or transferred health records. The proposed amendments in this bill include a similar requirement to the code for the current act. This register will help ensure that health records are only destroyed, deleted or transferred in accordance with the destruction schedule. These amendments will also allow the consumer certainty about whether or not their health records exist.
The bill also seeks to enhance the provisions to protect a consumer’s privacy when third parties access health records. Under the current act a consumer may authorise another person to access his or her health records. However, in many instances, a consumer is asked to sign a generic authorisation allowing an organisation to access all health information, regardless of its relevance. The proposed amendments in this bill will provide consumers with more control over the parts of their health records accessed by third parties by enabling them to specify which aspects of their health records can be accessed.
The amendments in the bill provide that this can be done by means of an approved form, which will be in two parts, the first part relating to the person seeking the information about the consumer and the second part detailing the information requested, the consumer’s agreement to the request and any conditions the consumer wants to place on access to, and use of, the information. In this way the consumer’s right to privacy in respect of his or her personal health information can be protected.