Privacy not at risk in Medicare, Centrelink merger: OAIC

Privacy Commissioner, Timothy Pilgrim, said done correctly, internet protocols and secrecy provisions will prevent any privacy risk

The impending merger of Medicare Australia and Centrelink under new legislation will not trample Australians' privacy according to the Office of the Australian Information Commissioner (OAIC).

In its submission to the Senate community affairs committee (PDF) Australian Privacy Commissioner, Timothy Pilgrim - one of three commissioners at the OAIC - argued the merger would continue to ensure citizens' privacy under existing strictures on the way government agencies could use personal information, as well as requirements to ensure secrecy provisions could operate effectively post-integration under the bill.

“In light of the new departmental arrangements, and the increased capacity for personal information sharing under [Service Delivery Reform] programs… It is expected that DHS [Department of Human Services], in consultation with the OAIC and others will continue to have in place appropriate internal protocols for the handling of customers' personal information associated with different programs within [the department],” he wrote.

According to the OAIC, these internal protocols would ensure personal information is only collected or used if authorised by law, with sensitivity in cases such as domestic violence, in line with government policy to seek consent in “any new sharing of customer data”.

The commissioner argued also noted the bill's proposed amendments to the Medicare Australia Act 1973, which would limit required authorised officers to notify patients when examining a record with clinical data.

“The OAIC considers that, from the information provided, the provision appropriately balances privacy protection and the efficient and effective conduct of relevant investigations,” Pilgrim said. “In particular the OAIC notes the extensive security arrangements that apply to such investigations - including legal (eg search warrants), technical (IT safeguards), physical (storage) and operational(eg training and certification).”

The merger of the two agencies into the Department of Human Services, effected under the Human Services Legislation Amendment Bill 2010, forms part of the Gillard Government’s service delivery reform (SDR) program and will result in a consolidation of the agencies’ IT platforms under a single banner led by deputy secretary of ICT infrastructure, John Wadeson.

Despite the bill continuing to undergo examination, the department has finalised some consolidation aspects, virtualising its hosting environment with Macquarie Telecom, and in-sourcing some of the infrastructure of smaller agencies.

However, in its submission to the committee (PDF), the department argued Medicare should be excluded from sharing some clinical health data with Centrelink and other encompassing agencies under the reform.

“The Government is conscious of the need to protect customer data, therefore the individual databases of each agency will not be merged,” the submission reads.

“The Department of Human Services will not use customer information collected for the purposes of one program for another program, unless the use of information in this way is authorised by law and already occurs or, alternatively, the customer gives informed consent to the additional use.”

To deliver the government's reforms, the DHS will oversee the rollout of co-located offices in an effort to extend the portfolio’s reach by providing one-stop-shops in more places. It will also increase self-service options to enable people to manage their own affairs, including through expanded online services.

Follow Chloe Herrick on Twitter: @chloe_CW

Follow Computerworld Australia on Twitter: @ComputerworldAu

Join the CSO newsletter!

Error: Please check your email address.

Tags Office of the Australian Information Commissioner (OAIC)centrelinkgovernmentprivacymedicareDepartment of Human Services

More about BillCentrelinkf2Macquarie Telecom

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Chloe Herrick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place