Digital Health Legal
Back to Contents

Volume: 4 Issue: 7
(July 2017)

australian government launches medicare number accessibility review following alleged breach australian government announced 10 july 2017 commissioned review accessibility


Share This Page

Australian Government launches Medicare number accessibility review following alleged breach

The Australian Government announced on 10 July 2017 that it has commissioned a review into the accessibility by health providers of Medicare card numbers, following the recent public discussion about an alleged data breach brought to light on 3 July 2017 by the Guardian Australia, which involved the alleged trading of Medicare card numbers online in exchange for cryptocurrency. According to the media release from Minister for Human Services Alan Tudge and Minister for Health Greg Hunt, the Australian Government wants to ensure that there is increased security in place in a system that is important to both patients and doctors. The Review team will specifically examine the balance between convenience and security to determine its adequacy in today’s context.

Minister Tudge launched a departmental investigation, referred the incident to the Australian Federal Police, and temporarily suspended Medicare cards as a proof of identification, after a Guardian Australia journalist alleged that he was able to buy his Medicare card number from the dark web for less than $30. Alongside the launch of the review, which will commence immediately, the Australian Government has taken the opportunity to re-emphasised that a Medicare card number alone cannot provide access to any medical or clinical records.

Since the alleged breach became public the Australian Government has been very vocal in its attempts to calm the public response to the allegations. Minister Tudge has given several interviews stressing that it is the Medicare card number only that is being bought and sold online and that the card number alone cannot provide access to anybody’s health records. Tudge commented in a national radio interview with Fran Kelly on 5 July 2017 that anyone that suggests otherwise is “deliberately scaremongering in my view.”

Under the Australian Privacy Principles, the Government must take reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modifications and disclosure, which includes health data. Toby Patten, Partner at Baker McKenzie LLP, believes that a loss of public trust in digital health services following the breach may well cause a reluctance to use digital health services in the short term, but that the Government has taken steps to reassure the public that other digitised health data services such as the My Health Record have not been breached. “The Government has assured that the security in place for the My Health Record data has multiple layers and pointed out that there have not been any data breaches,” said Patten. Australia’s My Health Records system, previously known as the Personally Controlled Electronic Health Record, will move from an opt-in to an opt-out system in 2019, and allows an individual’s doctors, hospitals and other healthcare providers to view the individual’s health information, in accordance with that individual’s access controls. Individuals are also able to access their My Health Record online. The Government is set to expand the My Health Record system on a national scale over the next two years as it moves to an opt-out model.

“These incidents should act to make people more aware of cyber security issues, with a resulting increase in pressure on governments and other organisations to ensure that their cyber security measures are strong and effective,” said Patten. “Rather than hindering the digitisation of health services, criminal activity will force agencies to innovate and collaborate to ensure that criminal activity does not occur.” Despite this, Patten notes that the importance of the Government’s response to this incident is still very significant, as “any digital method of storing health data would bear a similar risk. Regardless of what method is used, the Government and its agencies must ensure that appropriate cyber security measures are in place.”

The review will report by 30 September 2017.

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to digital health legal
Subscribe to digital health legal
Register for a Free Trial to digital health legal
Sign up for e-mail alerts
digital health legal Pricing

Social Media

Follow digital health legal on TwitterView digital health legal LinkedIn Profiledigital health legal RSS Feed