IN AUSTRALIAN HEALTHCARE
PETER SUMMONS
BRIAN REGAN
This paper illustrates some of the potential risks that may arise through the application of big data processing and data mining applications when applied to Healthcare data within Australia. This is only possible when a common linking factor exists and can be used to aggregate the many repositories of data collected for an individual. Using the specific case of Australia and the international understanding of big data in healthcare, the paper posits that the risks are international but that the perception of risk has a dependence on culture and attitudes and that the treatment, extent and effect of risk is determined differentially by a country’s existing laws and its perception of future risk due to new applications of big data.
1. Introduction
‘Big Data’ can be structured or unstructured and is associated with multidisciplinary processing systems designed to provide analytics to aid decisions in diverse areas such as business, government and healthcare. The Commonwealth of Australia defines it as “high-volume, high velocity and/or high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight, decision making, and process optimization” (Commonwealth of Australia, 2013, p. 8). Estimates of a growth in data production indicate that it is being created at a rate of 2.5 quintillion bytes per day, that in 2013 90% of all the data in the world had been created in the previous two years, and a 2012 estimate of data in healthcare was about 500 petabytes with a predicted growth to 25,000 petabytes by 2020 (Hernon &
Williams, 2014).
The new applications we develop to use big data and the new applications we create to deal with it present both new opportunities and new challenges The duality in the nature of big data usage, where it can be viewed being capable of being used for both good and bad purposes, for example: when it is used to quickly detect insurance fraud but can also be used to support unethical use of private information for insurance companies to reduce risk; or when big data analytics are used in a genomic database to identify more genomes and the genomic data may reveal a condition in a patient that can be treated early but the genomic data can also be used to link to other databases and facilitate health identity theft. The Australian government recognises the risks that are inherent in attaining the benefits of big data applications. It advises that big data initiatives in Australia must consider all aspects of the processes involved in big data, including data capture, storage management, data access, data sharing, and data analysis (Commonwealth of Australia, 2013).
2. Big Data in Healthcare
Hernon and Williams (2014) provide a systematic review of big data and established a categorisation of its uses within healthcare. Using specific search terms relating to big data and health, such as clinical decision support, health care delivery, health services, health care admin, consumers, patients, behaviour, clinical data management, Electronic Health Records (EHR) and public health, they selected 40 final articles published within the previous 14 years for review. They pointed out the difficulty of using specific health terms in their literature search and felt that the small number of final publications selected for the review indicated that ‘big data within healthcare’ was a new and
articles. From their initial literature search they categorised the uses of big data in healthcare into five broad areas: administration and delivery; clinical decision support; clinical information; behaviour/consumer; and a general category of support information. Their analysis indicated that the main drivers for a lot of the research were to utilise big data in predictive analysis of disease and in cost reduction. And also strongly identified that the EHRs would be integral in some of the data analytics uses of big data in health. In their conclusions they pointed out that big data Provides a picture of the disparate and diverse uses of big data in healthcare. This indicates that today, its use is not systematic but opportunistic. The potential is being explored though these initial uses, and demonstrates a promise of rapid expansion and exploration in a proliferating data environment. (ibid). They also identified the link between big data and the EHR, indicating that it was the
“intelligence” for EHR’s and pointed out the responsibilities and risks involved in its governance as including data governance of the data sources, data content, data quality, data consistency, data access and security, user training, and data stewardship (Shaw, 2013, in Hernon & Williams, 2014, 41).
Processes that deal with big data need to consider the different dimensions of data: its volume (scale of data) presents problems of data storage and management; its variety (different forms of data) presents problems in that the format can be structured, semi-structured or unstructured; its velocity (the frequency that the data is produced) presents problems for processing and analysing changing data; its veracity (uncertainty in the quality, relevance and meaning of the data) presents problems in the and predictive value in its use for analysis and prediction; and finally its value as to the worth of its use as information or knowledge to decision makers (Hernon & Williams, 2014).
3. Background: Australian Government and Laws
The Commonwealth of Australian is made up primarily of six states:
Queensland (Qld); New South Wales (NSW); Victoria; South Australia (SA);
Western Australia (WA); and Tasmania, and two Territories: the Northern Territory (NT) and the Australian Capital Territory (ACT). The Australian Federal government governs the whole of Australia, its six States and two Territories (Commonwealth of Australia Parliamentary Education Office, 2015). The Federal, or national, Parliament is composed of two bodies, a Lower House (the House of Representatives), which introduces Bills and proposes Federal Laws and an upper house (the Senate), which has to ratify the Bills introduced by the lower house before they become law.
There are also State and Territory Parliaments that, apart from the state of Queensland and the two Territories, are composed of upper and lower houses.
The states are sovereign entities, although subject to certain powers of the Commonwealth as defined by the Constitution and can pass their own laws for their responsibilities as defined by the Australian Constitution.
3.1. Risk of Loss or Misuse of Personal Health Data
Prior to the Commonwealth Privacy Act of 1988, which is a Commonwealth or Federal (national) law, there was no common privacy law in Australia and some states of Australia had no privacy laws at all. NSW, Victoria and the ACT all have legislation that regulates the handling of personal health information in the private sector. This means that health service providers and others in the private sector in those jurisdictions are required to comply with both federal and state or territory legislation in relation to personal health information.
Prior to March 2014, Australia’s 1988 Commonwealth Privacy Act of Australia required private organisations to comply with a set of ten National Privacy Principles. In March 2014 the act was amended to include the Enhancing Privacy Protection Act (2012). This replaced the 10 National Privacy Principles with Australian Privacy Principles and required more stringent privacy policies for organisations (Australian Commonwealth Privacy Amendment, 2014).
State or territory privacy laws regulate state and territory public sector providers, such as public hospitals. The Privacy Act is generally applicable to organisations operating in the private sector and the relevant state or territory law applies to those operating in the public sector. In situations where there is a mix of private and public sector providers across both private and public sector sites, such as co-located public and private hospitals, the legislation that is applicable depends on who holds the records. For example, if you work in a public hospital, the records will be managed by the hospital and covered by local legislation. If you retain records of that information for your private practice, the Privacy Act would cover those records. (Australian Government, 2015a).
The amendments to the 1988 Privacy Act clarified the term “genetic information”, which is now defined as 'genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual' amongst other things and also defined Health information as a form of ‘sensitive information’ for the purposes of the Act, as is genetic information about an individual that is not otherwise health information. Sensitive material is given special protection under the Act”.
A 2010 review of Australian federal, state and territory regulations and programs found “little evidence of privacy complaints or breaches in health research, but significant concerns about consent and de-identification appear to persist in the community” (O’Keefe and Connolly, 2010, 537). The study indicated that excessive privacy regulation has a negative effect on pubic health research. However it identified that the primary responsibility for privacy lay with researchers and advised researchers to take privacy into account when designing their research studies, participant’s information statements and the participant consent processes. Unfortunately many clinical practitioners either are not fully aware of the implications of data misuse, or do not take it into consideration. For example, in a research study into the practice of taking pictures of patients in a 350-bed Australian tertiary referral hospital, a survey (N=167) and interviews (N=8) of doctors and nurses revealed that 20% used personal phones to take and store photographs and that only 6% would dispose of the photos as dictated by the hospital Records Disposal Schedule. The study indicated that “non-compliance with written consent requirements articulated in policy was endemic” and that “Labelling, storage, copyright and cultural issues were generally misunderstood, with a significant number of clinicians risking the security of patient information by storing images on personal devices.” (Burns et al., 2013). Whilst clinical photography is useful in clinical diagnosis, it is done when patients are in a vulnerable state and should be obtained in an ethical manner that takes into consideration the patient’s ownership of the data and consent for its collection, storage, access, disposal and use. Even for patients who provided written consent, the doctor-patient relationship may put pressure on the patient to comply with having their photo taken as part of their treatment. The non-compliance with data disposal policy and the use of personal devices and photo storage, with an easy ability to share data via the internet make the possible compromising of personal patient data problematic. The patient may not even recognise the extent to which they grant access, in much the same way as computer users do not always read the fine print and give consent to contracts and operating system agreements without fully realising the implications (Colloc, 2015).
The Australian government initiated an eHealth record system, the Personally Controlled Electronic Health Record (PCEHR) System, in July 2012 (Australian Government, 2015b). This was reviewed in 2013 (Australian Government, 2013a). In a similar fashion to an earlier access control scheme proposed by the authors (Summons, 1998) but without a smart-card as an access mechanism, the PCEHR contains detailed access levels and access permissions for groups and individuals to an individual’s personal health data (Australian Government, 2013, 52).
The PCEHR was considered with a balance between an individual’s privacy and the benefit to medical research of individual health data access and disclosure. Consideration of privacy issues was of major concern in the development of the PCEHR project with draft guidelines on privacy management released in 2008. The most contentious issue was that of patient consent to the process, with the conclusion after much consultation of an ‘opt- in’ model for inclusion of patients in the scheme. This introduced a significant cost to the system, as health professionals were required to explain the benefits and the registration process to patients. This has been an overhead largely forced to be absorbed by general practitioners/primary care physicians and thus reduced the incentive for these practitioners to engage with the project. At the present time the take-up of the PCEHR has been fairly unsuccessful, with only one in ten consumers signing up for the scheme by May, 2015 (Australian Government, 2015c). By contrast an earlier pilot PCEHR project conducted by the NSW state government was given explicit legislated exclusion to allow an
‘opt-out’ registration process. This meant that patients in specific chronic health categories were automatically enrolled and sent a letter with action described for withdrawing from the process. The high final numbers in the pilot trial compared to the newer national PCEHR, reflect the concern people have about their privacy but the relatively low effort they will expend to withdraw. The national PCEHR privacy policy was driven more by reticence at a political level than by the complexities of process implementation.
4. Big Data Collection and Misuse
Monitoring tools have been proposed in many health applications. Cruz- Cunha (Cruz-Cunha et al., 2013) proposed an example of a pervasive multiplatform tool for mobile devices, designed to alert patients to do routine health tasks, such as taking medicines, but also to monitor and report the health status of patients using the concept of the EHR. The tool proposal was to allow some manual control of the data access by the patient but also some automatic. The proposal identified that risks were involved in the use of such a tool for data collection and reporting, specifically indicating that, if data from the National Immunization Program table of the Ministry of Health of Brazil were included, Health Plans should be removed as they acknowledged that
“leakage” of information, either electronic or physical, was a possibility with dangerous consequences (ibid, 425-426).
Colloc (2015) illustrated some of the potential dangers that may arise through the application of big data processing and data mining applications when applied to Healthcare data within France. This is only possible when
there exists a common linking factor that aggregates the many repositories of data collected for an individual.
The Identity Theft Resource Centre (ITRC, 2015) reports breaches of data and identity theft in the USA. It indicated that the second largest number of data breaches occurred in the medical/healthcare (245 data breaches involving nearly 120 million records from Jan-Nov in 2015). Organisations such as insurance companies can gain benefit from access to individual’s health information but also hackers can on-sell an individual’s comprehensive medical data that may allow access to clinical procedures using a stolen identity.
Estimates of $80 billion spent each year on healthcare in the United States is associated with fraud, with half of that fraud tied to medical identity theft (McGee, 2014). Unfortunately, identity theft can be difficult and costly to the real person to rectify and may also result in a loss or delay in access to medical procedures for the real person until the false identity is rectified.
The nature of these medical insurance complications with the threat of loss of coverage for particular illnesses or termination of coverage for a high cost patient are obviously a function of the policies at the core of a health care system. This is where the particular mix of public universal health insurance and private top-up health insurance in Australia makes a significant impact on the above risks. From the introduction of private health insurance, the national government has legislated that a policy of “community rating” is applied. This ruling is little understood by many in the community, but it means that health insurance policies can only have a flat rate for all members. There can be no exclusions based on patient history or higher premiums based on age or personal health status. Ironically the only impact of age on premiums is that these are lower for individuals aged over 65. This is not because their risk of health costs is lower but because the government provides a fee subsidy to encourage older retired citizens to maintain private health insurance.
Rajaretnam (2014) indicates that there are several threats to privacy and confidentiality of medical data in Australia.
Loss of control over the collection of personal health data.
Australian states have created government patient tracking systems and are using them to create personal health profiles of individuals. The use of Bio- sensing devices, such as a RFID, wearables and smart-phone technologies to collect health data is increasing and patient consent may not be required to collect the data. The patient may not be aware of the data gathered, the systems into which the data may be entered, or of its future usage.
Increased level of opportunity for data transfer and linkage
Computerised databases facilitate fast matching of digital health and medical data, utilising data matching and manipulation. While the data may be meaningless in context, the utilisation of linkage identification, such as through genetic identification using DNA or biomarkers makes identification of diversely stored health information of an individual a possibility.
Use of Inaccurate or Incomplete Health Data
The collection of data into a central database may be incomplete or even inaccurate (Australian Law Reform Commission, 2008). Individuals may not be able to access, or the ability to correct, data regarding themselves and this may lead to them being assessed or evaluated based on incorrect information.
Inappropriate Use of Individual Data
Data may also be misused, for example when it is used to build a profile that may be utilised for discriminatory purposes, such as discrimination of employment opportunities as is the current case when personal Facebook profiles of job applicants are examined by potential employers prior to a job interview. The job applicant may have perceived this data as being private and potentially secure information. However the reality is that the data is potentially publicly available data and only considered secure in the sense that an applicant would not willingly divulge it in some social settings, such as the job interview.
Personal data may also be provided to organisations that may make a financial gain from the data, such as insurance companies who might use genetic or health data to evaluate risk and to marketing groups who might target individuals in advertising campaigns. As indicated previously the risk assessment is not legally allowed to be related to health insurance, but can modify life insurance.
4.1. Big Data Misuse: Biometric and Genetic Identification
Goskin (1995, 320-321) defines a genetic information infrastructure as a framework for “collection, storage, use and transmission of genomic information (including human tissue and extracted DNA) to support all essential functions in genetic research, diagnosis, treatment and reproductive counselling. There are many non-health related uses of genetic databases, such as the identification of soldiers and plane accident victims remains, paternity identification and detection and post-conviction of criminals. Whilst the benefits of genetic research in the development of new methods to treat disease
are apparent, there are also risks in the creation of genetic databases and their susceptibility to manipulation by data mining and linking to personal data.
When data is collected so that it is non-identifiable or anonymous it cannot be linked to other data and therefore raises no privacy concerns. However genetic data is unique, DNA is a unique marker that points to a specific individual and so the increasing creation and utilisation of genetic databases represents a potential privacy problem for personal and sensitive information about individuals as they have the potential to be linked to multiple other databases. “It follows that non-linked genomic data do not assure anonymity and that privacy and security safeguards must attach to any form of genetic material” (Goskin, 1995, 322).
DNA is not the only biometric marker in use; other unique biometric markers such as fingerprints, retinal data and facial recognition are becoming increasingly utilised in surveillance and identification systems (Rajaretnam, 2014).
Nicol (Nicol et al., 2014) analysed the privacy policies of Australian companies offering direct-to-consumer genetic testing services in the period 2012-2013. Their study indicated that many of the companies did not abide by the Australian Privacy Act of 1988, or the amended Act of 2012. Their study indicated some of the potential risks to security and privacy in genetic testing.
One obvious discrepancy that they cited was the fact that the Privacy Act does not stipulate an age when an individual is judged capable of giving informed consent to the collection and use of their data, but that the Office of the Australian Privacy Commissioner has indicated that “obtaining consent from children or young people is complex and should be dealt on a case by case basis,” {ibid, 177).
The rise in the number of direct-to consumer genetic testing companies, from none in 2003 to sixteen in 2014, and also the proliferation and availability of genetic data “Genetic tests, once the exclusive province of the medical practitioner in diagnosing a small number of conditions, have become routinely available and can be ordered online by asymptomatic individuals from companies located around the world, without any direct involvement from the health care profession. “ (Nicol et al., 2014, 151). The largely unregulated marketplace in which the Direct-to-Consumer (DTC) testing companies operate has led to bans on DTC companies from overseas countries, such as Germany, and the Australian Medical Association (AMA - the governing body for general practitioners and doctors in Australia) to support the ban.
The AMA indicates that one of the barriers to the protection against mismanagement of genetic information is the identification and clarification of
what data falls within its definition. International confusion on this matter as well as past uses of genetic material for discriminatory purposes in the identification of genetically unfit instigated a private members bill, the Genetic Privacy and Non-Discrimination Bill, to be put to Australia’s Federal Parliament in 1998. The Bill included provisions relating to consent, ownership and discrimination, as well as privacy and clarified the distinction between genetic privacy and general privacy. However the Australian Senate did not pass the Bill and it did not become law. Nicol’s study (Nicol et al., 2014, 179) concluded that the problems of genetic security was compromised due to the global nature of the testing industry unless there were provisions to ensure data security safeguards to cover cross-border and international testing situations.
4.2. Big Data Misuse: Wearables and Mobile Data Collection Devices In an interview with the ABC, David Vaille from the cyberspace law and policy community at the University of New South Wales expressed concern over the widespread use of wearables and apps that had not been covered by the privacy act because many are owned and designed overseas and might not indicate where data is being stored, where it is going or exactly what it is going to be used for. Similarly, Professor Deborah Lupton, a researcher in big data and health at the University of Canberra indicated that data might be harvested from social media interactions, wearable devices and apps, when people voluntarily upload the data to the web. (Brennan, 2015).
A survey (N=3679) of Healthline readers reported that more than 50% used one mobile health app. Of these, more than 45% of wearable and mobile app users were worried that hackers may try to steal their personal health information. (Mills, 2015). This perception is reinforced by reports of hacking of secure data, such as the Ashley Martin adultery website hack where hackers accessed and released details of credit cards, e-mail accounts and home addresses of the website’s users.
Apart from the perception of risk through external hackers, employees of medial centres could gain information on patients that may be of benefit to life insurance companies.
Radio frequency identification devices (RFIDs) can be attached to objects to track movements. These are useful in tracking drug supplies from their point of origin to their destination, but they could also be used for monitoring applications, such as vehicle tracking. They have been trialled for baby identification and prevention of baby abduction in some American hospitals.
The potential for risk seems small and the future benefits of item level tracking
(a specific item rather than a class of products) are being reported, such as tracking an individual food item and providing an alert when it reaches its use- by date, however there is still no definitive standard for item-level identification of drugs. RFID’s have the potential to be a mechanism that adds a person’s vehicle movement data to linked data from other databases and the item-level applications of the future may provide the ability to add linkage capability to identify individual’s data: Personalized radio-frequency identification (RFID) tags can be exploited to infringe on privacy even when not directly carrying private information, as the unique tag data can be read and aggregated to identify individuals, analyse their preferences, and track their location. This is a particularly serious problem because such data collection is not limited to large enterprise and government, but within reach of individuals. (Park, 2011).
The utilisation of RFID’s in future applications needs to be carefully thought- through to examine the potential risk of exposure of data and ensure that sufficient safeguards are employed to not only protect the security and privacy of the data itself, but also to look at its potential privacy risk to an individual if used as linkage information.
4.3 Big Data Misuse: Electronic Health/Medical Records (EHR/EMR) While the EMR may provide clinical benefits by tying together patient data stored in disparate hospital systems, it may also result in unwanted consequences. For example, a small quantitative study of the introduction of the Electronic Medical Record (EMR) in a hospital reported “a decrease in face-to-face communication between doctors and nurses and worsened the overall agreement about the plan of care.” (Taylor et al., 2014).
Accenture conducted a Patient Engagement Survey (Accenture, 2014) of 10,730 individuals of both chronically ill consumers and healthy consumers (those not chronically ill). The survey was conducted across 10 countries:
Australia, Brazil, Canada, Italy, Japan, Norway, Singapore, Spain, United Kingdom and the United States. The chronically ill consumers included those suffering from asthma, arthritis, cancer, COPD or related respiratory condition, depression, diabetes, heart disease, high blood pressure, clinically diagnosed obesity, osteoporosis, and stroke. The survey found that, while 87% of chronically ill consumers felt that they wanted control over their personal health information, only half believed that they had any control, although there was differentiation in the perceived level of control and the concern about individual privacy with their EMR depending on the categorisation of illness.
For example, 72% of those with heath disease were concerned as opposed to 61% of those with diabetes. Interestingly, consumers with chronic conditions
ranked their concern s of privacy invasion more highly for online banking, online shopping and credit card use in stores over the risks from the EMR.
Access to information and perceptions of trust were found to be important in relation to the privacy perceptions of the EMR. According to the Accenture 2014 Patient Engagement Survey, of those consumers with chronic illnesses, not knowing how to access their individual medical records was the most reported (55%) reason for not accessing their medical record. Interestingly, 17% of consumers with chronic conditions surveyed (and 31% of those with cancer) indicated I trust that my medical records are accurate, so I don’t need to access them. (Accenture, 2014).
There is also a problem of completeness of the EHR. Personal health data that might be amalgamated or linked may not contain all data of the person and the use of incomplete data in predictions or patient decisions may provide inaccurate, and possibly dangerous, results. The many different privacy laws health data can be subject to in Australia makes the possibility of incomplete linkage a distinct possibility.
Deloitte’s 2013 review of the PCEHR recommended a change to an opt-out scheme and mandatory, or at least opt-out, participation of providers (Deloitte, 2013). The review also indicated problems of the scheme that included:
restricted or limited access to an individual’s online health data by disadvantaged groups, such as handicapped and computer illiterate people; the problems of the management of data access, such as consumers wanting to set durations and granularity of access; the issue of personal control versus incomplete data when problems arise if incomplete data is stored, such as can occur if all providers are not participating or if patients can delete or block some of their personal data; and the policy determination of the management for data of opt-out consumers.
Countries that have a complete EHR system, such as Sweden with a 96%
availability of EHR’s in hospitals, have privacy laws that manage it. In Sweden the Patient Data Act of 2008 governs access for EHRs. However, the complexities of access are governed and simplified by providing access to the overall medical record and so does not have the problems caused by the level of autonomy and control for individuals that the PCEHR does.
A change in the Australian personally controlled EHR model, the PCEHR, from an opt-in to an opt-out system will be trialled in two sites ain 2016. This means that approximately 1 million patients who will be included in the trials would need to actively ask not to be part of the trial or else their data will be shared. The ultimate aim of this is for the EHR to contain health details of every Australian unless they chose to opt-out of the system.
5. Discussion
The authors (Summons & Regan, 1998) posited a personal health identifier system that was a combination of a centralised repository of personal health data and a smart-card access mechanism that was carried by individuals. The system employed a scheme where an individual set different access levels to personal health data to control access by third parties. An individual could categorise their health data and specify different levels of security to be applied to the different categories. They could then specify differential levels of access to these levels for general classes of individuals, such as ambulance officers and first responders, general practitioners (private practice doctors), hospital doctors and hospital staff, as well as to categories of family members. Access could also be granted to specific individuals. This scheme allowed an individual’s health data to be seen by different doctors and so provided mobility of service for a person, enabling the movement of patients through the health system accompanied by their health records. The scheme had problems in that a universal health record was not then available in Australia and the formal standards for the content and even the format for proposed health records were still being debated.
Park (2006) proposed a similar concept that used a personalised RFID- tagged medical card as the access mechanism to patient health data for hospital data management systems. Patient’s health data was stored on the card and transferred to a hospital’s central system on patient entry to the hospital. Real- time data on patient tracking and treatment was then stored and was accessed through a hospital kiosk system using the individual RFID. In a similar approach to the earlier system of Summons and Regan (Summons, 1998), Park’s system also categorised the health data into different levels of access to control individual patient privacy. The privacy management system was actually implemented in a medical emergency room. Park acknowledged the limitations in scalability of his scheme due to the issues of compatibility with different hospital systems.
With the advent of the Cloud, data is now being stored remotely and is potentially accessible outside the normal security of intranets. Whilst not belittling the benefits of big data applications in healthcare, this paper has concentrated on some of the risks that may occur in the use of big data. The technical problems of the EHR and the utilisation of big data applications on the health data can be overcome. However, the evidence from different implementations of the EHR in different countries are typified by their different considerations of the problems of privacy, security, governance and data collection for their citizens. The clinical benefits of private data collection
and big data applications are balanced on the perceived risk of privacy violations and this becomes an issue that is dependent on the cultural perceptions as well as the legal infrastructure pertinent to a specific county. If it is not possible to legally mandate all providers to collect data then the risk of incomplete data ensues and this may have legal ramifications if that data was used to make a clinical decision.
Australia is going through a process of establishing a national EHR system and is also undertaking trials of effectively engaging both consumers and providers. The authors believe that consideration of generic access permissions of specific categories for health data would allow clinical benefits if consumers and also clinicians were made aware of the destinations and potential uses that applications may make of the consumer’s personal data. This data would not be controllable by consumers but would be publicly available and constitute a complete record of aspects of health. Other personal health data could still be controlled by the individual and regarded as private with controlled access. If applications require access to this data then it would need to undergo some form of anonymising process so that potential privacy threats were not exposed. In Australia, with the personal freedom and the right to privacy demanded by the culture and upheld by legislation, there can be no complete solution to big data intrusion. With the increasing complexity and growth of big data applications, new laws will need to be considered on an ongoing basis to protect against risk scenarios, such as private overseas organisations gathering health data from Australian citizens and on-selling it or making it public. The first step in that direction is to establish a clear national policy on what private health data is required to be protected and what the balance is between the use of privacy mechanisms to protect an individual’s health data and the national priority for its use in clinical applications and advancement.
This paper has shown, some of the health data management problems and some of the applications of big data in healthcare in Australia. It can be seen that the risks are international but that the perception of risk in Australia, even when presented with evidence from other countries, has a dependence on its culture and past attitudes and so the treatment, extent and effect of risk perceived by big data is determined differentially by its existing laws and its perception of future risk due to new applications of big data.
References
Accenture. (2014). Insight Driven Health: Consumers with Chronic Conditions Believe the Ability to Access Electronic Medical Records Outweighs Concern of Privacy Invasion, Accenture Corporation, accessed 29th Nov, 2015 at
https://www.accenture.com/us-en/~/media/Accenture/Conversion- Assets/DotCom/Documents/Global/PDF/Industries_11/Accenture- Consumers-with-Chronic-Conditions-Electronic-Medical-Records.pdf Australian Commonwealth Privacy Amendment. (2014) Privacy Act 1988
(Commonwealth) (‘Privacy Act') schedule 1, as amended by the Privacy Amendment (Enhan6ng Privacy Protection) Act 2012 (Commonwealth) ('Enhancing Privacy Protection Act’) schedule 1 c1ause 104 Commonwealth of Australia.
Australian Government. (2013) Review of the Personally Controlled Electronic Health Record, accessed 29th Nov, 2015 at http://www.health.gov.au/internet/main/
publishing.nsf/content/17BF043A41D470A9CA257E13000C9322/$File/F INAL-Review-of-PCEHR-December-2013.pdf
Deloitte. (2013) Report to the Commonwealth Department of Health on the public consultation into the implementation of the recommendations of the Review of the Personally Controlled Electronic Health Record, Australian Department of Health, accessed at 29th Nov, 2015 at http://www.health.gov.au/internet/main/
publishing.nsf/content/17BF043A41D470A9CA257E13000C9322/$File/R eport%20-%20Consultation%20on%20PCEHR%20Review%20
Recommendations%20-%20Sep2014.pdf
Australian Government. (2015a) Business resource: Handling health information under the Privacy Act: A general overview for health service providers Office of the Australian Information Commissioner, Accessed 29th Oct, 2015 at:
https://www.oaic.gov.au/engage-with-us/consultations/health-privacy- guidance/business-resource-handling-health-information-under-the-privacy- act-a-general-overview-for-health-service-providers
Australian Government. (2015b) Personally Controlled Electronic Health Records Act 2012, Australian Government ComLaw, Accessed on 29th Oct, 2015 at:
https://www.comlaw.gov.au/Details/C2015C00075
Australian Government. (2015c) Patients to get new myHealth Record: $485m ‘rescue’
package to reboot Labor’s e-health failures, Commonwealth of Australia, accessed 29th Nov, 2015 at https://www.health.gov.au/internet/ministers/
publishing.nsf/Content/health-mediarel-yr2015-ley050.htm
Australian Law Reform Commission (2008). For your Information: Australian Privacy Law and Practice ULRC Report 108, p. 402.
Brennan B. (2015). Health, fitness apps and devices worry privacy experts due to data mining issues, The World Today, Accessed 30th June, 2015 from ABC Radio Australia at: http://www.radioaustralia.net.au/international/2015-04-28/
health-fitness-apps-and-devices-worry-privacy-experts-due-to-data-mining- issues/1441086
Burns K., Belton S. (2013). Clinicians and their Cameras: Policy, Ethics and Practice in an Australian Tertiary Hospital, Australian Health Review, Vol. 37, p. 437-441.
Colloc J. (2015). Big Data, Human Trace and Profiling CCS’15 World eConference:
Conference on Complex Systems, Tempe, Arizona, Sep-Oct.
Commonwealth of Australia (2013). The Australian Public Service Big Data Strategy:
Improved Understanding through Enhanced Data Analytics Capability. Canberra, Commonwealth of Australia.
Commonwealth of Australia Parliamentary Education Office (2015) accessed 25th Oct, 2015 at http://www.peo.gov.au/learning/fact-sheets/three-levels-of-law- making.html
Cruz-Cunha M.M., Miranda I.M., Goncalves P. (2013). Handbook of Research on ICTs and Management Systems for Improving Efficiency in Healthcare and Social Care, ICI Global, Hershey, USA.
Gostin L.O. (1995). Genetic Privacy, The Journal of Law, Medicine and Ethics Vol. 3, No. 4, p. 320-330.
Hernon E., Williams P.A.H. (2014). Big Data in Healthcare: What is it used for?
Proceedings of the 3rd Australian eHealth Informatics and Security Conference, Dec, Perth, Western Australia.
ITRC (2015). Identity Theft Resource Centre, accessed 29th Nov, 2015 at http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html Laurie G. (2002). Genetic Privacy: A Challenge to Medical-Legal Norms, Cambridge Press.
McGee M.,M. (2014). Why Hackers are Targetting Health Data, Data Brach Today, accessed 29th Nov, 2015 at: http://www.databreachtoday.asia/hackers-are- targeting-health-data-a-7024
Mills D. (2015). Consumers Like Weaarable Technology but Worry About Data Security, Healthline. Accessed at http://www.healthline.com/health- news/consumers-concerned-about-privacy-personal-health-data-wearables- mobile-apps-072815 on 29th Nov.
Nicol D., Hagger M., Ries N., Liddicoat J. (2014). Time to get serious about privacy policies : the special case of genetic privacy. Federal Law Review, Vol. 42, No. 1, p. 149-179.
O’Keefe C., Connolly C. (2010). Privacy and the Use of Health Data for Research, Medical Journal of Australia, vol. 193, No. 9, p. 537-541.
Park N. (2011). Customized Healthcare Infrastructure Using Privacy Weight Level Based on Smart Device, Proceedings of the 3rd International Conference on Computational Collective Intelligence (in Lee, G., Howard, D., Slęzak, D. (Eds.): ICHIT 2011, CCIS 206, Springer-Verlag Berlin Heidelberg, p. 467-474).
Rajaretnam T. (2014). Data Mining and Data Matching: Regulatory and Ethical Considerations Relating to Privacy and Confidentiality in Medical Data Journal of International Commercial Law and Technology, Vol. 9, No. 4, p. 294-310.
Summons P.F., Regan B. (1998). Secure Access Mechanisms for an Electronic Patient Medical Record, HIC’98 Health Informatics Conference: Working together for an Electronic patient Record, Brisbane, Australia July. In: Thelander, Neil (Editor);
Bennett, John M (Editor); Ward, Michael (Editor). HIC 98: Proceedings. Brunswick East, Vic.: Health Informatics Society of Australia, 1998: [109-115]. Availability:
<http://search.informit.com.au/documentSummary;dn=925728370987531;res=IE LHEA> ISBN: 0958537011.
Taylor S.P., Ledford R., Palmer V., Abel E. (2014). We Need to Talk: an Observational Study of the Impact of Electronic Medical Record Implementation on Hospital Communication, British Medical Journal Quality and Safety, Vol. 23, p. 584-588.
