House debates
Tuesday, 13 September 2016
Bills
National Cancer Screening Register Bill 2016, National Cancer Screening Register (Consequential and Transitional Provisions) Bill 2016; Second Reading
12:52 pm
Ms Catherine King (Ballarat, Australian Labor Party, Shadow Minister for Health) Share this | Hansard source
I will now speak to the National Cancer Screening Register Bill 2016 and the National Cancer Screening Register (Consequential and Transitional Provisions) Bill 2016. From the outset I want to put on the record that Labor strongly support the policy intent of these bills, which is to strengthen Australia's cancer-screening programs. We support the policy intent of these bills, which is to establish the National Cancer Screening Register, which will replace the nine existing registers and improve prevention, identification and treatment of cancer in Australia. The National Cancer Screening Register will replace the current national register for bowel cancer screening, which is currently undertaken by the Department of Health, and state and territory registers for the National Cervical Screening Program, again undertaken by departments of health or, in the case of Victoria and South Australia, by the Victorian Cytology Service, which has done so, at least for Victoria, since 1989.
I will address the specifics of these bills. They will first and foremost, as I said, establish the National Cancer Screening Register. In fact, slightly different bills were introduced in the last week of the last parliament. I want to flag that, had we been where we understood we were then, these bills would have largely been uncontroversial but they are controversial because of an action that this government took, which I will speak about in a minute.
Addressing the specifics of these bills: they first and foremost establish the register and they authorise the collection, use and disclosure of information for the designated cancers: cervical cancer and bowel cancer. These bills authorise the migration of existing bowel cancer screening and state and territory cervical-screening data to the register, ensuring that existing screening information is retained in the new register. The bills also mandate reporting of screening information on the register. It should be noted that the creation of this register will enable improvements to several cancer-screening programs.
We understand that the National Cervical Screening Program will move from a two-yearly Pap test to a five-yearly cervical-screening test—a recommendation of the independent Medical Services Advisory Committee. Incorporating this change in the National Cancer Screening Register is expected to stop an additional 140 incidences of cervical cancer a year. In addition, this legislation will see the National Bowel Cancer Screening Program accelerate its transition to biennial screening, with Australians aged 50 to 75 to be screened every two years by 2020 instead of 2034. Clinical trials have shown that biennial screening can prevent 300 to 500 deaths a year—again, something Labor very strongly supports.
But a serious question has to be asked of this government: why are these bills being debated today? Why have they been rushed into the House for debate right at this moment? The answer is that the government took a decision some four days before the election was called to actually award the contract for this National Cancer Screening Register to Telstra before this parliament had even had an opportunity to debate the merits of the register, before this parliament had had an opportunity to scrutinise whether the privacy and data protections inherent in these bills and in the decision the government has made are adequate and before there had been any debate about whether it is appropriate for such sensitive data to be placed for the first time into the hands of a for-profit provider.
These cancer-screening programs make sure screening is actually undertaken for the health of women and the health of our nation when it comes to bowel cancer. This is about making sure we have good women's health in this country—the cervical cancer-screening program is a fundamental women's health program—and we have a good National Bowel Cancer Screening Program. This government made the decision four days before the election was called to award a contract to Telstra for the Cancer Screening Register before the parliament had even approved its establishment. There are some serious questions the government has to answer about its process when it comes to that, let alone the merits of the government making a decision—a very big decision, I have to say—to, in essence, put some of the most sensitive health data into the hands of a private telecommunications company. It is a big question and a big call—not one that we, frankly, support.
Indeed, the government are debating this legislation before the Budget Savings (Omnibus) Bill, so you have to wonder what is driving them to rush this legislation through the parliament. One clear factor, as I said, is that they have already signed this contract. It is a $220 million, five-year contract, with an option of a further 10, with Telstra. That is why they have decided they need to rush this legislation through, because they have already done the deal on selling off this information.
On the eve of the federal election, as I said, the government signed that contract. We need to be clear about the legislation we are debating here. This government is rushing it through because it has completely botched the implementation and signed a contract without giving the parliament respect to debate it first. As a result this parliament needs to scrutinise not only the concept of a national cancer register—something we support—but also whether it should be operated by a for-profit provider and the circumstances in which that came about. Interestingly, the minister for health could not bring herself to acknowledge in her second reading speech that the contract for this register had already been signed, let alone that it had been signed with a multinational private corporation. The minister has not acknowledged that in signing a contract with Telstra the government is making an unprecedented move to hand over extremely private health data to a for-profit multinational telecommunications provider.
The new national register is designed to hold extremely sensitive information about every Australian who is eligible for the cancer screening programs. The register is not opt in and an individual will only be able to opt out of the register once it is actually implemented. At the most basic level, it will hold an individual's personal data such as their name, address, contact details, date of the birth, gender and sex. It will also hold an individual's Medicare item number, Medicare claims information and preferred GP or other health providers. This information could, on the surface of it, seem relatively benign; the Medicare data certainly is not. The register will also contain extremely private and intimate health data that is usually only disclosed between a person and their GP and the not-for-profit sector—in the case of Victoria, the Victorian Cytology Service.
The register will record human papilloma vaccination status. It will record every woman's Pap smear screening results. It will record cancer diagnosis. Further to this, the government's own explanatory memorandum says that Telstra will have the information if a person has cervical or bowel cancer, the person has a precursor to cancer or genetic marker that may lead to cancer, a woman has had a hysterectomy or partial hysterectomy, or a person is transgender. It will hold the Medicare item number data for any cancer screening services and tests that someone has undertaken who is on the register. Certainly, this is not information that most Australians would be comfortable disclosing to a telecommunications provider. Labor accept that this information is necessary for the operation of the register but we do not accept that Telstra, with a questionable record of privacy breaches, should have Australians' most private and sensitive health data. We know that many Australians would question the rationale behind giving a for-profit company access to this health data.
The scope of these bills also make it clear that the minister can give Telstra even more information and the register may be expanded to other cancer screening programs into the future. As the explanatory memorandum notes:
With rapidly advancing technology or changes in screening tests, the range of information that needs to be collected may also change and is difficult to predict. This provision allows rules to prescribe additional classes of data to form part of the contents of the Register that is considered necessary to be included in the Register for the purposes of the Register.
So, more sensitive data will not have to come before this parliament to see if it can be added to the register; it will be added to the register once the processes in the bill have been complied with. Telstra themselves have admitted that they already have their eyes on expansion with Telstra Health Managing Director, Shane Solomon, saying:
Certainly we have an eye on the potential of other registries …
This parliament is also tasked with determining not only if Telstra should operate the national register but also if we should give the government power to hand them further undefined personal information. They are serious and obvious concerns and they do require proper scrutiny of this House and the Senate.
The existing cancer screening registers are currently managed by government and not-for-profit organisations, with expertise in managing the registers such as the Victorian Cytology Service, which operates the Victorian and South Australian registers for cervical cancer screening. You have to wonder what the government were thinking when they rushed into signing a $220 million contract with Telstra only four days before the election was called, despite the fact that this parliament had not voted to even establish the register. Telstra is a for-profit company, whereas the intention of the register is to improve the experience of patients and to save lives. As David Vaile, the executive director of the Cyberspace Law and Policy Centre at the University of New South Wales, points out:
Telstra on the other hand is a strong proponent of big data, of open data they're obviously a commercial operation, they're often seeking to use personal information for uses beyond what it was originally collected for and to push the limits of privacy and data protection law.
Telstra has never operated a register like this. The register is far too sensitive to be used as a guinea pig for Telstra's foray into health, which they clearly see as a new and expanding source of profit. You only have to open the newspaper to see that Telstra is struggling with its core business, with significant and numerous network outages this year alone. This is on top of Telstra's questionable track record of keeping data secure. In 2011 the personal details of almost 800,000 Telstra customers were left online for eight months, available for anyone via Google. In 2013 the details of almost 16,000 customers were discovered by an online user by chance, including 1,257 silent numbers. This mob opposite wants to give them Australian women's Pap smear results. That is what this bill is allowing. Under the government's contract with Telstra, that information could have included whether a person had cervical or bowel cancer, whether a woman had a hysterectomy or a partial hysterectomy and whether someone was transgender. There are obviously serious implications about a breach of information of this nature.
In the second reading speech, the minister correctly pointed out that the bill also creates an offence arising from the unauthorised collection, use or disclosure of personal information contained in the register. What the minister failed to mention, in addition to the fact that a contract had already been signed with Telstra, was the size of the penalty in relation to unauthorised collection, use or disclosure. In fact, under these bills, the penalty for recording, using or disclosing information without authority is only $21,600. The penalties for breaching the privacy provisions in these bills are not enough to force Telstra to be more careful. While this amount is enough for a not-for-profit organisation to think twice about how it uses information on this register, for the size of a corporation like Telstra it is an absolute drop in the ocean in terms of penalties. The former secretary of the Department of Health, Stephen Duckett, notes:
The automatic consequences of release of data—inadvertent or not—must be made so great that any risk-management matrix will ensure the organisation and its managers always have patient privacy at the forefront of their mind. It will not be good enough to do the standard dance after the data is released, or inappropriately used, where the contracting organisation (in this case, the Department of Health) tut-tuts, and the contractee (in this case Telstra Health) issues a mea culpa.
The contract should prescribe tough financial penalties that have automatic effect after any data release—
and I would say this legislation should prescribe much tougher penalties—
allowing little discretion for the penalties to be lobbied away with promises of future good behaviour. The contractual penalties need to be strong enough (A$1 million per person identified or data element used, for instance) so management ensures that patients' rights and privacy are protected.
Telstra reported profits of almost $2.1 billion in the six months to 31 December 2015. A $216,000 penalty is simply not enough to put privacy concerns front and centre for Telstra. In addition, as a result of the government's delays, Australians often do not know when their personal cybersecurity has actually been breached, because companies are under no obligation to inform the victims that this has occurred. It might be customary; it is not compulsory. And, as we saw with the previous breaches with Telstra, they did not inform every one of those customers that that had occurred.
Labor introduced mandatory data breach notification legislation back in 2013 to require companies to tell Australians as soon as practicable when their personal information had been compromised, but the incoming government did not proceed with that legislation. In early 2015 the parliament's bipartisan National Security Committee insisted that the government implement mandatory data breach notification legislation by the end of the year. The date came and went with no implementation. In this online age it is unacceptable that after three years the government has sat on its hands, only introducing the legislation to provide the most basic privacy protections last month. Considering the nature of the information this government has decided to give to a for-profit provider, the fact that they do not have mandatory breach reporting is a serious flaw in this government's plan when it comes to the National Cancer Screening Register. It is critical that strong legislative frameworks are in place to protect this information.
Frankly, the government's handling of this contract has been, in signature fashion, completely farcical. After signing a $220 million contract to a for-profit corporate giant only four days before the election was called, the public found out about the contract only when it was reported in the Fairfax newspapers. The minister then left it to the department to defend the government's decision—in a very surprising press release, frankly, given that we were in an election period and the caretaker conventions applied. We never had an announcement from the government. We understand one was proposed and planned on Daffodil Day—there was some proposal around doing that—but the only reason the public found out that the government had decided to award Telstra the contract for this $220 million Cancer Screening Register, with some of the most sensitive data you could possibly imagine, was that a journalist in Fairfax got hold of the story. That is the only reason we knew. Then we had the Department of Health, in the middle of the election campaign, taking the decision to intervene and then defend the government's decision—something which was frankly very, very questionable. The minister left it to the department to come out and defend the contract. Furthermore, the government has not released the contract with Telstra, so we do not actually know the details, other than that, in a briefing from the department, they informed me that there was an option within the contract for a further 10 years beyond the existing five.
The government, frankly, have some serious questions to answer about why they did not provide more information about this contract. There are also some questions, which we will pursue later in another place, around the appointment of a former chief executive of Telstra Health as the new head of the Digital Health Agency and the timing around that announcement—some very serious questions indeed.
Key stakeholders have expressed concerns about the lack of consultation in the government's development of the register, such as Dr Juanita Fernando from the Alfred Hospital's Department of Epidemiology and Preventive Medicine. Dr Fernando said:
Telstra and the government have not talked to doctors, they have not talked to patients, they haven't done any consultation with the people who are going to be most directly affected by the system ...
The peak body for public and not-for-profit hospitals, the Australian Healthcare and Hospitals Association, also expressed concerns about Telstra being awarded the contract. It has had no experience in collecting and managing such an extensive array of national health data and has reportedly approached the Victorian Cytology Service for assistance in establishing the national registry. It begs the question as to how prepared Telstra Health is to manage the health data of millions of Australians.
What is clear is that the cervical and bowel cancer screening programs are the thin end of the wedge. Telstra could take on more and more data, adding more and more risk. As we saw during the election and as we saw prior to the election, this is part of the government's agenda: to put more and more of our public health data into the hands of private for-profit companies. The decision that they pursued from the 2014 budget, from the Commission of Audit on, to privatise the Medicare payment system was a case in point. If this government and this Prime Minister are serious about saying, 'We will not be outsourcing Medicare or anything that is done,' then they will rescind the Telstra contract. We know they are not going to do that, but that is what they would do. If the Prime Minister is to be taken at his word that none of this will be outsourced—none of the existing functions will be outsourced that are currently done by Health—then the government would not have signed the contract or they would rescind it, but we know that they are not telling the truth when it comes to that.
Labor understands that the government's contract with Telstra is for five years, with the option of 10. So, if we get the establishment of the National Cancer Screening Register wrong, we may not be able to visit it for another 15 years. As a parliament, we have clear responsibilities to look at this proposal with thorough diligence and to consider what the impacts will be for well over a decade.
As I said, during the election campaign the Prime Minister said at least 27 times that he would never outsource Medicare, but that is exactly what these bills do. They put Australians' Medicare numbers and Medicare claims information into the hands of a multinational telecommunications corporation. This is just another example of the government's determination to privatise our health system. This is a government that spent $5 million to set up a task force with the express purpose of looking at how you can privatise the Medicare payment system. Now they want to pay Telstra to not only store Australia's most sensitive health data but run the national cancer screening register.
The government has proven time and time again that they cannot be trusted when it comes to health. They have delivered nothing but a track record of cuts and cost shifting from Medicare to patients and privatisation by stealth. The government remains committed to all of its bad health policies that it took to the 2016 election. The government has continued to put profit over patients, and this is exactly why they cannot be trusted and why this parliament should be sceptical of their decision to hand over the sensitive information of millions of Australians to a for-profit company.
While Labor supports the establishment of a national cancer screening register, we have serious concerns about the risks of giving Australians' most sensitive data to a telecommunications corporation that is set up for profit and has never managed a register like this. The question we need to ask is: are we comfortable handing a for-profit provider control of Australia's most intimate health information, such as results of pap smears that allow inferences about a personal sexual status?
Labor will be proposing amendments to the National Cancer Screening Register Bill. These amendments will make it clear that the new national cancer screening register can only be operated by a government or a not-for-profit entity. This would include those who have successfully managed the existing registers: the Commonwealth Department of Human Services, which operates the national Bowel Cancer Screening Program; states or territories, most of which operate the existing registers for the National Cervical Screening Program; or a not-for-profit organisation such as the excellent Victorian Cytology Service, which operates the Victorian and South Australian cervical screening programs.
These amendments will ensure that the integrity and intention of the register is protected. We have the responsibility to protect the integrity of Australians' health data, and to ensure that it is used with its absolute and utter intention, which is to improve the health of all Australians.
Labor looks forward to the register being established, but we do not support the government's absolute decision, before the election, to sign a contract with Telstra before this parliament had even voted to establish the register. They had absolutely no authority on which to do that, because this parliament had not taken a decision as to whether the register would be established or not. They have entered into a contract—I am sure for public purse purposes there better be some protection clauses in there—for something that technically does not exist, because the parliament has not voted to establish it. There was no possible basis on which the government could have proceeded, because they had no knowledge of whether the parliament would proceed with this or not. We had not given any indication whether we would support it or not—neither had any of the other minor parties—and nor had the government even sought that. I move:
That all words after "That" be omitted with a view to substituting the following words: "whilst not declining to give the bill a second reading, the House condemns the government for outsourcing Australians' most sensitive health information—including Medicare data—to Telstra, and before passing the necessary legislation."
No comments