Personally Controlled Electronic Health Records (Consequential Amendments) Act 2012 (Cth)
Contents
[
The Parliament of Australia enacts:
This Act may be cited as the
Personally Controlled Electronic Health Records (Consequential Amendments) Act 2012 .
(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.
Sections 1 to 3 and anything in this Act not elsewhere covered by this table | The day this Act receives the Royal Assent. | 26 June 2012 |
Schedule 1 | A day or days to be fixed by Proclamation. However, if any of the provision(s) do not commence by the later of: (a) 1 July 2012; and (b) the day this Act receives the Royal Assent; they commence on the day after the later of those days. | 29 June 2012 ( |
Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.
(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
Insert:
This Act extends to every external Territory.
Insert:
Australian Childhood Immunisation Register means the Australian Childhood Immunisation Register kept under section 46B of theHealth Insurance Act 1973 .
Insert:
Medicare Benefits Program means the program for providing Medicare benefits under theHealth Insurance Act 1973 .
Insert:
participant in the PCEHR system has the same meaning as in thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
PCEHR has the same meaning as in thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
PCEHR system has the same meaning as in thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
PCEHR System Operator means the System Operator within the meaning of thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
Pharmaceutical Benefits Program means the program for providing pharmaceutical benefits under theNational Health Act 1953 .
Insert:
professional and business details of a healthcare provider includes the healthcare provider’s healthcare identifier.
Insert:
registered portal operator has the same meaning as in thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
registered repository operator has the same meaning as in thePersonally Controlled Electronic Health Records Act 2012 .
After “Division 2”, insert “or 2A”.
Repeal the heading, substitute:
Insert:
The service operator is authorised to use, and to disclose to the PCEHR System Operator, identifying information for any purpose for which the PCEHR System Operator is authorised to collect, use or disclose the identifying information under Division 2A.
Omit “must”, substitute “may”.
Insert:
The service operator is authorised to use, and to disclose to the PCEHR System Operator, a healthcare identifier for a purpose for which the PCEHR System Operator is authorised to collect, use or disclose the healthcare identifier under Division 2A.
The service operator is authorised:
(a) to use a healthcare identifier, and identifying information held by the service operator; and
(b) to disclose to the Chief Executive Medicare a healthcare identifier, and identifying information held by the service operator;
for a purpose for which the Chief Executive Medicare is authorised to collect, use or disclose the healthcare identifier under Division 2A.
The service operator is authorised:
(a) to use a healthcare identifier, and identifying information held by the service operator, of a healthcare recipient; and
(b) to disclose to the Veterans’ Affairs Department, the Defence Department or such other Department as is prescribed, a healthcare identifier, and identifying information held by the service operator, of a healthcare recipient;
for a purpose for which that Department is authorised to collect, use or disclose the healthcare identifier under Division 2A.
Omit “is authorised to disclose an identified healthcare provider’s healthcare identifier to an entity”, substitute “or a registration authority is authorised to use, and disclose to an entity, an identified healthcare provider’s healthcare identifier and identifying information”.
After “use”, insert “and disclose”.
Add:
; and (c) to adopt the healthcare identifier as the entity’s own identifier of the healthcare provider for the purpose of enabling the healthcare provider’s identity to be authenticated in electronic transmissions.
Insert:
(1) This section applies if a healthcare recipient or a healthcare provider is applying, or has applied, for registration or is registered under the
Personally Controlled Electronic Health Records Act 2012 .(2) The PCEHR System Operator is authorised:
(a) to collect identifying information of the healthcare recipient or healthcare provider from the service operator; and
(b) to collect the healthcare identifier of the healthcare recipient or healthcare provider; and
(c) to use and disclose the identifying information and healthcare identifier;
for the purpose of verifying the identity of the healthcare recipient or healthcare provider and for other purposes of the PCEHR system, subject to the
Personally Controlled Electronic Health Records Act 2012 .
(3) If the healthcare recipient has an authorised representative or a nominated representative, the PCEHR System Operator is authorised:
(a) to collect identifying information of the authorised representative or nominated representative from the service operator; and
(b) to collect the healthcare identifier of the authorised representative or nominated representative; and
(c) to use and disclose the identifying information and healthcare identifier;
for the purpose of verifying the identity of the authorised representative or nominated representative and for other purposes of the PCEHR system, subject to the
Personally Controlled Electronic Health Records Act 2012 .
(1) The PCEHR System Operator, a registered repository operator or a registered portal operator is authorised to adopt the healthcare identifier of a healthcare recipient or a healthcare provider as its own identifier of the recipient or the provider, so far as is reasonably necessary for the purposes of the PCEHR system.
(2) The PCEHR System Operator, a registered repository operator or a registered portal operator is authorised to adopt the healthcare identifier of an authorised representative or a nominated representative of a healthcare recipient as its own identifier of the authorised representative or nominated representative, so far as is reasonably necessary for the purposes of the PCEHR system.
A registered repository operator or a registered portal operator is authorised:
(a) to collect the healthcare identifier of a healthcare recipient or healthcare provider, or an authorised representative or nominated representative of a healthcare recipient; and
(b) to use the healthcare identifier; and
(c) to disclose the healthcare identifier to a participant in the PCEHR system;
for the purposes of the PCEHR system, subject to the
Personally Controlled Electronic Health Records Act 2012 .
(1) The Chief Executive Medicare, the Veterans’ Affairs Department, the Defence Department and such other Departments as are prescribed are authorised:
(a) to collect identifying information of a healthcare recipient from the service operator; and
(b) to collect the healthcare identifier of a healthcare recipient; and
(c) to use the healthcare identifier and identifying information; and
(d) to disclose the healthcare identifier and identifying information to a participant in the PCEHR system.
(2) The authorisation of the Chief Executive Medicare under subsection (1) is limited to collections, uses and disclosures for the purposes of including, in the healthcare recipient’s PCEHR, information about the healthcare recipient:
(a) that is any of the following:
(i) information that relates to the Medicare Benefits Program or the Pharmaceutical Benefits Program;
(ii) information included on the Australian Childhood Immunisation Register;
(iii) information included on the register administered by the Commonwealth that records the decision made by an individual about whether to become an organ and tissue donor for transplantation after death; and
(b) that the healthcare recipient has consented to being included in his or her PCEHR.
(3) The authorisation of a Department under subsection (1) is limited to collections, uses and disclosures for the purposes of including, in the healthcare recipient’s PCEHR, information about the healthcare recipient:
(a) that is information prescribed by the regulations; and
(b) that the healthcare recipient has consented to being included in his or her PCEHR.
(4) Despite paragraphs (2)(b) and (3)(b), the consent of the healthcare recipient is not required for the uploading of information by the Chief Executive Medicare in accordance with paragraph 38(2)(a) of the
Personally Controlled Electronic Health Records Act 2012 .
The regulations may authorise a person:
(a) to collect identifying information of a healthcare recipient, a healthcare provider, an authorised representative of a healthcare recipient or a nominated representative of a healthcare recipient from the service operator; and
(b) to collect the healthcare identifier of a healthcare recipient, a healthcare provider, an authorised representative of a healthcare recipient or a nominated representative of a healthcare recipient; and
(c) to use the identifying information and healthcare identifier; and
(d) to disclose the identifying information and healthcare identifier to a participant in the PCEHR system;
so far as the collection, use or disclosure:
(e) relates to a collection, use or disclosure of health information that is authorised under the
Personally Controlled Electronic Health Records Act 2012 ; or(f) is reasonably necessary for the performance of a function or the exercise of a power in relation to the PCEHR system.
Insert:
The service operator or another entity may collect, use or disclose a healthcare provider’s healthcare identifier for a purpose relating to the provision of healthcare if:
(a) the healthcare provider has consented to the collection, use or disclosure; and
(b) the collection, use or disclosure is in accordance with any limitations to which the consent is subject.
Add:
(ba) a person (the
contractor ) performing services under a contract between the contractor and the first entity, if:
(i) the first entity is a participant in the PCEHR system, other than a healthcare provider or a contracted service provider; and
(ii) the purpose relates to the PCEHR system; or
After “applies”, insert “or of a contractor to which paragraph (ba) applies”.
Omit “that paragraph”, substitute “whichever of those paragraphs applies”.
Insert:
PCEHR System Operator has the same meaning as System Operator has in thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
registered consumer has the meaning given by thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
registered repository operator has the meaning given by thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
(ba) upload to a repository operated by the Chief Executive Medicare or by another registered repository operator, information about the immunisation of a particular child who is a registered consumer, if the consumer consents to that information being uploaded; and
(bb) give information to the PCEHR System Operator about the immunisation of a particular child who is a registered consumer, if the consumer consents to that information being uploaded; and
Add:
(4) Despite paragraphs (1)(ba) and (bb), the consent of the consumer is not required for the uploading of information by the Chief Executive Medicare in accordance with paragraph 38(2)(a) of the
Personally Controlled Electronic Health Records Act 2012 .
After “
2008 ”, insert “, thePersonally Controlled Electronic Health Records Act 2012 (whether as a delegate or otherwise)”.
After “indemnity legislation”, insert “or the
Personally Controlled Electronic Health Records Act 2012 (whether as a delegate or otherwise)”.
Insert:
(5AA) Nothing in this section, or in the guidelines issued by the Information Commissioner, prevents the PCEHR System Operator including information to which this section applies in the PCEHR of a consumer.
Insert:
PCEHR has the same meaning as in thePersonally Controlled Electronic Health Records Act 2012 .
Insert:
PCEHR System Operator has the same meaning as System Operator has in thePersonally Controlled Electronic Health Records Act 2012 .
[
(265/11) |
0
0
0