The Australian Medical Association (AMA) has called on governments to legislate stronger protection for health data, particularly from the tech sector and insurers.
The AMA issued a data governance position statement [pdf] in which it said that a “connected healthcare system” would improve patient outcomes, but must be “based on the principles of “data safety, data quality, data privacy and data portability.”
Protection and data ownership should be based on the General Data Protection Regulation (GDPR) models of the EU and UK.
The position statement noted the expansion of multinational technology companies into Australia, and called on the government to protect Australians’ health data by legislating to protect patients’ ownership of their health data.
“The AMA considers the use of patient health data to increase the profits of privately owned
entities, that are custodians of patient data, [to be] unethical use of data and is strongly opposed to this”, it wrote.
The only acceptable reason for disclosing and sharing patient data, the AMA said, is a patient’s health.
Initiatives it identified as allowable include: “health research, health policy analysis, health service program development and delivery, best practice health care, public health initiatives and the identification of unmet health service demand.”
The insurance industry is singled out as needing a policy response, to make it clear that insurers are custodians of patient data, rather than owners of it.
“As data custodians they must not be allowed to share or use these data outside the limits set by the national legislation,” the AMA wrote.
Software companies’ penchant for giving themselves broad rights in contract terms should also be reined in.
“Clinical software providers must not be allowed to impose conditions on doctors’ access to patient data or impose shadow ownership of data by entering clauses in agreements with medical practices,” the AMA wrote.
“Such behaviour is unethical and must be deemed illegal.”