Rushed VIC Government Health Database Law Raises More Questions Than Answers

The Victorian government’s “Health Legislation Amendment (Information Sharing) Bill 2021” was rushed through its first Parliamentary vote on 13 October 2021 raising lots of unanswered questions for patients, their families and their health care professionals, and triggering the concern of the Australian Privacy Foundation.


“The data collected and linked by the proposed new Victorian government medical records portal will expose to a large number of end-users each patient’s current and historical medical and health information, including information collected from both public and private sector health services, as well as from mental health clinicians and ambulance services – evidently a complete record of every Victorian person’s most sensitive and private information. People will apparently have no ability to consent to or opt-out of the process; to control access to their sensitive information; to limit access (to certain parts of it or to certain people); or to see a complete log of who can see what, and who has seen what.”

Dr. Juanita Fernando, Chair, Health Committee, Australian Privacy Foundation, 13 October 2021

The law will allow the Victorian Government to “establish a centralised electronic patient health information sharing system for participating health services” going back 5 years.

It is understood that every Victorian will be given a unique patient identification number, and that “the Secretary” can request information and the ID number on any patient from the participants, and enforce compliance with this request.

Furthermore, for patients (past and current) of participating health services, having their information being transferred to the centralised government electronic patient record would not be optional. Patient information can be collected, disclosed or used without a patient’s consent.

Section 134ZL, No consent required
(1) A participating health service may collect, use or disclose specified patient health information as permitted or authorised by this Part without the consent of the person to whom the information relates.

(2) The Secretary may collect, use or disclose specified patient health information as permitted or authorised by this Part without
the consent of the person to whom the information relates.

The Bill: https://content.legislation.vic.gov.au/sites/default/files/bills/591263bi1.pdf

The ADF has raised the following questions:

  1. Will doctors and nurses be required to enter information into the system, and how will this impact their current workplace duties and face to face patient care?
  2. To whom will the Government grant access to the information in the central patient record (third party use), and how will this be regulated?
  3. Why are key privacy principles being suspended for this system?
  4. What sort of database technology is involved? How will cybersecurity infiltration, exfiltration or other abuses be detected or prevented?
  5. What will the system cost to set up and to operate, for all participants? And who will be responsible for entering data?
  6. Will the central government health database deter patients from seeking treatment for sensitive medical conditions?
  7. Will this new central system be used to enforce the government’s vaccination policy, or any other aspect of government policy?
  8. Who is responsible/liable for the accuracy, currency, completeness and relevance of the data; or for data breach or abuse and will patients have legal redress for breaches?
  9. Will patients or health professionals be able to require deletion, correction or withdrawal of incorrect, misleading or disputed information?
  10. Will the data be accessible to law enforcement or intelligence agencies, or federal or state bodies enforcing government regulations?

The ADF maintains that quality healthcare requires patient trust and confidence, and appropriate health informatics and high integrity data to aid clinical decision-making.

Unfortunately, governments have a very poor track record at implementing trustworthy systems, which provide quality health information whilst maintaining the confidence of doctors and patients. The ADF recommends that the proposal not proceed until these and other key questions are publicly debated, carefully examined and resolved.


Media contact:
Stephen Milgate AM,
CEO Australian Doctors Federation

Media Release

APF: Too late? The new normal, State government slurps up all patient information
Honeysuckle Health: ACCC draft decision cannot stand