The Australian Privacy Commissioner has launched a public inquiry into the privacy implications of health information being collected by health service providers and their data brokers.

Read moreThe inquiry, to be chaired by former Federal Health Minister Greg Hunt, is seeking to answer the questions: How is health information collected and used?

How is the information collected used?

What are the protections for personal data?

The inquiry was launched to understand the privacy consequences of the introduction of mandatory health data retention laws, which were passed by the state and territory governments in May 2016.

The laws require health information providers and data brokers to store a maximum of 18 months’ worth of data on each person they hold.

Currently, the Federal Government’s national health data repository is a voluntary service run by the Commonwealth.

It is also accessible to the public through a subscription to the National Health Data Service.

However, a lack of data retention rules has resulted in data collection being limited to certain health services and organisations.

Under the current arrangements, the Commonwealth’s health data has been shared by a range of entities including Commonwealth departments, state and local government agencies and other bodies.

The current rules are currently being reviewed by the Privacy Commissioner and will be updated in the new Parliament.

It follows a recent report from Privacy Commissioner Mary-Ann Glendinning which found the current laws are failing to protect the privacy rights of individuals.

“It is critical that the Privacy Act continues to provide clear protections for the privacy of individuals and their information, particularly for the most vulnerable,” Ms Glendins report said.

“The current Privacy Act does not provide for a system for individual privacy that protects against the collection, use and disclosure of information without reasonable justification, and for the establishment of reasonable restrictions on the disclosure of personal information, including for purposes of research and other academic purposes.”

In addition, the report also found that the current data retention arrangements are inadequate to protect personal information from being misused, and that the lack of safeguards was “inadequate” to safeguard health information.

“There are clear concerns about the adequacy of the current safeguards and there is evidence that health information breaches could occur in the absence of the protections,” Ms Gendins said.

The inquiry is expected to report in late 2017.