It has recently come to light that the Department of Health may not be so good at securing its data after University of Melbourne academics notified the agency that it's possible to identify individuals in publicly available Medicare datasets. Now the Privacy Commissioner has launched an investigation into the matter.
The Department of Health had made Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) datasets publicly available through data.gov.au to help researchers look for trends in the health space. But after academics from the University of Melbourne flagged that it was possible to identify some of the service provider ID numbers that are linked to doctors, the Department has since removed the datasets.
The Australian Privacy Commissioner Tim Pilgrim has now launched an investigation into the issue:
"The primary purpose of the investigation is to assess whether any personal information has been compromised or is at risk of compromise, and to assess the adequacy of the Department of Health’s processes for de-identifying information for publication."
The Department of Health has stressed that "[n]o patient information has been compromised, and no information about the health service providers has been publicly identified or released".
The Australian Attorney-General has already responded to the privacy concern by introducing a legislation to amend the Privacy Act 1998 that will criminalise the re-identification of anonymised datasets that are published by the Government.
"There is a strict and standard government procedure to de-identify all government data that is published," he said in a statement. "Data that is released is anonymised so that the individuals who are the subject of that data cannot be identified.
"However, with advances of technology, methods that were sufficient to de-identify data in the past may become susceptible to re-identification in the future."
The Privacy Commissioner will publish his findings at the end of the investigation.