A joint parliamentary committee has written to Health Minister Sussan Ley to express concerns about the "significant" effect the government's planned introduction of opt-out e-health records could have on an individual's privacy.
In September the government introduced a bill that would amend the existing personally controlled electronic health record (PCEHR) law to enable it to boost its stalled e-health records scheme by creating a record for every Australian by default.
Despite the bill achieving bipartisan support in the parliament, the committee - chaired by Liberal MP Phillip Ruddock - has raised a number of concerns about the implications of the reforms.
Currently, an individual must proactively register for a PCEHR account before their medical records are uploaded.
If passed, the bill will allow health authorities to automatically set up online accounts for an initial pilot group of participants using names, addresses and health identification numbers from the Medicare database.
The Department of Health has planned trials of the new opt-out approach, and will expand the scheme to all Australian healthcare recipients should the trials prove successful.
The bill also expands the mandatory reporting regime for information security breaches and introduces new penalties for unlawful disclosure of information.
Under the new law, the e-health records scheme would also receive an official name change from the PCEHR to My Health Record.
However, the parliamentary joint committee on human rights said the bill raises significant privacy concerns that require explanation from the government.
It questioned whether the opt-out approach was a justifiable limit of privacy for individuals.
"To be capable of justifying a proposed limitation of human rights, a legitimate objective must address a pressing or substantial concern and not simply seek an outcome regarded as desirable or convenient," the committee, which includes five Coalition members, three Labor MPs, one Greens and one independent MP, wrote [pdf].
"Increasing the number of people using the My Health Record system, in an attempt to drive increased use by healthcare providers, may be regarded as a desirable or convenient outcome but may not be addressing an area of public or social concern that is pressing and substantial enough to warrant limiting the right."
The MPs said while the safeguards for those who actively register for a My Health Record - which include access and notification controls - were adequate, there was little detail on how the department planned to communicate to individuals that they'd been signed up to the scheme automatically.
The bill also doesn't include safeguards to ensure individuals are given enough time to opt-out, the committee said, and there is no ability for individuals to erase their record once it has been created.
The committee argued there were no legislative safeguards to ensure people would be appropriately notified of their impending registration to the scheme.
Additionally, it wasn't clear why the current opt-in model hadn't worked, the MPs said.
The committee has written to the Health Minister to ask for evidence that the objective of the opt-out approach addresses a "pressing or substantial concern or whether the proposed changes are otherwise aimed at achieving a legitimate objective".
The MPs also asked whether the limitation on privacy was a reasonable and proportionate measure for the achievement of the government's e-health records objective.