CANBERRA -- The Federal Privacy Commissioner has launched an investigation into the leak of sensitive Medicare information by the Health Department when it made 30 years' worth of data available to researchers.
Data sets relating to the Pharmaceutical Benefits and Medicare Benefits Schemes were removed Wednesday from publicly available databases – and the Health Minister Sussan Ley has apologised to doctors -- after Melbourne University researchers exposed a potential vulnerability.
But in a twist, the actions of Dr Vanessa Teague and colleagues -- who had tipped off the Health Department that they had managed to decrypt some service provider ID numbers attached to service providers and doctors -- could be made illegal.
The Federal Attorney General George Brandis has announced Thursday the government would seek to amend the Privacy Act to make it a criminal offence to publish or disseminate government data which has been "re-identified".
Under Brandis' changes, the researchers who discovered the Health data breach revealed today would be criminals https://t.co/NUgvJXzTZt— Allie Coyne (@alliecoyne) September 29, 2016
Despite the breach, the Health Department insists patient information has not been compromised.
"The data set does not include names or addresses of service providers and no patient information was identified," a Health Department spokeswoman said.
"However, as a result of the potential to extract some doctor and other service provider ID numbers, the Department of Health immediately removed the data set from the website to ensure the security and integrity of the data is maintained.
"No patient information has been compromised, and no information about the health service providers has been publicly identified or released."
The Department of Health is auditing the breach and the Federal Privacy Commissioner Timothy Pilgrim is investigating whether patient privacy has been breached.
"The primary purpose of the investigation is to assess whether any personal information has been compromised or is at risk of compromise, and to assess the adequacy of the Department of Health's processes for de-identifying information for publication," Mr Pilgrim said in a statement.
"I welcome the decision of the Department of Health to immediately suspend access to the data set."
The data sets had been made available for researchers, the not-for-profit sector and health industries to improve health outcomes.
The Health Department said the data set will only be restored when concerns about potential vulnerabilities are resolved.