Journal of International Commercial Law and Technology
Vol.9, No.4 (2014)
traditionally been recorded in doctors’ surgeries and hospitals. This meant that patients knew exactly what
information they had confided in their doctors, and doctors and hospitals, being bound by ethical and
professional codes of conduct, maintained the confidentiality of patients’ medical data.7 Today, however,
advances in in formation technology and particularly the use of innovative information-harvesting technologies
mean that data collection generally has become almost indiscriminate. Some of these technologies are also being
used in the medical sphere.
Two methods used by agencies and organisations to collect, process an d analyse information are data
matching and data mining.8 Data matching is ‘the large scale comparison of records or files …collected or h eld
for different purposes, with a view to i dentifying matters of interest’,9 while data mining has been defined as ‘a
set of automated techniques used to extract buried or previously unknown pieces of information from large
databases’ about individuals from a number of unknown sources th at may be un authorised.10 In the medical
context, health service providers such as doctors and hospitals are using data matching and data mining
technologies to monitor their patients’ health. Medical researchers are also using such techniques. A growing e-
health industry har vests medical data using sensing and monitoring technologies such as bio-sensing
technology,11 radio frequency identification (‘RFID’) technology12 and smartphones.
Developments in information processing technologies, its use by healthcare providers and the handling of
sensitive healthcare information by healthcare service pr oviders have heightened patient concerns r egarding
privacy in the medical context.13 For example the use of data mining and profiling techniques has raised
concerns about the ethical collection, use and disclosure of data generally and the privacy and confidentiality of
individuals’ personal information, sensitive information and health information.14 As government agencies and
private sector organisations collect and store vast amounts of information generated by the everyday activities of
individuals—for example, surfing the net or renting a car, using an ATM machine or a debit or credit card for
purchases, using a Medicare card when visiting a doctor or hospital, having a prescription filled at the pharmacy
or purchasing medication over the counter—these concerns arise in an ever wider context.
This article examines the ethical management of data including personal information, sensitive information
and health information in the healthcare sector. It offers some ethical and legal perspectives on the privacy and
confidentiality of medical data. The article then considers guidelines and conventions dealing with the pri vacy
of medical information in the international sphere, the current situation under Australian law, and
recommendations of the Australian Law Reform Commission for pr oposed law reform in relation to the ethical
handling of medical data.
2 Data Matching and Data Mining in the Medical Context
7 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 19.
8 Australian Law Reform Commission, (2008) For Your Information: Australian Privacy Law and Practice (ALRC Report
108), vol 1 p. 402.
9 Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (ALRC Report 108)
(2008), vol 1 p. 402-4 [9.48]-[9.54]; Office of the Federal Privacy Commissioner, The Use of Data Matching in
Commonwealth Administration: Guidelines (1998), .
10 Information and Privacy Commissioner Ontario, (1998) Data Mining: Staking a Claim on Your Privacy, p. 4.
11 A biosensor is a detection device that combines a biological component with a physicochemical detector component. For
example, the use by miners of a canary in a cage to warn of gas could be considered a biosensor. Many biosensor
applications today similarly use organisms which respond to toxic substances at a much lower concentration than humans
can detect to warn of the presence of the toxins. This technology has application in the healthcare, agri-food, environment
and security sectors: health/Biosensors-What-are-Biosensors.aspx> (accessed 15 November
12 Radio frequency identification is any method of identifying unique items using radio waves, most usually by means of a
small electronic device consisting of a chip and an antenna.
13 Laurie, Graeme (2002) Genetic Privacy: A Challenge to Medical-legal Norms, Cambridge University Press, p. 19.
14 These terms are defined in s 6(1) of the Privacy Act 1988 (Cth): for definitions see 5.2.1 of this article.