Australia
Is the use of telehealth permitted?
Yes, telehealth is permitted in Australia.
Prior to the COVID-19 pandemic, there were limited situations where telehealth could be used for the delivery of healthcare services in Australia. This was largely due to Medicare (Australia’s publicly funded universal healthcare system) restricting registered healthcare providers to delivering their services from a registered location (i.e., their medical practice), and limiting the availability of government subsidies for telehealth consultations to patients in rural and remote communities where pre existing provider-patient relationships existed.
On 30 March 2020, in response to the COVID-19 pandemic, the Health Insurance (Section 3C General Medical Services – COVID-19 Telehealth and Telephone Attendances) Determination 2020 (Cth) ("Telehealth Determination") came into force. As a result of the Telehealth Determination, a range of healthcare services delivered via telehealth that previously could not be subsidised under Medicare (including e.g., standard general practitioner consultations) became eligible for subsidy. That is, a variety of telehealth services became available at no cost to the patient under Medicare.
When the Telehealth Determination was first introduced, it permitted the delivery of healthcare services via telephone or video-conferencing to patients where there was no pre existing provider-patient relationship (although an existing relationship was preferred).
The Telehealth Determination was subsequently amended so that from 20 July 2020, telehealth general practice providers are required to have an existing and continuous relationship with a patient in order to provide telehealth services. Therefore, at present, unless an exception applies (e.g., the patient resides in an area where their movement is restricted by a public health requirement or the patient is less than 12 months old), a medical practitioner can only provide telehealth services to patients who have seen the practitioner for a face-to-face service in the last 12 months, or have seen another medical practitioner at the same practice for a face-to-face service during the same period.
Although the Telehealth Determination was scheduled to be revoked on 30 September 2020, the Australian Government announced a series of extensions of the Telehealth Determination, meaning the Telehealth Determination will now be in force until 31 December 2021.
Please also see Anticipated reforms regarding future plans for the permanent adoption of subsidised telehealth services in Australia.
Australia
How is telehealth regulated?
There are currently no laws or regulations specifically relating to telehealth in Australia. Existing laws and regulations relating to the provision healthcare apply to telehealth. However, various regulatory and industry bodies across the healthcare profession have released guidance notes on delivering services via telehealth.
For example, Australian Health Practitioner Regulation Agency ("AHPRA"), the federal body responsible for regulation of healthcare professionals in Australia has published on its website a telehealth guidance for practitioners ("AHPRA Guidance").
The AHPRA Guidance states that all registered health practitioners can use telehealth as long as it is safe and clinically appropriate for the health service being provided and suitable for the patient.
The AHPRA Guidance also observes that no specific equipment is required to provide telehealth services and that services can be provided through telephone and widely available video calling apps and software. However, the AHPRA Guidance continues to note that free versions of applications (i.e. non-commercial versions) may not meet applicable laws for security and privacy and practitioners must ensure that their chosen telecommunications solution meets their clinical requirements, their patient’s or client’s needs and satisfies privacy laws.
The Medical Board of Australia has also published online "Guidelines for technology-based patient consultations" to complement the existing "Good Medical Practice: A Code of Conduct for Doctors in Australia". Similarly, the Royal Australian College of General Practitioners ("RACGP") has published a "Guide to providing telephone and video consultations in general practice".
Australia
Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?
A range of healthcare services can be provided to patients as telehealth services including:
- general practice consultations;
- specialist consultations (ranging from consultations with psychiatrists to with surgeons);
- allied health services (e.g., psychology, physiotherapy, chiropractic, podiatry, dietetics); and
- mental health services.
The Australian Government recommends videoconference services as the preferred approach for substituting a face-to-face consultation. However, audio-only services can be offered if video is not available. No specific equipment is required for the purpose of providing Medicare-compliant telehealth services.
Australia
Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?
As discussed in Availability of Telehealth, at present, generally only telehealth services where there is an existing and continuous relationship between the medical practitioner and patient are subsidised by Medicare and made available at no cost to the patient.
In relation to healthcare services that are outside the scope of Medicare, where previously, prior to the COVID-19 pandemic, private health insurers generally did not reimburse claims for healthcare services delivered remotely, an increasing number of private health insurers are now permitting claims for telehealth services accessed by their members. However, what is permitted varies from insurer to insurer and is dependent on the terms and conditions of the policy.
Australia
Do specific privacy and/or data protection laws apply to the provision of telehealth services?
Australian privacy and surveillance laws are generally applicable to the provision of telehealth services in Australia.
At the Federal level, the core privacy legislation is the Privacy Act 1988 (Cth) ("Privacy Act") and the Australian Privacy Principles ("APPs"). State and territory legislation broadly aligns with the Federal framework. The Privacy Act regulates the collection, use and disclosure of personal information, defined as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not. All personal information collected in the course of providing a health service, including information or an opinion about the health of an individual and their wishes about the future provision of health, is considered health information under the Privacy Act. Health information is sensitive information, which is granted additional protections under the Privacy Act and APPs, due to its significance and the potential harm that could result from misuse. Telehealth services are identified as a health service provider under the Privacy Act.
To comply with the Privacy Act and the APPs, telehealth service providers must handle all patient information in a manner that complies with their legal obligations. In particular, health information can only be collected by lawful and fair means, and generally only with the patient’s (express or implied) consent and where the information is reasonably necessary for providing a health service to that patient. Certain exemptions do apply to "health service providers" (including telehealth businesses), such as where the collection is necessary to provide a health service and is either authorised by law or it is collected in accordance with confidentiality rules established by competent health boards or medical bodies. Consent is also not required where information is collected or disclosed in order to prevent a serious threat to life, public health or safety. Health information can only be collected directly from the patient unless it is not reasonable or practical to do so. There are also similar consent restrictions on the use and disclosure of health information, and typically higher standards of security are also expected.
Surveillance laws operating at the federal, and state and territory levels will also be relevant where, for example, telehealth providers intend to record the provision of services to patients. At the federal level the Telecommunications (Interception and Access) Act 1979 (Cth) makes it an offence to intercept or access private telecommunications without the knowledge of those involved in that communication. State and territory surveillance laws also prohibit the recording of private conversations without the consent of the participants to that conversation. In practice, telehealth service providers would need to ensure that all participants to recorded conversations have provided their express consent to any such recording.
Australia
How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?
Cross-border transfers of telehealth data that contain personal information within the meaning of the Privacy Act must comply with APP 8. In short, a telehealth business must not transfer an individual’s personal information to a recipient in an overseas location without having taken steps as are reasonable in the circumstances to ensure that the recipient will not breach the APPs (e.g. by putting contractual protections in place), or otherwise being satisfied that the recipient is subject to a law or binding scheme that has the overall effect of protecting the health information in a manner that is substantially similar to the Privacy Act and APPs. Otherwise, a patient’s consent is required to any cross-border disclosure.
Where a telehealth business intends to transfer personal information outside of Australia, it is also required to include this information in its Privacy Policy as part of the notification obligations set out in APP 1, for example by stating that collected information may be transferred overseas, and to the extent possible, identifying those recipient locations.
Australia
Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?
The Office of the Australian Information Commissioner ("OAIC") is the regulatory body that monitors compliance with the Privacy Act and the APPs. At present there is limited specific guidance from the OAIC, other than its 2019 "Guide to health privacy" – which confirms that health services provided via the internet or telehealth constitute "health service providers" within the meaning of the Privacy Act.
Other government and regulatory bodies have issued guidance which addresses the security of telehealth data. For example, the Federal Department of Health has issued a "Privacy Checklist for Telehealth Services". This checklist provides high level guidance on key obligations, including obtaining patient consent, disclosure of cross-border transfers, privacy notices, and ensuring that other "relevant measures" (such as end-to-end encryption, multi-factor authentication, etc.) have been adopted in accordance with guidance made available by bodies such as the Australian Cyber Security Centre.
Australia
Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?
As discussed above, the Telehealth Determination has been extended and thus will be in force until 31 December 2021.
On 27 November 2020, the Australian Minister for Health announced that universal, whole-of-population telehealth services will be made available permanently in Australia. However, the details regarding the telehealth arrangements that will be made permanent have not yet been published. It is understood that this is still being considered by the Australian Government and more information will be forthcoming. Therefore, whether the current regulatory regime for telehealth services will be made permanent, or a different version of operations will be introduced, remains to be seen.
We are not aware of impending legal reforms in the area of privacy and data protection that specifically targets telehealth and, as outlined in Data security obligations, current guidance from medical regulatory and industry bodies refer back to existing laws. As telehealth takes root in the Australian medical sector it is possible that specific regulation and guidance on these issues may be developed to boost the current obligations set out in the Privacy Act (and applicable surveillance laws), but there has been no public indication to date that such developments are imminent.
Australia
