by Chris McCormack

News Weekly, August 11, 2018

The Federal Government’s My Health Record is not fit for purpose, according to many health professionals, and raises serious concerns over patient privacy.

By October 15 this year, every Australian will have a My Health Record, unless they opt out before-hand. According to myhealthrecord.gov.au, over 5.9 million Australians already have a My Health Record (MHR).

The MHR scheme’s apparent benefit is that a person’s medical record will be amalgamated online, just the touch of a button away. Doctors will be paid by the government to upload the medical record of their patients while patients can also upload their medical record. The default setting will give all your healthcare providers access to your medical record. But to quote a former prime minister, MHR will not be “the suppository of all wisdom” as it will not always be an up-to-date or accurate summary of the patient’s health record as it relies upon medical practitioners or patients to upload all relevant information. Chair of the Royal Australian College of General Practitioners’ Expert Committee for eHealth and Practice Systems, Dr Nathan Pinskier, told Healthcare IT News Australia, “The current model of requiring GPs to create a shared health summary to a cloud repository does not in itself provide an immediate value proposition in the eyes of the GP.” He added, “most of the clinical information needed by a patient’s GP is usually already available without the need to access an external source.”

However, unlike a suppository, the scheme’s initial design was for a person’s MHR to remain in the system until 30 years after their death, even if subsequently cancelled by the patient. And according to the MHR website, a person’s MHR “may be accessed by us for maintenance, audit and other purposes required or authorised by law”. In response to sustained concerns from the medical fraternity, Health Minister Greg Hunt announced on August 31 that the MHR of patients who opt out after their MHR is created, would be deleted. We can only hope this statement reflects the reality of how the system will operate, but it will be nigh on impossible to know if the government still has access to cancelled MHR’s.

This is “Big Brother” government at its worst. Doctor-patient privilege would be rendered meaningless as pharmacists and government employees would have access to a person’s medical record. Former Queensland Premier Campbell Newman told the ABC: "The idea that public servants and other departments and statutory bodies should be able to get into your information is completely unacceptable, it is just not on."

In July, Healthengine, one of MHR’s partner apps was found to be divulging patient information to third parties, including legal firms.

Former Human Rights Commissioner and Federal Liberal MP Tim Wilson has publicly opted out of MHR, saying that the scheme should be an opt in rather than an opt out system. Current Human Rights Commissioner Edward Santow has expressed concern saying, "I think we can do better…We definitely are saying that there are problems with My Health Record", adding that debt collectors chasing unpaid medical bills could have access to a person’s medical record. "That is not necessarily something that people would willingly sign up to", he said.

Then there is the possibility of patient data being hacked or misused. Sixty-three data breaches were reported to the Office of the Australian Information Commissioner in the first six weeks of the new mandatory notification scheme launched in February 2018. Nearly a quarter of the breaches came from health service providers with 51 per cent of all reported breaches the result of human error, more than 40 per cent the result of criminal attack and 3 per cent due to system faults.

The electronic data breach of Aviation ID Australia’s website which contains security sensitive data used to issue aviation personnel access ID to security sensitive areas of all of Australia’s airports came just days after the Association for Virgin Australia Group Pilots (VIPA) issued a warning to all pilots to not participate in MHR. VIPA president Captain John Lyons (ret) said; “In the age of ‘big data’, VIPA is concerned by the rise in hacking events systematically targeting corporations and government databases. The cyber attack of the Census in 2016, the 2017 hack of an Australian Defence Force contractor and recent ASIC breaches, illustrate the exponential threats created by allowing increasingly more personal data available to government bodies and their industry partners.” It seems that no matter how convincingly the government spins MHR, data breaches of patients’ records will be inevitable, not to mention the possibility of governments using the data for nefarious purposes.

Dr Trent Yarwood, an infectious diseases physician representing advocacy group Futurewise, told ABC that many privacy breaches of health data can be insider threats such as doctors accessing files of high profile patients or celebrities. While MHR allows patients to check who has accessed their medical record, they can only see the organisation that accessed it, not the individual, which could make identifying the person responsible for a breach virtually impossible in a hospital, large clinic, pharmacy or government department.

Health Minister Greg Hunt also indicated on July 31 that the law would be tightened around who could access a person’s MHR. Currently, the Australian Digital Health Agency, rather than a court issued warrant, can determine access by police, the ATO and government agencies to a person’s MHR. A report by the Parliamentary Library says the law governing MHR represents a “significant reduction" in the legal threshold for the release of private medical information to police.

Furthermore, Minister Hunt has recently indicated he may extend the opt out period to assuage concerns that the October 15 deadline does not give people enough time to opt out.

My Health Record represents a palpable threat to the privacy of all Australians and Big Government cannot be relied upon to protect its citizens from harm.

You can opt out of My Health Record by visiting https://www.myhealthrecord.gov.au/