Wednesday, March 30, 2016
The Privacy Commissioner Releases A Large Collection Of New Documents On My Health Record.
I noticed these a day or so ago.
They are termed Privacy Fact Sheets and for some reason they are not numbered in a form that seems to make sense but you can use a single link to see them all - or use the list below.
This section holds fact sheets that give a general overview of a topic or subject area for individuals.
More detailed specific resources for agencies and organisations can be found in Agency resources, Business resources and Guides.
Information about how the Office of the Australian Information Commissioner applies the Privacy Act 1988 can be found in the Privacy law section of this website.
Here is the link:
The important links from the mHR perspective are as follows.
Privacy fact sheet 47: Young people and the My Health Record system (Northern Queensland and Nepean Blue Mountains)
Privacy fact sheet 46: My Health Record system — What to expect in Northern Queensland and Nepean Blue Mountains
Here is a link that takes you to the relevant sheets directly:
The sheet 15 is very interesting:
If you have a My Health Record or are considering whether to get one, this fact sheet explains what to consider over the lifetime of your record.
A My Health Record is an online summary of your health information, such as medicines you are taking, any allergies you may have and treatments you have received. It was previously known as a Personally Controlled Electronic Health Record (PCEHR) or eHealth record.
Your My Health Record allows your doctors, hospitals and other healthcare providers (such as physiotherapists) to view your health information, in accordance with your access controls. You are also able to access it online yourself.
In most parts of Australia you need to actively register for a My Health Record. However, people whose registered Medicare address is in Northern Queensland or the Nepean Blue Mountains will have a My Health Record automatically created for them by the Australian Government. If you are registered as living in either of these areas and don’t want a My Health Record, you will need to opt-out by 27 May 2016.
You can use the postcode checker on the My Health Record website to see if your registered Medicare address is in one of these areas. If it is, you should also receive a letter and brochure from the Australian Government with further information.
This fact sheet is for everyone who already has or will soon have a My Health Record and anyone else who is thinking of registering for one. This includes people whose registered Medicare address is in Northern Queensland and the Nepean Blue Mountains region.
Make sure you understand how the information in your My Health Record can be collected, used and disclosed.
The System Operator is responsible for the operation of the My Health Record system. You can read the privacy statement, which applies to personal information collected by the System Operator for the My Health Record system, online.
If you have any questions about this, call the System Operator on 1800 723 471.
Consider setting your access controls as soon as you register for a My Health Record or have one created for you. It’s a good idea to review them regularly, especially if your circumstances change or you begin treatment with a new healthcare provider. Check your ‘access list’ regularly to see who can access your My Health Record. If the default settings are set, you should know what they are and what they could mean for you. Think about whether you want to restrict which healthcare providers can access your record and what information is included.
Advanced access controls allow you to restrict which healthcare providers can access your My Health Record. You can also restrict access to particular documents. If you set up a ‘personal access code’, healthcare providers will only be able to check if you have a My Health Record and access it if you give them your code. Personal access controls may be overridden in an emergency, if it is unreasonable or impracticable to obtain your consent.
Different healthcare providers will have different information management practices. For example, you can restrict which healthcare providers can see your My Health Record but you cannot restrict access by individual staff members. Find out which areas of the healthcare provider will have access to your My Health Record.
If you don’t want a certain document added to your My Health Record, make sure you tell your healthcare provider. If they have added a document that you don’t want on your record, ask them to remove it. If they refuse, you can remove it yourself by logging in to your record. You can later ask for it to be restored if you choose.
Documents that have been removed will still be accessible to the healthcare provider that uploaded them through their local IT system. This is because they created the documents and can access them on their own local IT system rather than specifically through your online My Health Record. They may also be retrieved for authorised purposes, such as by order of a court. However, once removed from your My Health Record, they won’t be accessible in an emergency so you should consider whether there is any information that could be needed in such a situation. It’s a good idea to discuss these issues with your healthcare provider.
Check for any unexpected or unauthorised access. The access history function identifies healthcare provider organisations that have accessed your My Health Record. However, if you want to find out the name of an individual who has accessed your record, you can request this by calling the System Operator on 1800 723 471. The system access history will only include access to your My Health Record. It will not include information about who has accessed information that has been downloaded into a healthcare provider’s local systems.
If any information is inaccurate, out-of-date or incomplete, ask the healthcare provider that uploaded the information to correct or complete it. If they disagree, you can ask them to attach a statement to the document stating what you consider to be inaccurate, out-of-date or incomplete. If you don’t feel comfortable approaching the healthcare provider directly, you can call the System Operator on 1800 723 471. If it is a private sector healthcare provider organisation that is unwilling to correct or complete your record, you can also make a complaint to the OAIC. Old versions of documents will still be retained by the system. If there are any important documents that you think should be included on your My Health Record, talk to your healthcare provider.
Make sure you set a strong password and don’t share it with anyone else. If you are accessing your My Health Record via the online consumer portal, ensure that the device and connection you use to access your record is secure. For example, you should install reputable anti-spyware, anti-virus scanners and firewall software and avoid unsecured wi-fi networks. General advice to help you keep your information safe online is available at staysmartonline.gov.au.
The My Health Record system is protected by the My Health Records Act 2012 (My Health Records Act). The protections in the My Health Records Act are in addition to those under existing privacy legislation. Once information is downloaded into a healthcare provider’s local records, existing privacy legislation will apply. There are civil and criminal penalties for individuals and healthcare provider organisations who don’t comply with the My Health Records Act. If you suspect that the information in your My Health Record may have been mishandled, you can complain to the entity involved or call the System Operator on 1800 723 471. If you’re not happy with their response, you can complain to the OAIC.
If you decide to cancel your My Health Record, call the System Operator on 1800 723 471 and ask to have your record deactivated. It can be reactivated again later if you choose.
If you cancel your My Health Record, no one will be able to see it (including yourself) and no further information can be added onto it.
Information in the cancelled record will be stored by the System Operator until 30 years after your death, or 130 years after your date of birth (if the date of death is unknown_.
For more information on the OAIC’s role in the My Health Record system, please see the OAIC’s Privacy fact sheet 18: The OAIC and the My Health Record system
----- End Sheet.
What strikes me about this is just how complex the information provided is and how unlikely the vast number of people would be to take all this information on board and act on it, sound though the information seems to be.
Given a million people are going to get one of these records in the next few months - one really wonders just how well informed the ‘man on the Bondi Tram’ will actually be about what is happening and what risks there are to their privacy - and potentially to their career, employment among other things.
I really don’t think Australians have been properly alerted to the risks inherent in this giant government system having so much of your health information.
I look forward to comments on all these sheets.
Posted by Dr David More MB PhD FACHI at Wednesday, March 30, 2016