Optometrists and dentists will know if you’ve had an abortion or mental illness in health record bungle
What is claimed is that the records created for those who are being opted in (failed to opt-out) have the security and privacy setting at full access until the individual involved logs into the record and changes things. This is true as far as I understand the system – certainly for access to my record this is the case. Once you can you access the record you get the lot (unless the user has changed access controls - and few do)!
What this means is that there are 2 crucial things that we need to know.
1. Are the populated records created at the time of the decision to go to opt-out or at the time of first attempted access? It seems probable in the trial areas they are created instantly - from user comment in the area involved.
2.Once a record is created what information is it automatically loaded with? Seems might be a bit later but who knows? There certainly seems to be no constraint on automatic uploading of discharge summaries etc.
The worst case (privacy-wise) is that the feeds of pharmacy and MBS data are used to populate the unused but now brought into existence records in a few weeks’ time or whenever. What this then means is that the myHR is populated with all the ‘automatic’ information and sitting there waiting for Shared Health Summaries and other specifically entered material.
Note that the automatic data allows a great deal of private information to be seen and deduced.
If the records are not created and not pre-loaded till use is attempted then there seems to be less of an issue.
I, for one, have not seen enough detail to understand how all this is meant to work.
Until this detail is out in the open we are all in the dark I believe. That said the planned opt-out looks like an approach that will create a lot of empty records which will, over time be automatically populated, given most people will not be really aware they have a record. (Info from users in the trials)
This means that once everyone had a record if you know a patient identifier and have access to the GP or other system you will have pretty total access to the record - unless the individual has gone in and changed access privileges.
So, joining the dots, it is possible to look up IHI's to put into local records if you are at a GP system, with an IHI you can locate a record and the record will most likely be open, given so few patients will have changed that. Overall it seems to me that the Tele was pretty close to the money then. (Remember lots of people have access to GP systems as GPs, staff etc.)
I look forward to explanations of where this is wrong and why. Also a new up-to-date CONOPS would be a really good idea I reckon. Would stop the confusion and wondering - to say the risk of any misinformation.