Tuesday, April 11, 2017
The MyHR Seems To Be Way Less Protected And Secure Than Anyone Knew – What A Mess.
This appeared this morning.
Sue Dunlevy, National Health Reporter, News Corp Australia Network
April 10, 2017 10:00pm
THE private health records of Australians can be accessed by more than half a million people under the latest bungle with the $2.2 billion electronic My Health Record.
News Corp Australia has learned that the privacy settings on the government’s computerised My Health Record, which lists every medicine a patient takes and records every medical visit and procedure, are automatically set on “universal access”.
This means every registered health practitioner in the nation — 650,000 people — can view them, not just the family GP, unless the patient specifically requested to opt out.
Occupational therapists working for an employer, doctors working for insurance companies, a dietitian, an optometrist or a dentist or their staff can view the record and see if individuals have a sexually transmitted disease, a mental illness, have had an abortion or is using Viagra.
“Potentially your employer’s occupational therapist can look at your record and get information they really shouldn’t be getting access to, its confidential data,” says former AMA president Dr Mukesh Haikerwal who was a government consultant on the My Health Record.
The bungle came about because the record was originally set up as an opt in system and when people set up their record they were given the option to set a PIN number to protect the information and determine who got to see it.
Nearly four million people set up a My Health Record under the opt in system but doctors weren’t using it because four years after it was established 83 per cent of Australians still did not have one.
Last year the Turnbull Government trialled turning the failed record into an opt out system.
One million people in the Nepean Blue Mountains area of NSW and Northern Queensland were given a record unless they opted out.
News Corp has now learned only 147 of these one million Australians automatically given a record under the trial set up a PIN number to protect their health information.
“147 My Health Records created in the trials have access controls set to restrict which healthcare providers can see the record, or have controls restricting access to certain documents in the record,” the Department said.
“This equates to 0.0151 per cent of My Health Records automatically created in the trials. This is consistent with the rates of access controls set by those who have opted to register for a My Health Record,” a spokeswoman for the department said.
Vastly more here:
There is an editorial here:
April 11, 2017 12:30am
THE privacy scandal unfolding in the troubled My Health Record electronic medical records system is ample proof why citizens should be vigilant and maintain a healthy scepticism about governments and Big Brother bureaucracies.
As revealed in today’s The Advertiser, your medical records may be an open book to 650,000 registered medical practitioners.
Had a mental illness? Your dentist can view details. A sexually transmitted disease? A bored pharmacist interstate might be curious. At risk of a hereditary disease? Your potential employer or insurance company might be very keen to know, via their in-house medical staff.
Workers in large corporations may never look at their in-house nurse in quite the same way again, knowing he/she may have checked on a medical history which has nothing to do with work performance.
This cavalier approach to sensitive and intensely private information, where people have to “opt out” to safeguard their privacy, is a disgrace. Here in South Australia we have been through the aftermath of the shocking death of then-Crows coach Phil Walsh, when sticky beak clinicians pried into the medical records of his mentally-troubled son, Cy.
The result of that snooping was a stern warning that any SA Health staff making deliberate, unauthorised access of medical records would be sacked – seven have been terminated in the past year as some continued to pry.
Yet we have a national system where any registered medical practitioner can browse records on the My Health Record database.
We live in an era of mega metadata, where everyone from social media giants to intelligence services want all your information, for sales and surveillance.
Medical information must not be part of this exponential invasion of privacy.
The Federal Government must act to ensure a patient’s medical information can only be accessed by clinicians who need specific information for their patient’s treatment.
Here is the link:
My take is that this reveals the myHR to be an utterly insecure unused failure.
What to others think?
Posted by Dr David G More MB PhD at Tuesday, April 11, 2017