Tuesday, May 15, 2018
I Am Not Sure The myHR Evangelists Have Thought Enough About The Consequences Of The myHR For Minorities Who Are The Subject Of Discrimination And Persecution.
This long article reminded me just how real the issue is:
My Health Record is a well intentioned policy but its execution discourages marginalised groups from confidently accessing healthcare.
It stokes fears of the forced disclosure of confidential health information—such as the results of sexual health tests and HIV status—which undermine public health outcomes and the individual wellbeing of people in the LGBTI community.
The Australian Digital Health Agency (ADHA) was created in 2016 to improve health outcomes for Australians using digital systems.
The cornerstone project of the Agency is a national digital health system, and so every Australian will have a My Health Record account by the end of 2018. The online account is a summary of your health information.
According to the ADHA website, its purpose is to deliver ‘safer, better quality healthcare’ and the initiative has many advantages.
Centralisation reduces the hassle of transferring documents between medical institutions and provides immediate access to information (e.g. allergies and prescribed medications) for efficient emergency treatment.
However, the problem is two fold. Firstly, once uploaded your confidential records are retained for 30 years after your death, or if that date is unknown, 130 years after your birth.
Secondly, and more pressingly, law enforcement agencies can access your confidential health information without oversight: the approval of a court or tribunal is not required [see: s. 17 and s. 70].
Health Department officials may release information included in a My Health Record if they believe it is ‘reasonably necessary’ to prevent, detect, or investigate ‘improper conduct’ or to prosecute criminal offences.
Additionally, your enrolment in the system is automatic so if you do not opt-out your consent to these details is presumed.
Privacy concerns are well founded. A My Health Record includes information such as discharge and event summaries, pathology and imaging reports, prescription documents, and specialist letters.
Medical data of this kind is highly sensitive, especially for people from gender and sexual minorities.
Things that are recorded could include a trip to A&E to obtain PEP, summaries of consultations with trans and gender diverse health specialists, notes from consultations with psychologists, the frequency of sexual health testing and the results of the tests, and prescriptions for such things as PrEP and HIV medication.
The Australian Privacy Foundation previously pointed out that the ATO and ABS have expressed an interest in accessing health data, and further warned that such information could be matched with your metadata. Indeed, one of the purposes of the system is to ‘provide de-identified data’ for research purposes.
Last year academics from Melbourne University demonstrated that it is already possible to identify people from supposedly de-identified health data from the Australian Medicare Benefits Scheme (MBS) and the Pharmaceutical Benefits Scheme (PBS).
Lots more here:
While this article focusses on the LGBTI community very similar issues arise with the mentally ill, those with other potentially stigmatising problems and so on. While the system has been opt-in it has been a relatively simple matter to avoid the myHR but with the opt-out plans rolling on this becomes less easy and straight forward.
I wonder where the research is on the potential downsides for such groups and the mitigation strategies that are needed. In a society as complex as ours it is never ok to assume that if something is alright for 95% of the population that the potential downsides for some do not demand consideration and mitigation.
Remember we were promised a voluntary system – have now been lumped with the opt-out process, still not fully clarified and defined as far as I know – and seem not to have any solid research or evidence on just what all the risks for the minorities are and how they are to be managed.
It really is not good enough for something as important as you private health information, especially in the era of massive data leaks from the likes of CBA and Equifax and information abuse from the likes of Facebook.
Can anyone who has such evidence and research let us all know?
Posted by Dr David G More MB PhD at Tuesday, May 15, 2018