Tuesday, June 26, 2018

Here Are The Reasons You May Decide To Opt Out Of Or Inactivate Your myHR.

I thought I would put together my 12 top reasons to stay away or inactivate.

Here is my list of reasons:

1. The Information in the record may be out of date or incomplete and thus be misleading – leading to mistakes or clinical harm. I.e. it is dangerous!

2. If inactivated or opted out no additional – and potentially unwanted or embarrassing – data will be added to your myHR.

3. Once your information is in the myHR the Government can use it for any purpose it likes without actually asking you.

4. There is no reason to suppose your data held in the myHR will be held secure and private and not breached – given all the systems that seem to be breached on a weekly basis these days.

5.All sorts of people not directly involved in your care are able to access your clinical details (e.g. practice staff, pharmacy assistants etc.

6. There are better ways to co-ordinate care than through the use of the clunky myHR.

7. There is no facility for me to edit or delete records I am not happy are correct.

8. The system is not designed to be easily searched for information and so won’t be.

9. Over time the myHR system will become a decade or two covering huge pile of Medicare and PBS records that will never be accessed or used.

10. There is no evidence that the myHR system will make much difference to clinical care while the funds spent could provide a range of proven valuable services.

11. It is clear that the system was not designed to help patients of doctors but to assist the Government manage the health system without being open and frank with the public.

12. The quality of the data in the myHR is inferior to the information held by GPs and specialist in the own systems.

And for one more:

13. The concept of ‘standing consent’ to record upload is a dishonest trick so you forget all this information about you is just going to the Government for any use they can think of!

What are your reasons to stay away?

David.

Post-Script: It seems to me the fiasco with HealthEngine is very likely to damage trust in the whole digital health eco-system for a period so I would opt-out / deactivate for now and look again in 6-12 months time to see how things are travelling.

D.

9 comments:

  1. The MyHR concept risks holding Australia back, it will quickly be unable to support modern data sharing or processing, it supports formats from a bygone era. The is scant evidence that the MyHR actually meets to problems it is stated to solve or able to realise the benefits claimed.

    Replatforming is an unknown.

    Agree Health Engine have damaged digital health and the Telstra brand considerably. Telstra would do well to shut it down

    ReplyDelete
  2. Health Engine is the straw that broke my camels back. I was looking to remain inscribed to the MyHR. I definitely will not be now as it is clear there are no controls in place to prevent wholesale harvesting.

    ReplyDelete
  3. This appeared today, although HealthEngine is the subject line, there should be very clear warnings for all online health apps and monolithic data warehouses

    https://www./theconversation.com/amp/healthengine-may-be-in-breach-of-privacy-law-in-sharing-patient-data-98942

    ReplyDelete
  4. I hope everyone is aware of limits to the Prohibitions and Authorisations of My Health Record?

    The essence is that if data can be legally obtained elsewhere, or is legally downloaded all the restrictions, controls, audit logs etc in the myhr do not apply.

    What the government fails to make clear is that myhr is part of a larger interconnected web of systems and that myhr rules only apply to a very small part of that data.

    So if a GP downloads data from myhr into their clinical system and an app like HealthEngine is permitted to see and/or download that data from the GP's system, then the patient has no control over who sees it or who accesses it.

    HealthEngine may or may not have acted illegally in giving data to lawyers, but it would seem that they did not act illegally when they accessed the data.

    This is exactly what the legislation says:

    Division 3—Prohibitions and authorisations limited to My Health Record system

    71 Prohibitions and authorisations limited to health information collected by using the My Health Record system

    (1) The prohibitions and authorisations under Divisions 1 and 2 in respect of the collection, use and disclosure of health information included in a healthcare recipient’s My Health Record are limited to the collection, use or disclosure of health information obtained by using the My Health Record system.

    (2) If health information included in a healthcare recipient’s My Health Record can also be obtained by means other than by using the My Health Record system, such a prohibition or authorisation does not apply to health information lawfully obtained by those other means, even if the health information was originally obtained by using the My Health Record system.

    Information stored for more than one purpose

    (3) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if:

    (a) the health information is stored in a repository operated both for the purposes of the My Health Record system and other purposes; and

    (b) the person lawfully obtained the health information directly from the repository for those other purposes.

    Note: For example, information that is included in a registered healthcare recipient’s My Health Record may be stored in a repository operated by a State or Territory for purposes related to the My Health Record system and other purposes. When lawfully obtained directly from the repository for those other purposes, the prohibitions and authorisations in this Part will not apply.

    Information originally obtained by means of My Health Record system

    (4) Without limiting the circumstances in which health information included in a healthcare recipient’s My Health Record and obtained by a person is taken not to be obtained by using or gaining access to the My Health Record system, it is taken not to be so obtained if:

    (a) the health information was originally obtained by a participant in the My Health Record system by means of the My Health Record system in accordance with this Act; and

    (b) after the health information was so obtained, it was stored in such a way that it could be obtained other than by means of the My Health Record system; and

    (c) the person subsequently obtained the health information by those other means.

    Note: For example, information that is included in a registered healthcare recipient’s My Health Record may be downloaded into the clinical health records of a healthcare provider and later obtained from those records.

    ReplyDelete
  5. 6:25 PM. Thank you that is an interesting piece. Will the Minister and the Government use this to enforce the full force of the law and demonstrate the mean business protecting our personal health information? They could perhaps remove the relationship with MyHR. MSIA could demonstrate some care and remove HealthEngine membership?

    Reading the HealthEngine website they make some claims that are completely accurate. They claim and show a screenshot of a supposed ability to give or not consent. I checked by going through the booking process, no sure popup appears. Now it might be so on a desktop but not on the mobile app which is at best a half truth.

    Four days on and still no response from HealthEngine on removing my account. Anyone know how to completely remove your account?

    ReplyDelete
  6. FYI here is part of a summary of a Twitter trail (I tweet as @Health_Privacy)

    @HealthEngine Tweet 1
    The HealthEngine App provides a link to help patients login and view their My Health Record. The HealthEngine App does not possess any means to access patient data held by My Health Record. If you have more qs please do email feedback@healthengine.com.au Thanks

    @HealthEngine Tweet 2/3
    HealthEngine is only authorised to provide a view-only implementation of My Health Record. Each and every request by a patient for their My Health Record gets sent directly to the My Health Record servers; the data is fetched and provided back and displayed within the app without getting stored on HealthEngine

    (I believe this is how it works for this type of app. Tyde told me the same thing)

    @HealthEngine Tweet 4
    HealthEngine is unable to access patient data held by My Health Record or the Australian Digital Health Agency.

    @Health_privacy Tweet
    But can data legally downloaded from #myhealthrecord into a GP's system be seen by Health Engine?

    One day later, @HealthEngine Tweeted to @Health_privacy (i.e. sent to me and only me):
    HealthEngine is unable to access patient data held by My Health Record or the Australian Digital Health Agency.

    which is a non-answer to my question. This answer smacks of avoidance and gives me the strong impression that they can see myhr data but are not willing to admit it.

    Supporting this conclusion is this in the privacy policy
    https://healthengine.com.au/privacy.php

    "If you use our HealthEngine Chat App, we may collect your personal information such as your full name, email address and mobile phone number. We also have access to and may collect other information (including your health information), regardless of form, shared between you and your health professional while using the HealthEngine Chat App.

    ...

    Usually we collect your personal information directly from you. HealthEngine may collect your personal information from you in various ways, including via telephone, our website, our mobile app, and email.

    We may also collect information from third parties, such as:

    * family members, legal guardian/s and/or a person you have authorised to provide your personal information to us;

    * health professionals and their practices (often via their practice management software systems), in relation to the management of appointments you have made, your requested health services, and the associated fees, including fees in connection with the HealthEngine Chat App; and

    * doctors and/or pharmacists, if you choose to use our prescription management service and choose to have us obtain such information directly from the systems of your doctors and/or pharmacists."

    WCGW? Quite a lot it seems. Not only that, but it seems to have gone wrong already with reports that GPs are dissociating/disconnecting themselves from HealthEngine.

    The one group that the government probably shouldn't alienate is GPs.

    ReplyDelete
  7. The ADHA is to undertake an investergation - so don’t expect anything to come from that. Won’t want anything upsetting conscription to the government health record supermarket. The Information commissioner Will take a month of Sunday’s and recommend HealthEngine undertake a doughnuts and friendly motivational counseling to revisit values.

    ReplyDelete
  8. Health engine is part of Telstra Health, this strategy of collecting and inselling information for revenue would have been laid down several years ago, as would have building integration into GP systems and the MyHR. Who has a history of be flippant with consumer health information that also headed Telstra Health strategy and is zmoulding the MyHR and National eHealth agenda?

    ReplyDelete
  9. An update to the progress of my Twitter question to @HealthEngine

    "But can data legally downloaded from #myhealthrecord into a GP's system be seen by Health Engine?"

    Their reply at 5:59 pm 29 June was:

    "@Health_Privacy No. HealthEngine is unable to access patient data held by My Health Record or the Australian Digital Health Agency. Our CEO, Dr. Marcus Tan addresses this point in a (1/2)"

    They are referring to a video they have circulated, which does not address the question.

    They still have not answered my question. Either they have not understood it or they are deliberately answering a different question. Neither is good.

    ReplyDelete