This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Note: I have excluded any commentary taking significant funding from the Agency or the Department of Health on all this to avoid what amounts to paid propaganda. (e.g. CHF, RACGP, AMA, National Rural Health Alliance etc. where they were simply putting the ADHA line – viz. that the myHR is a wonderfully useful clinical development that will save huge numbers of lives at no risk to anyone – which is plainly untrue)
It’s often been said, the Australian My Health Record is not a finished project. It is evolving and has, indeed, lots of potential to improve and streamline patient care. Sadly, the privacy issues that have haunted the project for years still seem to be unresolved. And when it comes to secondary use of patient data, there’s more to come from a different direction.
Back in 2013 I wrote this in a blog post about the My Health Record, then called the Personally Controlled Electronic Health Record or PCEHR:
“The PCEHR Act 2012 states that the data in the PCEHR can be used for law enforcement purposes, indemnity insurance purposes for health care providers, research, public health purposes and ‘other purposes authorised by law’. This is far from reassuring. There are many grey areas and unanswered questions. There are too many agendas. The PCEHR should first be a useful clinical tool to improve patient care.”
Five years later and there are still ambiguities about when, how and for what reason law enforcement agencies and other non-medical parties can access the national My Health Record system. This should have been crystal clear by now. Here’s is what I posted in 2015:
“(…) at the moment the information in the PCEHR may be used by the Government for data mining, law enforcement purposes and ‘other purposes authorised by law’, for up to 130 years, even after a patient or provider has opted out. (…) The legal framework should be reviewed, and any changes must be agreed upon by consumers and clinicians.”
Privacy. Everyone’s talking about it. Not just the people who are desperate to keep their secrets under wraps (I’m looking at you, Ashley Madison users). And not just the nerds running around rabidly trying to convince everyone that "they" are trying to control us all (that’s us, fellow George Orwell readers).
No, privacy isn’t just for people at weird extremes any more. It’s becoming a conversation topic for "normal" people. It comes up with my barista. I’ve overheard people discussing it on trams. I even brought it up with some strangers, quite emphatically, at a party - and wasn’t even judged (that much).
One of the things I like most about talking about privacy is that, in the right circumstances, people feel something about it. It can be emotional. And when things are emotional, they are way more interesting.
You've no doubt filled out countless patient information sheets in the waiting rooms of hospitals or medical centres.
Usually, they ask you for an emergency contact — and for many people, that's a blood relative.
In most cases, that next-of-kin data is never looked at again, unless an emergency happens. But what if you could link people together based on who they listed as their blood relative?
As the government rolls out its My Health Record database, a major hack of a similar system in Singapore has highlighted the vulnerabilities of high-tech record sharing. By Lizzie O’Shea and Justin Warren.
The positives and perils of My Health Record
Last week, Singapore’s ministry of health admitted information from 1.5 million citizens had been copied in “a deliberate, targeted, and well-planned cyber attack” by hackers who were specifically going after the personal data of the country’s prime minister, Lee Hsien Loong. It took authorities a week to detect the breach, which, to be fair, is relatively fast given the average organisation takes more than six months.
The story came at an awkward time for the Australian government, at the end of the first week of the opt-out period for the My Health Record system; a week dogged by controversy.
My Health Record is a centralised database designed for sharing health information. In its ideal form, the system would mean any health-care professional around the country could access some of your medical records with just a click. Despite its origins in 2012 as an opt-in program, the Turnbull government changed the system to opt-out in 2016 – a move former Labor health minister Nicola Roxon had warned would be “a serious mistake” back in 2011. Australians have until October 15 to opt out. Everyone who does not opt out will have a record created for them automatically.
My Health Record: lawyers warn of system abuse and call for privacy protection in law
28th Jul 2018
My Health Record will have undoubted medical benefits but the Australian Lawyers Alliance (ALA) is concerned that access to the data will be abused and says legislation changes are needed now.
“Our concerns are more about system abuse than a mass data breach,” said Andrew Stone SC, NSW President, ALA. “My Health Record will be beneficial but we need to think about the ways in which it will be abused and misused, and address these issues now so the benefits can be delivered.”
According to the ALA, legislation is needed to protect against access to My Health Record data by anyone aside from health providers and to guard against access in which authorisation is coerced.
A political firestorm erupted last week over the Australian government’s move to create a shareable national electronic health record for all 24.7 million of its citizens by December of this year. Unless an individual opts out of having a My Health Record by 15 October 2018, the government will create one for them that will be kept for 30 years after the person dies, or for 130 years after a person’s birth if their death date is unknown.
The government and many health care associations such as the Royal College of Australian General Practitioners, the Pharmacy Guild of Australia, and the Australian Healthcare and Hospital Association (AHHA) have been touting the benefits of the system. The AHHA states such an e-health record will lead to “better coordination of care among multiple health care providers, better informed decisions on health care that involve both the patient and the health care provider, reduced duplication of diagnostic tests, fewer adverse drug events and reduced hospital admissions.” All have been pleading with the 6 million Australians [PDF] currently with a My Health Record not to opt out, and for everyone else to allow one to be created for them.
Interim Head, Department of General Practice, University of Melbourne
As the opt-out period for the My Health Record continues, so too does the debate surrounding issues of confidentiality. While possible data breaches have generated widespread concern, for one group – teenagers – it may not just be hackers they want to keep out. It may be their parents.
Consider this scenario:
Katy is 16 years old and, after a couple of months of dating another 16-year-old, Tom, they start having sex. Katy’s regular GP has looked after her asthma since she was six but she feels awkward seeing him. Katy visits a GP that her school friend recommends to ask about contraception and to get a pregnancy test. The GP offers and does a chlamydia test, as recommended by the Australian guidelines for STI testing. She really doesn’t want to discuss this with her mother just yet.
There are options for 14 to 18-year-olds like Katy to keep their medical records private under the My Health Record scheme, but teens must be proactive and change their settings or ask their health providers not to upload this data.
My Health Records laws need to be scrapped and rewritten, warn experts
By Dana McCauley
27 July 2018 — 6:36pm
Privacy experts have rejected the federal government's reassurances that My Health Record patient data will not be accessed by third parties without a warrant, demanding that it redraft laws giving authorities broad powers of access.
Pressure is mounting for Health Minister Greg Hunt to tear up the legislation after he promised to clear up any "ambiguity" about patient privacy under the system, which will enrol all Australians with a Medicare card if they do not opt-out by October 15.
University of Technology, Sydney law lecturer Geoff Holland told Fairfax Media the Privacy Act would offer no protection for Australians enrolled in My Health Record if police sought to access their private information, as the wording of the legislation would override its safeguards - contradicting the government's position.
I am thinking about opting out of My Health admits Kristina Keneally
The Australian
10:46AM July 27, 2018
Rachel Baxendale
Labor senator Kristina Keneally says she is thinking about opting out of the My Health Record scheme, despite being NSW premier when COAG resolved to digitise health records.
Senator Keneally’s comments come after Health Minister Greg Hunt will yesterday conceded he would consider strengthening privacy provisions for the My Health Record scheme at the urging of medical practitioners.
My Health Record is a system which people may or may not choose to use, but the fear is that it could be used against them, argues Deakin University researcher Joshua Badge.
The Australian Digital Health Agency, the bureau responsible for My Health Record, maintains that law enforcement agencies can only gain access to the e-health system with a warrant, subpoena or court order. Health Minister Greg Hunt has backed this assertion but several sources have disputed the claim.
Earlier this week, the Parliamentary Library contradicted the minister, suggesting that enforcement bodies including the Australian Federal Police, the Department of Home Affairs and all the state and territory police forces would have access to the system. The Parliamentary Library decided to temporarily take down the post after the Health Department filed a complaint. It has since been republished with minor amendments (here is the original).
They took out: the conclusion My Health Record significantly reduces the threshold for access; the conclusion that cops can get it without a warrant; the bit where they said Greg Hunt’s statements “seem at odds” with the legislation. #auspol#MyHealthRecord
Public trust in the My Health Record may be lost without swift action from the Government, the Department of Health and the Australian Digital Health Agency (ADHA) to fix significant legal and privacy issues, according to the Australian Healthcare and Hospitals Association.
The issues centre on possible access by enforcement bodies to information stored in My Health Record.
A Parliamentary Library briefing released last week warned that the law governing My Health Record did not require a warrant or court order in order for the operator of the system (the ADHA) to provide medical records to police or other enforcement agencies.
CHF supports stronger protection for patient records
MEDIA RELEASE FRIDAY, 27 JULY 2018
The Consumers Health Forum welcomes the statement by the Prime Minister and Minister Hunt that the Government will move to address concerns about protection of privacy under the My Health Record.
“The success of MHR relies very much on people’s trust that their medical information will be protected,” the CEO of the Consumers Health Forum, Leanne Wells said.
“Mr Turnbull says if refinements are needed, they would be made. We believe Section 70 of the My Health Records Act 2012 needs to be tightened so that access to medical records for non-healthcare reasons is governed by law and judicial oversight and not left to be subject to agency policy.
The chief of Australia’s peak body representing more than 60,000 police officers in all jurisdictions, has called on the Turnbull government to urgently legislate to outlaw investigators from accessing the My Health Record system without a warrant.
Malcolm Turnbull yesterday flagged further “refinements and reassurances” to the controversial e-record scheme to help ensure it did not undermine patient privacy.
The Royal Australian College of General Practitioners said those refinements were essential if public health was not to be put at risk through people being reluctant to discuss certain conditions with their doctors.
Professor of Practice in Digital Health, Monash University
Australians have just under three months to decide whether they want a My Health Record, which would allow the various health professionals who look after them to access and share their health information. From October 15, those who haven’t opted in or out will have a record automatically generated.
In emergency situations, access to information from My Health Records about allergies, medicines and health conditions can save lives. Day to day, it will provide benefits such as reminding us when we last had a tetanus shot, or allowing a back-up GP to access the results of a recent blood test so we don’t need another.