This summary appeared on Sunday 15 July.
My Health Record: Your questions answered on cybersecurity, police and privacy
Ariel Bogle - Science Reporter – ABC News – 15 July, 2018.
Australians have lots of questions about My Health Record.
Every Australian will soon have a My Health Record — an online summary of their health information — unless they opt out over the next three months.
From Monday, Australians will have until October 15 to tell the Government they don't want one. Otherwise, a record will automatically be created.
The project aims to give patients and doctors access to timely medical information — test results, referral letters and organ donation information, for starters — but there are concerns about the safety of some of our most personal, sensitive data.
We asked for your questions about the project on social media, and they ranged from police access to the platform's cybersecurity.
The ABC sat down with Tim Kelsey, the head of the Australian Digital Health Agency (ADHA) and the man in charge of the initiative, to get them answered.
The way the record works
As a patient, how can I know if my My Health Record information is being maintained by my doctor?
You can choose to opt out and have no My Health Record.
But once you have one, doctors can upload health information into it unless you ask them not to.
When you see a doctor, you can discuss adding (or not) documents such as an overview of your health, a summary of prescribed medications and referral letters.
Remember, it's not a comprehensive picture of your health — it will only contain what you and your doctors choose to upload, and will depend on the quality of those records.
When you first access the system, you'll be asked to decide whether you want two years of Medicare Benefits Schedule, Pharmaceutical Benefits Scheme, Australian Immunisation Register, and Australian Organ Donor Register data to be uploaded.
But if your doctor accesses your record first before you make the selection yourself, this data will be uploaded automatically — unless you've opted to have no record at all.
If you want, you can delete or restrict access to those documents later.
Not all Australian hospitals and health services are connected to My Health Record yet, so that's something to check during your next visit.
When I get a prescription, how do I know whether I need to ask to make an update to my My Health Record? Does this vary by provider?
Doctors can upload information about prescribed medications, but as discussed above, it's worth discussing this each time you see your doctor.
What happens to your My Health Record after you die?
My Health Record information will be held for 30 years after your death. If that date isn't known, then it's kept for 130 years after your birth.
Will any private health insurance companies have access?
Insurers shouldn't be able to access your record — it's reserved for people who work for a registered healthcare provider and who are authorised to provide you with care.
There are plans to use aggregated, anonymised My Health Record data for research and other purposes — this is known as "secondary use".
"My Health Record information can be used for research and public health purposes in either a de-identified form, or in an identified form if the use is expressly consented to by the consumer," a Department of Health spokesperson said.
Currently, users of the platform can tick a box on the web portal to opt out of secondary use.
Secondary uses must be of public benefit and cannot be "solely" commercial, and insurance agencies will not be allowed to participate.
However, "the impact of this exclusion" will be considered when the Department of Health's framework governing secondary use of My Health Record data is reviewed, according to the framework document.
Australian organisations (and some overseas, in certain circumstances), including Australian pharmaceutical companies, will be able to apply to access My Health Record data for approved secondary purposes.
"We don't expect any data to flow until 2020," Mr Kelsey added.
The opt-out period
How can I opt out?
There are three key ways:
- By visiting www.myhealthrecord.gov.au and opting out using the online portal.
- Over the phone by calling 1800 723 471.
- Or on paper by completing a form and returning it by mail. Forms will be available in 2,385 rural and remote Australia Post outlets, through 146 Aboriginal Community Controlled Health Organisations and in 136 prisons.
What happens to the people who end up with a My Health Record, and then decide to opt out?
If you don't opt out between July 16 and October 15, then a record will be automatically created for you.
After October 15, there will be a "one-month reconciliation period" before new My Health Records are registered. These new records will be created mid-November.
You can then cancel that record, but the data it contained will still exist (although inaccessible to you or health providers) until 30 years after your death.
Is a record automatically generated if a doctor uploads a document during the opt-out period, even if you did not create one yourself?
According to the ADHA, doctors can't upload any clinical documents to the My Health Record system unless the patient record exists.
What about children who aren't born yet — can they opt out?
After the opt-out period, newly eligible healthcare recipients, such as newborn children and immigrants to Australia, will be given the chance to elect not to have a My Health Record as part of their Medicare registration.
Protection of your data
Which service provider will manage the infrastructure to ensure it isn't vulnerable to a cyber-attack?
The platform was built by the technology provider Accenture, however the ADHA is starting discussions about "re-platforming" it.
Independent third parties audit the system's security and undertake penetration testing, according to Mr Kelsey, but security experts warn that it's impossible to make any online database entirely bullet proof.
Remember too, that documents created or downloaded by your doctors may be stored in their local IT system too and depend on that system's security.
If a doctor downloads files from My Health Record, what's to stop her from sharing those files within the practice?
By default, your online documents will be accessible to your healthcare providers.
If you have privacy concerns, you can log onto My Health Record and restrict who sees it:
- You can set a Record Access Code and give it only to healthcare professionals you want to access your record.
- If you want to restrict certain documents, you can set a Limited Document Access Code.
These controls may be overridden in an emergency.
As mentioned above, if a document is removed from the My Health Record system, it's beyond the reach of your access controls.
If a GP were to allow another staff member to access a record, what is the potential punishment?
If someone accesses your My Health Record without legal authorisation and the person "knows or is reckless to that fact", criminal and civil penalties may apply.
Where can users see information about who has accessed their record?
My Health Record users will be able to see who has looked at their record by checking its access history online.
They'll be able to see when it was accessed, which organisation accessed it and what was done — documents being added, modified or removed, for example — but not the individual doctor who accessed it.
You can also set up an email or SMS alert for when a healthcare organisation accesses your record for the first time.
The privacy commissioner recommends checking regularly for unexpected or unauthorised access. You can call the ADHA on 1800 723 471 if you think something's gone wrong.
Several apps can connect to My Health Record. How will the ADHA ensure they are secure?
Apps such as Healthi and Health Engine, which recently ran into trouble, are authorised by the ADHA to "show" people their health record.
According to Mr Kelsey, third party app developers can only display your My Health Record — "at the moment, it's view-only" — and cannot store that data.
These providers undergo "strict assessment" and must abide by a Portal Operator Registration Agreement, according to the ADHA.
The agreement demands they do not download or store My Health Record information on their own system, or pass that data on to a third party.
"We are not currently planning to provide access beyond 'view-only' to the app community," he said.
Police and law enforcement
Which rules and policies guide the ADHA's decision to grant access to law enforcement?
The ADHA is authorised by law to disclose someone's health information if it "reasonably believes" it's necessary for preventing or investigating crimes and protecting the public revenue, among other things specified under section 70 of the My Health Records Act.
The agency was unable to provide a definition of "protecting the public revenue" by deadline.
When it receives a law enforcement request, the ADHA will need to determine that it's a legitimate request from an enforcement body.
Law enforcement bodies will not be granted direct access to the My Health Record: The ADHA said any disclosure would be limited to what is necessary to satisfy the purpose of the request.
Has the ADHA received any requests from law enforcement to access records?
Mr Kelsey said no police requests have been received yet.
Will users be informed if their data has been released to law enforcement?
If personal information is disclosed to law enforcement, the decision about whether to notify the My Health Record holder will be decided "case-by-case".
Likewise, healthcare provider organisations won't be informed if their patient's data is accessed.
The release to police will be recorded in a written note and stored by the ADHA.
Here is the link:
Among the things I found interesting were:
1. There is a clear admission that leaks and breaches are possible – the first time I have heard the ADHA essentially admit there are risks around the security.
2. That it is possible for health professionals to allow anyone they choose to have access to the myHR – think Doctor / Receptionist, Pharmacist / Pharmacy Assistant etc.
3. Access by police and law – enforcement (Border Patrol etc.?) does not require a warrant apparently and the ADHA does not have to tell you or your doctor they have provided access!!!!
4. The Privacy Commissioner recommends you keep checking you myHR to make sure there has not been unauthorized access – what a joke.
For myself I am not sure I want my records that easily available. As they say – your call about opting out.
David.
Fingers are being pointed at Aspen Medical signing people up for a myhr without their knowledge. This could explain the number if people who have tried to opt-out to only discover they are already registered,
ReplyDeleteIt is likely that Aspen were not alone in trying to get people to "sign up"
Here's something to ponder:
Current statistics for myhr
Total Registrations 5.9 Million
Total Shared Health Summaries ever uploaded 1.9 Million
That could mean up to 4 Million people don't know they have been registered but the system has been gathering data on them, no controls, no alerts.
The PM today told Neil Mitchell on 3AW that 20,000 had managed to opt-out yesterday, despite all the problems people were having with the website and the call centre. Says a lot. Given that a large percentage of the population haven't even heard of MyHR at this point in time, but may well do in the next 3 mths, at that rate, it will be more like 2 million people opting out than the mere 500,000 they had predicted from the trial.
ReplyDeleteThe whole thing appears to be 'design' on the run although design is stretching it a bit. It is so different from initially intended and designed...
Whatever happened to the original ConOps I wonder? That went out the window a long time ago as well as the infrastructure design and so on (at least as far as published documents go).
Having until recently worked at ADHA, let me put you minds at rest - there is no real design architecture behind the system that held and managed by ADHA, most design stuff comes from the supplier and is highly questionable and not much more that a schematic in power points. There is good work on the user designs but the underlying models are at best known and understood by only a few and even then just enough to know there is significant gaps in understanding. Is it a problem currently? Probably not, will it when they replatform? Most certainly
ReplyDelete@7:56 AM. I can’t find evidence that contradicts your claim. If the system is military grade security then a published conops and design would only benefit informed discussions
ReplyDeleteHere is an archived copy of the ConOp.
ReplyDeletehttp://content.webarchive.nla.gov.au/gov/wayback/20140801043103/http://www.yourhealth.gov.au/internet/yourhealth/publishing.nsf/Content/CA2578620005CE1DCA2578F800194110/$File/PCEHR-Concept-of-Operations-1-0-5.pdf