Note: I have excluded any commentary taking significant funding from the Agency or the Department of Health on all this to avoid what amounts to paid propaganda. (e.g. CHF, RACGP, AMA, National Rural Health Alliance etc. where they were simply putting the ADHA line – viz. that the myHR is a wonderfully useful clinical development that will save huge numbers of lives at no risk to anyone – which is plainly untrue)
-----
Legal and Ethical Issues Surrounding the Use of Older Children’s Electronic Personal Health Records
Aims & Method: This literature review and discussion examined the legal and ethical issues arising from electronic health records for children over 14-years of age. The review examined peer-reviewed articles, grey literature (key agency reports and policy documents), legislation relating to MyHR and relevant case law.
Results: Parental access to the health records of their children aged 14+ raised three key legal and ethical concerns relating to:
- Capacity, consent and competency issues
- Privacy and confidentiality concerns, and
- The tension between the rights and responsibilities of the parent and child.
As it stands, the MyHR legislation requires that children obtain special permission to control their own record. This permission is only given if a child is deemed capable of making their own decisions, though it is unclear how this capability is determined. Legal capacity is currently presumed for children over 14 years of age.
-----
Media Release:
Warnings: My Health Record risking young people’s health
Friday 17 August 2018
Serious health and safety risks to young people from My Health Record are not being addressed, warn a coalition of nine leading community and health groups from across Australia.
Young people may stop seeking help
- 'Young people may stop seeking health services for needs that are often stigmatised, such as mental health, sexual and reproductive health, substance use and gender diversity,’ warns Maggie Toko, VMIAC CEO, ‘because My Health Record will allow parents or guardians to view health information by default.’
Lack of targeted information for young people
- ‘My Health Record allows young people aged 14 to 18 years to take control of their own health record,’ said Shauna Gaebler, CEO of CoMHWA, ‘however available information is confusing and at times contradictory.’
- ‘We are deeply concerned that there has been no targeted information to young people in Australia about My Health Record,’ said Shauna Gaebler. ‘Time is running out for young people to be able to make an informed decision about their use of My Health Record’.
-----
Health providers’ security flaws will leave My Health Record open for hacking
17 Aug 2018|Ian Bloomfield
There’s been a lot of focus on the security arrangements for the My Health Record system. Most of the commentary has been about protecting the data, how secure the platform is for storing the data, and who will have access to the database. But very little attention has been given to the glaring security weaknesses of the health provider systems that will be used daily to access patient information stored in My Health Record.
In addition to hospitals and large health providers, a range of small providers will be able to access My Health Record. These include not only general practitioners and medical specialists, but also allied health professionals such as physiotherapists, speech pathologists, osteopaths, optometrists and dentists, who can also register to access My Health Record. There are many thousands of these small health providers across Australia and most are small clinics with only a handful of staff.
What this amounts to is an attack surface comprising hundreds of thousands of endpoints, most of which have a level of cybersecurity that is virtually non-existent. This is further compounded by staff who have little or no cybersecurity awareness. As an IT service provider with over 14 years’ experience working exclusively with small businesses, including small health providers, I believe these organisations are ill-equipped to provide an acceptable level of security.
-----
My Health Record opt-in and opt-out arguments miss the point
By Crispin Hull
18 August 2018 — 12:00am
The furore in the past fortnight over whether My Health Record should be opt-in or opt-out misses the point. Once the security concerns are fixed, there should be no “opt” at all. Everyone who uses Medicare or the PBS should be in My Health Record whether they like it or not.
Australia seems to be increasingly infected with the US contagion of an instinctive distrust of government so strong that people believe everything government does is bad and that no government would be better than any government.
It is a very destructive position.
-----
DNA on My Health Record? First control the gene genie
- By Paul Lacaze
- 12:00AM August 17, 2018
The Senate on Wednesday approved an inquiry to investigate the laws, regulations and rules underpinning the controversial My Health Record system — and not before time.
This follows news that genetic pathology reports, summary results from DNA tests, can be uploaded into people’s My Health Records unless they explicitly instruct their doctor not to do so.
The decision to include genetic results in My Health Record was made prematurely and without the due process, transparency and public consultation it deserved. Given revelations from the financial services royal commission regarding the life insurance industry, we would be well advised to think carefully about the way such organisations might use our genetic details.
Last year, an Australian parliamentary inquiry into the life insurance industry heard numerous cases of genetic discrimination, and recommended an immediate ban on the use of genetic information in life insurance underwriting. The government is yet to even respond. The same inquiry revealed life insurance companies gaining at times unfettered access to patient health records, without consent, to assess claims.
-----
It should be My Health Record
Dr Harry Nespolon 15/08/2018 11:07:16 AM
RACGP President-elect Dr Harry Dr Nespolon looks at the current debate about privacy and medical records, which he says extends far beyond My Health Record.
Dr Nespolon said he has started to see patient concern regarding privacy creeping into consultations.
The controversy around the privacy provisions, or the lack of them, has raised some fundamental issues regarding medical records.
While many have characterised this debate as solely about My Health Record, it is much broader.
One of the fundamental unspoken contracts that exists every time a patient sees a doctor is that all of the information obtained and recorded during a consultation will be kept confidential, unless the patient decides to release this information to a third party. This is the basis of the doctor–patient relationship.
While many have characterised this debate as solely about My Health Record, it is much broader.
One of the fundamental unspoken contracts that exists every time a patient sees a doctor is that all of the information obtained and recorded during a consultation will be kept confidential, unless the patient decides to release this information to a third party. This is the basis of the doctor–patient relationship.
-----
15 August 2018
Privacy concerns go beyond just My Health Record
The controversy around the privacy provisions, or the lack of them, has raised some fundamental issues regarding medical records.
While many have characterised this as debate about being just about My Health Record, it is much broader.
One of the fundamental unspoken contracts every time a patient sees a doctor is that all the information obtained and recorded during a consultation will be kept confidential unless the patient decides to release this information to a third party. This is the basis of the doctor-patient relationship.
-----
Firearms Registries, External data storage & MyHealthRecord
August 13, 2018
Firearms registries are exchanging data about you with other agencies
To avoid being the victim of overzealous bureaucrats, mistakes or worse, you need to:
Click here and Opt-Out of MyHealthRecord before the end of October 2018
Stop your health data being shared with Firearms Registries who will comb it for an excuse to take your license.
This is the first in a multi-part series on information exploitation by the Firearms Registries.
-----
ACCC to devise bulk of consumer data right
By Justin Hendry on Aug 15, 2018 12:10PM
Govt gives regulator ‘substantial scope’.
Australia’s competition regulator has been handed "substantial scope" to devise the government’s impending consumer data right, which will give consumers unprecedented access to their banking, energy and telco data.
An exposure draft of the legislation, published today, reveals that “key elements” of the new consumer data right will be governed by “consumer data rules” to be decided by the Australian Competition and Consumer Commission and not enshrined in the legislation.
The consumer data right is intended to provide individuals with information that helps them compare offers, access cheaper products, and more easily switch to new services.
-----
Are we missing the point of My Health Record?
Despite the recent brouhaha, the online summary system could become an essential GP tool
Zilla Efrat
15th August 2018
The public debate around the My Health Record — a debate that has become high-octane in recent weeks — is largely focused on the opt-out process for patients.
Amid the hue and cry, one important issue is being lost. It is the fact that after the years that have already passed and the millions already spent, information now being uploaded to the system includes documents that should finally have real-world value for GPs.
These include pathology and imaging reports, event summaries and updated information on the medications prescribed and dispensed to patients you don’t know.
“Many GPs don’t yet understand it, and there’s also a lot of fear, uncertainty and doubt about the My Health Record,” says Professor Christopher Pearce, president of the Australasian College of Health Informatics.
-----
Denham Sadler
August 14, 2018
MHR senate inquiry on the way
The federal opposition is pushing for a wide-ranging senate inquiry into the My Health Record service, with civil and digital rights advocates saying there are still many issues despite the government’s recent changes.
The Labor-led motion for the senate inquiry is likely to be supported by the crossbench, following the launch of the opt-out period for My Health Record which the Opposition said was a “complete and utter disaster”.
The three-month opt-out period, which has now been extended for another month to November, began in mid-July, and was met with public outrage and concern over data security, privacy and the potential for law enforcement to access sensitive medical data. This led politicians from both sides of the aisle to reveal they will be opting out of the service, and the federal opposition to call for the opt-out period to be suspended while these issues are addressed.
-----
Turnbull government security bill threatens online privacy
By Denelle Dixon
14 August 2018 — 3:35pm
Despite the critical importance of security to digital life, the Australian government yesterday made good on its threat to undermine encryption, releasing a legislative proposal that would compel nearly all actors in the digital ecosystem to cooperate with government demands to compromise user security.
Encryption is used by hundreds of millions of people everyday to make online banking, shopping, and even texting more secure. And many of the most secure products we use are designed with "end-to-end" encryption. That means communication can only be seen by the people involved in the conversation - to the exclusion of everyone else, including the company facilitating the communication.
Tech companies, like Mozilla, care about encryption because it’s key to keeping the sensitive information we’re trusted with as secure as possible. It’s our job to provide people with tools that make their lives easier, and to do our best to ensure that information they give us is treated with respect. As more companies are doing business online, this should be the standard.
-----
How Estonia built the world’s ‘most advanced digital society’
13 August, 2018
From monitoring the economy in real time to mapping the genome of a population, Estonia’s government continues to push the limits of digital delivery in public services.
There are just three interactions with government that Estonians must do in person – getting married, getting a divorce and buying a property.
Since it introduced its first digital service – e-tax declarations – in 2000, the small north-east European nation has advanced an ambitious digital agenda to the extent that today, 99 per cent of its public services are available online.
After gaining independence in 1991 the new Estonian Government decided to “do something differently” and work with the private sector “in building the former Soviet Union country into a digital nation,” says Sandra Sarav, global affairs director with the Estonian Government CIO Office.
-----
Australia: NSW Government Bulletin - 8 August 2018 - Part 1: Data breaches of health records
Last Updated: 13 August 2018
Article by Lyn Nicholson
Are your health records safer in paper than online?
While the discussion about opting out of MyHealth record at a Federal level centres on issues relating to cybersecurity, a reported data breach in NSW last week indicates that paper health records may not be more secure.
The ABC reported that more than 1,000 confidential medical records had been found in a derelict former aged care facility near Helensburgh. Photos posted with the report indicated graffiti in the facility which was dated 2015 and records strewn about.
A reproduced but de-identified patient record published as part of the report indicated that the records included pain, incontinence charts, social worker reports, doctor's referrals and hospital admission forms.
-----
My Health Record: ‘Hysteria’ ignores opportunity to predict disease, says health insurer Nib
Mark Fitzgibbon, Herald Sun
August 13, 2018 9:00pm
Subscriber only
The federal government’s My Health Record offers a chance to vastly improve on a one-size-fits-all healthcare approach, writes Mark Fitzgibbon, chief executive of one of Australia’s biggest private health insurance companies, Nib.
POWERED by the digital age, we can aspire to a future healthcare system that allows us to have healthier and longer lives.
A system that, courtesy of “big data” and artificial intelligence, predicts and prevents disease before it happens and, if it does, ensures treatment is more precise and efficacious.
My Health Record and our entire national digital health strategy must be seen within this context.
There’s been way too much hysteria and focus upon the risks around security and privacy with nowhere near enough commentary on the enormous future upside.
-----
New data access bill shows we need to get serious about privacy with independent oversight of the law
August 14, 2018 2.14pm AEST
Author: Greg Austin
Professor UNSW Canberra Cyber, UNSW
The federal government today announced its proposed legislation to give law enforcement agencies yet more avenues to reach into our private lives through access to our personal communications and data. This never-ending story of parliamentary bills defies logic, and is not offering the necessary oversight and protections.
The trend has been led by Prime Minister Malcolm Turnbull, with help from an ever-growing number of security ministers and senior officials. Could it be that the proliferation of government security roles is a self-perpetuating industry leading to ever more government powers for privacy encroachment?
That definitely appears to be the case.
Striking the right balance between data access and privacy is a tricky problem, but the government’s current approach is doing little to solve it. We need better oversight of law enforcement access to our data to ensure it complies with privacy principles and actually results in convictions. That might require setting up an independent judicial review mechanism to report outcomes on an annual basis.
----
Doctors demand more changes to My Health Record loopholes
Sue Dunlevy, National Health Reporter, News Corp Australia Network
August 14, 2018 10:51pm
EXCLUSIVE
Doctors are demanding further changes to the My Health Act as it emerges a person’s sensitive health information could be handled by the immigration department and the Australian Taxation Office.
As Health Minister Greg Hunt prepares to change three key sections of the My Health Act to better protect patient privacy, doctors say new loopholes mean he hasn’t gone far enough.
AMA NSW president Dr Kean-Seng Lim says the entire legislation needs to be reviewed.
Under section 98 of the legislation the System Operator of the My Health Record can delegate functions to “any other person with the consent of the Minister.”
-----
Government hasn’t given up on ‘re-identification’ bill
But won’t commit to timeline for debating proposed Privacy Act amendments
The federal government has not given up on passing legislation to criminalise the re-identification of Commonwealth datasets but says it is considering amendments in the wake of opposition from security researchers as well as Labor and the Greens.
In September 2016 then-attorney-general George Brandis announced he would introduce a bill to amend the Privacy Act to create a new criminal offence of re-identifying ostensibly de-identified government datasets released as part of open data programs.
The government, Brandis said, would make it a crime “to counsel, procure, facilitate, or encourage anyone to do this, and to publish or communicate any re-identified dataset.” Unusually, the legislation would be retrospective to 29 September 2016: The date of Brandis’ announcement.
The reason for the sudden announcement quickly became clear when Melbourne University researchers revealed that a trove of data released by the Department of Health had not been properly anonymised:
-----
Patients and the data breach notification maze
By Megan Prictor • 13/08/2018
A new report confirms that Australia’s healthcare sector is susceptible to data breaches, yet the legal requirements around breach notification are inconsistent and about to get more confusing.
The Office of the Australian Information Commissioner (OAIC) recently released its second quarterly report on the operation of the Notifiable Data Breaches scheme.
This scheme was introduced into the Commonwealth Privacy Act in February and means organisations subject to the Act must tell the Commissioner about data loss, or unauthorised access or disclosure of information, that is likely to result in serious harm.
The people affected by the data loss or unauthorised disclosure must also be notified.
-----
- Aug 13 2018 at 1:00 PM
Former Pentagon cyber chief says hackers will exploit My Health Record flaws
One of the world's leading experts in cyber security policy has warned the manipulation of health data is one of his biggest concerns facing society, as debate continues to rage about the long-term viability of the government's controversial opt-out My Health Record.
Former Pentagon chief strategy officer for cyber policy and newly appointed head of cyber security strategy for data centre security company Illumio, Jonathan Reiber, told The Australian Financial Review the health data of MPs and business leaders would be of particular interest to cyber criminals.
"If I'm a malicious actor wanting to cause discontent, I would be interested in that," he said.
"If you get access to the health information of key leaders, you can understand what they like, who they are and what their problems are. [Cyber criminals] would want to look at a segment of 50 to 100 key leaders in the country, figure out data for intelligence purposes and then manipulate the data for the negative."
-----
GP fed up with health record says 'bring in a USB'
13th Aug 2018 6:00 AM | Updated: 7:25 AM
A GLADSTONE specialist GP has revealed his concerns about the Federal Government's Health record, slamming it as an invasion of privacy and suggesting patients carry their own personal digital health history on a USB.
His are among the groundswell of concern from the medical industry about the online system which gives a summary of an individual's health information.
My Health Record is creating some community concerns.
In July, the Australian Medical Association's president Dr Tony Bartone said he was working with Health Minister, Greg Hunt to ensure the Government will take further steps to protect the privacy and security of the information held in the My Health Record.
-----
Comments welcome!
David.
David just finished reading this well informed article. Highly recommend reading and hope this forms the basis of a submission
ReplyDeletehttps://www.cio.com.au/article/645498/why-my-health-record-flawed/
Crispin Hull's article I find to be extremely naive (re the MyHR) to say the least...has he missed the point deliberately? It is called a MY health record, not a GOVERNMENT Health Record, not a RESEARCH DATABASE Crispin, that is why people are opting out! They don't want it to be those things, rather it's purported original purpose of an individual's health record, personal, private and secure.
ReplyDeleteAs for saying that "Virtually every health transaction goes into a computer somewhere, so it should not be too difficult to have them all automatically transmitted to each patient's MyHealth account", I can state categorically from personal experiences that this is far from the truth, and those that do make it to a computer somewhere are very often wrong.
And don't mention the ATO, MyGov, My Health Record in the same sentence to those of us with experience of all 3.....please!
And as for the rest of the article about the US and the weather, well, I think I need a good lie down ;-)
"Crispin Hull's article I find to be extremely naive" - Could not agree more. David.
ReplyDelete