Thursday, October 18, 2018

Here Are The Recommendations From The Senate on The myHR Inquiry Outcomes. (Updated)

The full report is found here:

LIST OF RECOMMENDATIONS

Recommendation 1
The committee recommends that record access codes should be applied to each My Health Record as a default and that individuals should be required to choose to remove the code. The committee further recommends that the ability to override access codes in the case of an emergency should only be available to registered healthcare providers for use in extraordinary and urgent situations.

Recommendation 2
The committee recommends that the Australian Government amend the My Health Records Act 2012 to protect the privacy of children aged 14 to 17 years unless they expressly request that a parent be a nominated representative.

Recommendation 3
The committee recommends that the Minister for Health amend the My Health Record Rule 2016 to extend the period for which a My Health Record can be suspended in the case of serious risk to the healthcare recipient, such as in a domestic violence incident.

Recommendation 4
The committee recommends that data which is likely  to  be  identifiable from an individual's My Health Record not be made available for secondary use without the individual's explicit consent.

Recommendation 5
The committee recommends that the current prohibition on secondary access to My Health Record data for commercial purposes be strengthened to ensure that My Health Record data cannot be used for commercial purposes.

Recommendation 6
The committee recommends that no third-party access to an individual's  My Health Record be permissible, without the explicit permission of the patient, except to maintain accurate contact information.
Recommendation 7
The committee recommends that the Australian Government amend the My Health Records Act 2012 and the Healthcare Identifiers Act 2010 to ensure that it is clear that an individual's My Health Record cannot be accessed for employment or insurance purposes.

Recommendation 8
The committee recommends that access to My Health Records for the purposes of data matching between government departments be explicitly limited only to a person's name, address, date of birth and contact information, and that no other information contained in a person's My Health Record be made available.

Recommendation 9
The committee recommends that the legislation be amended to make  explicit that a request for record deletion is to be interpreted as a right to be unlisted, and as such, that every record is protected from third-party access even after it is deleted, and that no cached or back-up version of a record can be accessed after a patient has requested its destruction.

Recommendation 10
The committee recommends that the Australian Digital Health Agency revise its media strategy to provide more targeted comprehensive education about My Health Record.

Recommendation 11
The committee recommends that the Australian Digital Health Agency identify, engage with and provide additional support to vulnerable groups to ensure that they have the means to decide whether to opt out, whether to adjust the access controls within their My Health Record and how to do this.

Recommendation 12
The committee recommends that the Australian Government commit additional funding for a broad-based education campaign regarding My Health Record, with particular regard to communicating with vulnerable and hard to reach communities.

Recommendation 13
The committee recommends that the Australian Government extend the opt-out period for the My Health Record system for a further twelve months.

Recommendation 14
The committee recommends that the My Health Record system's operator, or operators, report regularly and comprehensively to Parliament on the management of the My Health Record system.
The ALP and LNP have some additional ideas and disagreements at the end of the report.
Comments welcome.
David.

Addendum:

The LNP do not support recommendations 1,4 and 13 and believe it is important to think carefully about No 2. The other 10 recommendations they seem to be comfortable with.

Labor wants a pause and an OAIC / Privacy Commission Inquiry so sort out consent issues in addition to not rejecting any of the 14 recommendations.

Given they are likely to be the Government at some time in less that 12 months this is relevant. Here is the relevant text.

Labor Additional Comments

1.1 Labor Senators share the privacy and security concerns expressed in the Chair's report. In particular, we agree that the Government's botched implementation of an opt-out model means 'an unreasonable compromise has been struck between ensuring the utility of the system … and safeguarding the privacy and safety of healthcare recipients'.

1.2 Labor Senators therefore urge the Government to commission an independent review of the My Health Record system by the Privacy Commissioner and the Office of the Australian Information Commissioner, which has itself called for further consideration of several privacy and security concerns.


1.3 In particular, the Privacy Commissioner and OAIC should consider:
• the appropriate balance between utility for clinicians, patients and others (such as carers), and privacy and security for individuals;
• the difficulty of ensuring informed consent in an opt-out model, and measures to encourage consumer engagement and informed choice;
• changes to default access settings that are necessary because of the shift to an opt-out model (from an opt-in model, where informed consent was assured);
• particular protections for vulnerable people, including minors aged 14-17 and families fleeing domestic violence; and
• further legislative, policy and system changes that are needed to achieve these aims.


1.4 In the meantime, the Government must suspend the opt-out rollout until the Privacy Commissioner and OAIC report, the Government makes necessary changes, and public confidence in this important reform is restored.


-----

Sadly major technology change seems to have been ruled out because of cost - so in the longer term I believe the system is doomed!  Sadly legislators only do legislation - not technology!

D.


1 comment:

  1. Oh my, Tim has scored a duck on this one. All that money, all that activity, all for 181,000 taking up the system. He has failed to mature the system in preparation for conscription.

    Time to release Tim and the MyHR concept to the annuals of history and take advantage of the new emerging opportunities. A future where policy makers and standards organisations can work with governments and the stakeholders to define those agreements needed for a modern set of information tools in healthcare.

    ReplyDelete