This Is The Most Considered Commentary On The #myHealthRecord From A Clinician Perspective – And It Comes From A Guru In the Field.

Dr. Sam Heard published this last week. You may want to read and opt-out!

It’s not My Health Record, it’s Yours

Published on November 4, 2018

I am a general practitioner and a long standing proponent of electronic health records but I am going to opt out of the Australian Government’s My Health Record (MyHR).  This will, for the first time in history, create health records which are not under the custodianship of health professionals. This will be done without the person’s consent. I consider this to be dangerous.

I may opt in when I can see advantage for me, and that will be when it really is MY Health record. I work in a context where many people use the shared record and both they and we are grateful. But they understand what is going on and have consented. It was a local thing. Now it is out of control. Literally, out of your hands.

Whose Health Record?

Health records have only been personal for a hundred years or so; before that they were daily logs in hospital wards or outpatients. GPs have been keeping reasonably comprehensive individual health records for many years with letters to and from hospitals and specialists, pathology and radiology results, and progress notes – which are the GPs’ reports of the interaction with that person. General Practitioners, with your funding, have generated this resource.

Who sees the Value?

As health care has got more complicated this comprehensive record has become more valuable. In view of this, and the fact that patients move and change their GPs, society has legislated that a person should be able to get a copy of their record and give it to their new GP. If that record is electronic (which is almost always the case these days) you would hope that they might be able to receive it over the internet and incorporate it into the new doctor’s software. It may seem unbelievable, but it usually comes on paper! Even when the same software is used by the practices at each end! If not paper then it will be “electronic paper” as a fax, a pdf or html. I received a ‘wodge’ of paper from a nearby GP’s dot matrix printer when I first went into practice nearly 40 years ago. It wouldn’t fit into my folder as the size was not standardised. Despite a lifetime of work to create a standard health record format, (known as openEHR) that could outlive systems and software, I still get paper and faxes. Never a record we can incorporate into our software.

Ownership or Access?

Ownership of health records, particularly electronic health records, is ambiguous. The simplest axiom is to accept that it is the property of the person who is the subject of that record and the set of authors of that record. The subject of the record (or their guardian) can give access to whoever they want. It has not to this point been the government’s health record in any sense, but MyHR starts to blur that boundary.

In fact, MyHR supposes that the government is a better curator of your health record than your GP or some other provider who is attempting to meet your health interests. In the absence of standardisation, there is always pressure to centralise. Although this is attractive to bureaucrats it is fraught with many problems, most of which we have not yet faced.

Is it Accurate or Complete?

There is another change that has taken place: public concern about the accuracy of digital records – health or otherwise. Giving people access to their digital health records is a check and balance on the completeness and accuracy of these records and is helpful if people have concerns (and know how to access them). Patients in some parts of the world can look at their doctor’s records on line – and show them to others. It is rare that they can add to them, but there is increasing interest in co-production of health information between health professionals and the person themselves. This will allow entry of measurements such as blood sugar and blood pressure, logs of exercise and perhaps the fact that they have stopped or not taken prescribed medication or have started a treatment they did not get from a health professional. After all, only people themselves can know what medications they are taking or have stopped.

Dangers of a Single National Database

Hacking

“If it is on the internet, you probably need to see it as public at some time in the future”, a speaker at a security conference said to me recently. The ex-foreign Minister, Julie Bishop, said the same thing on Tomorrow Tonight on the ABC last week. Wow, that goes against the grain. Why is MyHR a particular risk?

The larger and the more centralised a data repository, the higher the risk of security breaches. The ransom to unlock a hacked national database is likely to be many millions of dollars so it is very attractive. It is certainly true that a very high level of security is possible for such a monster database but governments will never have the resources that a company like Facebook has to spend on security; and yet 50 million Facebook records were recently hacked. That is twice as many as can possibly be in MyHR. There is an even more important risk to security in health care. Health care is now the biggest employer in most settings involving more than 1.5m people. Your relatives and personal adversaries are likely to work in health care or know someone who does. They are actually insiders – administrative and clinical people who have access. By contrast to MyHR, a GP practice has a very small database largely unknown to an outside agency and it is relatively secure as risks are local and more likely to be known. But the safest place for you to keep your entire health record may be with a special agency who could do that for you safely. Or be enabled to hold it yourself with an encrypted backup. Hospitals and GPs have been doing this by default. You probably have some old films or reports around. But to have agencies like this we need far more standard approaches than are available.

Making Corrections

Once information is in the national database it will be inordinately more difficult to remove and correct it than when it is only stored locally. We are not known to the government. Inevitably, and many (hundreds? of) times a day, health professionals will write in the wrong person’s record and save it to MyHR. This may sound neglectful, but it is difficult to prevent completely. Once that information is pushed up to the national health record it needs to be removed. The real problem is, it is not in your health record, and someone who doesn’t look at their health record might have it in theirs for years, or forever.

Health records can get all sorts of stuff in them. Junk, errors, value laden non-sense. A GP I worked with when I was younger described a person as a “psychopath” in the health summary of the then paper record. This label may have been accurate at some point but was clearly not when I asked her about it years later. Another had “IQ 57” in her problem list. Computers bring further problems with accuracy. A patient in a practice where I work was administered “paracetamol” (an analgesic or pain killer) and then, due to lack of care, the nurse classified the encounter and chose “analgesic nephropathy” from the list of codes from a list presented after typing “analge”. Problematic entries like these make it more difficult for people to navigate the health system without prejudice or inappropriate treatment. These problems are very easy to correct locally where the client and clinician are known but very difficult and time consuming when it is anonymous.

Curating your Health Record

Currently, if you want a mortgage you will usually have to agree to the lender getting information from your GP. Some GPs fall for the lender’s request to forward the entire record; something they do not have the right to do without your explicit consent. I have not had one patient agree, when consulted, to send the entire record to the insurance company. A considered report of key information is what is required. It takes time and responsibility. But the situation may be considerably worse if you have a MyHR. You can understand in the light of this why the government has said earlier this year that it is inevitable that insurance companies will get access to MyHR in the future, as people want to get mortgages. Personal access control will not stop insurance companies legitimately requesting access before providing a loan. GPs currently vet the request and the health record, withholding sensitive and potentially confidential information that bears no relation to health risk in the future while providing information that allows assessment of risk pertinent to the insurer’s decision. This will include data such as cancer diagnoses, blood pressures, weights, smoking status, waist circumference and other measures that are associated with shorter life expectancy. In the case of MyHR, who will consider the interests of the patient?

Who Benefits from a Centralised Health Record?

There is really no evidence to date that a national health record repository will make any major difference to care and outcomes although it has been particularly important in Aboriginal health in the Northern Territory. Having access to accurate information about people as they move about the health system is likely to be beneficial, particularly if you are mobile. But it has to be trusted and complete in relevant aspects to be useful. While many people who are mobile or have major illness will benefit from the sharing of health information, it is unlikely to make a major difference to standards of care as this information is already sought in most instances, or available in correspondence. Very up-to-date prescribing will probably have some utility at this scale.

So how can it be argued that consent is not required? I am very happy for people to ‘opt in’ once they believe that they will benefit and I am sure there are many people who will. The risk of privacy breaches, of inaccurate or incorrect information being recorded and the lack of curation will be balanced for some. They and their health providers will have access to information at the point of care around the country.  The costs and risks demand our consent; it must not be assumed.

Further, government agencies will undoubtedly have access for what are deemed to be ‘honorable purposes’ by governments of the day.  Again, I think we should have to consent to specific secondary purposes, understand the need for completeness of information, and the potential benefits to us or others from the involvement in some way. This is unlikely to occur on a repository of this scale.

Is making participation in the national health record repository involuntary the best solution? The shift to “Opt out” means you get one if you take no action. That is not respecting a person as a citizen.

Why would I want to Opt Out?

Being involved as Citizens and not Consumers

We are now consumers and we consume healthcare at an alarming rate. Never mind the over-treatment, the over-diagnosis – the more we get the better. That works politically up to a point…happy consumers. But there are consequences to this consumption apart from the waste. If we have been prescribed antidepressants for a normal reaction to the loss of a loved one, or had an ECG for chest pain that shows some ambiguous changes, or have a high blood pressure reading because we are frightened and full of adrenaline, the content of our record damns us in the future. It does so unnecessarily, as we actually have no health problem, but in a way we cannot control.  Consider the possible consequences. Higher insurance premiums perhaps, more unnecessary tests because the next doctor is anxious or a persistent shadow of mental illness or suicide risk and difficulty getting travel insurance? The problem with our health information is that it is a threat to our autonomy. If people have certain information about us they can legitimately act on that basis, and defend it legally. To be citizens and partake in society as autonomous individuals we must guard our health information closely.

What Happens with Dr. Shonky, Stays with Dr Shonky.

When an incorrect record is created in a shonky ’emergency clinic’ stating that we had ‘pneumonia requiring a major course of potent antibiotics for 14 days because it did not respond to the first course‘ rather than a more likely diagnosis in a fit person of ‘a viral lower respiratory infection‘ it stays in that small emergency department. No one else knows.  The more mobile you are, the more you see different practitioners, the more you find free and easily available services, the more your MyHR will be promoted as ‘valuable’ and the more full of noise it will become. There is little or no value in this information, especially when compared to a comprehensive letter from a specialist general practitioner or physician, whom you know well, providing information relevant to the problem you want solved to another practitioner you are going to see.

Less educated people will be dealt the worst hand here and stories will slowly get to the press – wrong diagnoses, wrong treatment and occasional major harm.

The Special Case of Children

I am particularly concerned about children. Parents have persuaded government that they have the right to access to their children’s MyHR. This sounds reasonable. However, it is very rarely that children will benefit from having a shared record as they are usually robust. I do accept that there are complex paediatric situations where parents are likely to opt in and they and their child will benefit.

However, in the new nightmare, children will ALL have a record. Now, in this dystopian future, consider the plight of the adolescent who is seeking contraception to prevent pregnancy. After the age of 14, adolescents will be able to turn off parental access to their health record. But will they even be aware of the existence of this thing? Will Dr Shonky understand the implications of adding certain information to MyHR?  Most troubling is that the adolescent will not be able to turn off access without parents being aware of this. How many Adverse Childhood Events are going to arise because of the MyHR? The world is not the middle class playing field that people working for government in Canberra experience. What are the future consequences for children with hostile or neglectful parents who seek care? I have heard that school visits have been ceased by one practice because of parental access to records.

Is there a Utopian Future?

I would like to offer some examples of health records that I think could meet our needs, and by using the word ‘our’, I mean citizens and clinicians.

For the young, IT savvy person who is most concerned about privacy, I would propose an individual health record on their phone and backed up onto the cloud maintained by a regulated cooperative agency. The health record would be composed of transactions with different health providers, potentially in different countries and even in different languages.  This does require standardised export from health professionals and hospital systems and a  means of access to a person’s health record but it is quite possible. There are technologies now available that can be used to validate such records, enabling the person to have a fully validated health record despite no one else having a copy of it.

The next level of control for citizens is where the health record is held by a number of providers in a range of settings. Some information is likely to be aggregated in one place by their provider of choice, but this service would be paid for and the person able to move some or all of the record to another provider. This model would involve EhrBanks, trusted aggregators and qualified custodians of health information. These companies would hold some of the information and links to other records on other systems. The links can access and be able to pull down all the source records if required.

The EhrBank companies would ideally be non-profit and allow individuals to consent to ‘secondary’ use of their health information for specific purposes. A representative group of clients could agree to use of data for research or other proven benefits.

In this future, I would see a national health record, but only for people moving long distances and not having providers that were grouped geographically or organisationally. You might just have your allergies there and your prescriptions if that was of benefit.

Summary

This change to MyHR has led to more than one million people choosing to ‘opt out’. I am concerned for the people who have not had the chance to grapple with the consequences. I believe that Australians should opt out of MyHR if:

1) they believe that unknown people having access to their health information is more of a concern than health professionals not having access to it

2) their health record holds information that could damage them in the future

2) they are under 18 (involving parents opting out their children at birth)

For those who want to opt out, it might be time to consider an open platform that allows a range of solutions to meet people’s needs, while ensuring control. There are some budding examples.

Here is the link:

https://drsamheard.com/2018/11/04/its-not-my-health-record-its-yours/

Frankly I have little to add. Sam's emphasis on real consent and the utility of shared records when properly done in the Aboriginal community are more than worth noting.

Read carefully and make up your mind.

David.