The My Health Record system relies on doctors and medical practices using their own IT systems to upload clinical information about patients, to help ensure continuity of care and improve interactions with healthcare providers.
An internal briefing to the Australian Digital Health Agency’s data integrity group last month, obtained by Guardian Australia, shows that a software bug began to affect the system in early 2016, which prevented some clinical information systems used by medical practices “from uploading clinical documents to the My Health Record system”.
The briefing said the error had the potential to cause “missing clinical information in a consumer’s My Health Record” and “amendments not uploading resulting in out-of-date or incorrect information”.
“When the digital signature issue emerged in 2016, its impact was so significant that it was escalated to the minister for health, and although the issue is being managed it is not completely resolved,” the leaked briefing, dated 18 December 2018, said.
But the agency, in a statement to Guardian Australia, has strongly denied any suggestion the 2016 software bug compromised patient records, saying it affected only a tiny proportion of documents and did not leave My Health Records with missing or out-of-date information.
“The matter you refer to accounts for less than 1% of attempted document uploads from clinicians,” a spokeswoman said. “The agency rejects any statement that the security or safety of the My Health Record system has been compromised.”
Neither the minister, then Sussan Ley, nor the agency publicly announced the error.
The agency has also strongly denied any suggestion that the issue is still unresolved, despite what is written in the briefing. It said the bug was quickly dealt with in 2016.
“To be absolutely clear, the agency rejects any assertion that there is any clinical risk to patient safety or long standing problem unresolved since 2016,” a spokeswoman said.
The briefing document suggests that, in some cases, medical practices using older software were oblivious to the errors.
“The detectability of this error depended on the clinical information system and the implementation of error reporting,” the agency’s briefing said. “Some clinical information systems did not display an obvious error message. Therefore some healthcare provider end-users may still be using clinical information software with this issue and not be aware.”
This claim has also been denied by the agency, which says medical practitioners were alerted every time an upload to the My Health Record system failed, regardless of the software they were using.
“All clinical software alerts the organisation if a document fails to upload into the My Health Record,” the spokeswoman said. “Any claim to the contrary is false.”
The agency identified a fix but it relies on third-party software makers and IT workers in hospitals, doctors’ offices and other healthcare locations to implement it.
Last month’s briefing said some doctors were still using the old software.
“Vendors were then advised of the issue and how to resolve it, however many healthcare providers are still using clinical information systems with the issue rather than the corrected versions created by vendors,” the briefing said.