Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, July 10, 2019

Some Official Clarity On Who Can Access Your myHR. Turns Out It Is Lots Of Different People!

This appeared last week:

So who actually does have access to your MHR?

Posted by Penny Durham
If you’re a little unclear who can access a patient’s My Health Record, you’re in good company.
After getting some contradictory information from sources close to the system, The Medical Republic sat down with the Australian Digital Health Agency (ADHA) to be reassured on who can legally and practically access one, and when, and how it’s monitored.
Take pharmacies: can the teenager at the till, or the technician in the dispensary, read your health information? No and yes respectively. A surgeon’s receptionist? No. A GP practice nurse? Yes.
The Pharmacy Guild of Australia offers a course called Introducing My Health Record, written in partnership with the Australian Digital Health Agency “especially for pharmacy assistants and dispensary assistants”, its website says.
“On completing this module, pharmacy assistants and dispensary assistants will have learned how they can support their pharmacy to use My Health Record when supplying medicine and providing advice to customers.”
TMR asked the guild whether pharmacists would be accountable for any misuse or mistakes by an unregistered assistant.
A spokesman replied: “You have to be an AHPRA-registered health professional to access the MHR of a patient in your care – which excludes pharmacy assistants.” He said the education module was provided to pharmacy assistants only so they could answer questions about MHR.
ADHA initially told us: “Pharmacy assistants, who mainly help with administrative and front shop/over-the-counter duties in running a pharmacy, will generally not have access to individuals’ MHRs.
“Some pharmacy assistants, usually dispensary assistants, may be authorised to access an individual’s MHR if approved by their employer, and under direct supervision of a pharmacist … [A] pharmacy assistant’s duties may include confirming for the pharmacist what other drugs a patient is taking, confirming patient details and matching that patient to their Individual Healthcare Identifier.”
Providers had to document which employees would have access and what training they’d had, and be able to identify to ADHA anyone who had accessed a record, it said. Abuse would attract $315,000 in fines for individuals and up to five years’ jail.
Health IT analyst Dr David More, who raised the alarm over the Guild’s education module on his Australian Health Information Technology blog, said this showed ADHA had “no real control of just who can poke about in a person’s My Health Record. They also don’t know who in the pharmacy (or surgery) has accessed the My Health Record. It’s an outrage and privacy-invasive.
“When this was introduced we thought it was only going to be doctors who could access this information. Then, oh, it’s nurses too. Then we realised it was GP practice staff … then pharmacists, podiatrists, and physiotherapists – and now anyone who works for them. Every wardsman and trolley boy!”
RACGP president Harry Nespolon said: “Why is this needed? You’d think it’d be the pharmacist who’d be the one accessing the record, it’s difficult to understand why they’d need to get their assistant to do it.
“This has always been a problem – it’s not clear who’s the person accessing the record.
“This just sounds like convenience for the pharmacists, and it’s not going to increase public trust to have assistants accessing people’s medication and possibly the rest of their medical records.”
There is vastly more detail in this thoroughly researched and ADHA vetted article here:
The final comment is telling:
“Professor Makeham added: “There’s no ability for the retail people to see My Health Record, it’s illegal for them to see it, ignorance of the law is not an excuse in any setting.”
Failing to add that if they are authorized by the pharmacist they can and that laws don’t work either here or overseas to stop snooping and malicious use.
Two recent examples from the Police Force make the point.
First:

Officer re-sentenced for illegal use of WA Police computer system

Posted
Western Australia's Supreme Court has increased the fine given to a police officer who unlawfully used the force's computer systems to access information about her husband and his two brothers.
Link:
Second:

Officer jailed for using police database to access personal details of dozens of Tinder dates

Updated
A former long-serving police officer has been jailed for six months for illegally accessing the personal details of almost 100 women to determine if they were "suitable" dates.

Key points:

  • Adrian Moore looked up more than 90 women he had met on dating websites
  • His lawyer said he was motivated by curiosity about the women's backgrounds
  • But his actions were proved to be a "gross and sustained breach of trust".
Adrian Trevor Moore was a 28-year veteran of WA Police and was nominated as police officer of the year in 2011.
Link:
Really Prof. Makeham should be a little less mouthpiece and a little more factual in her claims. The article confirms there are a legion of loopholes the unscrupulous, dishonest and merely curious can exploit!
The myHR system is potentially accessible by many groups and we have no idea just how many that amounts to. We can also be certain we can’t trust them all.
Enough said!
David.

8 comments:

Anonymous said...

So all those times that they said only an APHRA registered health professional can access the record they either lied on purpose or lied because they didn’t understand the law?

Even in this article they seem to be contradicting themselves - they say you have to be an APHRA registered but then say a dispensary assistant who is not AHPRA registered can access it.

This sort of mismanagement and confusion is unacceptable.

Anonymous said...

ADHA are also saying that you can find out who looked at the record by getting the HPII - BUT only AHPRA people have HPII. So you will be told that the pharmacist (who holds the HPII) looked at your record, but actually it might have been the dispensary assistant - how would anyone know? So you can't tell which person looked at your record which is worrying.

Anonymous said...

There does appear to be an emerging danger here. Not sure how you would fix this.

Anonymous said...

Australians unable to complete tax returns as MyGov websites goes down

I wonder if anyone noticed and complained that they couldn't see their My Health Record?

Anonymous said...

Yeah because what everyone does on a Friday is go straight in the check their health record. ADHA is not overly help on the service availability page - There is currently no planned outage to the My Health Record system.

No mention of unplanned or service disruption

Anonymous said...

Maybe the MyHR can be used to fight the impacts our society creates through waste - https://www.abc.net.au/article/11306376

I am sure Timmy could recycle all his human imperatives and rally calls to arsonists everywhere.

Long Live T.38 said...

As out there as that sounds ADHA does seem unconstrained in applying their database to any and all use cases imaginable. Maybe a list should be kept of all the edge cases and misuse cases. At some point ADHA would adopt one.

Anonymous said...

@ 12:11

You mean this one:
https://www.abc.net.au/news/2019-07-13/war-on-waste-hospital-waste-australia-recycling/11306376

Think how much the government could save by closing myhr and ADHA.

But the muppets are not really interested in such mundane things as better health at a cheaper cost. It's all about heroics and world leading software.

Excuse me while I throw up.