Wednesday, July 17, 2019

Sue Dunlevy Bursts The ADHA Bubble On Accessibility To The myHealthRecord.

This appeared last weekend.

Why patients can’t use their My health record

Sue Dunlevy, National Health Reporter, News Corp Australia Network
July 7, 2019 6:00pm
Subscriber only
Exclusive: It’s cost taxpayers nearly $2 billion but most Australians can’t access their online electronic health record and most have not set a PIN number to protect information on it.
Nine in 10 Australians had a My Health Record created for them on January 31 after they failed to opt out of the controversial system.
However, News Corp has learned four in ten people have no way of using it or checking whether the information on it is accurate or setting privacy controls.
To access the record you need to have a MyGov account but even though 23 million Australians have a My Health Record, only 15 million people have a MyGov account.
While many individuals can’t access their “My” Health Record, any doctor, pharmacist or public hospital, pathology or x-ray company can see their record and upload information on it without getting the patients permission.
“My Health Record is based on the concept of standing consent,” Australian Digital health Agency chief Tim Kelsey explained to a Senate Estimates Committee.
This means their doctor can access the record and even trigger its activation without the patient’s knowledge or consent.
Doctors are not required to get their patients consent to upload a shared health summary onto the My Health Record that can reveal if a person had an abortion, a sexually transmitted disease, is impotent or has a mental illness.
Once the record is activated two years’ worth of Medicare and prescription data is downloaded onto the record and this can also reveal sensitive or embarrassing health conditions.
Once that information is uploaded it can be accessed by hundreds of thousands of health practitioners including podiatrists, optometrist and physiotherapists unless the patient sets up a PIN number or other privacy controls to protect it.
The Australian Digital Health Agency has told News Corp it is good practice for a doctor to get their patients consent to populate the record but it is not required under the legislation.
Salinger Privacy director and former Deputy Privacy Commissioner for NSW Anna Johnston said the real privacy risks of the new online health record were yet to play out.
“People may not realise they have the record or realise what is included or excluded and who can see it,” she said.
Lots more is found here:
As anyone who has read here for any period of time knows the “Digital Divide” is alive and well in Australia – and not only because of the rubbish NBN. Most estimates suggest that about 30+% of the population lack the funds, interest or capability to access the Internet.
To the best of my knowledge the ADHA has no plans on how this large population is to be included and empowered regarding the #myHealthRecord.
Does anyone else know of any actual plans that are actually being pursued and implemented?
David.

7 comments:

  1. Not to mention when MyGov goes down - like last week. The way the MyHR is designed is that your record gets updated with a new document, and then quicksticks you need to get online and hide that sensitive document as soon as possible. Otherwise, all and sundry clinicians and pharmacy dispensing assistants will be able to see it. The only way to do this is to go through the MyGov portal.

    Consider this scenario: You live in a small town, and you have driven to another town to see a specialist for a sensitive issue. You have a assessment, and the result is going up to your MyHealth Record. But it is last Friday and MyGov is down, so you can't get in to mask the relevant sensitive document!

    You call the help desk and ask them to find the sensitive result and mask it. But Help desk staff cannot see the contents of your record. They can only advise you to either go online yourself to do it, or go back to the source healthcare provider and ask them to remove the document. They are not able to set a pin number for you, nor can they specify which health care providers can or cant have access to your record. (They may however be able to delete or suspend your record, but this is a drastic solution).

    If you live in a small rural town, and MyGov is down, then you might not want to go to the local pharmacy, or the GP, or even the physio in case they see your record before you can hide the document. Perhaps you want to avoid the local tennis/social club too, in case they have seen something...
    I don't know if any of the consumer apps help, because they also authenticate you through the MyGov system.
    By now you will also have anxiety, paranoia and lack of exercise (no tennis)
    And this all presumes that you understand enough about the MyHealthRecord to know that documents can be masked, else seen by all. To ease your mind, when MyGov eventually gets up, you should be able to get in and see who has accessed the document - but only at the organisational level - e.g. NSW Health or 'Terry White Pharmacies'. So you may not know if it was your local mob, or the mob in the town you drove to...

    ReplyDelete
  2. Welcome to the living hell that is called My Health Record.

    ReplyDelete
  3. "The Australian Digital Health Agency has told News Corp it is good practice for a doctor to get their patients consent to populate the record but it is not required under the legislation."

    This means only one thing - cancel your My Health Record or suffer the consequences of not doing so.

    ReplyDelete
  4. Bernard Robertson-DunnJuly 17, 2019 10:58 PM

    The myhr website seems to say that a doctor does need to get their patient's consent to populate the record but not necessarily to review the contents.

    The website says this:

    "Do I need my patient's consent to upload a shared health summary?

    To create a shared health summary, the healthcare provider will need to obtain the patient's agreement that:

    * the healthcare provider is to be the individual's Nominated Healthcare Provider;
    * the healthcare provider is to create a shared health summary for the patient.

    It may be good practice to advise a patient that you will be uploading information to their My Health Record, particularly if this information might be considered sensitive.

    However, there is no requirement for the patient to review the shared health summary before it is uploaded to their My Health Record."

    https://www.myhealthrecord.gov.au/for-healthcare-professionals/howtos/shared-health-summaries

    ReplyDelete
  5. Long Live T.38July 18, 2019 6:58 AM

    Thanks Bernard, both the website statement and that made by the ADHA cEO to news Corp as cited come across a little imprecise at best. Considering the intended audience a bit more clarity and a lot less smoke-and-mirrors would demonstrate a level of respect.
    The ADHA has achieved what it set out to achieve but perhaps it is time to repair the damage and return to a normalisation of relations and start collaborating on the problems ahead. This will not be achieved through $40k prize money for Australia’s got talented coders, nor through “she’ll” be right attempts at masking P2P as interoperability or retaining the status quo on single use payload mentality.
    The DoH now runs the very real risk of overplaying this phase or whatever they are trying to achieve. Transformation fatigue will set in (more rapidly the at present). How many are already thinking ‘here we go again’ or ‘it’s just another fad, we’ll play along and watch it blow over or blow-up’

    Successful transformations must be led by ecosystems of leaders across the entire community, ADHA has attempted this but seems to believe that lots of small meetings where the group lacks a cross representation of views, experiences and knowledge. This might be why we get 1 dimensional outputs and incomparable outcomes when stitched together.

    ReplyDelete
  6. Nice work Sue yours and your colleagues effort are more than greatly appreciated. I shall remain anonymous as I work at ADHA and we all have our own Peter Dutton’s to worry about.

    ReplyDelete
  7. Bernard Robertson-DunnJuly 18, 2019 10:44 AM

    @Long Live T.38

    Thanks.

    What ADHA and others promoting Digital Health is that there is a major difference between transformation and incremental change.

    The lesson of the Industrial Revolution was that transformation results from achieving old objectives in radically new ways.

    Incremental change comes from delivering old solutions in different ways.

    Computerising health records does not change the way data is acquired or utilised. All it does is increase the time spent on managing ever larger amounts of data without changing either the data or how it is used.

    The claims made for Digital Health are a con, a con born of a logical fallacy. The fallacy is that because IT has been used in other industries to transform them so that they deliver significant benefits, IT should be used in the same way in Health Care.

    IMHO, all the claims made by ADHA and CHF are based on this logical fallacy.

    The sad thing is neither understand this. They are not lying, they are sold on the hype.

    If either group had done some research (and more importantly, understood it) they would realise that this logical fallacy has been promoted for decades. The one constant, is a failure to deliver on the much promised potential.

    It's that old definition of insanity - when you keep dong the same thing over and over again and expect different results.

    The thing that keeps them going is the thought that by using some new whiz-bang technology - AI, Machine Learning, Genomics, whatever - things will be different. They won't because they don't change the way healthcare works.

    IMHO, ADHA lives in a bubble of its own delusions. They don't know enough to know why they are wrong.

    ReplyDelete