The opt out period for My Health Record has now been extended to January 31, 2019. The decision to extend the deadline has drawn even greater backlash from those on the sidelines skeptical of centralised record keeping.
If this wasn’t enough, Nicole Hunt, director of privacy at the Australian Digital Health Agency, who was responsible for the privacy of My Health Record, quit her role amid claims that the organisation and Health Minister, Greg Hunt, were not taking the concerns of internal privacy experts seriously enough.
All this begs the question: is My Health Record a good or bad thing? Let’s start by looking at the best and worst case scenarios.
The best and worst case scenario
The best case scenario of My Health Record is Liz. Liz doesn’t speak English. She develops pneumonia and is brought into the Emergency Department. Before prescribing treatment, the attending physician is able to look up her health record and discover that she has an anaphylactic reaction to penicillin. Because of this, the doctor makes sure not to use any form of penicillin in her treatment. Lives will be saved.
The worst case scenario of My Health Record is Gary. Gary suffers from HIV. He can manage his condition but he is fearful of the stigma associated with his condition. Hackers access My Health Record and steal all of Gary’s health information and publish it in a public forum. Colleagues at work not only learn about his condition, they also discover his history of drug and alcohol abuse — a history he was not proud of and was hoping to put behind him. Lives will be destroyed.
The yin and the yang
This is the yin and the yang of My Health Record. In theory, My Health Record is a really good idea. It encourages better engagement with care, helps health professionals all be on the same page and can be potentially life saving. The idea is backed by all of Australia’s peak health bodies, including the AMA and the RACGP.
But maybe that’s all it is… a good idea. Many are calling the implementation of one centralised system for record keeping too big of a task for a government to handle. Others are calling it downright dangerous.
Confused about where you sit? Here are some pros and cons to help you make up your mind.
One of the biggest benefits of My Health Record is giving healthcare professionals access to a patient’s health information in one place. This makes it a lot easier for doctors to provide patients with better care because they have access to more information, such as immunisations, allergies, medicines, chronic condition details and the results of recent tests. Without a My Health Record, a patient could require having to repeat medical tests if earlier results are somehow not accessible.
One database also means less fragmentation of records and more transparency and accountability than if managed by industry.
Another positive way to look at things is that My Health Record puts more control in the patient’s hands. Although it may appear like the opposite from the outset, when you take a closer look you can see that a My Health Record gives patients access to healthcare information about themselves that they might otherwise have never seen.
Access to these records may even encourage people to take better care of themselves. The caveat here is that many claim the internal infrastructure is clunky and difficult to navigate, making it anything but “patient-friendly”.
Still, it’s worth noting that patients can request for specific documents not to be added to their record and can ask to have documents removed once they are uploaded.
Patients can also restrict access to their record by setting special codes. One code — a record access code — blocks access to a patient’s entire record unless a user has their four to eight-character code. Another code can be used to lock individual documents from access.
Patients can also track every instance when their record is accessed for the first time by a new health practitioner. SMS or email alerts can be set up to flag when this happens.
As mentioned, an emergency can also benefit from My Health Record when the time it takes to access medical details counts.
Plus, we can learn a lot from studying de-identified national data. This type of data can prove useful in providing early detection of healthcare-related trends, such as identifying cancer clusters and spotting harmful side-effects to drugs.
There are several concerns about the privacy implications of My Health Record, especially regarding third party access. Currently a My Health Record can be accessed when an agency like the police or ATO “reasonably believes” it is necessary to investigate or prosecute a crime to counter “seriously improper conduct” or to “protect the public revenue”.
In other words, it is reasonable to assume agencies such as Medicare, Centrelink and the Australian Tax Office can gain access to a patient’s My Health Record.
While Greg Hunt has outlined, “No documents have been released in the last six years and none will be released in the future without a court order/coronial or similar order”, the fact of the matter is that legislation approves a certain level of access.
Another unfriendly move by the government is making My Health Record an opt out rather than opt in system. The truth is opt out was put in place because the opt in system failed, even after years of push. After six years, only about six million people, or a quarter of the Australian population, signed up on their own accord. These numbers were mainly boosted through incentive payments made to GPs and clinics.
Another downside is the government opting for privacy “off” as a default setting in a patient’s My Health Record. This means a patient isn’t automatically notified when someone accesses their record for the first time. It also means all documents in a patient’s record are available to all health practitioners by default. Why a podiatrist needs access to see a patient’s sexual history simply doesn’t make sense.
While all of these cons are concerning for those opposed to My Health Record, for many they’re not deal breakers. Neither is the $2 billion that’s been poured into developing the system. The price is jaw-dropping but healthcare is worth it, is it not? The deal breaker for most is a potential hacking.
It’s no secret that the Australian government has a bad history of breaches. Last year The Guardian discovered that Medicare patient details could be accessed from a vulnerability in a government system. The victims’ details were up for sale in a dark corner of the web.
It happens. Ralph Holz, an expert in cybersecurity from the University of Sydney described, “It would be safe to assume that some attack is going to be successful. There will be some data loss. That is inevitable. The contingency plan with how to deal with that is what is important… We always see a problem when we keep data in one place, especially if it is data that is a complete profile”.
Bernard Robertson-Dunn, from the Australian Privacy Foundation, described My Health Record as an “uncontrolled, uncurated, data dump”. He explained, “Better sharing of health data among health professionals is a good thing — as long as it is done in a controlled manner. But if somebody has mental health issues, you don’t want that shared with a dentist or someone who looks at your feet”.
A big concern is that the government has built a system that takes too much information, stores it too simply and shares it too freely. Several experts warn we now have a major honeypot of health data waiting to be hacked.
And this is not the boy who cried wolf. Health data is exceptionally valuable. In July 2018, Singapore’s digital health records were compromised. Hackers stole personal data in Singapore belonging to some 1.5 million people, or about a quarter of the population (that’s the same proportion of Australians who have currently signed up to My Health Record). Even the Singaporean Prime Minister’s health records were made public.
This is frightening, to say the least. The fact is, if the government fails to safeguard data appropriately, it is the citizens who feel it.