Australia’s national electronic health records system has been changed from an opt-in to an opt-out model. Australians have less than three months (until March 2, 2018) to elect not to be registered in the My Health Record system before their confidential health details are automatically uploaded to it.
Relatively few Australians know of the scheme’s existence or their right to opt out of it. And most are oblivious to its capacity to erode significantly the confidentiality of their health information. Under the My Health Record system, personal details historically confined to the therapeutic relationship between you and your doctor will be accessible to others.
While the onus is on us to lodge an “approved form” to elect not to be registered, no such form is available. This is despite the fact that the time for opting out began on December 2, 2017.
Your health record isn’t only yours
The My Health Record system began in 2012. It was then known as the Personally Controlled Electronic Health Record, and it is a scheme for collecting, storing, using and disclosing Australians’ health information.
The information can include:
- doctors’ clinical notes on your health and treatment
- hospital discharge summaries
- X-rays and other imaging reports, and blood tests
- referral letters to specialists and from specialists to GPs
- records of prescriptions and pharmacists’ records of dispensed medication
- a Medicare or Department of Veterans’ Affairs Benefits report of our visits to health-care providers.
The scheme was initially voluntary, but so few GPs and nurse practitioners uploaded their patients’ information that, in 2015, the legislation was changed to provide an opt-out mechanism.
Read more: Why aren’t more people using the My Health Record?
On December 1, 2017, federal health minister Greg Hunt made the My Health Records (National Application) Rules 2017, which changed the system to an opt-out model. But the government has neglected to inform the public of the many individuals and entities who can lawfully access our My Health Records.
The My Health Records data are stored in the National Repositories Service, which is operated by the Australian Digital Health Agency and its contractors, as well as in other registered repositories. This means that people employed by these agencies will need to access the system to operate the technology that runs it, and the security of the access mechanism and automatic audit trail is uncertain.
Subject to the qualification below, individual health practitioners, health-care organisations and their authorised employees can view all the information in the My Health Record of patients to whom they provide health care. This is the case even if they didn’t create or receive the information while treating them. And once an individual is authorised to access our health record, there are limited means of ensuring that he or she reads only those details that are relevant to our treatment.
Theoretically, we can set “access controls” to restrict the organisations who can access our information and the records they can view. We can also remove certain records. But if we do so, the information in the system will be incomplete. In fact, our right to control our electronic health record means health professionals can’t assume the information in the system is complete and therefore can’t rely on the system to provide safe health care.
At the same time, our access controls can lawfully be disregarded and information disclosed without our knowledge or consent. This can happen where our information is required for purposes unconnected to the provision of health services. For instance, if it’s deemed necessary to disclose our information to lessen or prevent a serious threat to an individual or the public’s health or safety. The scope of this exception is yet to be judicially determined.
Risks of the system
The risk of intentional and inadvertent breaches of the My Health Record system’s security is high. It has myriad access points and depends on the communication and operation between numerous information technology systems. Also, the My Health Records Act 2012 does not prescribe requirements for the safe transfer of its information.
Earlier this year, The Guardian reported that Australians’ Medicare data, managed by the Department of Human Services (DHS), was being illegally sold on the dark web. The Department has since stated that access to a Medicare number does not give access to personal health information. Yet if this number is entered into the My Health Record system together with our names, gender and date of birth, the user will have access to our personal health records.
A function of the Australian Digital Health Agency is to use the My Health Record to “prepare and provide de-identified data for research or public health purposes”. But data can easily be de-anonymised.
Read more: After the Medicare breach, we should be cautious about moving our health records online
The My Health Records Act 2012 and the My Health Records Rule 2016 attempt to control who accesses the information in the system. They require reporting of breaches of the system’s security, and prescribe civil and criminal sanctions for unauthorised and knowing or reckless disclosure of its information.
But there are inadequate mechanisms for monitoring who accesses the system. By the time a report of illegitimate disclosure is made, the damage will have been done. The threat of penalties is unlikely to deter mischievous and improper uses of the system by those who believe they won’t be detected. The lure of looking up the details of a public figure or ex-partner may be irresistible to some.
Given that the architecture of the My Health Record system is inherently vulnerable to cyber attacks, hacking and authorised but improper access, only a radically restructured system would be able to protect the security and confidentiality of our health information.
The government has been less than candid with Australians in creating the opt-out system and making the rules without publicising them. It has failed to explain the risks of unauthorised access to, and disclosure of, our My Health Record, and has not given us adequate opportunity to elect not to be registered. Many Australians may only discover they have a My Health Record when it is first accessed, at which time it appears that their Medicare data will be visible.
Danuta Mendelson is affiliated with Data to Decisions Cooperative Research Centre (D2D CRC) Law and Policy program (Australian Government Initiative) http://www.d2dcrc.com.au/
Gabrielle Wolf does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
This article was originally published on The Conversation. Read the original article.
