The federal government has approved on Nov. 14 a last-minute extension to the opt-out period for My Health Record to Jan. 31, 2019. The opt-out deadline for the electronic health record system was initially extended by a month to Nov. 15.
In November, Health Minister Greg Hunt said there would be changes owing to two reviews in the Senate.
These include tougher penalties for those who misuse data in the system, as well as a tightening of loopholes to better protect victims of domestic violence. Furthermore, the changes would prevent private health insurers to access data, even if it had been de-identified. These privacy amendments are process of being approved in parliament.
What is My Health Record?
The online database, launched in July 2012, comprises a person’s medical records—including their medications, diagnoses and treatments, allergies, and test results—that can be accessed by them and their healthcare providers. With an account, the person can control what is included in their record and who sees it.The Australian Government announced in November 2017 that the database would transition from an opt-in to an opt-out model, which means that every Australian will automatically have a My Health Record online account by Jan. 31, 2019 unless they actively withdraw their consent.
Benefits
President of the Australian Medical Association, Dr. Tony Bartone, said the service can improve patient care.“My Health Record will support practitioners, particularly those who may be seeing a patient for the first time, to have access to the information they need to best care for the patient,” he added.
Cybersecurity Concerns
Hambleton could not guarantee the database is absolutely secure. “I guess I can’t guarantee that there’s not a hole somewhere,” he told the Sydney Morning Herald (SMH).“There may be a potential breach but that [will] not be the entire database,” he added. “[If there was], it’d be individual records and not all of them; and that’ll be tracked and it will show up.”
But Ralph Holz, an expert in cybersecurity from the University of Sydney, told The Guardian that a breach would affect the system as a whole, not just individual patients, and hackers could use the data to hold the department to ransom and or release the information to third parties.
“We always see a problem when we keep data in one place, especially if it is data that is a complete profile. There is a saying in computer science: once the data is out, it’s out. You can never get it back. The danger in building such systems is that it’s enough if they fail once,” he said.
On July 20, a major cyberattack on Singapore’s government health database stole the personal information of about 1.5 million—including Prime Minister Lee Hsien Loong—in a “deliberate, targeted and well-planned cyberattack,” Singaporean authorities said. About 1.5 million patients who visited clinics linked to the Singaporean government health database between May 2015 and July 4 this year have had their non-medical personal particulars illegally accessed and copied.
Australian charity organisation Digital Rights Watch is urging everyone to opt out of My Health Record.
“Health information is incredibly attractive to scammers and criminal groups … There are also concerns of the current or future access being granted to private companies,” the statement read.
Privacy Concerns
Hambleton expressed concern about privacy with regard to the My Health Records Act. For example, currently, doctors can reject requests from authorities to obtain their patients’ medical records, by having them seek a warrant. But information uploaded to My Health Record can be accessed if there’s reasonable belief it can help prevent crime and improper conduct, or to protect public revenue, among other reasons.“I don’t think a lot of doctors understand that medical records they upload to My Health Record in good faith—because they want to improve patient care—could potentially be used against people for administrative reasons in a way that they would never ever be happy that their paper records would be used,” Hambleton told SMH.
“Better sharing of health data among health professional is a good thing—as long as it is done in a controlled manner,” he told The Guardian. “But if somebody has mental health issues, you don’t want that shared with a dentist or someone who looks at your feet.
“An ex-partner or someone stalking a patient could get at that health information. If you’re at risk from someone, that person might access data about you that identifies where you live or what doctor you’re using.”
“If somebody has a medical condition that might result in discrimination—specifically HIV or mental health problems—they don’t want their data shared,” he added.
While those with accounts can control access to the record, including switching off their entire record and restricting access to it by setting a pin code, Dr. Trent Yarwood, an infectious diseases physician who represents digital advocacy group Futurewise told the ABC that many people may never know how to set their controls.
To Opt-In or Opt-Out?
In May, Tim Kelsey, head of the Australian Digital Health Agency, the organisation behind the records, said:“One of the main reasons I have decided to opt out is my lack of confidence in the government to secure its citizens’ data, and several breaches where information hasn’t been sufficiently secured.
Grubb details various ways in which a person’s data can be breached. But he adds that the benefits can outweigh security risks for some.
“If you suffer from chronic illnesses, have allergic reactions or anaphylactic shocks, and otherwise need information to be conveyed to a medical professional when you are unable to, then the benefits will outweigh the risks in a situation of life or death.”
Friends Read Free