My Health Record22 October 2018
What is it?
The My Health Record system (MHR) is a digital health record system, which, according to the Office of the Australian Information Commissioner (OAIC), contains “online summaries of an individual’s health information, such as medicines they are taking, any allergies they may have and treatments they have received”. The MHR operates under the My Health Records Act 2012 (the Act) and is managed by the Australian Digital Health Agency (ADHA).
The objective of the Act is to “help overcome the fragmentation of health information; improve the availability and quality of health information; reduce the occurrence of adverse medical events and the duplication of treatment; and improve the coordination and quality of healthcare provided to healthcare recipients by different healthcare providers.”
Who has access to MHR?
Access to MHR is restricted to the individual and all registered health care providers, including GPs, specialists, hospitals, pharmacies and pathology practices.
Section 70 of the Act also allows the ADHA to disclose health information if it “reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things to be done by, or on behalf of, an enforcement body:
(a) the prevention, detection, investigation, prosecution or punishment of criminal offences…;
(b) the enforcement of laws relating to the confiscation of the proceeds of crime…;
(c) the protection of public revenue;
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(e) the preparation for, or conduct of, proceedings before any court or tribunal or implementation of the orders of a court or tribunal (subject to s 69)”.
Currently, this means an individual’s health information can be disclosed to the Police, without a warrant. This represents a significant decrease of the privacy threshold surrounding access to medical records, where previously the individual’s consent or judicial consideration was required.
What information is contained on MHR and how can it be restricted?
The information held on MHR is potentially vast. As a starting point, MHR will contain two years’ worth of previous medical data, including the:
- Medicare Benefits Schedule
- Pharmaceutical Benefits Scheme
- Australian Immunisation Register, and
- Australian Organ Donor Register.
The opt-out design of the system has been widely criticised as it assumes a person’s consent without giving them all the necessary information to make an informed decision.
There is no national advertising scheme and no direct correspondence from the government to notify individuals of their right to opt-out. In circumstances where sensitive and private information is being uploaded to a system that can be accessed by more than 900,000 registered health professionals, it is arguable that an individual should have maximum control over their personal information and the MHR should instead be an “opt-in” system.
Concerns have also been raised that MHR will hold particularly sensitive and private information, including medical information that may be associated with a social stigma, including:
- terminated pregnancies
- frequency of sexual health tests
- prescribed medications for HIV or hepatitis C
- history of drug use
- history of violence or sexual abuse;
- identification of a person’s occupation as a sex worker, and
- notes from consultations with psychologists.
Individuals can request their medical practitioners not to upload certain information to MHR, however, without this explicit request, the onus is on the individual to maintain the privacy of their own records by regularly checking the system and applying privacy settings.
Individuals can also monitor which entities/organisations have accessed their records in MHR, but they will not be able to identify the specific health care practitioner. Practitioners do not require the patient’s consent to access their MHR as long as access is made for the purpose of providing health care. This means a practitioner can access the records outside a consultation.
While there are concerns that too much sensitive information will be uploaded to MHR, the reverse could also occur. Practitioners are not obliged to upload patient information to MHR and in circumstances where many practitioners are already running busy practices (and already pressed for time to maintain their own clinical records), it is conceivable that not enough information will be uploaded to the system to make it useful. Although MHR is not intended to be a complete clinical history, if it is not maintained by the practitioner and the individual, the benefits of the system will be limited.
Recently, the health records of 1.5 million Singaporeans were stolen, which has spurred much discussion regarding the security of MHR. The public has been assured that MHR is protected by an impenetrable multi-layer security system, however, even if this is true, all it takes is for one of the 900,000 practitioners with access to have their system maliciously attacked (and login details copied) for an individual’s records to be stolen.
Aside from cyber breaches, the main cause of data breaches in the health service sector is human error. The OAIC’s April to June 2018 report demonstrated that the health service sector had the highest number of reported data breaches compared to any other sector and a majority of these were due to human error such as sending information to incorrect addresses, uploading incorrect information to the system or loss of records.
Although health care professionals are required to notify the OAIC of data breaches and the OAIC has the power to issue penalties for unauthorised access to the system, once a breach has occurred there is no guarantee that an individual’s personal health data can be recovered.
The full extent of the benefits of the MHR system will remain unknown for some time. There is no doubt that many individuals and practitioners will find the system useful, however by not opting out individuals are also taking the risk that personal safety will not be compromised.