My Health Records – To opt-in, or to opt-out? That is the question
By Cameron Abbott and Keely O’Dowd
This year all Australians will have a My Health Record created. A My Health Record will operate as a digital medical file that allows healthcare providers to upload health information about a patient. This information may include prescriptions, medical conditions and test results. A patient’s digital medical file will be stored in a national electronic database operated by Australian Digital Health Agency (ADHA).
The My Health Record has received a lot of attention recently as the period to opt-out of having a My Health Record began on 16 July 2018.
A question many Australians have been asking themselves recently is – should I opt-out of having a My Health Record or not? Australians have until 15 October 2018 to answer this question.
The My Health Record has come under considerable scrutiny due to the uncertainty around the security of the electronic database and confusion around who can access a patient’s My Health Record. Medical records are a high risk target as health information is valuable to cyber criminals interested in committing identity theft.
In addition, there have been conflicting reports in the media concerning the power enforcement bodies have to gain access to My Health Records. On the one hand, the Australian Health Minister and ADHA have claimed that documents would not be released without a court order. However, section 70 of the My Health Records Act 2012 (Cth) seems to contradict this by providing enforcement bodies with the right to obtain a My Health Record in a range of circumstances including where necessary for “the protection of public revenue”, which could be broadly interpreted.
It seems clear to us that due regard to fundamental privacy and cyber security principles were not properly considered or if they were, were down played at the expense of other principles that have not been adequately articulated by those responsible for the My Health Record program. The “free pass” to My Health Records from complying properly with these established principles, is attracting significant cynicism from the community and is almost certainly going lead to continued negative publicity as things go wrong and the lack of more fulsome safeguards multiplies the impact. Now where’s that opt-out button …?