While the perception that e-health records are not secure persists among many health professionals, we look at the measures that have been put in place over the past few years
Back in 2012, an expert security organisation warned Australians not to opt in to the national e-health record system, at the time called Personally Controlled Electronic Health Record (PCEHR).
The Australian Computer Emergency Response Team (AusCERT) warned that users faced the risk of identity theft due to insufficient security protections.
“Nothing over the internet can be secured… [The government] can tell us until the cows come home that its back-end systems are secure but that’s not the issue,” AusCERT general manager, Graham Ingram told Computerworld Australia.
“There is a massive amount of online crime which is all about compromising the end-point computers of your PC, laptop or smart device.
“The Department of Health and Ageing is putting those sensitive transactions or data over an insecure protocol,” he said.
“Say there are a million machines out there with what we call data stealing Trojans, which compromise information such as bank details, it wouldn’t matter if someone stole those records from the Department of Health and Ageing’s back-end databases or the end user’s system, the result is still the same.”
A few years later concerns were again raised as then Health Minister Sussan Ley pushed for the Health Legislation Amendment (eHealth) Bill 2015 in parliament, in a bid to revamp the PCEHR.
In particular, a parliamentary joint committee on human rights chaired by Phillip Ruddock told Parliament the e-health bill raised “significant privacy concerns”.
The Australian Privacy Foundation also raised concerns about patient data breaches.
“The Australian Privacy Foundation recognises that electronic records carefully designed to support clinicians can assist with health care,” it said.
“Unfortunately, simplistic IT solutions that gather large amounts of raw, un-managed patient data, which can be matched with other data sources, which are onerous to use, and which are easily accessible over the internet can create far more insidious problems than they solve. In our opinion the My Health Record falls into all these categories.”
Patient data they are referring to includes healthcare documentation that My Health Record provides access to, including:
- Shared Health Summary – a clinically reviewed summary prepared by an individual’s key healthcare provider;
- Event Summary – to capture key information about a key healthcare event relevant to ongoing care;
- Discharge Summary – to support the transfer of a patient from a hospital back to the care of their nominated primary healthcare provider;
- Specialist Letter – to capture key information about specialist visits;
- eReferral – currently from GPs to specialists; and
- Prescription and Dispense Records.
So what’s changed since 2012?
The Australian Digital Health Agency, which is responsible for the administration and security of the My Health Record system, says the system has “bank strength security” which ensures information is stored securely and accessed only by trusted connected health systems.
It also has a Cyber Security Centre that continually monitors the system for evidence of unauthorised access.
This includes utilising specialist security real-time monitoring tools that are configured and tuned to automatically detect events of interest or notable events, for example, multiple failed logins from the same computer, certain instances of after business hours access and all instances of emergency access.
Consumers now have a variety of controls over their own record. They can:
- View a list of who has accessed their record (audit log);
- Set up a Record Access Code or Limited Document Access Code;
- Arrange to be notified by email or SMS when a healthcare provider organisation accesses their record for the first time;
- Remove documents from view within their record;
- Manage Medicare data consent;
- Manage Advanced Care Planning Documents;
- Add personal health notes and personal health summaries; and
- Access a child’s My Health Record as an authorised representative.
Consumers may also ask healthcare providers not to upload information and, under the My Health Records Act 2012, healthcare providers are required to comply with this request.
“Every time a healthcare provider accesses a My Health Record, a log is automatically created,” explains the agency.
“This allows an individual to monitor every access to their My Health Record in real time, with complete transparency.
“An individual’s Medicare card number does not allow My Health Record information to be accessed, additional information is required to authenticate consumers and health care providers.
“Healthcare organisations can only access an individual’s My Health Record if they:
- are directly involved in the individual’s care;
- have a healthcare provider certificate installed (either with NASH HPI-I or HPI-O certificate) on the device that they are using to access the record;
- a valid username and password, and;
- have the Record Access Code (RAC), if an individual has enabled restrictions.”
Accessing an individual’s My Health Record without authorisation can lead to a criminal penalty of up to two years in jail and up to $126,000 in fines.
The My Health Records Act also requires relevant entities to take a number of steps as soon as practical after becoming aware of a My Health Record data breach.
There are also resources that guide healthcare practitioners on how to protect their patients’ privacy when using the My Health Record system.
An opt-out system
The eHealth Bill, which passed in late 2015, enabled trials of participation arrangements including opt-out trials that, if successful, would be implemented nationally.
Recent trials confirmed the benefits of the ‘opt-out’ model; on most measures, the opt-out participation arrangement yielded stronger increases in My Health Record system uptake and participation, compared to the opt-in trial sites and the rest of Australia.
My Health Record is now set to become opt-out nationally by the end of 2018, however will be an opportunity for every Australian to opt out if they do not want a record in mid 2018, says the Agency.
It has created a subscription email for individuals to register to receive an email when the opt-out period begins mid-next year; individuals can register at the My Health Record Website.
The Federal Department of Health has entered into compacts with the Australian Medical Association (AMA) and The Royal Australian College of General Practitioners (RACGP) securing their participation and support in the delivery of opt-out program.
Dr Shane Jackson, PSA President and Clinical Reference Lead for the Australian Digital Health Agency, says pharmacy organisations have also been “united” in supporting the uptake of the program.
“It’s a really united effort I must say; the PSA, Guild and SHPA are all firmly behind My Health Record and the benefits of pharmacists accessing My Health Records,” he tells AJP.
“Uptake in the opt-in model has only resulted in about 25% of people in Australia having a My Health Record.
“Transitioning to an opt-out model means every person will be allocated one unless they opt out. That’s really important because we need a critical mass of patients that have a My Health Record; we also need a critical mass of healthcare providers that use it. Once we have that virtual ecosystem going, people will be much more likely to use it,” says Dr Jackson.
“Instead of people thinking, ‘will they have a My Health Record?’ they will say, ‘let’s check their My Health Record’.”
“The Guild has long supported an opt-out model for My Health Record as the clearest path to meaningful use of a national digital health record system,” says National President of the Pharmacy Guild, George Tambassis.
“Community pharmacy, as the most accessible community health care destination, has always been at the forefront of digital innovation and an opt-out model for the operation of My Health Record will enable community pharmacies to enhance their patient care.”
On a pathway of growth
As at 8 October, over five million people have a My Health Record, with an average of one new record being created every 38 seconds.
In NSW alone, almost 500,000 electronic medical records are opened every single day, according to Jonathan Di Michiel, Program Director for the eMR Connect Program at eHealth NSW.
And since its inception, 13,329,229 prescription and dispense records have been uploaded.
While more than 6000 general practices use the software, pharmacy uptake is lagging behind with 1400 pharmacies using the software out of more than 5500 pharmacies across the country.
However this number is expected to rise, as just two months ago six additional community pharmacy software vendors agreed to connect up to the My Health Record system.
The Australian Digital Health Agency entered into agreements with Dispense Works, Minfos, Mountaintop Dispense, RxOne, ScriptPro Dispense, and Z Dispense, in addition to Fred Dispense and Aquarius Dispense which were already connected to the My Health Record system.
Negotiations are ongoing with a number of other pharmacy dispensing software vendors; the agency says it is confident that agreements will be in place with almost all vendors by the end of the year.
Dr Jackson says connecting the pharmacy vendor’s software to My Health Record will allow medication dispensing records to be added “seamlessly” to the patient’s record at the time of dispensing.
“This will significantly increase the amount of dispensing records uploaded. Pharmacists will be able to access My Health Records through their dispensing systems, and other practitioners and hospitals can see what pharmacists have uploaded too.
“In pharmacy we have an information vacuum, we don’t necessarily have access to the past medical history that a GP has or a discharge history from the hospital,” says Dr Jackson.
“So it just means we will be able to provide more efficient and effective care.”
You can find more information on the My Health Record system for pharmacists here.