The Australian Digital Health Agency has highlighted that anyone can choose to have or delete a My Health Record at any time in their life, as the number of connected pharmacies skyrocket
The extended My Health Record opt-out deadline is approaching: on Thursday, January 31.
The Agency says that 84% of community pharmacies are now connected to My Health Record – the increase in pharmacy connections has tripled in the past six months, it says.
Meanwhile 82% of general practices and 75% of public hospitals are now connected.
As of this week, 6.45 million Australians have a My Health Record.
As of 24 January, a function has been activated in the My Health Record system that allows a person to permanently delete their record at any time, including any backups, following the introduction of new laws to strengthen the privacy and security protections within the system.
All records that have previously been cancelled will also be permanently deleted from the system.
If a person changes their mind, they can choose to register for a record to enjoy the benefits of controlling their health information securely in one place to support their health and care.
After 31 January 2019, a My Health Record will be created for everyone who has not opted out of the system. However after this date, Australians can still delete their record permanently.
Kristin Michaels, chief executive of the SHPA, said that all Australians, regardless of any illness or condition, deserve to get the highest-quality care.
“More often than many would think, patients are unable to explain the medicines they are already taking and for what conditions they are already being treated, particularly after a seizure or if unconscious,” she says.
“Many of these patients are unaccompanied. Sometimes this lack of information leads to errors that have serious impacts on peoples’ lives.
“The ‘My Health Record’ debate has highlighted the need for greater consideration of regulatory support for privacy information, and careful control of implementation.
“However these concerns should not void the rationale for an integrated e-health system, accessible only to health professionals and set up at the request of health organisations, for the benefit of all Australians.
“Hospital pharmacists have long called for a shared, electronic patient data system and SHPA backs the important principles of My Health Record: linking up a fragmented health system and empowering patients in their own care.”
What about privacy?
Since the Coalition’s opt-out system was introduced, a number of stakeholders have expressed concerns about privacy, particularly Opposition health spokesperson Catherine King.
Associate Professor Vanessa Teague, a Senior Lecturer in cybersecurity at the Department of Computing and Information Systems at the University of Melbourne, says she is concerned that the privacy implications of secondary uses of My Health Records are not being accurately explained.
“Unfortunately, removing obvious personal details (such as name, location, and date of birth) does not securely de-identify the data.
“We showed that both doctors and patients can be easily and confidently identified in a dataset of Medicare Benefits Schedule and Pharmaceutical Benefits Scheme data that the Australian Department of Health published online in 2016.
“In the case of patients, this means that a few points of information (such as the patient’s age and dates of surgeries or childbirths) is enough to identify the person and thus retrieve all their Medicare bills and PBS prescriptions for many years.”
She warns that “easy and confident” re-identification has been demonstrated on numerous other datasets that were shared in the mistaken belief that they were de-identified.
“It is probably not possible to securely de-identify detailed individual records like My Health Records without altering the data so much that its scientific value is substantially reduced,” she says.
“Patients can choose to opt out of secondary uses of their data. However, they can’t make a genuinely informed decision if they are inaccurately told that their detailed record cannot be identified.
“Even more importantly, those whose identifiable MBS-PBS records were already published in 2016 should be notified, because the earlier release could make re-identification of their My Health Records much easier. They need to know about the data that has already been published so they can make an informed decision about further sharing.
“It’s a cause for concern that the administrators of our health records either don’t fully understand, or don’t accurately convey, the existing demonstrated problems with de-identified health data, or the likely risks of further sharing of detailed individual records.”
She suggested Australians who do not opt out of My Health Record should carefully consider opting out of secondary uses.
Professor Hugh Bradlow, President of the Australian Academy of Technology and Engineering (ATSE) and former Chief Scientist at Telstra, says that Australians need to be “realistic” about cybersecurity and privacy.
“Let’s remember that many people (doctors, nurses, receptionists, etc) have easy access to today’s paper-based health records – an electronic record is actually a step up in privacy,” he says.
“Collecting health data across the population will lead to better health outcomes by showing how effective interventions are and allowing treatments to be personalised based on the experience of thousands of other patients.
“New forms of measurement (based on artificial intelligence) will also give patients far more significant information about institutional performance, practitioner performance, the outcomes of specific interventions, etc.
“Within My Health Record, we can make it the default to require a patient access code.
“Clearly there is danger of data leaking due to cyber hacking, as is true of any data system. However, a well-designed record system which is managed by a professional security organisation and has a clear audit trail (e.g. provided by Blockchain) can mitigate this risk significantly.”