The Health Minister has defended My Health Record as having Defence-level security, as the Shadow Minister declares the beginning of the opt-out period “shocking”
And experts have highlighted a number of areas of concern around privacy, with one calling the record “a major honeypot of health data, waiting to be hacked”.
Health Minister Greg Hunt has told Fairfax Media that the system, which has been active for six years – though has only become opt-out recently following a trial in two parts of the country – has military-grade security and has never been breached.
The My Health Record system has multiple layers of security to protect access to the system, including defence level encryption, secure gateways and firewalls, authentication mechanisms, and malicious content filtering, he said in a statement this week.
The Australian Digital Health Agency’s Cyber Security Centre monitors for suspicious activities and the centre will trigger an investigation when required, Mr Hunt said.
He also told ABC Radio Melbourne’s Jon Faine that he is “very comfortable” with the system, and that individuals have “total control” over their record.
During the interview ABC staff attempted to sign onto the My Health Record system and an error message was returned.
“The system’s not working as you speak and say anyone at any time, as you just said. In fact, it’s not working,” Mr Faine told the Minister, who said in response that “we have six million Australians doing it”.
“I guess the alternative is—are we saying that Australia shouldn’t have a modern system that allows for diagnoses, medicine, other records, vaccination, all to be available to the consumer?” Minister Hunt said.
Shadow Minister for Health and Medicare Catherine King said that “Greg Hunt must immediately explain what he’s doing to address the problems plaguing his e-health rollout, which are preventing people from opting out of the My Health Record”.
“The first 24 hours of the opt-out period have been a disaster – confirming Labor’s fears that Malcolm Turnbull and Greg Hunt are simply incapable of getting a rollout of this size and ambition right,” she said.
“This Government is far from competent. They have a woeful record on IT security, privacy and basic digital functionality.
“They gave us census fail, the robodebt debacle, and then allowed Australians’ Medicare data to be sold on the dark web. And now they have stuffed up the launch of the My Health Record opt-out period.”
She said that Labor supports e-health but the Government has mishandled the My Health Record process, saying people experienced “long delays and technical faults” as they attempted to opt out on Monday, 16 July, the first day on which they were able to do so.
Dr Katina Michael, a professor in the School of Computing and Information Technology at the University of Wollongong, said that electronic health records make sense but “must be done the right way”.
The prospect for data discovery, patient welfare, and convenience is a value proposition that must be weighed up against risks and potential costs to individuals.
“Privacy breaches are asymmetric. But the type of confidential information stored on an electronic health record, is unlike having merely your identity credentials stolen—it is like having your whole personhood exposed in terms of your condition, medication, past acts, and more,” she says.
“There are massive implications for those working in pressured workplaces who may have their health record used against them- e.g. pilots, doctors, surgeons, healthcare workers.
“The implications for whether health insurance companies will have access to this data in the future is also questionable. Will it cost more to insure a child suffering from autism, or one born with Down Syndrome versus a child who seemingly is ‘normal’. Might this cause a chilling effect over disclosure of illnesses, meaning the people who need the care the most are disadvantaged from the outset?
“We need to make people aware of the pros and cons of opting-out, but we also need better more honest reporting by government about some of the potential risks, in essence, to better inform the public.
“What we have now is a major honeypot of health data, waiting to be hacked for the taking and be available on the dark web.
“We also need to call for urgent reforms, that if data is compromised, there is a privacy tort allowing people to sue the company or GP or government that has allows a data breach to occur.”
Bruce Arnold, an Assistant Professor in the School of Law at the University of Canberra, said that My Health Record has been “sadly oversold”.
“Implementation of My Health Record shows that the Australian government has learnt nothing from the UK e-health trainwreck,” he said.
“In the UK patients, health practitioners, IT specialists and privacy lawyers alike condemned inadequate governance, misunderstanding of risk and disregard for patient autonomy. The UK government belatedly heeded those criticisms in, for example, the 2013 Caldicott report Information: To Share Or Not To Share? Independent review of how information about patients is shared across the health and care system. Australia has not.
“A properly designed and implemented national e-health regime offers considerable benefits for patients, clinicians and researchers. The risks of an insecure system that conscripts patients (and assumes de-identification will enable problem-free sale of bulk health data) greatly outweigh those benefits.
“Legal protection for patient privacy under My Health Record are for example inadequate. So is the IT framework. Audit trails will not reclaim a patient’s privacy when a data breach occurs.”
The PSA, however, has welcomed the the Australian Digital Health Agency’s invitation for Australians to join My Health Record.
“My Health Record will empower Australians to take ownership of their health information by managing privacy and controlling who has access to their health information,” says national president Dr Shane Jackson.
“Pharmacists now will be able to more actively support patients with their medication management needs, especially those with complex chronic disease. These patients often take multiple medications and a connected My Health Record system will ensure health professionals have the information they need at the point of care to support patients with their healthcare.
“Pharmacists have a vital role to play wherever medicines are used, and PSA, as the peak national body for pharmacists, is collaborating with the Agency to help pharmacists guide their patients through this important decision.
“The information in My Health Record will allow pharmacists to provide better coordinated care for their patients, which is why over 3,200 pharmacies are already connected to the system.”