My Health Record
The recent controversy that has resulted from the Commonwealth Government’s new centralised health records system – called My Health Record – has stoked public anxieties about privacy, data breaches and the role of government as guardians of our private information.
Until now, our health records have been stored ad hoc at doctors’ surgeries, hospitals and specialists’ clinics. These records are not generally accessible between medical services. A hospital treating a patient for a condition may not be aware of that patient’s allergies or previous treatments. In a situation where the patient cannot communicate important medical information themselves, certain treatments may jeopardise the patient further. In such a situation, it makes sense that a hospital would be able to access the patient’s information quickly, especially where a life is at stake.
It seems to me that there has been quite a knee-jerk reaction from many members of the public against My Health Record. Talkback radio has been nuts about it all week.
The Commonwealth Government has announced that Australians will have three months to opt-out before everyone gets a My Health Record. After that time, users can still opt-out but a record will still have been made.
Concerns about privacy are somewhat addressed on the website: Users will be able to set privacy controls and every user who accesses a record will be logged. Arguably, this provides a much greater degree of patient control than would currently exist for people. After all, patients currently have no idea what information even sits in their medical record, let alone who has access to it. According to My Health Record, you’ll be able to remove information found under your record, such as pathology reports, PBS information and can even restrict access. Doctors may even have to obtain your consent before uploading to My Health Record, although the Royal Australian College of General Practitioners is arguing that this requirement is onerous.
There is no denying the risk of a “honeypot” effect; that is, the lure of the nation’s health records will tempt hackers. Already, Medicare card numbers have been offered for sale on the internet and a technical issue during maintenance last week revealed some of the inner workings of the myhealthrecord.gov.au website, although no data was accessible. The other serious risk is that of misuse. A lot of medical professionals will potentially have access to our records.
Whether a person decides to opt-out of My Health Record or not is entirely a personal decision, although I do believe that such action should only be taken after careful consideration and not as a panic-driven response. I also believe that another key question should be asked: How safe is my data at present?
Most doctors use electronic records to store patient information now, but where is that information physically located (ie where is the server?). Is it a cloud-based system, or sitting on a Windows machine somewhere in the surgery? Is it even backed-up and if so, what happens to the back-ups? How much IT expertise does your local GP have to prevent unauthorised access from hackers or even nosy staff?
Interestingly, everyone’s taxation and income information is stored online (accessible via MyGov in the same manner as My Health Record) and no-one has made even a murmur about that. For the as-yet undecided, The Conversation has published an article making the case for opting in to My Health Record and another making the case for opting out.
Whatever failings the Commonwealth Government may have in relation to IT, you can bet your bottom dollar that a lot more investment and consideration has been put into the security of the system than what exists in many local doctors’ surgeries. You may also take some comfort from knowing that the database is protected by Australian privacy legislation and is owned by the government who will store it in Australia, rather than it being managed by a multinational corporate somewhere overseas, legally out of reach and possibly up for sale.
The other clear theoretical advantage of My Health Record is that it will bring and end to the pointless envelopes that need to be ferried by patients between medical specialists, hospitals and doctors. Likewise, patients wont need to worry about what happens to those completely insecure faxes (yes, faxes) that doctors still use to transmit medical information between themselves. Finally, if I get sick away from home and need to see a doctor, they can quickly review my medical history and provide me with a better standard of healthcare based on all the evidence and information that they have at hand.
There are no guarantees in this life. I honestly don’t know whether my medical data will be safer in My Heath Record or my GP’s system (whatever it may be) but for what it’s worth I think these points should be considered before hastily requesting an opt-out.
Good decision-making does not occur when hysteria takes hold.