News

While the government has made changes to My Health Record requirements, many experts argue that a risk to personal privacy remains. By Ben Grubb.

My Health and privacy

Dr Robert Walker outside Hobart’s Rosny College.
Credit: Samuel Shelley

For a decade now, Dr Robert Walker has provided confidential health care to students. Two days each week, the Tasmanian GP or one of his colleagues at the Lindisfarne Clinic on the eastern shore of Hobart’s Derwent River packs up the equipment and travels to Rosny College.

“It’s the best day of the week for me,” Walker tells The Saturday Paper.

Rosny is a senior secondary college with about 1100 students in Year 11 and Year 12. Walker’s team has conducted thousands of consultations at the school in that time, covering a wide range of youth health issues.

“We get there, and kids roll in and it is sort of low-level chaos but that’s what it is,” he says. “It’s all free, it’s bulk-billed. Yes, the college do support us by making a grant available from their health and welfare budget but we don’t make any money from it. It just breaks even – at best – because the doctors have to cover their costs.”

As a result, Dr Walker says his team has managed to significantly reduce the teenage pregnancy rate, stopped the spread of sexually transmitted infections, and helped many students with mental health issues.

But all that is under threat, he says, due to the privacy and security concerns he and his teenage patients have with the federal government’s My Health Record system, under which every Australian will be given a shared digital health record unless they opt out by November 15. Already, some 900,000 Australians have made the choice to opt out.

Specifically, Walker says he and his patients are worried about parents being able to gain access to the records. He’s also worried about mistakes that might occur, leading to potentially embarrassing or dangerous situations where health information is uploaded when it shouldn’t be.

“The worst thing that worries us as GPs is that the kids become suspicious about My Health Record and worry about where their information is going,” says Walker. “We don’t want them to lose faith in the clinic, but that’s a real possibility.”

By default, My Health Record works on the basis of “standing consent”, meaning if you haven’t opted out, it is assumed consent is given to all health records being uploaded unless a request is made on each occasion for them not to be. And while health-care workers, including GPs, chemists and pathology labs, are encouraged to inform patients before uploading each record – be it of blood test results, prescriptions, or discharge records – they are not legally required to do so.

“When the kids come in, I say to them that whatever goes on in here stays in these four walls,” says Walker. “Mum doesn’t know about it and it’s not going on your record anywhere. And they have been very happy with that and we have had a very good rate of confidentiality.”

But with the introduction of My Health Record, Walker says it will become extremely difficult for him to guarantee confidentiality to his patients, especially when it’s outside his control and instead with other areas of the health-care system that might not be as cautious as he is.

Unless the opt-out date is further extended while concerns remain, Walker says he will have no choice but to close his clinic indefinitely in order to protect patient confidentiality.

Walker is among a growing number of GPs, mental health organisations, unions, privacy advocates, domestic violence protection groups and former bureaucrats in the health sector who are continuing to raise concerns about My Health Record despite the changes Health Minister Greg Hunt has made, which have already passed the federal lower house and are now before the Senate.

While those changes go some way towards plugging privacy gaps in the system, many experts argue major concerns remain.

Under the changes implemented by Hunt the three-month opt-out period was extended by an extra month taking the end date from October 15 to November 15; people became able to permanently delete their record – previously it was only able to be “cancelled” and hidden from health-care professionals – and law-enforcement agencies are now required to get a warrant in order to gain access to the records. Before the changes, warrants weren’t required under the legislation.

A Senate inquiry put forward by Labor to examine the digital record has been under way since August and is due to publish its report and any potential recommendations by October 12.

“The government’s proposed changes to the My Health Record legislation are woefully inadequate,” Opposition health spokeswoman Catherine King told The Saturday Paper. “The inquiry has revealed a range of serious concerns that are not addressed by the government’s [changes] – most alarmingly, about the privacy of workers, teenagers, and women fleeing domestic violence.

“The government must listen to the evidence from the inquiry and fix the My Health Record system. In the meantime, the government must heed Labor’s call to suspend the opt-out rollout until all remaining concerns are addressed and public confidence in this important reform is restored.”

In one of the more than 100 submissions the inquiry received, a person who claims to have previously held roles at the Department of Health lashed out, saying the agency behind My Health Record has “grossly overstated the benefits to individuals … which is primarily a glorified Dropbox”.

“In short, the [My Health Record] system was launched prematurely and as a beta release masquerading as [a] fully functional and reliable system,” they claimed, before criticising the fact that, by default, “the system applies no restrictions on access and use on anyone’s records by any authorised user (which is highly inappropriate), reflecting its opt-in past”.

Anna Johnston, a former New South Wales deputy privacy commissioner who is now director of privacy consultancy Salinger Privacy, says her main remaining concern with the health file “is and remains the potential misuse by authorised users” – such as doctors, medical technicians and nurses – of which there will be up to about 900,000.

“One of my concerns is the agency behind My Health Record and the health minister’s response to [unauthorised access] is to make statements that I think are potentially misleading to patients about the level of risk,” she says. “They talk about only the people involved in your care being allowed to access your record. And my understanding is, that is a statement of the law; it’s not a statement of what is technically possible.

“I think that it’s really disingenuous to downplay privacy risks and privacy concerns in a way that is quite the opposite of being transparent and letting people make properly informed decisions.”

To back up her claim, Johnston points to reports in 2016 of five health-care staff in South Australia being sacked for snooping on patient records without authorisation.

Government documents concerning My Health Record state “you do not need the consent of an individual to view their record, and you can access an individual’s record outside of a consultation, provided that access is for the purpose of providing health care to the individual”.

Johnston says the details required to gain access are far too low.

According to a health-care software industry insider, the minimum amount of information required to gain access to a My Health Record on an authorised system is someone’s first initial, surname, gender, date of birth and the first nine digits of their Medicare card number. This means that for many people – beyond the law – their Medicare number is the only real “secret” preventing snooping.

There is in fact another system, called Health Professional Online Services, which enables health-care professionals to do a reverse look-up of any Australians’ Medicare number, thereby thwarting any supposed security protection the card might have afforded patients.

Speaking at the Senate inquiry, former Australian Medical Association president Dr Kerryn Phelps, now an independent candidate in the Wentworth byelection, warned that the only acceptable thing to do now was “a full review of the legislation and all of its possible implications”. “Not only has information about who has access to personal records been deliberately concealed, but doctors and the public could rightly feel that they have been misled,” she said.

Responding to The Saturday Paper about Dr Walker’s concerns, Health Minister Hunt said that “a person 14 years old or over can, at any time, take control of their own record and remove an authorised representative. Children under 14 are able to take control of their own record by establishing that they are a mature minor. This is in line with Medicare policy that allows a young adult to get their own Medicare card if they choose.

“The government continues to listen to any other concerns raised by stakeholders, particularly around domestic violence … We’ll respond to public suggestions, we’ll consider them very carefully and ultimately, this will – as the head of the AMA has said – save lives and it will help protect lives.”

This article was first published in the print edition of The Saturday Paper on Oct 6, 2018 as "Private defective". Subscribe here.

Ben Grubb
is a freelance journalist and former technology editor of The Sydney Morning Herald.