The Australian Government’s My Health Record (MHR) initiative has sparked a wide ranging debate about individual privacy and data security issues across the nation. At GWI we have watched the debate with great interest as Australians have put forward their views on whether to opt-in or opt-out.
Why should I be worried?
Online users have become more aware over time about the concept of “Big Data”, with Governments and private companies holding directly and indirectly collected personal data on everyone they come into contact with. With this in mind, Australians are understandably concerned about the implications of having their health data stored in an internet accessible database with the potential to be hacked or accessed by those who shouldn’t have contact with the information.
The Government has been feeling the heat over these privacy and security concerns, having to defend the opt-out system used to sign people up. Fears are being raised around the ability of community members who aren’t tech savvy or have language issues accessing MHR to opt-out.
With such a large repository of health data in one place, those concerned about privacy have raised the possibility of de-identified data being used for research without the consent of those whose data is included. This data may be seen by some in the community as highly private and would not consent to such use if given the option.
Who can access my records?
In response to these concerns, the Australian Digital Health Agency has expressed that their policy is to only release data under a court order or warrant, in much the same way as is already the case with current health records held by practitioners. MHR legislation will be amended to ensure that this is the case, making it harder for agencies and police to gain access to the contents of an electronic health record.
Tracking of those accessing health records has been highlighted as an already existing issue due to the number of people and health organisations who will have access to the records when the system goes live. Under current MHR processes, only the name of the institution accessing the information will be logged, not the accessing individual. This might be seen as a barrier to hide behind for those with malicious intent.
The Government has stated that MHR legislation would also be amended to allow for those with serious concerns to permanently remove their health data from the record, where currently an e-health record isn’t deleted from the system and only archived for easy reinstatement at a later point if the individual changes their mind.
The Chief Executive of the ADHA, Tim Kelsey, has addressed cybersecurity concerns by assuring the public that a cybersecurity centre would be established to monitor MHR. This is in response to critics who are concerned about a 2018 OAIC report highlighting that the sector with the largest number of record breaches were private health providers, the main causes being human error and malicious or criminal attacks.
What do doctors think?
A surprising statistic from a survey of 471 doctors found that 8 out of 10 plan to opt out of MHR citing mistrust for the system being useful or up to date. This poses an issue for MHR that if the health professionals, whose responsibility it will be to enter data, don’t have confidence in the system, how can it succeed?
However, the President of the AMA has outlined his support for pursuing the MHR. He argues that issues and concerns of practitioners and patients must be addressed as “the clinical benefits are far too important” for the system to be undone by them.
What does this mean for clinical notes?
While the MHR is by no means a replacement for clinical notes, medical practitioners who can access the information will be provided with information at the time of medical crisis to inform their decisions. Occurrences of negative drug interactions could be reduced and information on medical and medication history can be used to inform the practitioner to get the best outcomes possible.
Drug incompatibility and negative reactions result in 230,000 hospital admissions costing more than $1.2 billion annually in Australia due to medicine misadventure. However, if this is not updated with new information or contains incorrect information due to input by individuals, this may result in mistakes that are outside the practitioner’s control.
What about vulnerable members of society?
Debate also continues over whether some of the most vulnerable members of the community such as children and people with physical and mental disabilities should be included. Those concerned raise the question of potential damage caused if they are signed up without the ability to give consent and the data is misused. On the other hand, these may be the groups who stand the most to gain from a system of information sharing with a focus on increasing medical outcomes.
Within GWI we have been monitoring differing views on MHR with some seeing major benefits in the service and others disliking the risk that it potentially poses. Ultimately, the decision to opt-in or opt-out is in the hands of the individual, and it will be interesting to watch the future of the system to see how useful it will be once it fully goes live later this year.