Government announces the opt out window of 16 July – 15 October 2-18 and the guide to the secondary use of My Health Record system data
May 14, 2018 |
The My Health Record program, providing a summary of one’s personal health information which can be shared with health providers, has not been a public policy success story. The pick up rate has been poor, with about 20% covered but according to the article in last year’s Conversation Why aren’t more people using the My Health Record? it has only been used by a small percentage of consumers and not even to its intended capacity. It is not popular with the likely users of the system, general practitioners and hospitals who regard it as not fit for purpose. The privacy concerns regarding the My Health Records system have been long standing with articles highlighting the problems in 2015. There is considerable distrust of the system and its vulnerability to data breaches. particularly given its poor track record with 94 My Health Record related breaches since 2015 – 16.
Notwithstanding all of those difficulties he Government has decided to set an opt out period from 16 July to 15 October 2018. In addition the Government has released the Framework to guide the secondary use of My Health Record system data.
Today’s Zdnet article on the Opt out is probably the best summary and provides:
Australians will have from July 16 to October 15, 2018, to opt out of having an electronic health record.
Those choosing not to have a My Health Record can opt out at the My Health Record website or by calling 1800 723 471. So far, 5.7 million people are in the system.
“The protection of patient information is critical, and the My Health Record system has strong safeguards in place to protect the health data. It is also subject to some of the strongest legislation in the world to prevent unauthorised use,” the Australian Digital Health Agency said in a blog post.
“Australians can cancel their My Health Record at any time after the end of the opt-out period — or create one, if they opted out.”
Among the benefits touted by Minister for Health Greg Hunt for having an electronic record were “reduced duplication of tests, better coordination of care for people with chronic and complex conditions, and better informed treatment decisions”.
On Friday, the government published guidelines on the third-party use of data generated by My Health Record.
Direct access to or release of My Health Record data is only to the Australian entity, the guidelines state, and data released for secondary use is to be stored in a facility within Australia.
The framework restricts access to de-identified data, noting that it cannot be used solely for commercial and non-health-related purposes.
Where a health record has been cancelled, the data also becomes unavailable for secondary use.
With health the highest breached sector in Australia since the country’s Notifiable Data Breaches (NDB) scheme came into effect earlier this year, the framework has included a contractual requirement that the entity using the My Health Record data report any data breaches or data loss to the Office of the Australian Information Commissioner, including advice on remedial actions to be taken under the NDB scheme.
Earlier on Monday, it was revealed by Family Planning NSW that the personal information of thousands of customers may have been compromised in a ransomware attack.
The organisation provides advice on contraception, pregnancy, and sexual health, and it is believed the databases breached contained information on around 8,000 clients who had contacted Family Planning NSW to make an appointment or leave feedback through its website.
Those potentially caught up in the breach would have accessed the organisation’s online services in the past two and a half years.
A review commissioned by former Health Minister Peter Dutton in 2013 recommended that the system that would become My Health Record be made opt-out, so that unless patients objected to it, their health records would be added into the system.
In 2016, then Victorian Commissioner for Privacy and Data Protection David Watts said the change was a “fundamental breach of trust”.
“I actually designed the regulatory system for e-health in Australia, and I swore black and blue … that we would never be an opt-out system, and always be an opt-in. And of course it’s now an opt-out system in order to drive take-up of e-health, because AU$4 billion had been spent on it and very few people had registered,” Watts said at the time.
“It says something about trust across government that those sorts of principles would be thrown away simply because a system’s not been used as much as it should be.”
The Australian government’s My Health Record data use guidelines require the data governance board to make case-by-case decisions on how the data can be used.