My Health Record — a flawed initiative

One of the biggest IT issues ongoing at present is the Australian Government’s My Health Record project. It was designed as an opt-in service, where you would have to explicitly provide a healthcare provider with authority to create a record on your behalf. The primary benefit of the service was that a ‘single source of truth’ copy of your medical records (or a summary of them) would be available to any health provider nationally. So if you were away from home within Australia and required treatment, your records would be available to medical professionals, who would be able to learn your medical history, allergies etc, with the idea being that you would receive better and more appropriate medical care as a result.

Unfortunately, the benefits of the service were not well sold to the public, and the percentage of people who had opted-in to the service was very low — so low as to make it largely useless. (Oddly, the current My Health Record website claims that 5.9 million Australians already have a record — so the take-up is already at approximately 25% of the Australian population.)

The current federal LNP government decided to change this, and passed legislation that meant that unless people opted-out of the service within a very small window of time, they would have a record created by default, and once that record was created, there was no way to delete it except by dying (records being kept for 30 years after a recorded date of death, or 130 years from birth if a date of death was not formally established and entered into the record). 

The LNP expects that no more than about 10% (or 2.5 million people) will opt out — meaning that something like 19.1 million Australians will have a record created for them without any input into that decision.

Whilst the idea of a nationally available health record is potentially noble (although even medical practitioners have their doubts that it will be useful), there are a number of issues that privacy and IT experts have raised.

Despite claims by both the current (Greg Hunt) and former (Sussan Ley) federal health ministers that the data is safe from hacking (a claim that just by being made makes the data an even bigger target due to the apparent challenge being issued), we know that there have been several breaches of health data of late, both in Australia and abroad.

The ‘size of the prize’ when hacking a database of nearly 22.5 million (after the government’s expected ‘opt-out’ numbers) can only be assumed to be quite substantial when successful efforts have already been put into targeting much smaller databases. There is no such thing as a system which cannot be breached, and our federal government has a poor track record in running IT systems (the issues with the 2016 census are a great example of just how badly prepared our government is to run large online systems) let alone to secure them adequately.

Further, there is a substantial issue with the access methodology. Even if the core of the My Health Record service is considered secure, it would be trivial to access the data through potentially insecure authorised access locations — in 2011, for instance, there were over 40,000 GPs practising medicine in Australia.

Another major concern with the technology behind My Health Record is the difference between fundamental design concerns of opt-in and opt-out systems. It is not enough to change a system from opt-in to opt-out without a significant redesign of the underlying data structures and security methodologies employed. This has not happened, and the current opt-out nature of My Health Record is in direct contrast with the underlying design of the system itself.

The privacy concerns are also significant. There is significant government departmental access to the data, although this has been reduced of late according to the federal Health Minister… or it will be once additional legislation is passed, and will require a court order for access for non-medical treatment use — making it similar to metadata being kept on all Internet access, which we know has already been inappropriately accessed without the required approvals.

There are also concerns over who owns, and thus controls the data. Privacy experts believe that a patient’s data belongs to the patient — not to their doctor, and not to the government. Yet until recently announced (but as yet enacted) changes, a patient had no right to have their record removed, and it was possible (and still is, until the government goes and creates it for you) for a medical professional to create a record for you or your dependent children without your knowledge or approval. There’s also no record kept of who has accessed a medical record, or for what purpose.

There are also concerns about some of the partner organisations to the My Health Record system — with at least one of them having been caught providing medical record data to legal firms to enable them to chase customers for medical malpractice legal action.

As a result of these factors, it is ITPA’s position that the My Health Record system as it stands at present, is not suitable for purpose. We call upon the federal government to change the system back to an opt-in solution, and put time and effort into selling participation in the system to the Australian people, as well as making it illegal for records to be created without patient knowledge. It should also allow patients to opt-out of the solution at a later date if they so choose, having their record deleted completely if that is their request.

Until these changes are made, it is ITPA’s recommendation that members and the general public opt-out of the solution as it currently stands. Whilst the intent is noble, the execution is significantly flawed, and it is our opinion that the risks of participation outweigh the potential benefits.

You can opt out of the My Health Record system by following instructions found here.