As a doctor, here’s why My Health Record worries me
A SUCCESSION of Australian governments has been trying to develop a centralised digital health record system for years.
The My Health Records Act commenced back in 2012 and since then 6 million Australians have signed up, but now, unless you decide to opt out within three months, you will automatically have a My Health Record generated.
I have been cautiously enthusiastic about the potential of a centralised health record particularly for older people with complex chronic health conditions and multiple medications because of its potential to reduce confusion and improve communication between health practitioners.
The concerns raised caused me to go back to the legislation to see what the fuss was about. It left me worried.
Then a couple of days ago Bill Bowtell called me from Amsterdam, where he is attending the 22nd International AIDS Conference, to let me know how worried he and other international public health experts are about the legislation governing the My Health Record.
He was an architect of Australia's world-leading response to HIV and AIDS when he was senior adviser to Health Minister Neal Blewett in the 1980s. Between 1994 and 1996 Bill was senior political adviser to Prime Minister Paul Keating. When Bill is worried, I pay attention.
"I was involved in the precursor to the My Health Record and I recall that you came along to meetings to offer advice and views," Bowtell told me.
"At that time, it was strongly held that such a change could only be brought about on the basis of absolute trust as between clinicians and patients, and that centralised records could only be accessed by health professionals … and that no other external agencies could access the system for any reason. Somewhere along the way, however, the police and other agencies including the ATO have decided that they must have warrantless access to this treasure trove of data.
"These provisions break the bond between clinician and patient. The idea that police and security agencies, and the ATO and other agencies could trawl these databases at will is abhorrent. To its great shame, the Parliament passed these provisions."
Could this be true? In the original legislation, Section 70 of the Act, there it is:
"The System Operator is authorised to use or disclose health information included in a healthcare recipient's My Health Record if the System Operator reasonably believes that the use or disclosure is reasonably necessary for one or more of the following things done by, or on behalf of, an enforcement body:
(a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
(b) the enforcement of laws relating to the confiscation of the proceeds of crime;
(c) the protection of the public revenue;
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal."
Excuse me? What could "protection of public revenue" possibly have to do with enhancing the healthcare of an individual, or protecting public health? Rhetorical question I know, but to avoid any confusion, the answer is: nothing.
Any court or tribunal? That could mean domestic violence cases, family court, employment disputes. What could that possibly have to do with the rights of the individual whose health record is to be disclosed without a warrant or court order? Again … nothing.
Tim Kelsey, Chief Executive of the Australian Digital Health Agency says that while the legislation allows for warrantless disclosure of health information, the operating policy of the "System Operator" (i.e. the Australian Digital Health Agency) is to require a court order for the release of information. In a statement, he said: "No documents have been released in the last six years and none will be released in the future without a court order/coronial or similar order. Additionally, no other Government agencies have direct access to the My Health Record system, other than the system operator."
The problem is that a policy is not law, and can be changed at any time with the stroke of a keyboard. Can we really trust a future "System Operator" not to change its policy of requiring a court order for disclosure if the legislation allows for it?
While there are many people whose healthcare could be enhanced by having this type of record, it is essential that we look at some of the potential adverse effects on healthcare.
The impact on women who have terminations could be profound. Abortion is still illegal in Queensland, and the other states are all over the shop. Can it seriously be assumed that law enforcement officers and fundamentalist politicians could be trusted with a list of women who have had illegal abortions?
The same applies to STIs, especially HIV/AIDS. As Bowtell puts it: "Had this pernicious regime applied in the 1980s when we were confronted with HIV/AIDS, no trust could have been built between clinicians and those with or at risk of HIV.
"Gay men, injecting drug users, sex workers were all law-breakers in one way or another. The data bases would have been trawled for "law breakers" and after that would have come sanction, isolation and quarantine. Having HIV or AIDS would have become a fact known to the police. In those days, we tested everyone who wanted it, and many gave false names; we did not care. We funded needle and syringe exchanges - helping to evade or break the law. It could not be done under this new set up.
"Such a system would have meant that many more thousands of young people would have been infected with HIV and dead from AIDS."
Highlighting the cyber security concerns is the breach of Singapore's government health database, which saw the information of about 1.5 million people hacked, including Prime Minister Lee Hsien Loong.
The Australian Medical Association (AMA) and the Royal Australian College of General Practitioners (RACGP) need to qualify their support for My Health Record and demand that the legislation be amended so that disclosure of personal health information be confined to healthcare practitioners with the patient's permission only, and for the patient's benefit only.
The Government needs to extend the opt-out period so that the Australian people can have more time to work out if is in their personal interest to upload their health record, or not.
Then the Government needs to revisit the whole of Section 70 of the My Health Records Act 2012 and return to the original principles, so that; centralised records only be accessed by health professionals, all access be only with the patient's permission and be visible to the patients, and no other external agencies be able access the system for any reason
It's not too late to reverse course on warrantless access to your health record. Any future success of My Health Record depends on it.
Kerryn Phelps is a doctor, and past president of the AMA.