Inside Story

Staying in or opting out?

How My Health Record went viral for all the wrong reasons

Ruth Armstrong 24 July 2018 2515 words

Trust us: health minister Greg Hunt campaigning in the federal seat of Mayo on the day after concerns about My Health Record went viral. Kelly Barnes/AAP Image

After years of relative obscurity and sluggish engagement, Australia’s attempt to introduce individual digital health records via My Health Record was all anyone could talk about last week.

It started on Monday, when #MyHealthRecord trended all day on Twitter and was still sitting at number two the next morning. It was there for all the wrong reasons, from the point of view of the Australian Digital Health Agency and advocates of the new system. The source of the controversy was the decision, flagged in last year’s federal budget, to shift My Health Record from an opt-in to an opt-out system.

Australians have until 15 October to go through the opting-out process if they don’t want a My Health Record created for themselves or dependent children, and last Monday was day one of the opt-out period. It didn’t go smoothly, with much of the commentary on Twitter citing privacy and security concerns about the use, and possible misuse, of health data.

After the online opt-out process and associated call centre were reportedly overwhelmed by the volume of traffic and several prominent commentators went public with their concerns in the Fairfax press, health minister Greg Hunt was forced to defend what the government planned to do with consumers’ health data, including the fact that it would not be shared with Centrelink.

In the Conversation, IT legal experts made the case for opting out in the morning, and health policy expert Jim Gillespie made the case for opting in in the afternoon. Hunt, and senior figures from the Australian Digital Health Agency, worked hard all day to steer the message back to the benefits of participation, including in a lengthy interview on the ABC’s RN Drive with Steve Hambleton, a doctor who is also deputy chair of the My Health Record expansion program. Hambleton sought to allay concerns and pointed to the positive experiences of the six million users already participating.

Some of the strongest supporters of My Health Record are those working in the rural health and Indigenous health sectors — with good reason. The National Rural Health Alliance has released a statement urging rural Australians to stay in, and both Mark Diamond, from the Alliance, and John Paterson from the Aboriginal Medical Services Alliance Northern Territory spoke passionately on the ABC’s RN Breakfast about the benefits for patients of accurate records that can be accessed wherever they are.

A multi-organisation communique published on Tuesday by the National Aboriginal Community Controlled Health Organisation provided a useful round-up of the strength of support for My Health Record and the decision to move to an opt-out model. It cited support from the Australian Medical Association, the Consumers Health Forum, the Royal Australian College of General Practitioners, the Pharmaceutical Society of Australia, the Pharmacy Guild, and the Australian Healthcare and Hospitals Association, among others.

In an article last month for the health policy website Croakey, Leanne Wells, the CEO of the Consumers Health Forum, had carefully examined the pros, cons, risks and challenges of My Health Record. Although the Consumers Health Forum expressed its support for a modernised digital records system with high consumer and practitioner participation, Wells’s Croakey post included a warning that would prove prescient given the rocky start to the opt-out period. She writes:

It is also important for the federal government to be acutely mindful of how fickle community trust and confidence in a system such as My Health Record can be: trust can be slow to build, but quick to erode. Communication about benefits and the assurance about safeguards have to go beyond what is required or even expected to ensure trust is not maintained, but built, as various consumer sentiment barometers tell us that trust in institutions generally is at a low ebb.

Further evidence of the complexity faced by some patients in making the decision whether to participate in My Health Record comes from Scarlet Alliance, the Australian Sex Workers Association, which has produced an information sheet that goes a long way to explaining — for all potential opters in and opters out — how My Health Record works and how all health consumers can take steps to improve their health information privacy.

Last week’s day from hell for My Health Record shows the size of the challenge of building the trust needed to realise the long-held dream of secure, readily accessible, accurate, appropriately used and empowering health records for Australians.

As the controversy swirled on Twitter, Croakey asked Dr Trent Yarwood, an infectious diseases physician and a member of digital advocacy group Future Wise, to explain his disquiet about My Health Record. Yarwood is one of the few commentators who bring both a medical and an IT perspective to the debate, and many doctors will relate to his concerns about how medical information, provided for patient care, could be used in other contexts; his observations are reproduced below.

The controversy hasn’t abated over the intervening week. It was reported that 20,000 people navigated the technical hitches and waiting times to opt out on the first day of the three-month period, but no update on numbers has been provided since, despite the ABC asking the question. Concerns about unauthorised access (by hackers) and authorised access (by non-health government bodies or third parties authorised by the Digital Health Agency) remain prominent in the debate.

Much of the commentary repeats and extends Trent Yarwood’s concerns. Participants in the debate have included heavyweights like human rights commissioner Edward Santow, who told ABC Radio’s Sabra Lane that “we can do better” in protecting human rights for digital health record users. Santow stressed the need to give people control over how their information is used, build strong protections against cyber attacks and misuse, and instil confidence that the information will be used only to improve individual users’ health (as opposed to less personally helpful secondary uses).

Former federal AMA president Kerryn Phelps weighed in with an opinion piece in the Brisbane Courier Mail. She had been involved in preliminary discussions about electronic personal health records, she said, but she believed that the legislation allowing access to agencies other than health professionals would potentially breach the “absolute trust” between clinicians and patients.

With the federal opposition maintaining its support for My Health Record while calling for a renewed communications strategy and an extension of the opt-out period, and with one Liberal MP, Tim Wilson, publicly exercising his right to opt out on the grounds that such systems should be opt-in, it doesn’t look like the controversy will end any time soon.

The Digital Health Agency has tried to reassure the public that its policy is not to share data without a “court, coronial or similar order.” It has also been reported that the Digital Health Agency recently tightened its relationships with third party app providers such as Telstra, HealthEngine, Tyde and Healthi, allowing for rapid termination for breaches that threaten the public interest.

Newly appointed AMA president Tony Bartone seemed like a voice in the wilderness as he repeated the simple message that “the electronic record can save lives” in an article published in the Sydney Morning Herald a week into what looks like being a period of ongoing controversy. The records will connect care across the country and the system, improve management for patients with invisible but serious conditions, optimise communication between GPs and hospitals, and reduce polypharmacy, duplication of services and waste. They are all good reasons to stay in, but is the crisis of trust stopping health consumers from paying attention? ●

An earlier version of this article, together with the article below, appeared last week in Croakey, where Ruth Armstrong is an editor.

Why would a doctor not be in favour of My Health Record?

Trent Yarwood, an infectious diseases physician and a member of digital advocacy group Future Wise, outlines his concerns about the scheme

The opt-out period prior to the creation of My Health Records for all Australians began on Monday 16 July. In news that surprised nobody who follows Australian government IT projects (not limited to ATO failures at tax time and the 2016 online #censusfail), both the website and the phone number for people to opt out buckled under the strain.

Despite support from doctors’ groups, including the Australian Medical Association and the National Rural Health Alliance, I am very firmly on the record as thinking it’s a bad idea.

Correcting misconceptions: My Health Record isn’t a comprehensive medical record, and nor is it a replacement for your GP’s records or your hospital file. Both of these will still exist. But My Health Record is designed to make it easier to bridge the gap between the two; your healthcare providers will be able to upload summary information that can then be accessed by other providers.

It will also, by default, include your Medicare-rebated health services history (for example, on 16 July you saw GP with provider number 1234567X for a standard consultation) and your Pharmaceutical Benefits Scheme dispensing history (on 16 July you were dispensed some amoxicillin), as well as your pathology and other investigation results.

At the hospital end, your discharge summary and clinic letters can also be uploaded to make it easier for your GP to access them. Poor hospital–primary care communication has been a frequent complaint on both sides.

Benefits: Improving communication between healthcare providers can only be a good thing, as can doing away with the archaic medical custom of transmitting information via fax machine. For patients with complex care needs, and multiple treating clinicians, it’s easy to see benefits from this sort of shared summary.

But many of the purported benefits of the My Health Record seem — to my mind, at least — to be over-egged. “It will provide critical information if you’re unable to provide a history in the event of an emergency,” is usually the first mentioned of these.

Patients who are unable to give any history are not very common in hospitals; those presenting without significant others and with zero capacity are rarer still. In many cases, if someone is completely unconscious, they may well be an Unknown Patient, and it’s a bit hard to look up a shared record for someone you can’t identify.

The second-most common benefit I hear is “it will reduce your need to repeat your history multiple times,” which is by far the least true of them all. No doctors worth their stethoscopes would omit taking a history themselves just because it’s written down. It may guide their questioning, but confirming for themselves is always a good idea — clinically and medico-legally.

In any event, different staff may emphasise different parts of the history, which often necessitates another go round. And, as any junior doctor can attest, the history often changes on the retelling.

So if the benefits seem to be less than advertised, how does this affect the risk–benefit analysis?

Risks: The first — and to my mind the most important — risk with My Health Record is that the risks themselves are very poorly understood.

The Australian Digital Health Agency notes in its digital health strategy that Australians place a high value on the privacy of their health information; “safe” and “secure” are two-thirds of its catchy tagline. But, by design, the primary reason for the existence of shared health records — sharing health information — increases the risk. Improving access to your health data increases the potential for malicious as well as beneficial access.

The biggest threat to health privacy is not the hoodied “hacker” so beloved of media IT stories, but improper access by an authorised user — such as the sale of Medicare numbers reported recently by the Guardian, for example, or when healthcare staff “snoop” on high-profile patients or spouses dig for dirt as part of an unpleasant separation.

Logged access, and sanctions for improper access, do not prevent your loss of privacy, but merely act as a deterrent; and that doesn’t help you when your private medical history is known to another. Confidentiality is a one-way door.

It is certainly true that paper charts don’t have an access log; but it is equally true that you don’t need to have a patient’s history in your hand to digitally access it improperly.

Healthcare workers — primarily GPs — are being made the gatekeepers of My Health Record; it’s their job to discuss with patients the benefits and risks of uploading data to My Health Record. But just as we would ideally like our consent for surgery to be taken by someone familiar with the risks, should we be asking our doctors how familiar they are with cybersecurity?

Healthcare workers are not known for a high degree of technical knowledge; the response from doctors to the recent HealthEngine controversy, in which patient information was shared with lawyers and others (apparently within the terms of service), suggests that there was little understanding of the privacy impact of the popular appointment booking service.

Does your GP have his or her password on a sticky-note on his or her monitor? And what about the rest of the practice software in your doctor’s surgery?

If the My Health Record data are downloaded to the practice computers, then the security measures on the primary record become irrelevant, and your privacy depends on how well your healthcare providers maintain their computers.

Dilemmas for clinicians: My greatest concern as a clinician is that the My Health Records Act includes authority for the Australian Digital Health Agency to disclose information for law enforcement purposes, including (under section 70(1)):

(a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

(b) the enforcement of laws relating to the confiscation of the proceeds of crime;

(c) the protection of the public revenue;

(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;

(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

These broad criteria give a wide range of bodies access to My Health Record data, without there necessarily being a requirement for a warrant — and unlike the primary records held by your healthcare staff, the Digital Health Agency doesn’t need to notify clinicians (or patients) that their records have been accessed.

If as a healthcare worker you are seeing a patient involved in illicit activity (for example, injecting drugs), will you upload a summary in the name of improving their shared healthcare? Or will you respect the secrets confided in you?

I know which I’ll be doing, and I don’t think a system that forces that sort of choice onto clinicians is one that has much to recommend it. ●

Trent Yarwood is an infectious diseases physician and a member of digital advocacy group Future Wise, which focuses on technology, health and education, with an emphasis on digital privacy. The opinions in this article are expressed in his personal capacity, and don’t represent the views of his employers.