My Health Record: the Government wants to access your data until 30 years after you die

16th July 2018

Unless you opt-out by mid-October, the Federal Government will create an online record of your health details that it can access for the rest of your life and beyond – even if you ask for it to be deleted.

The Federal Government has budgeted more than $370 million to make digital health records for all Australians by the end of the year.

But privacy advocates are warning people to opt out of the database and IT specialists say it’s impossible to completely safeguard the information.

Every Australian will soon have a My Health Record — an online summary of their health information — unless they opt out over the next three months.

From Monday, Australians will have until October 15 to tell the Government they don’t want one. Otherwise, a record will automatically be created.

The project aims to give patients and doctors access to timely medical information — test results, referral letters and organ donation information, for starters — but there are concerns about the safety of some of our most personal, sensitive data.

We asked for your questions about the project on social media, and they ranged from police access to the platform’s cybersecurity.

The ABC sat down with Tim Kelsey, the head of the Australian Digital Health Agency (ADHA) and the man in charge of the initiative, to get them answered.

The way the record works

As a patient, how can I know if my My Health Record information is being maintained by my doctor?

You can choose to opt out and have no My Health Record.

But once you have one, doctors can upload health information into it unless you ask them not to.

When you see a doctor, you can discuss adding (or not) documents such as an overview of your health, a summary of prescribed medications and referral letters.

Remember, it’s not a comprehensive picture of your health — it will only contain what you and your doctors choose to upload, and will depend on the quality of those records.

When you first access the system, you’ll be asked to decide whether you want two years of Medicare Benefits Schedule, Pharmaceutical Benefits Scheme, Australian Immunisation Register, and Australian Organ Donor Register data to be uploaded.

But if your doctor accesses your record first before you make the selection yourself, this data will be uploaded automatically — unless you’ve opted to have no record at all.

If you want, you can delete or restrict access to those documents later.

Not all Australian hospitals and health services are connected to My Health Record yet, so that’s something to check during your next visit.

When I get a prescription, how do I know whether I need to ask to make an update to my My Health Record? Does this vary by provider?

Doctors can upload information about prescribed medications, but as discussed above, it’s worth discussing this each time you see your doctor.

What happens to your My Health Record after you die?

My Health Record information will be held for 30 years after your death. If that date isn’t known, then it’s kept for 130 years after your birth.

Will any private health insurance companies have access?

Insurers shouldn’t be able to access your record — it’s reserved for people who work for a registered healthcare provider and who are authorised to provide you with care.

There are plans to use aggregated, anonymised My Health Record data for research and other purposes — this is known as “secondary use”.

“My Health Record information can be used for research and public health purposes in either a de-identified form, or in an identified form if the use is expressly consented to by the consumer,” a Department of Health spokesperson said.

Currently, users of the platform can tick a box on the web portal to opt out of secondary use.

Secondary uses must be of public benefit and cannot be “solely” commercial, and insurance agencies will not be allowed to participate.

However, “the impact of this exclusion” will be considered when the Department of Health’s framework governing secondary use of My Health Record data is reviewed, according to the framework document.

Australian organisations (and some overseas, in certain circumstances), including Australian pharmaceutical companies, will be able to apply to access My Health Record data for approved secondary purposes.

“We don’t expect any data to flow until 2020,” Mr Kelsey added.

The opt-out period

How can I opt out?

There are three key ways:

  • By visiting www.myhealthrecord.gov.au and opting out using the online portal.
  • Over the phone by calling 1800 723 471.
  • Or on paper by completing a form and returning it by mail. Forms will be available in 2,385 rural and remote Australia Post outlets, through 146 Aboriginal Community Controlled Health Organisations and in 136 prisons.

What happens to the people who end up with a My Health Record, and then decide to opt out?

If you don’t opt out between July 16 and October 15, then a record will be automatically created for you.

After October 15, there will be a “one-month reconciliation period” before new My Health Records are registered. These new records will be created mid-November.

You can then cancel that record, but the data it contained will still exist (although inaccessible to you or health providers) until 30 years after your death.

Is a record automatically generated if a doctor uploads a document during the opt-out period, even if you did not create one yourself?

According to the ADHA, doctors can’t upload any clinical documents to the My Health Record system unless the patient record exists.

What about children who aren’t born yet — can they opt out?

After the opt-out period, newly eligible healthcare recipients, such as immigrants to Australia and parents of newborn children, will be given the chance to elect not to have a My Health Record as part of their Medicare registration.

Protection of your data

Which service provider will manage the infrastructure to ensure it isn’t vulnerable to a cyber-attack?

The platform was built by the technology provider Accenture, however the ADHA is starting discussions about “re-platforming” it.

Independent third parties audit the system’s security and undertake penetration testing, according to Mr Kelsey, but security experts warn that it’s impossible to make any online database entirely bullet proof.

Remember too, that documents created or downloaded by your doctors may be stored in their local IT system too and depend on that system’s security.

If a doctor downloads files from My Health Record, what’s to stop her from sharing those files within the practice?

By default, your online documents will be accessible to your healthcare providers.

If you have privacy concerns, you can log onto My Health Record and restrict who sees it:

  • You can set a Record Access Code and give it only to healthcare professionals you want to access your record.
  • If you want to restrict certain documents, you can set a Limited Document Access Code.

These controls may be overridden in an emergency.

As mentioned above, if a document is removed from the My Health Record system, it’s beyond the reach of your access controls.

If a GP were to allow another staff member to access a record, what is the potential punishment?

If someone accesses your My Health Record without legal authorisation and the person “knows or is reckless to that fact”, criminal and civil penalties may apply.

Where can users see information about who has accessed their record?

My Health Record users will be able to see who has looked at their record by checking its access history online.

They’ll be able to see when it was accessed, which organisation accessed it and what was done — documents being added, modified or removed, for example — but not the individual doctor who accessed it.

You can also set up an email or SMS alert for when a healthcare organisation accesses your record for the first time.

The privacy commissioner recommends checking regularly for unexpected or unauthorised access. You can call the ADHA on 1800 723 471 if you think something’s gone wrong.

Several apps can connect to My Health Record. How will the ADHA ensure they are secure?

Apps such as Healthi and Health Engine, which recently ran into trouble, are authorised by the ADHA to “show” people their health record.

According to Mr Kelsey, third party app developers can only display your My Health Record — “at the moment, it’s view-only” — and cannot store that data.

OPT OUT HERE: 1800 723 471.  https://optout.myhealthrecord.gov.au/pext/optoutextweb/views/getStarted.xhtml

 

source/read more: http://www.abc.net.au/radio/programs/am/my-health-record-data-access-for-30-years-after-death/9989172

and

http://www.abc.net.au/news/science/2018-07-15/my-health-record-questions-answers-security-privacy-police/9959622

 

Leave a Reply

Your email address will not be published. Required fields are marked *

SPAM/MORON CHECK: * Time limit is exhausted. Please reload CAPTCHA.