If privacy is increasing for My Health Record data, it should apply to all medical records



File 20180920 10499 1xu9t4w.jpg?ixlib=rb 1.1
Everyone was up in arms about a lack of privacy with My Health Records, but the privacy is the same for other types of patient data.
from http://www.shutterstock.com

Megan Prictor, University of Melbourne; Bronwyn Hemsley, University of Technology Sydney; Mark Taylor, University of Melbourne, and Shaun McCarthy, University of Newcastle

In response to the public outcry against the potential for My Health Record data to be shared with police and other government agencies, Health Minister Greg Hunt recently announced moves to change the legislation.

The laws underpinning the My Health Record as well as records kept by GPs and private hospitals currently allow those records to be shared with the police, Centrelink, the Tax Office and other government departments if it’s “reasonably necessary” for a criminal investigation or to protect tax revenue.

If passed, the policy of the Digital Health Agency (which runs the My Health Record) not to release information without a court order will become law. This would mean the My Health Record has greater privacy protections in this respect than other medical records, which doesn’t make much sense.




Read more:
Opting out of My Health Records? Here’s what you get with the status quo


Changing the law to increase privacy

Under the proposed new bill, state and federal government departments and agencies would have to apply for a court order to obtain information stored in the My Health Record.

The court would need to be satisfied that sharing the information is “reasonably necessary”, and that there is no other effective way for the person requesting it to access the information. The court would also need to weigh up whether the disclosure would “unreasonably interfere” with the person’s privacy.

If granted, a court order to release the information would require the Digital Health Agency to provide information from a person’s My Health Record without the person’s consent, and even if they objected.

If a warrant is issued for a person’s health records, the police can sift through them as they look for relevant information. They could uncover personally sensitive material that is not relevant to the current proceedings. Since the My Health Record allows the collection of information across health providers, there could be an increased risk of non-relevant information being disclosed.




Read more:
Using My Health Record data for research could save lives, but we must ensure it’s ethical


But what about our other medical records?

Although we share all sorts of personal information online, we like to think of our medical records as sacrosanct. But the law underpinning My Health Record came from the wording of the Commonwealth Privacy Act 1988, which applies to all medical records held by GPs, specialists and private hospitals.

Under the Act, doctors don’t need to see a warrant before they’re allowed to share health information with enforcement agencies. The Privacy Act principles mean doctors only need a “reasonable belief” that sharing the information is “reasonably necessary” for the enforcement activity.

Although public hospital records do not fall under the Privacy Act, they are covered by state laws that have similar provisions. In Victoria, for instance, the Health Records Act 2001 permits disclosure if the record holder “reasonably believes” that the disclosure is “reasonably necessary” for a law enforcement function and it would not be a breach of confidence.

In practice, health care providers are trained on the utmost importance of protecting the patient’s privacy. Their systems of registration and accreditation mean they must follow a professional code of ethical conduct that includes observing confidentiality and privacy.

Although the law doesn’t require it, it is considered good practice for health professionals to insist on seeing a warrant before disclosing a patient’s health records.

In a 2014 case, the federal court considered whether a psychiatrist had breached the privacy of his patient. The psychiatrist had given some of his patient’s records to Queensland police in response to a warrant. The court said the existence of a warrant was evidence the doctor had acted appropriately.

In a 2015 case, it was decided a doctor had interfered with a patient’s privacy when disclosing the patient’s health information to police. In this case, there no was warrant and no formal criminal investigation.




Read more:
What could a My Health Record data breach look like?


Unfortunately, there are recent examples of medical records being shared with government departments in worrying ways. In Australia, it has been alleged the immigration department tried, for political reasons, to obtain access to the medical records of people held in immigration detention.

In the UK, thousands of patient records were shared with the Home Office to trace immigration offenders. As a result, it was feared some people would become too frightened to seek medical care for themselves and children.

We can’t change the fact different laws at state and federal level apply to our paper and electronic medical records stored in different locations. But we can try to change these laws to be consistent in protecting our privacy.

If it’s so important to change the My Health Records Act to ensure our records can only be “unlocked” by a court order, the same should apply to the Privacy Act as well as state-based laws. Doing so might help to address public concerns about privacy and the My Health Record, and further inform decisions about opting out or staying in the system.The Conversation

Megan Prictor, Research Fellow in Law, University of Melbourne; Bronwyn Hemsley, Professor of Speech Pathology, University of Technology Sydney; Mark Taylor, Associate professor, University of Melbourne, and Shaun McCarthy, Director, University of Newcastle Legal Centre, University of Newcastle

This article is republished from The Conversation under a Creative Commons license. Read the original article.

My Health Record: Deleting personal information from databases is harder than it sounds



File 20180802 136646 tt4waq.jpg?ixlib=rb 1.1
Federal Health Minister Greg Hunt has announced that the My Health Record system will be modified to allow the permanent deletion of records.
Shutterstock

Robert Merkel, Monash University

Since the period for opting out of My Health Record began on July 16, experts in health, privacy and IT have raised concerns about the security and privacy protections of the system, and the legislation governing its operation.

Now federal health minister Greg Hunt has announced two key changes to the system.

First, the legislation will be amended to explicitly require a court order for any documents to be released to a law enforcement agency. Second, the system will be modified to allow the permanent deletion of records:

In addition, the Government will also amend Labor’s 2012 legislation to ensure if someone wishes to cancel their record they will be able to do so permanently, with their record deleted from the system.

But while this sounds like a simple change, permanently and completely deleting information from IT systems is anything but straightforward.




Read more:
My Health Record: the case for opting out


Systems designed for retention, not deletion

The My Health Record database is designed for the long-term retention of important information. Most IT systems designed for this purpose are underpinned by the assumption that the risk of losing information – through a hardware fault, programming mistake, or operator error – should be extremely low.

The exact details of how My Health Record data is protected from data loss are not public. But there are several common measures that systems like it incorporate to greatly reduce the risks.

At a most basic level, “deletion” of a record stored in a database is often implemented simply by marking a record as deleted. That’s akin to deleting something on paper by drawing a thin line through it.

The software can be programmed to ignore any such deleted records, but the underlying record is still present in the database – and can be retrieved by an administrator with unfettered permissions to access the database directly.

This approach means that if an operator error or software bug results in an incorrect deletion, repairing the damage is straightforward.




Read more:
My Health Record: the case for opting in


Furthermore, even if data is actually deleted from the active database, it can still be present in backup “snapshots” that contain the complete database contents at some particular moment in time.

Some of these backups will be retained – untouched and unaltered – for extended periods, and will only be accessible to a small group of IT administrators.

Zombie records

Permanent and absolute deletion of a record in such a system will therefore be a challenge.

If a user requests deletion, removing their record from the active database will be relatively straightforward (although even this has some complications), but removing them from the backups is not.

If the backups are left unaltered, we might wonder in what circumstances the information in those backups would be made accessible.

If, by contrast, the archival backups are actively and irrevocably modified to permit deletion, those archival backups are at high risk of other modifications that remove or modify wanted data. This would defeat the purpose of having trusted archival backups.

Backups and the GDPR’s ‘right to be forgotten’

The problem of deleting personal information and archival backups has been raised in the context of the European Union’s General Data Protection Regulation (GDPR). This new EU-wide law greatly strengthens privacy protections surrounding use of personal information in member states.

The “right to erasure” or “right to be forgotten” – Article 17 of the GDPR – states that organisations storing the personal information of EU citizens “shall have the obligation to erase personal data without undue delay” in certain circumstances.

How this obligation will be met in the context of standard data backup practices is an interesting question, to say the least. While the legal aspects of this question are beyond my expertise, from a technical perspective, there is no easy general-purpose solution for the prompt deletion of individual records from archived data.

In an essay posted to their corporate website, data backup company Acronis proposes that companies should be transparent about what will happen to the backups of customers who request that records be deleted:

[while] primary instances of their data in production systems will be erased with all due speed … their personal data may reside in backup archives that must be retained for a longer period of time – either because it is impractical to isolate individual personal data within the archive, or because the controller is required to retain data longer for contractual, legal or compliance reasons.

Who might access those backups?

Data stored on archival backups, competently administered, will not be available to health professionals. Nor will they be available to run-of-the-mill hackers who might steal a practitioner’s credentials to gain illicit access to My Health Record.

But it’s not at all clear whether law enforcement bodies, or anyone else, could potentially access a deleted record if they are granted access to archival backups by the system operator.

Under amended legislation, such access would undoubtedly require a court order. Nevertheless, were it to be permitted, access to a deleted record under these circumstances would be contrary to the general expectation that when a record is deleted, it is promptly, completely and irrevocably deleted, with no prospect of retrieval.




Read more:
Opting out of My Health Records? Here’s what you get with the status quo


Time required to work through the details

In my view, more information on the deletion process, and any legislative provisions surrounding deleted records, needs to be made public. This will allow individuals to make an informed choice on whether they are comfortable with the amended security and privacy provisions.

Getting this right will take time and extensive expert and public consultation. It is very difficult to imagine how this could take place within the opt-out period, even taking into account the one-month extension just announced by the minister.

The ConversationGiven that, it would be prudent to pause the roll-out of My Health Record for a considerably longer period. This would permit the government to properly address the issues of record deletion, as well as the numerous other privacy and security concerns raised about the system.

Robert Merkel, Lecturer in Software Engineering, Monash University

This article was originally published on The Conversation. Read the original article.

What could a My Health Record data breach look like?



File 20180723 189308 dv0gue.jpg?ixlib=rb 1.1
Health information is an attractive target for offenders.
Tammy54/Shutterstock

Cassandra Cross, Queensland University of Technology

Last week marked the start of a three-month period in which Australians can opt out of the My Health Record scheme before having an automatically generated electronic health record.

Some Australians have already opted out of the program, including Liberal MP Tim Wilson and former Queensland LNP premier Campbell Newman, who argue it should be an opt-in scheme.

But much of the concern about My Health Records centres around privacy. So what is driving these concerns, and what might a My Health Records data breach look like?

Data breaches

Data breaches exposing individuals’ private information are becoming increasingly common and can include demographic details (name, address, birthdate), financial information (credit card details, pin numbers) and other details such as email addresses, usernames and passwords.

Health information is also an attractive target for offenders. They can use this to perpetrate a wide variety of offences, including identity fraud, identity theft, blackmail and extortion.




Read more:
Another day, another data breach – what to do when it happens to you


Last week hackers stole the health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong, who may have been targeted for sensitive medical information.

Meanwhile in Canada, hackers reportedly stole the medical histories of 80,000 patients from a care home and held them to ransom.

Australia is not immune. Last year Australians’ Medicare details were advertised for sale on the dark net by a vendor who had sold the records of at least 75 people.

Earlier this year, Family Planning NSW experienced a breach of its booking system, which exposed client data of those who had contacted the organisation within the past two and a half years.

Further, in the first report since the introduction of mandatory data breach reporting, the Privacy Commissioner revealed that of the 63 notifications received in the first quarter, 15 were from health service providers. This makes health the leading industry for reported breaches.

Human error

It’s important to note that not all data breaches are perpetrated from the outside or are malicious in nature. Human error and negligence also pose a threat to personal information.

The federal Department of Health, for instance, published a supposedly “de-identified” data set relating to details from the Medicare Benefits Scheme and the Pharmaceutical Benefits Scheme of 2.5 million Australians. This was done for research purposes.

But researchers were able to re-identify the details of individuals using publicly available information. In a resulting investigation, the Privacy Commissioner concluded that the Privacy Act had been breached three times.

The latest data breach investigation from US telecommunications company Verizon notes that health care is the only sector where the threat from inside is greater than from the outside. Human error contributes largely to this.

There are promises of strong security surrounding My Health Records but, in reality, it’s a matter of when, not if, a data breach of some sort occurs.

Human error is one of the biggest threats.
Shutterstock

Privacy controls

My Health Record allows users to set the level of access they’re comfortable with across their record. This can target specific health-care providers or relate to specific documents.

But the onus of this rests heavily on the individual. This requires a high level of computer and health literacy that many Australians don’t have. The privacy control process is therefore likely to be overwhelming and ineffective for many people.




Read more:
My Health Record: the case for opting out


With the default option set to “general access”, any organisation involved in the person’s care can access the information.

Regardless of privacy controls, other agencies can also access information. Section 70 of the My Health Records Act 2012 states that details can be disclosed to law enforcement for a variety of reasons including:

(a) the prevention, detection, investigation, prosecution or punishment of criminal offences.

While no applications have been received to date, it is reasonable to expect this may occur in the future.

There are also concerns about sharing data with health insurance agencies and other third parties. While not currently authorised, there is intense interest from companies that can see the value in this health data.

Further, My Health Record data can be used for research, policy and planning. Individuals must opt out of this separately, through the privacy settings, if they don’t want their data to be part of this.

What should you do?

Health data is some of the most personal and sensitive information we have and includes details about illnesses, medications, tests, procedures and diagnoses. It may contain information about our HIV status, mental health profile, sexual activity and drug use.

These areas can attract a lot of stigma so keeping this information private is paramount. Disclosure may not just impact the person’s health and well-being, it may also affect their relationships, their employment and other facets of their life.

Importantly, these details can’t be reset or reissued. Unlike passwords and credit card details, they are static. Once exposed, it’s impossible to “unsee” or “unknow” what has been compromised.

Everyone should make their own informed decision about whether to stay in My Health Record or opt out. Ultimately, it’s up to individuals to decide what level of risk they’re comfortable with, and the value of their own health information, and proceed on that basis.


The Conversation


Read more:
My Health Record: the case for opting in


Cassandra Cross, Senior Lecturer in Criminology, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

Opting out of My Health Records? Here’s what you get with the status quo



File 20180726 106502 hcs2z6.jpg?ixlib=rb 1.1
Most hospitals have a mix of paper and digital records.
Shutterstock

Peter Bragge, Monash University and Chris Bain, Monash University

Australians have just under three months to decide whether they want a My Health Record, which would allow the various health professionals who look after them to access and share their health information. From October 15, those who haven’t opted in or out will have a record automatically generated.

In emergency situations, access to information from My Health Records about allergies, medicines and health conditions can save lives. Day to day, it will provide benefits such as reminding us when we last had a tetanus shot, or allowing a back-up GP to access the results of a recent blood test so we don’t need another.

Efficiencies generated by My Health Records, including reduced duplication of tests, are projected to save more than A$300 million over three years.

Most arguments for opting out revolve around the security of health data in centralised record systems. But if you’re opting out of My Health Records, you’re opting in to “business as usual”. So it’s important to know what the current system looks like.




Read more:
What could a My Health Record data breach look like?


As you read this, reams of medical data are being sent between health professionals in the mail, through conversations (on the phone or in person), and in small pockets of secure messaging. This includes emails, text messages and faxes.

In 2016, the Royal Australian College of General Practitioners recommended ceasing the use of fax machines within three years, noting that slow communication between health providers could result in significant medical errors.

Tragically, ten months earlier, Victorian man Mettaloka Halwala died after his cancer test results showing signs of potentially fatal lung toxicity were faxed to the wrong number.

This underlines the limitations of paper records as a method of storing and communicating medical information. There are numerous examples of paper medical files being found in bins and inadequately disposed of, including examples of records being found by complete strangers.

This is in part a function of their enormous physical volume. To give you an idea of the scale, in 2016, the Royal Adelaide Hospital faced the challenge of moving an estimated 400,000 paper records from the previous two years alone to a new site.




Read more:
My Health Record: the case for opting in


Health services and systems have long known the limitations of paper records – which is why you already have several electronic medical records.

When you visit your GP, your consultation data will typically be stored electronically in a GP computer practice system such as Medical Director.

Any prescriptions will be stored on another computer system at your local pharmacy. Data on all dispensing transactions is also sent to higher-level government repositories.

If you are unwell enough to need a visit to hospital, more of your health data will be stored in another separate hospital system. This system may be mainly paper, fully electronic, or somewhere in the middle, which is the situation for most hospitals across most of Australia. Only three Australian hospitals have highly automated medical records.

In hybrid paper-electronic systems, paper documents may be scanned into your electronic record – creating two copies of the same information and thus doubling the opportunity for data breaches.

Many people would assume that these software systems are in some way compatible. They’re not. There isn’t even one software platform for each of these parts of the health-care system; there are multiple platforms available to GPs, pathology labs, hospitals and other practices.

Your My Health Record will contain summaries and subsets of all these types of data that are critical to your health care – if you maintain the general setting – as well as more detailed sources of the electronic data that already exists today in multiple locations.




Read more:
My Health Record: the case for opting out


Australians are understandably concerned about hackers breaching the government’s aggregated data system. But there is comparatively little concern about their local GP clinic, pharmacy, imaging centre or hospital being hacked. Yet these systems have far less financial investment, no overarching governance authority and, at times, limited IT support.

True, each of these systems contains only a piece of your medical history. This means that if any one of them were to be hacked, you wouldn’t have all of your medical information accessed. But any argument about vulnerabilities in My Health Record data security can be more convincingly made for the present system.

The ConversationIt’s important to have all the facts about the status quo of health records, and what might be lost or gained through My Health Record, before deciding whether to opt in our out. If the considerable investment in My Health Record comes to nothing, the opportunity to address the limitations of the current system will have been lost.

Peter Bragge, Associate Professor, Healthcare Quality Improvement (QI) at Behaviour Works, Monash University and Chris Bain, Professor of Practice in Digital Health, Monash University

This article was originally published on The Conversation. Read the original article.

My Health Record: the case for opting out


File 20180713 27024 ewu7nq.jpg?ixlib=rb 1.1
The opt-out period for My Health Record runs from July 16 until October 15.
Shutterstock

Katharine Kemp, UNSW; Bruce Baer Arnold, University of Canberra, and David Vaile, UNSW

The My Health Record (MHR) opt-out period begins today and you have until October 15 to decide whether or not to be part of the scheme. You can read the case for opting in to My Health Record here.


Unless you take action to remove yourself from the My Health Record (MHR) system, the federal government will make a digital copy of your medical record, store it centrally, and, as the default, provide numerous people with access to it.

If you don’t opt out during this period and later choose to cancel your record, you will no longer be able to access that record but the government will continue to store it until 30 years after your death. You will need to trust that it will not be breached.

There are three main problems with the MHR scheme.




Read more:
The latest health data breach is one reason why I’ll be opting out of MyHealthRecord


1. It can’t be relied upon as a clinical record

Contrary to what many Australians may believe, MHR is not a clinically-reliable medical record, and was not designed to be. It is not up-to-date and comprehensive. As the Office of the Australian Information Commissioner (OAIC) points out:

The My Health Record system contains an online summary of a patient’s key health information; not a complete record of their clinical history.

If, for example, a doctor were treating a child in an emergency, the doctor could not rely on an MHR to know what medications the child has been prescribed up to that date. In an emergency, an unreliable record is a distraction, not a help.

Many doctors have in fact objected to the incompleteness and lack of utility of the MHR. A recent poll on the AMA’s doctors portal suggests 76% of respondents think the MHR will not improve patient outcomes while 12% think it will.

Notwithstanding this fundamental deficiency, the government is pushing ahead with an inherently risky scheme.

2. It creates a security risk

If you read the very long (7,800 words) privacy policy for MHR, you’ll see that the Australian Digital Health Agency (ADHA) itself states there are risks from the online transmission and storage of our personal information in this system.

Health data is prized by hackers

We have witnessed a stream of health data breaches in Australia and overseas, and the incentives for these breaches are only increasing.

Storing records digitally with online access greatly increases their accessibility for criminals, hackers and snoopers. Health records are valuable as a means of identity theft due to the wealth of personal information they contain. They are a huge prize for hackers, fetching a high price on the Dark Web.




Read more:
After the Medicare breach, we should be cautious about moving our health records online


You won’t know who has seen it

It won’t just be your doctor who has access to this centralised digital record of your personal health information. The default position is that numerous people will have access – doctors, pharmacists, physiotherapists, nurses, and unidentified staff of various organisations.

MHR’s access-logging system does not track which individuals are accessing records, only institutions, which means you won’t be able to tell who has seen it. Even without a technical hack, that will make it almost impossible to keep your information secure in this system.

De-identification is risky

The government is also planning to allow access to your health information for research purposes by “de-identifying” your information. That means the data should not be able to be linked to a particular individual.

But the national government has a bad record for successfully de-identifying health information.

In 2016, the government released a data set that included information on a large number of patients spanning 30 years. It was meant to be de-identified.

IT researchers at Melbourne University quickly demonstrated it could be re-identified and linked to the individuals concerned. Such re-identification risk will only grow, as data sets proliferate and tools get smarter.

Third-party access jeopardises security

MHR also permits external health apps to access your records. According to the legislation, this should only be done with your consent.

Unfortunately, and predictably, health apps are already securing “consent” through obscure, standard form contracts so you might not be aware the app owner could sell your sensitive medical information to others.

Last month, the ABC revealed one such health app (HealthEngine) was selling patient information to law firms, so patients with serious conditions and injuries were contacted repeatedly by strangers pushing them to pursue legal claims. Many didn’t know how their sensitive medical information was revealed.

The ADHA’s website has published a report on the woefully inadequate privacy policies of mental health apps, and yet these apps might be authorised to access your MHR data with your supposed consent.




Read more:
HealthEngine may be in breach of privacy law in sharing patient data


3. An ‘opt-out’ scheme goes against best practice

Critically, the opt-out consent mechanism for MHR flies in the face of global best practice for informed consent – and our own federal privacy regulator’s guidelines on the sort of consent necessary for use of health information.

Consent for use of personal information should be express, fully informed, easy to understand, and should require action on the part of the individual.

MHR disregards all of those principles.

MHR does not seek your express consent. Instead, if you do not take the necessary steps before 15 October, your health records will automatically be copied, stored and shared.

You will also not be fully informed. There will be no national television, radio or print media campaign to advertise the MHR scheme, which many Australians have misunderstood in the past. The government will not even send you a letter to tell you about this scheme, let alone its very serious risks.

By contrast, the OAIC says organisations seeking individual consent to use personal information should generally:

… ensure that an individual is properly and clearly informed about how their personal information will be handled, so they can decide whether to give consent.

and:

… seek express consent from an individual before handling the individual’s sensitive information, given the greater privacy impact this could have.

Even if implied consent were acceptable (and it is not), the OAIC states further that an organisation:

… should not assume that an individual has consented to a collection, use or disclosure that appears to be advantageous to that person. Nor can an entity establish implied consent by asserting that if the individual knew about the benefits of the collection, use or disclosure, they would probably consent to it.




Read more:
App technology can fix the e-health system if done right


The time to opt-out is now

MHR is likely to create very limited benefits for many, if not most, Australians. It creates unacceptable security risks for our most sensitive personal information. And the government’s method of obtaining “consent” goes against international best practice.

If the MHR scheme were properly advertised, fully explained and Australians given a choice whether to opt-in, Australians could make an informed choice about whether the limited benefits justify the substantial risks to their sensitive information.

Those concerned about the security of their health information will need to take steps now to remove themselves from the MHR system.


The ConversationThis article has been updated to reflect that the ADHA report on the privacy policies of health apps focused on mental health apps.

Katharine Kemp, Lecturer, Faculty of Law, UNSW, and Co-Leader, ‘Data as a Source of Market Power’ Research Stream of The Allens Hub for Technology, Law and Innovation, UNSW; Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra, and David Vaile, Teacher of cyberspace law, and leader of the Data Protection and Surveillance stream of the Allens Hub for Technology Law and Innovation, UNSW Faculty of Law, UNSW

This article was originally published on The Conversation. Read the original article.

My Health Record: the case for opting in



File 20180716 27015 175vj3z.jpg?ixlib=rb 1.1

Shutterstock

Jim Gillespie, University of Sydney

The My Health Record opt-out period begins today, and you have until October 15 to decide whether or not to be part of the scheme. You can read the case for opting out of My Health Record here.


The My Health Record (MHR) system promises to make Australia a leader in providing citizens with access to their own health records.

The scheme gives health care professionals access to information on your medications and allergies, immunisation records, summaries of hospital and GP care, investigation reports, and advance care plans.

This information could save lives in emergencies by providing health workers with information about drug allergies, medications, and medical history. Better continuity in the management of this information would help reduce the 27% of clinical incidents in Australian hospitals currently caused by medication (mis)management.




Read more:
Who’s listening? The ethical and legal issues of developing a health app


The system had a rocky start

Launched in 2012 as the Personally Controlled Electronic Health Record (PCEHR), the system was plagued by technical failures and cost overruns. Take-up was low.

After five years, only 20% of consumers had opted in. Even more seriously, there was limited interest from health professionals – particularly GPs and pharmacists who deal with patients most often.

Faced with the low patient take-up and limited training or information, health professionals saw little reason to waste time on an unwieldy system.

This mirrored international experience. Many countries suffered expensive disasters in building e-health systems from the top down. E-health appeared to serve the interests of administrators, not clinicians and patients.

Not surprisingly, patients showed little interest. British critics of a similar expensive failure warned:

We need fewer grand plans and more learning communities.

The Australian experience has run the full gamut from failed top-down “grand plan” to a version that is more responsive to consumers and health professionals.

Linking up the fragmented health system

Large trials in the Nepean-Blue Mountains and North Queensland Primary Health Networks tested a more user-friendly system. In both trials, the opt-out rate was low: less than 2%. The engagement of clinicians also increased.

In the Blue Mountains fewer than 15% of GPs had registered with the PCEHR. By the end of the trial, with extensive education and training, this figure has risen to 70%.




Read more:
App technology can fix the e-health system if done right


MHR offers new possibilities for linking up the fragmented health system, making it easier to navigate. Just as importantly, it can help you to become more informed and engaged with your own health care. And better health literacy is a necessary step in shifting the balance of the system towards patients.

The Consumers’ Health Forum – a supporter of MHR – has stated that patients are:

…more likely to give permission to share their data if they understand how their data will be used and any benefits that will come from its use.

However, active participation in MHR will remain a challenge for many people, especially those who struggle with digital literacy.

Addressing security concerns

Any system that contains health information must be built on trust. Most of the criticisms of MHR rest on fears of inappropriate use or hacking of data.

However, critics have not pointed to any breach of the PCHR in its five years of operation. Rather, examples are often drawn from commercial operations which have succumbed to the temptation to commercialise data – an offence that could lead to prison under MHR.

Uncertainty is inherent in many facets of modern life, such as the use of credit card information for online purchases. Most surveys of popular attitudes towards the use of digital health information has shown a consistent, but nuanced concern.

Concerns identified in the two major trials were mainly focused on individuals’ lack of computer skills. But almost all consumers thought the benefits greatly outweighed any potential privacy risks.

The system will only succeed if concerns about protection of confidentiality are respected. A weak link is the digital skills and awareness of health practitioners, particularly GPs.

A large amount of health data is already out there in Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) data, the Australian Immunisation Register, and the Australian Organ Donor Register. These data are increasingly linked together, with great potential benefits. Data from Medicare, hospital records and other sources can be linked to improve our knowledge of causes of diseases and risk factors, and the best forms of intervention.




Read more:
Why aren’t more people using the My Health Record?


MHR is a step toward empowering patients

Our health system suffers from a deficit of transparency. Patients are locked out of knowledge of how the system works – from the confusion around private health insurance plans to undisclosed out-of-pocket costs for medical procedures.

Rather than protesting about a horse that has long since bolted, we need more scrutiny and improvement of current systems.

MHR is a small step towards empowering patients with greater knowledge about their health. Pressures to present records in terms that are comprehensible to consumers may even take us towards interactive “learning communities” – the basis of a more people-centred health system. Better-informed patients can enable more effective communication and mutual learning from health professionals.

The ConversationIf you choose not to opt out of MHR, a record will be created for you automatically. You can log into the system here to set controls on who has access to your data and set restrictions on the types of data that will be included. You can change your mind at any time and close access to your data.

Jim Gillespie, Deputy Director, Menzies Centre for Health Policy & Associate Professor in Health Policy, University of Sydney

This article was originally published on The Conversation. Read the original article.