Ruth Armstrong writes:
After years of relative obscurity and sluggish engagement, Australia’s attempt at transitioning the population to the use of individual digital health records via My Health Record was all anyone could talk about yesterday.
#MyHealthRecord trended all day on Twitter and was still sitting at number two this morning – for all the wrong reasons, from the point of view of the Australian Digital Health Agency and My Health Record advocates.
The source of the controversy was the decision, flagged in last year’s federal budget, to transition My Health Record into an opt-out, rather than an opt-in system.
Australians have until October 15 2018 to go through the process of opting out if they do not want a My Health Record created for themselves or dependent children, and yesterday was day one of the opt-out period.
The day did not go smoothly, with much of the commentary on Twitter citing privacy and security concerns about the legal use, and possible misuse of health data.
It was reported that the My Health Record online opt-out process and associated call centre became overwhelmed by the volume of traffic.
As several prominent commentators went public with their concerns in the Fairfax press, Health Minister Greg Hunt was forced to defend the way the government would use consumers’ health data, including that it would not be shared with Centrelink.
Over at the Conversation, IT legal experts published the case for opting out of My Health Record in the morning, and health policy expert Jim Gillespie published the case for opting in in the afternoon.
Hunt, and senior figures from the Australian Digital Health Agency worked hard all day to steer the message back to the benefits of participation, including in a lengthy interview on the ABC radio Drive program with Dr Steve Hambleton, deputy chair of the My Health Record expansion program.
Hambleton sought to allay public concerns, and to point out the positive experiences with the initiative for the six million users currently participating.
Some of the strongest supporters of high participation in My Health Record are those working in the rural health and Indigenous health sectors – with good reason.
The National Rural Health Alliance (NRHA) has released a statement urging rural Australians not to opt out, and both Mark Diamond, from NRHA, and John Paterson from Aboriginal Medical Services Alliance of the NT (AMSANT) spoke passionately in an interview on Radio National this morning about the benefits for patients of accurate records that can be accessed wherever they are.
A communique published in this morning’s NACCHO News Alerts provides a useful round up of the strength of support for My Health Record and the decision to move to an opt-out model, citing the Australian Medical Association, Consumers Health Forum, the Royal Australian College of General Practitioners, the Pharmaceutical Society of Australia, the Pharmacy Guild, and the Australian Healthcare and Hospitals Association amongst others.
A recent post at Croakey in which CEO of the Consumers Health Forum of Australia, Leanne Wells, examines at the pros, cons, risks and challenges of My Health Record is a good place to start for some nuanced thinking about this issue.
CHF yesterday expressed their support for the advantages of a modernised digital records system with high consumer and practitioner participation, but Wells’ Croakey post included a warning which has special prescience given yesterday’s rocky start to the opt-out period. She writes:
“It is also important for the Federal Government be acutely mindful of how fickle community trust and confidence in a system such as My Health Record can be: trust can be slow to build, but quick to erode. Communication about benefits and the assurance about safeguards have to go beyond what is required or even expected to ensure trust is not maintained, but built, as various consumer sentiment barometers tell us that trust in institutions generally is at a low ebb.”
Yesterday’s day from hell for My Health Record shows that there is a long way to go to build the trust that is needed to realise the long-held dream of secure, readily accessible, accurate, appropriately-used and empowering health records for Australians.
An additional tip for reading on this issue that will give you an idea of the complexity faced by some patients in making the decision whether to participate in My Health Record (as well as information that is relevant to everyone) comes from Scarlett Alliance, the Australian Sex workers Association.
They have produced an information sheet which goes a long way to explaining how My Health Record works and how both those who do and who don’t participate can take steps to improve their health information privacy.
As the controversy swirled on Twitter yesterday, Croakey asked Dr Trent Yarwood, an infectious diseases physician and a member of digital advocacy group Future Wise, to pen some words on his disquiet about My Health Record for our readers.
Yarwood is one of few commentators who bring both a medical and an IT perspective to the debate, and many doctors will relate to his concerns about how medical information, provided for patient care, could be used in other contexts.
Trent Yarwood writes:
Why would a doctor not be in favour of My Health Record?
The opt-out period prior to creation of My Health Records for all Australians began Monday, 16th July.
In news that surprised nobody who follows news of Australian Government IT projects (not limited to ATO failures at tax-time and the 2016 online #censusfail), both the website and the phone number for people to opt-out buckled under the strain.
Correcting My Health Record Misconceptions
#MyHealthRecord isn’t a comprehensive medical record, and nor is it a replacement for your GP’s records, or your hospital file. Both of these will still exist.
But My Health Record will hopefully make it easier to bridge the gap between the two; your healthcare providers will be able to upload summary information that can then be accessed by other providers.
It will also, by default, include your MBS item history (ie: your medicare-rebated health services – eg on 16th July, you saw GP with provider number 1234567X for a standard consultation) and your PBS dispensing history (on 16th July, you were dispensed some amoxicillin), as well as your pathology and other investigation results.
At the hospital end, your discharge summary and clinic letters can also be uploaded to make it easier for your GP to access them – with hospital/primary care communication a frequent complaint on both sides.
Improving communication between healthcare providers can only be a good thing, as can doing away with the archaic medical custom of transmitting information via fax machine
For patients with complex care needs, and multiple treating clinicians, it’s easy to see benefits from this sort of shared summary.
However, many of the purported benefits of the My Health Record seem – to my mind, at least – to be over-egged. “It will provide critical information if you’re unable to provide a history in the event of an emergency” is usually the first.
Patients presenting unable to give any history are not that common in hospitals; those presenting without significant others and zero capacity are rarer still. In many cases, if someone is completely unconscious, they may well be an Unknown Patient, and it’s a bit hard to look up a shared record for someone you can’t identify.
The second-most common benefit I hear is “it will reduce you needing to repeat your history multiple times”, which is by far the least true of them all.
No doctor worth their stethoscope would omit taking a history themselves just because it’s written down. It may guide your questioning, but confirming for yourself is always a good idea – clinically, and medicolegally.
In any event, different staff may emphasise different parts of the history, which often necessitates another go round. And as any junior doctor can attest, the history often changes on the retelling.
So if the benefits seem to be less than advertised, how does this affect the risk-benefit analysis?
The first – and to my mind most important element – of risk with My Health Record is that the risks themselves are very poorly understood.
The Australian Digital Health Agency note in their digital health strategy that Australians place a high value on the privacy of their health information; “safe” and “secure” are two-thirds of their catchy tagline.
However, the primary reason for the existence of shared health records – sharing health information – by design increases the risk. Improving access to your health data increases the potential for malicious access, as well as beneficial.
The biggest threat to health privacy is not the hoodied “hacker” so loved in media IT stories, but improper access by an authorised user – such as the sale of Medicare numbers reported by the Guardian – or improper access by authorised users, for example healthcare staff “snooping” on high-profile patients, or spouses digging for dirt as part of an unpleasant separation or divorce.
Logged access, and sanctions for improper access, do not prevent you losing your privacy, but act as a deterrent; which doesn’t help you when your private medical history is known to another; confidentiality is a one-way door.
It is certainly true that paper charts don’t have an access log; but it is equally true that you don’t have to have a patient’s history in your hand to digitally access it improperly.
Healthcare workers – primarily GPs – are being made the gatekeepers to My Health Record; to discuss with patients the benefits and risks of uploading data to myHealthRecord. But just as we would ideally like our consent for surgery taken by someone familiar with the risks, should we be asking our doctors how familiar they are with cybersecurity?
Healthcare workers are not known for their high degree of technical knowledge; the response from doctors to the recent HealthEngine controversy, in which patient information was shared with lawyers and others (apparently within the terms of service) suggests that there was little understanding of the privacy impact of the popular appointment booking service.
Does your GP have their password on a sticky-note on their monitor? And what about the rest of the practice software in your doctor’s surgery?
If the My Health Record data are downloaded to the practice computers, then the security measures on the primary record become irrelevant, and your privacy depends on how well your healthcare providers maintain their computers.
Dilemmas for clinicians
My greatest concern as a clinician is that the My Health Records Act includes the authority for Digital Health Australia to disclose information for law enforcement purposes, including: (My Health Records Act s70(1))
(a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
(b) the enforcement of laws relating to the confiscation of the proceeds of crime;
(c) the protection of the public revenue;
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
These broad criteria allow a wide range of bodies access to My Health Record data, without there necessarily being a requirement for a warrant – and unlike the primary records held by your healthcare staff, ADHA does not need to notify clinicians (or patients) that their records have been accessed.
If as a healthcare worker you are seeing a patient involved in illicit activity (for example, injecting drug use) will you upload a summary in the name of improving their shared healthcare? Or will you respect the secrets confided in you?
I know which I’ll be doing, and I don’t think a system which forces that sort of choice onto clinicians is one that has much to recommend it.
Trent Yarwood is an infectious diseases physician, and a member of digital advocacy group Future Wise. Future Wise focus on technology, health and education, with an emphasis on digital privacy. Read more on their website: https://futurewise.org.au (including multiple posts on Secondary use of myHealthRecord data). These opinions are in his personal capacity, and don’t represent the views of his employers. On Twitter @trentyarwood
This article first appeared in Croakey