Australians have just one day to opt out of the government’s controversial digital health record system, My Health Record. While the scheme has existed in some form since 2012 a contentious switch to opt out last year has placed My Health Record under considerable scrutiny.
So far, in many respects it has been found wanting. A series of privacy and security concerns have forced the delay of the system which needed several safeguards added, according to a senate inquiry launched after public backlash to the scheme.
The concerns come despite some consensus that a properly implemented and managed digital record system can be a great benefit to healthcare professionals and society in general. While that is the optimal outcome of My Health Record, a risk remains that Health Minster Greg Hunt may be building a white elephant.
Regardless, after January 31, nearly everyone who hasn’t opted out will have a My Health Record automatically created for them.
Hunt rejected the senate inquiry’s recommendation to extend the opt out period by another full year, instead delaying it just over two months to allow legislative changes to strengthen some privacy and security provisions. Any more time would unreasonably delay the benefits of My Health Record, according to Hunt.
But experts have again raised concerns, saying the brief extension is not sufficient and a hasty implementation could threaten the utility of the entire system as confidence in the records is undermined.
“If some of these concerns around security and privacy are not addressed the clinical usefulness of the system may also be compromised in which case you don’t get to realise the benefits anyway,” Dr Robert Merkel, a software lecturer at Monash University, told Which-50.
According to Merkel, My Health Record in its current design has serious shortcomings in terms of privacy and utility. But its security problems are his biggest concern.
“My concern is the sheer number of health professionals granted very, very broad access. The bar to access an individuals record is extremely low.”
Merkel outlined the concerns in detail in a submission to a parlimentary inquiry into My Health Record but subsequent changes did not address this issue and access restriction, or lack thereof remains a problem, he says.
“If a healthcare professional’s account is compromised or a healthcare professional decides to go beyond the bounds of what they should be doing there is very little technically in the system to stop them.”
The potential access is vast as the opt out deadline will likely see millions of Australians’ records added to a central repository.
Around 6.5 million Australians are already in the system, the vast majority joined through voluntary enrolment prior to the opt out switch. Since announcing the opt out switch in May last year around half a million Australians have opted in, accepting in good faith the potential benefits.
But more than double — over one million people — have opted out. The remaining eligible Australians — essentially anyone with a medicare card — will have a digital record created for them following January 31, the final opt out deadline.
The Australian Digital Health Agency, responsible for My Health Record, has changed tact somewhat, now describing the opt out date as a “soft deadline” as records can now permanently be deleted even after the opt out date — a feature missing in the initial implementation.
A spokesperson for the Digital Health Agency told Which-50, “If a person decides to cancel their record, all data within the record will be permanently deleted. No archived copies or backups will be kept.”
But that guarantee is fraught, Merkel says, because the My Health Record system, originally designed as opt in and with a view to retain and protect data, will present challenges for the total and permanent deletion of records.
“Permanently deleting data out of a system that is designed for very good reasons to retain data… is fundamentally a very challenging problem,” Merkel said.
Generally database system like My Health Record are designed to withstand outages, cyber attacks, software bugs and user error, meaning multiple levels of backups are used.
“I’m surprised that the operators have what they believe to be a watertight solution to that in a fairly short space of time.”
Merkel said more changes are needed, including the consideration of a fundamental change to the system, to satisfy his security concerns. But they won’t be made within the next 24 hours. Therefore he recommends people opt out and ensure they fully consider the risks versus benefits of a My Health Record.
“Then when you next see your GP ask them about what the potential benefits might be for them.”
Which-50 put these security concerns to the Digital Health Agency which, in response, insisted only registered healthcare professionals, using secure clinical software and providing a patient with care, can view and upload information to that patient’s My Health Record.
According to the Agency, the system is continually monitored for unauthorised access and accessing a record requires five points of patient identification:
- Medicare number
- First name
- Date of birth
In the final week before the opt out deadline more issues have arisen, which call into question the reliability and liability of the data used by My Health Record.
The latest revelation — GPs seeking legal advice regarding their liability for the use of incorrect or incomplete records — calls into question the industry support My Health Record proponents have long trumpeted.
Wentworth MP Kerryn Phelps, a Sydney GP, former AMA president and long time critic of My Health Record, says she is seeking legal advice on how to manage the data of patients who have not opted out, fearing a “malpractice nightmare”.
Speaking on the ABC’s Radio National Drive program, Phelps also suggested the fundamental advantage of a digital health database — accurate, accessible medical information — is not guaranteed by My Health Record.
Phelps argued, patient input and the discretion of doctors in determining which information to upload undermines the accuracy of online records, potentially impacting the decisions made by other doctors relying on them.
“If there is a mistake that occurs because of an inaccuracy or incomplete record then who takes the responsibility for that?”
Phelps said she has raised the issue with the federal government, the Australian Digital Health Agency and industry groups but none have been able to provide a satisfactory answer.
“We’ve been reassured that this [digital] health record is supposed to be something that saves lives. I can see a lot more potential for mistakes to happen and for those mistakes to have consequences than I can for benefits at this stage.”
Phelps said a 12 month extension of the opt out deadline, like that recommended by Senate Inquiry into My Health Record, is necessary to address the remaining concerns, including legal liability.
Those in favour of the scheme, including Dr Steve Hambleton, Chair, My Health Record Expansion Committee and also a former President of the Australian Medical Association, say the opt-out deadline and the millions or records it will garner will give the system the “critical mass” it needs to be effective.
Also speaking to ABC radio, Hamilton argued many of those who have opted out will opt back in once they see the benefits.
In response to Phelps’ claims that incomplete or inaccurate records will lead to mistakes being made by healthcare professionals, Hambleton said the benefits would outweigh any mistakes, which he conceded were unavoidable.
The system would also give patients “unprecedented access” to their own medical records, including the last two years of medication data. Faster access for doctors will also improve health outcomes.
“The trouble [without My Health Record] is we’re not getting access to the very best information very often,” Hambleton explained.
The system also appears to be suffering from software faults and poor data governance.
Last week The Guardian revealed that government officials were warned of a “significant” software glitch in the My Health Record system. The glitch, which began in 2016 persisted until at least December 2018 according to the report, prevents the uploading of medical information in some instances, leaving records incomplete or out of date.
But the glitch, which arguably adds to Phelps’ concerns over misinformation, was rebuked by the Digital Health Agency. It said the glitch had not compromised patient records and affected only one per cent of document uploads.
The agency insisted, contrary to the official government briefing documents The Guardian used as the basis for its report, that no long standing glitch affecting patient records exists.
The Digital Health Agency released its annual report over the Christmas break, revealing 42 data breaches in the previous year, a significant rise year on year. However, according to the report there had been “no purposeful or malicious attacks compromising the integrity or security of the My Health Record system”.