E health privacy

I love me my internets. Love ’em. Datalove, cyber-hippies, instant-data-transfers, crowdsourced decision-making, OpenGov, making shiny cyber-societies of transhuman wealth and immortality, and all that shit. Share your selfies, encrypt your hearts! Etc, etc, etc.

But every so often in the government’s search for INNOVATION! and CYBER! a shitty proposal rears its head that’s so utterly noxious that I feel the need to wave my wooden spoon around: Bad government! Bad!

As some of you may have noticed, the 2017 federal budget contains a proposal to roll-out e-health to all Australian citizens.

Let me just pop on my mask and robe and take the form of prophetess of digital doom for a moment …

We know the Australian government has one of the worst records of data breaches in the world. So naturally, rather than addressing their incompetencies, the Australian government has decided to roll out an e-health record for every Australian citizen. And it’s opt-out only.

Yes, you heard right. The Australian government plans to create an e-health profile for every Australian citizen and upload sensitive health data for inter-departmental sharing via the internet.

(Side note: My Health Record, the name of the scheme in question, was formerly known as the PCEHR, but it’s been renamed because everyone pretty much hated on the PCEHR, and the government thought they’d better rebrand before attempting to roll it out again.)

Of course, unlike everyone else, the Australian government thinks their e-health framework is a great idea, because if ignorance were bliss, they’d be the happiest bunch of pricks on Earth.

There’s absolutely no way this e-health proposal could go wrong, right? Centralising all sensitive data, placing it in the hands of government … because this government would never share the confidential data of a private citizen who threatens their stance, like, say when Minister for Human Services Alan Tudge released the Centrelink data of Andie Fox last month when she criticised faulty data-matching robo-debts?

[Alan Tudge and DHS think it’s legal to leak private citizens’ details to the press. It isn’t.]

Yes sir-eee, what could go wrong?

I mean, it’s been only a few months since the Department of Health had to yank an open dataset offline after researchers found service provider numbers could be reverse engineered (the dataset contained data from 10% of all Medicare patients between 1984-2014.)

And I remember finding the details of every asylum seeker in detention sitting out on the Department of Immigration’s website only a few years back (yes, I would remember, because the government sent me a letter asking for their data back after they left it online.)

And let’s not forget, someone in the public service accidentally uploaded the private phone numbers of so many politicians not that long ago.

Of course, the Australian government will say they plan to do things securely. Properly. With due diligence. And we all saw how much procedural justice the government afforded Centrelink recipients under its robo-debt data-matching scheme. So much procedural justice people started killing themselves.

And it’s not as if other countries’ experiences suggest they’ve been able to protect the data they’ve collected either. Look at the experiences of Aadhaar cards in India, where millions of people’s details have leaked online, or data sharing under the NHS in the UK, where data has been on-sold to private companies and insurance agencies.

Of course, the Australian government will argue people can simply opt-out of the My Health Record; frankly, this isn’t good enough. The system should only ever be opt-in. Creating e-health profiles for people who may wish to opt-out isn’t acceptable. In the UK, people who opted out of e-health data sharing still had their data shared without consent.

Sure, hackers are a worry. But human error is a far bigger concern. Incompetence is rife in APS digital data sharing. And the government has no problem with outsourcing data storage to third parties in foreign countries, whose employees frankly probably couldn’t give a shit about Australian National Privacy Principles.

So really it’s a matter of time from when e-health records are set up, until a few million health records end up breached and leaked and sold.

And when the data from e-health records are shared with other government departments like Centrelink or the tax office, or leaked or are on-sold? Imagine that data in the hands of a prospective employer? An insurer? A selective entry education program? Your personal nemesis? Your conservative family? An abusive ex-partner?

So you’re clean as a whistle, nothing to hide, right? Who cares if your health data is shared (or on-sold).

But that time your doctor prescribed you a laxative, an SSRI for a depressive episode, an anti-fungal topical cream for candida, recommended a lap-banding specialist, an anti-smoking medication, a referral to a family counsellor — it’ll all be on your e-health record.

And even if your doctor never prescribes you a single med, they might still have put a note on your file:

“Anxiety?”

“Potential alcoholism?”

“Risk-taking behaviour?”

“History of self-harm?”

“Sex worker.”

“Potential child abuse/domestic violence?”

“Check for suicidal ideation at next appointment.”

How much will you self-censor next time you visit the doctor? And how much will that hurt your health and the wellbeing of your family, because you can’t freely discuss what you need to talk about confidentially with your medical practitioner?

The time for nice words about inclusive e-policy-making is over. I’d have loved to be invited to the government’s stake-holder sessions on e-health, and have paid my own airfare and associated costs to visit Canberra.

[AFP admits to data breach involving journalist’s phone records]

And although it would have been interesting to try to see things eye-to-eye with whoever is crafting Australian data-sharing policy  —  I’ve come to the conclusion there’s simply no way for me to shove my own head that far up my arse.

Look, I don’t wanna get all “SKYNET!” on you, but My Health Record is all the bad. It’s the Terminator of OpenGov come to fuck up your life.

This is a government of poor data ethics, hand-waving at risks associated with sloppy data-architecture in a self-congratulatory culture of applause over a mediocre-to-disastrous experience of digital governance. The scheme is a vindictive and retributory exploitation and commodification of citizen data.

The Australian government isn’t a fit and proper data custodian. Tell them to take their hands off your medical files. Opt out of the My Health Record, or better yet, ring your MP and tell them to cancel the nation-wide roll-out of the My Health Record initiative.

Share your selfies, encrypt your hearts — but don’t trust your governments to keep your medical e-files confidential.

*This article was originally published at Medium

Peter Fray

Get your first 12 weeks of Crikey for $12.

Without subscribers, Crikey can’t do what it does. Fortunately, our support base is growing.

Every day, Crikey aims to bring new and challenging insights into politics, business, national affairs, media and society. We lift up the rocks that other news media largely ignore. Without your support, more of those rocks – and the secrets beneath them — will remain lodged in the dirt.

Join today and get your first 12 weeks of Crikey for just $12.

 

Peter Fray
Editor-in-chief of Crikey

JOIN NOW