The federal government has finally realised that there are major problems with its implementation of the My Health Record.
The glaring issue of the decrease in controls on accessing records for non medical purposes by police, security services, and welfare services has been exposed and legislation will now be passed to address this.
The fact that it took so long for the government to accept there was a problem is a very concerning sign of either the lack of understanding or a lack of concern for individuals’ rights, or both.
But this is only one of the problems with My Health Record.
Informed v uninformed consent
The opt out system requires those people who do not want such a record to go online and opt out by October 15. That opt out period may now be extended for a month but that won’t necessarily address concerns.
For a person to opt out requires an awareness that a My Health Record system is in place, that the person is capable of going online or finding the help number and understanding the instructions. If a person is not aware of My Health Record or can’t understand what is required then a record will automatically be created.
The process assumes that all those who aren’t aware of the system or can’t understand it will be comfortable having a record generated. This is a fundamental breach of the privacy of the health professional/patient relationship. It is not informed consent. It is not about citizen engagement.
The opt out option was chosen because after five years of an opt in system the uptake was only about six million. Since its inception the My Health Record required patients or individuals to decide whether they wanted to have a record.
Usually that has been through their general practitioner asking them if they wanted to be a part of the system. It required advice and discussion about the pros and cons.
Because it wasn’t generating enough interest from doctors or patients, the decision was made to change from opt in to opt out. The failure of opt in was a failure of government leadership in advocating to doctors and patients the value of the scheme. The easy way out has been taken.
Changing to opt out removes the responsibility for enrolment in My Health Record from the government and doctors. It is a lazy solution. It indicates that government, of itself and through doctors, have not been able to sell the advantages of the concept to enough of the public.
Instead in their commendable quest to get as many people enrolled as possible they have negated their responsibility for explaining to patients and the public, relying instead on the lack of awareness, of knowledge, and of understanding of the public about what is being foisted upon them.
Secondary use of data
The second major area of concern is the secondary use of the data. The government has a framework to guide this secondary use. It states:
One of the functions of the System Operator under the MHR Act … is ‘to prepare and provide de-identified data for research or public health purposes’. This document also addresses the secondary use of identified MHR data, noting that the System Operator is authorised to collect, use and disclose an individual’s health care information (i.e. identifiable information) with the consent of the individual …
The framework was completed in May 2018. The federal government is only now starting to implement it. We don’t know yet what the rules will be, yet the data will be gathered almost automatically after October 15, 2018.
This is back to front. Rules should be determined first so people can see them, then people can make decisions about their data. Once again, this is not about informed consent.
The concept of My Health Record is excellent. It may save lives.
It certainly has the potential to make our health system more efficient with less duplication of tests, fewer phone calls to find data from different health care providers, less reliance on a patient’s memory of the drugs they are on and the tests and procedures they have had and the different doctors they have seen.
Efficiency gains would save time and money. Patients would benefit to some degree, but the main beneficiaries of the efficiency gains are probably health care providers who don’t have to chase data.
Illegal use of data
The last concern however is that of illegal access to data. No data is safe. We can have world’s best practice security and still get hacked. This risk has to be weighed against the benefits.
The very fact that it is intended to be such a comprehensive data base increases the risk of hacking far above the lack of security of a doctor’s individual record.
The fact that the government has failed to appreciate the problems with legal use of data gives us little confidence that they do have world’s best practice security in place.
The government should opt out
If this illegal use of data was the only concern, patients could then make an informed decision, and be understandably concerned about how competent the government is in minimising that risk.
However, the current implementation process is deeply flawed. It is about uninformed consent. It is an attack on privacy.
The government itself should opt out until it understands the issues. It should revert to the opt in process of enrolment, sort out the rules for secondary use of data and then improve its processes for encouraging people to enrol.
Tim Woodruff is President of the Doctors Reform Society. This article originally appeared on the blog croakey.org. Read the full piece here.