The Senate Standing Committee on Community Affairs report into the My Health Record system was released last Thursday. It has recommended several substantial changes to the way My Health Record operates that attempt to address security and privacy concerns raised about the system.
Key recommendations were supported by Labor and Greens committee members, but not by Coalition committee members. Health Minister Greg Hunt has also rejected the recommendation to extend the opt-out deadline. There is less than four weeks until the opt-out period ends on November 15.
My Health Record is a centralised digital repository of individual health information. It was originally proposed as an “opt-in” system in 2011. But in a process originally planned to be complete by October 2018, it was switched to “opt-out”, meaning records will be created for all Australians unless they explicitly choose not to have one. This change has generated controversy.
Experts in information technology, high-profile doctors (including the apparent member-elect for Wentworth Kerryn Phelps) and privacy experts have all expressed reservations about the security and privacy protections of the system. Hunt announced several changes to My Health Record in late July in response, including delaying the opt-out date until November 15.
But the Standing Committee has recommended further substantial changes.
Secondary use of data and access by insurers
The Committee takes the view that My Health Record has considerable potential to improve health care if it’s widely adopted by practitioners and recipients, so it doesn’t recommend the abandonment of the system. Nor does it propose switching back to an opt-in system.
Of its 14 recommendations, 11 were supported by the entire committee. These can be summarised as:
- an outright prohibition on the secondary use of My Health Record data for commercial purposes
- requiring explicit consent for secondary use of identifiable data from an individual’s My Health Record, such as for public health research purposes
- prohibiting employers and insurance companies from accessing My Health Record data
- prohibiting access to a deleted My Health Record stored in backups
- extending the ability to suspend a My Health Record for longer periods to protect victims of domestic violence
- better education about the system, particularly for vulnerable users.
Coalition members don’t accept key recommendations
The Labor and Greens members making up a majority on the committee made several further recommendations, which weren’t accepted by the Coalition committee members.
The committee recommended that record access codes should be required as the default. A record access code is roughly akin to a PIN code on your My Health Record, which a health care provider ordinarily requires to gain access. At present, the vast majority of My Health Records do not have a record access code set, as they are only set if you explicitly choose to do so.
This recommendation also proposed tighter restrictions on the ability of practitioners to “break glass” and access a My Health Record in an emergency without a record access code.
Under the current system, parents of children between 14 and 17 years of age have access to My Health Record information about their children. The committee recommended changing the policy to require that parents only have access if explicitly requested by the child.
Finally, the report recommended that the opt-out period be extended by 12 months, so that the issues discussed in the committee’s report can be dealt with.
A good starting point, but more work needed
The committee has done a fair job of synthesising concerns surrounding My Health Record given the complexity of the issues raised, the limited time frame, and the fact that My Health Record has become a partisan political issue.
Many of the recommendations, such as the implications of banning secondary “commercial use” of My Health Record data, are in areas beyond my academic expertise. But some of the recommendations, if adopted, would go some way to addressing several concerns I have about the security and privacy of the system.
The consensus recommendation to prohibit access to backups of a deleted My Health Record is a positive step – if not the absolute assurance that actual complete deletion would offer.
The adoption of record access codes as the default, and restricting “break glass” access, would make My Health Record a considerably harder target for hackers seeking individuals’ health data. These changes would also prevent many potential privacy breaches from insiders with legitimate access to the system, who could use it for purposes other than providing health care.
While there other serious security problems with the My Health Record system, the adoption of these recommendation would be a considerable improvement from a security and privacy standpoint. The change to default use of access code would, however, be contentious. While supporting many of the other recommendations, the professional body of general practitioners, the RACGP, has reiterated its opposition to having access codes be the default.
Opt-out deadline looms
If the minister sticks to his position, the opt-out period for My Health Record will end on November 15, 2018. If you haven’t opted out by then, a record will be created for you.
But it’s worth considering that a federal election is likely to be held by May next year. Labor spokeperson for health, Catherine King, has endorsed the committee’s findings, and repeated a call for the creation of records under “opt-out” to be suspended until amendments have been made. The RACGP, despite their opposition to some recommendations, have also called for the opt-out process to be suspended until amendments are made.
Personally, I opted out some time ago, and am happy to remain out – at least until there is some clarity on what an amended My Health Record will look like. With the lack of political consensus, and the technical complexity of changing such a broadly scoped system, that is still some time away.