Your health, all in one digital location. Photo: NGCM

In the following piece, you will find all relevant historical and current information on the My Health Record system, as well as links to opt-out attached at the bottom.

Pharmaceutical companies will be allowed to apply to access data from the controversial My Health Record system, a Senate committee hearing has been told.

Australians have until January 31st to opt-out of the program before over 17 million digital identities are automatically created for medical access.

BACKGROUND

The My Health Record is a digital health record for Australians where personal health information can be viewed online, from anywhere, at any time – even if you move or travel interstate.

Individuals will be able access their health information from any computer or device that’s connected to the internet, and can allow others to access the record, such as doctors and hospitals.

Initially known as the failed E-Health system, the Abbott government introduced the new program as an ‘opt-in’ system for two years in 2015, causing controversy in the initial phases of the program.

In 2017, the government would announce that 17 million Australians will now have the digital health record created for them on an automatic enrolment basis, with the option to “opt-out” if you do not want one created.

The move is a key element of the Australian government’s GovPass concept, which will transform over the next decade to be a multi-faceted digital identity hub that will link all licenses, health records and related identities an individual may hold to a single database.

Since the announcement was made, there has been increasing debate over the concepts of personal data protection, third party access and safeguards to protect the privacy of Australians.

BIG PHARMA’S ACCESS

According to recent reports, Caroline Edwards, the Deputy Secretary of the Department of Health, told a Senate hearing recently that third-party access arrangements would allow medical and public health researchers access to “de-identified data”.

Currently, the My Health Record ‘Fact Sheet’ states police (although initially allowed), Centrelink and the ATO won’t be able to access records “unless it is required to by a court or similar order.”

Murray Watt, current Labor senator, asked Edwards during recent Committee Senate hearings whether pharmaceutical companies could access data. Edwards said the system could not be used for commercial purposes – but pharmaceutical companies were not precluded from applying.

“If they’re researchers for a private company, they would need to put in a submission explaining what the purpose of their research was … and each application would be assessed on its own merits, but it wouldn’t be able to be used for commercial purposes.

“They’re not precluded as an applicant, so long as it’s for public health research purposes. But that does not mean they get the data … there’s a very rigorous process.”

Tim Kelsey, the Chief Executive Officer of the Digital Health Agency, told the Senate Standing Committee on Community Affairs that research shows 59% of people were aware the system would create a record if they did not opt out.

Kelsey accepted the suggestion of the Greens leader, Richard Di Natale, that the figure meant 41% of people “aren’t aware they’re having a record created for them”.

The My Health Record system will automatically create a record for everyone who does not actively opt-out by 21 January.

Kelsey said about 900,000 people had opted out so far. That figure did not include paper applications. In addition, 136,000 people had requested to receive a notification whenever their record was accessed.

The expansion of the record database is “designed to improve health outcomes”, but privacy and cybersecurity concerns have led to calls for people to avoid the system.

TRACK RECORD

The hearing was told safeguards are currently in place to ensure the protection of sensitive private information, including the ability for people to generate a security code, which could apply to their entire file or to specific entries, to allow patients to choose who had access to their data.

Despite this, many remain concerned over loopholes that could be used for access under the guise of ‘medicine’, which privacy groups say are justified after an increasing list of similar data breaches over the last decade – from the Census privacy breach and eventual system crash, to Medicare numbers stolen and sold on the dark web.

The Australian government is also currently, on a per capita basis, more than 18 times likely to intercept your data than the United States, and accessed data records an astonishing 250,000 times in 2012 without even recording why and when these intercepts had taken place.

There are also concerns over similar systems currently operating in countries such as Singapore that resemble a similar structure that have experienced significant data breaches since being introduced.

In July this year, hackers stole personal information of over 1.5 million SingHealth patients, including Prime Minister Lee Hsien Loong and other ministers. The SingHealth program was a similar concept to the My Health Record and was breached without the correct safeguards in place for protection.

National multi-use identity schemes have a poor track record in Australia and critics have argued the government needs a fresh approach that places the citizen at the centre of the system.

Edwards said legislation to address privacy concerns would restrict third parties, such as law enforcement agencies, from accessing records without a court order.

“My Health Record can only be accessed for the purpose of providing healthcare,” she said.