MyHealthRecord slammed in privacy uproar

Hang on, sharing records is kind of what it's for

Got Tips? 7 Reg comments

The Australian government has found itself embroiled in a privacy furore, this time for the privacy settings on its MyHealthRecord e-health system.

At issue is the system's default privacy setting, which is that any health professional treating an individual can access their whole health history.

On the upside, that means if you're being treated by multiple specialists for a complex condition, they should all see the same records, without resorting to getting blood test results by fax.

The downside is that people can view data that's arguably beyond their need or specialty – a dentist may not need to know someone is being treated for depression, for example.

The issue arose because the original opt-in model for the health record wasn't working: people showed no enthusiasm to sign up for it. That was replaced by an opt-out model, where a MyHealthRecord is created automatically.

In the old model, a user was given a PIN when signing up for the record. That protected privacy, since health professionals could only access the record with the patient's permission.

That model was abandoned when the opt-out model made MyHealthRecord creation automatic unless the citizen took themselves out of the system.

Speaking to ABC Radio Sydney this morning, Department of Health Secretary Paul Madden said only a tiny number of people have added any access controls to their documents.

That, Madden contended, means most people are comfortable with the level of access health professionals have to their information.

Madden also argued that broad access to information is part of the design of MyHealthRecord: “it helps overcome the fragmentation of health information … to reduce adverse events and duplicate treatments”.

This is of particular importance to people who have complex or chronic conditions, he added.

He also said registered users can't trawl health data at random: “A healthcare provider can't just provide a name: they need a health identifier number for that person, together with other personal information, to get their records.”

He also noted the criminal sanctions that apply to misuse of MyHealthRecord data.

+Comment: The privacy of health data is a knotty problem, indeed.

In the case of chronic conditions, Madden is right: an awful lot of stuff has to pass from hand to hand, and the fax machine is frequently the network-of-last-resort.

However, people are rightly sensitive about health privacy, and at the same time, many people arguably lack either the skills or the time for fine-grained control over their MyHealthRecord.

It would, at least, be reasonable to adjust the defaults in MyHealthRecord – for example, so a new health professional only gets broad access to a patient's information if the patient says so. ®

Sponsored: Webcast: Ransomware has gone nuclear


Keep Reading

Coronavirus artist impression

Australia's contact-tracing app regulation avoids 'woolly' principles in comparable cyber-laws, say lawyers

COVIDSafe application lands for Android, iOS – sans source code

Cloudflare is over the moon because its pro-privacy DNS service got a clean bill of health from everyone's favorite auditor – KPMG

Proved for all sites, proved for all sites, there is nothing else we can do
contact tracing

Apple and Google tweak key bits of contact-tracing privacy plan

As European nations back decentralised plan that leaves data on the device until users call in sick
Someone in a mask using a COVID-19 coronavirus contact-tracing app

Apple, Google begin to spread pro-privacy, batt-friendly coronavirus contact-tracing API for phone apps

Analysis Public health agencies get green light to emit software using joint-developed tech
NHS hosptial photo, by Marbury via Shutterstock

Open letter from digital rights groups to UK health secretary questions big tech's role in NHS COVID-19 data store

Promises of transparency about handling of citizens' health data haven't been fulfilled – campaigners
Tripping over

Australia to refund $720m in ‘debts’ determined by dodgy algorithm

May well have been killer algorithm, too
IBM office - from IBM newsroom

IBM's sacking spree reaches Australia – and as staff wait to exit, they're offered AU$4k to find new workers

Axed employees given chance to write almost-certainly futile letters to defend their jobs after the pink slip arrives
Map of UK with Coronavirus pin stuck in London

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps

Problems aside, no one is sure how useful phone-based tracking will be

Biting the hand that feeds IT © 1998–2020