The Australian government has found itself embroiled in a privacy furore, this time for the privacy settings on its MyHealthRecord e-health system.
At issue is the system's default privacy setting, which is that any health professional treating an individual can access their whole health history.
On the upside, that means if you're being treated by multiple specialists for a complex condition, they should all see the same records, without resorting to getting blood test results by fax.
The downside is that people can view data that's arguably beyond their need or specialty – a dentist may not need to know someone is being treated for depression, for example.
The issue arose because the original opt-in model for the health record wasn't working: people showed no enthusiasm to sign up for it. That was replaced by an opt-out model, where a MyHealthRecord is created automatically.
In the old model, a user was given a PIN when signing up for the record. That protected privacy, since health professionals could only access the record with the patient's permission.
That model was abandoned when the opt-out model made MyHealthRecord creation automatic unless the citizen took themselves out of the system.
Speaking to ABC Radio Sydney this morning, Department of Health Secretary Paul Madden said only a tiny number of people have added any access controls to their documents.
That, Madden contended, means most people are comfortable with the level of access health professionals have to their information.
Madden also argued that broad access to information is part of the design of MyHealthRecord: “it helps overcome the fragmentation of health information … to reduce adverse events and duplicate treatments”.
This is of particular importance to people who have complex or chronic conditions, he added.
He also said registered users can't trawl health data at random: “A healthcare provider can't just provide a name: they need a health identifier number for that person, together with other personal information, to get their records.”
He also noted the criminal sanctions that apply to misuse of MyHealthRecord data.
+Comment: The privacy of health data is a knotty problem, indeed.
In the case of chronic conditions, Madden is right: an awful lot of stuff has to pass from hand to hand, and the fax machine is frequently the network-of-last-resort.
However, people are rightly sensitive about health privacy, and at the same time, many people arguably lack either the skills or the time for fine-grained control over their MyHealthRecord.
It would, at least, be reasonable to adjust the defaults in MyHealthRecord – for example, so a new health professional only gets broad access to a patient's information if the patient says so. ®