In case it survives long enough to pass legislation, the Australian government has published proposed amendments that would strengthen the privacy protections surrounding MyHealth Record.
After it was changed from an opt-in model to op-out, the government's e-health system was criticised for too-easy law enforcement access to records, and for proposing retaining citizens' data for 30 years after their death, even if they asked for records to be deleted.
The bill was published here.
As far as deleting records goes, the legislation now proposes that if someone asks for their MyHealth Record to be deleted, the agency is only allowed to retain the citizens' name and healthcare identifier; the name and identifier of the person who asked for the account to be cancelled (since they may be a different person – for example, a parent); and the day cancellation takes effect.
Oz government offers privacy concessions on MyHealth RecordREAD MORE
The other major change is that instead of warrentless disclosure of health information, as the first draft of the bill allowed, the MyHealth Record operator's hands are tied somewhat more tightly.
Under the amendments, records can only be accessed under a judicial order.
It also stipulates the conditions that would apply to the order – properly identifying whose data is sought, specifying the information to be disclosed, authorising the law enforcement agency to obtain the data, and stating the purpose of the order.
Judicial orders allowing MyHealth Record information disclosure would have a maximum lifetime of six months, and the citizen would have to be informed that their information is being disclosed.
Of course, with the government in disarray because of a leadership battle between prime minister Malcolm Turnbull and former minister Peter Dutton, there's every chance the parliament won't last long enough to consider the amendments. ®
Sponsored: Webcast: Simplify data protection on AWS