My Health Record

Status
Not open for further replies.
Mattg said:
I'm really in two minds about this. On one hand, I move around quite a lot and can see the benefit of having all my info in one place for any Australian GP/hospital I visit to be able to access.

I'm seriously concerned that, at some point in the future, insurance companies will use the data to increase premiums for some people and/or deny claims. I also think it's very poor that you can only opt-out for a limited time.
Click to expand...
Yes, I’d agree with your last paragraph. You should be able to opt out at any time. Also curious about whether children now can opt out when they reach the age that they can make such a decision.
 
A similar system was tried in the UK and abandoned because of privacy concerns.

The same person who set up the UK system has set up the Australian system.

My Health Record privacy framework 'identical' to failed UK scheme, expert says
Australia’s impending My Health Record system has a privacy framework that is identical to a failed system in England that was cancelled after it was found to be selling patient data to drug and insurance companies, a British privacy expert has said.

My Health Record is a digital medical record that stores medical data and shares it between medical providers. In the UK, a similar system called care.data was announced in 2014, but cancelled in 2016 after an investigation found that drug and insurance companies were able to buy information on patients’ mental health conditions, diseases and smoking habits.

The man in charge of implementing My Health Record in Australia, Tim Kelsey, was also in charge of setting up care.data.
Click to expand...
 
When I started this thread, I thought it would wander along the theme of portable health records, but the 'privacy' thing is understandable.

We have lots of knowledgeable IT folk saying how they know how these things work and they are opting out because do data is safe. I'm an IT mug and 'knowing' that the data isn't safe and may be breached is my starting point! :) So then I weigh the risk of data beach against the benefits to me of the system (a frequent traveller away from my GP area and with a few medial issues as I get 'on') AND I assess if my data is hacked, would it actually matter to me? For me, I come out on participating but I know for others the equation is different.

But I think you need to actually do the risk/benefit analysis rather than just say 'data isn't safe - I'm out'.

I wonder how many who are opting out of MHR have also 'opted out' of electronic banking / on-line commerce and electronic everything else? I know health is more important than money, but if you are worried about the consequences of a data hack of MHR, then you should be a million miles from any card with a magnetic stripe or even have your money in any financial institution. I know (or at least suspect) those risks, and I'm on board with those things too.
 
RooFlyer said:
We have lots of knowledgeable IT folk saying how they know how these things work and they are opting out because do data is safe. I'm an IT mug and 'knowing' that the data isn't safe and may be breached is my starting point! :) So then I weigh the risk of data beach against the benefits to me of the system (a frequent traveller away from my GP area and with a few medial issues as I get 'on') AND I assess if my data is hacked, would it actually matter to me? For me, I come out on participating but I know for others the equation is different.

But I think you need to actually do the risk/benefit analysis rather than just say 'data isn't safe - I'm out'.
Click to expand...

You aren't necessarily understanding what everyone is saying. Being hacked is just one issue. Privacy is another. I think the worst part of all this is how the data will get used and by whom (because you can bet anything that it won't just be your GP and emergency department using it). Like all these things, they start off well-intentioned and there is obvious benefit to it, but the system will be corrupted and used against the individuals it was set up benefit. Insurance companies will hike premiums for those with conditions (that is if you can find an insurer willing to insure your condition, kind of like how you struggle to get travel insurance once you reach a certain age). I can also envisage insurance companies refusing to insure you because you don't have a MHR (you have to be hiding something therefore we're not insuring you). Anyone seen 'Gattaca'? The premise being around your genetic makeup and the discrimination encountered, with even prospective partners sneaking your genetic material to test whether you're good enough to date.

Its my understanding that once you are in the system (October 12 if you don't opt out), that's it, you can never opt out. Children will never be given the choice upon adulthood. Children born post D-Day will not even have the option of their parents opting them out.

If I could opt out of using other electronic facilities I would, but you can't get paid unless you have a bank account. You can't hire a car or even get a hotel room without a credit card these days. You can't get health insurance or a job without a MHR (oops, that's the future). Rest assured, I don't use facebook or twitter or instagram. Where i'm not forced to use an electronic system, I opt out or use an alias.
 
I see no tangible threat; commercial and government profiling has been a reality for a long time.
Higher risk clients pay more ; higher risk clients who cannot pay more are protected; and thats the way it should be.
I see little personal value in a quasi public medical record but will not resile from the Orwellian inevitability.
 
An interesting discussion here. I was initially inclined not to opt out because the potential medical benefits and effeciencies outweighed the potential dangers of medical records being stored electronically. After all - what are the possible economic benefits to some hacker knowing that I had a cold in 2014? Or some physio for a bad knee in 2013?

I was thinking that except for medical and travel insurance purposes and pharmaceutical companies, there was no other tangible motivator for the bad guys to hack everyones medical records, except to sell to aforementioned. I naively thought that any insurer or pharma company stupid enough to purchase or use this stolen data would find themselves the targets of such extreme regulation and endless lawsuits that they wouldn't be game to try this on, but it seems that the UK trial of a similar system exposed all the potential flaws and malfeasance behaviour that is possible. Other forms of scamming/social conditioning/phishing usually have a simple goal of direct monetary or identity theft or the criminal element who may be seeking data to construct false identities, but in the case of MHR its really only employers, insurance companies and pharma companies or agents acting on their behalf who stand to benefit from this data. The issue of employers is one of the least discussed parts of this issue and it would be interesting to hear from people in the HR recruitment area about the ins and outs of this. The last issue is of unforseen "mission creep" in any public sector database which some others have already touched on.

From an IT/database point of view it would be a challenge to build a database that is so "locked down" that only medical professionals could access it, perhaps some sort of authentication window fingerprint scan or password with a set period of read access could be possible but that still would be useless for remote health consultation or unconscious patients.

Interesting that some in the IT and Medical fraternity here are choosing to opt out, I think the decision will be personal for each case, but the possibility that deidentified secondary data could be matched with other big data online makes me inclined to believe that maybe the secondary data won't be anonymous forever, and will surely become monetized if there are strong economic motivators to match and use this data.

That link had the following crucial information"

Australians can elect for information not to be used for secondary purposes, and the website says that patient data “cannot be used solely for commercial and non-health-related purposes”.

But Booth said the same protections existed in Britain and did not work.

“We had the same promise, exactly the same promise,” he said. “Not used for solely commercial purposes. It’s bullshit.

“If you have a commercial company that also works for Australian healthcare services, they then avoid the purely linguistic safeguard of ‘solely commercial’. That has been used by information intermediaries over here, and they then service pharmaceutical companies. It’s just smoke and mirrors.

“They will say it hasn’t happened yet and make all sorts of promises, but you have to parse it knowing that they want to use these loopholes.”

In Britain, all patient data that was shared with companies was anonymised, but critics argued that companies could identify individuals by matching the anonymised data with other patient data.

“You may be able to identify people if you had a lot of data ... But I think it is a small, theoretical risk,” an administrator of care.data told the Guardian at the time.

The Digital Health Agency spokesperson said this could not happen.

In Australia, the government has so far released only a framework on how secondary data can be used under the system. A full implementation plan will be developed in the second half of this year.


So with the last point (my bold) being the case, if the government can't tell me the rules about how secondary data will be used then its my call that they won't get my primary data until they can be upfront about how the secondary data is or isn't used. I might suggest our teenage kinds "opt out" until they move out of home or are old enough to make their own decisions about their privacy.

.
 
Last edited:
Have opted out, there will be creep in the scope of who 'needs' to see your records for sure. Starts off all good then in a few years we have an outbreak of something and insurance companies want to help their customers by having access......

As mentioned already, one insurer already thinks they should have access and the Health Minister Greg Hunt has agreed to talk to them about it.

Health insurers hopeful of My Health Record data access

We are heading towards the US system where private health cover will be costing $1000 per month which suits the insurers I'm sure.
 
2infinity said:
You aren't necessarily understanding what everyone is saying. Being hacked is just one issue. Privacy is another. I think the worst part of all this is how the data will get used and by whom (because you can bet anything that it won't just be your GP and emergency department using it). Like all these things, they start off well-intentioned and there is obvious benefit to it, but the system will be corrupted and used against the individuals it was set up benefit. Insurance companies will hike premiums for those with conditions (that is if you can find an insurer willing to insure your condition, kind of like how you struggle to get travel insurance once you reach a certain age). <snip>
Click to expand...

Actually, many here are just saying about data not being secure. To me that's their business, but not a final argument against MHR.

But anyway, I get all that - the 'privacy' thing. Believe me, I'm big on that - I have posted on various threads here how I've pursued companies to delete (not make it 'inactive' - hello, Foxtel, any bank … ) my personal info when I've closed accounts with them. I don't do Facebook or twitter because I don't want my personal info, pics etc on a commercial organisation's site which is explicitly designed for 'sharing'.

And I'm cynical like you as to how things will evolve over time. I'm possibly longer in the tooth than thee, so I've seen it all roll out :).

So I chatted to my GP on how the thing works and the pros and cons for my personal health and well being and I made the choice to put the data up (and like my OP, I was surprised that I had to elect, at his screen what data actually went up, and approve it going up).

Assess the risks, upside and downside. But don't go over-board on the Orwellian stuff - if that's applied to everything, you'll end up in a foetal position in your bed.
 
Last edited:
Pushka said:
Yes, I’d agree with your last paragraph. You should be able to opt out at any time. Also curious about whether children now can opt out when they reach the age that they can make such a decision.
Click to expand...
You can opt out in terms of not allowing anyone access to your data (except the government itself ) at any time, they just wont be deleting that data. Struggling with their logic in then not deleting this data, what possible value does it have if noone can access it, I guess one reason may be that you also change your mind yet again to opt in once more.
 
RooFlyer said:
I wonder how many who are opting out of MHR have also 'opted out' of electronic banking / on-line commerce and electronic everything else? I know health is more important than money, but if you are worried about the consequences of a data hack of MHR, then you should be a million miles from any card with a magnetic stripe or even have your money in any financial institution. I know (or at least suspect) those risks, and I'm on board with those things too.
Click to expand...
I think this logic is a bit simplistic, for a number of reasons.

Firstly there is the issue of trust, and despite all our mumblings over banks the data is clear, we trust banks much more with our data than the banks.

Secondly there is the amount of data held, individual banks actually dont have that much data on us. I have my assest in many places not just with one bank. The big argument here is about the centralisation of that data. Actually banks are currently involved in some analysis of digital ID, particularly around open banking. One of the first things they agreed was that centralising the data was just an invitation to hack it.

FinallyI have a number of options to reduce my exposure to risk with a bank, I can put limits in place, I can get alerts, I can and do limit how much is in an individual acount, I have secondary systems in place to ensure two factor authentication of transaction, I can limit overseas transactions.
 
burmans said:
I think this logic is a bit simplistic, for a number of reasons.

Firstly there is the issue of trust, and despite all our mumblings over banks the data is clear, we trust banks much more with our data than the banks.

Secondly there is the amount of data held, individual banks actually dont have that much data on us. I have my assest in many places not just with one bank. The big argument here is about the centralisation of that data. Actually banks are currently involved in some analysis of digital ID, particularly around open banking. One of the first things they agreed was that centralising the data was just an invitation to hack it.

FinallyI have a number of options to reduce my exposure to risk with a bank, I can put limits in place, I can get alerts, I can and do limit how much is in an individual acount, I have secondary systems in place to ensure two factor authentication of transaction, I can limit overseas transactions.
Click to expand...

Sure. The banks and all financial institutions are linked to … the ATO. Government. The same government that is introducing MHR. Yes, its not a 'central database' like MHR, and hackers can't steal your/the bank's money from the ATO (enough of that happens there already :D) but if you are looking somewhere to hack for personal information, I know where I'd go.

Oh, and I didn't get the full story, but I think chemists and maybe pathologists have been reporting into a central database for years - with ones Medicare number neatly tying it all together. My list of prescriptions over time would give anyone a pretty good idea about my medical conditions. For all the opt-outers, the boat may have already sailed :eek:.
 
The MyHealthRecord has been live for a lot longer than a couple of years - more like over 5 years.
There is a whole lot of misinformation about what is contained in it, who has access and what can be done.
To access the information, providers need to be accredited, and need secure PKI credentials. EVERY access to any record is logged - and you as the record owner can see the list of who has accessed your record and when. You can even set up alerts to have the system SMS you whenever your record is accessed. Medicare numbers are not the basis of the records, they are linked to IHIs (Individual Healthcare Identifiers).

As the record owner, you can decide whether your information can be viewed by any medical practitioner, or only by those that you grant an access code to (which you set). You can revoke the access to any organisation that has accessed your record, and they won't be able to access again.

There are emergency "break glass" access mechanisms, but they are logged as well.

If you don't want information uploaded by an organisation (GP, hospital), you only have to tell them not to upload, and they are then obliged not to do so.

There is no way insurance companies will be granted access, and even if they did, you would find out about it.

The data that comprises the system is "documents" (to be technical HL7 CDA XML documents), which are digitally signed by the author (the uploader), using PKI certificates. Any hacker (unless they have the access to the encryption credentials, or have broken PKI 2048 bit keys), can't alter the data, as that will invalidate the signature.

All of this is governed by Federal Legislation.

I have a MyHealthRecord - one of the first 10 ever created, as I am an IT professional that worked on much of the design and implantation of the system. (and I am not currently working in the Health sector, so don't have absolute current information, although the current opt-out was being planned when I was last peripherally involved).

There are substantial public health benefits, as well as benefits for individuals, but the actual amount of use / trust of information in the system is likely to be less than most people will expect, as unless the data is very current (and then it is likely to be shared directly between clinicians, not using MyHealthRecord), it is only background information (history) and not necessarily immediately relevant for use. Even information such as current prescriptions doesn't tell any treating clinician if the patient is actually taking what was prescribed.

Nothing is totally secure, but I would put money on the data being far more secure in the MyHealthRecord than it is in your local GPs files (electronic or otherwise). I suspect the suspicion and opting out of many health professionals is based on their knowledge of the quality of the records and information they see.
 
equus said:
Nothing is totally secure, but I would put money on the data being far more secure in the MyHealthRecord than it is in your local GPs files (electronic or otherwise). I suspect the suspicion and opting out of many health professionals is based on their knowledge of the quality of the records and information they see.
Click to expand...
That indeed is my concern.Having done my time BC-before computers-we were taught the importance of good history taking and physical examination.now there is a tendency to see what is on the computer,believe it and proceed from there.It is not rare that in talking to the patient I find a lot on the record is wrong or misleading.
There is no doubt in my mind that patients prefer a doctor talking to them rather than tap away at their computer.
I am taking my time to decide but I probably will opt out.
 
I think people overestimate the amount of time doctors working in critical care will spend looking up this stuff. During an active resuscitation, I assure you, nothing on your MHR will be of use. You will be treated on whatever is happening right now, it won't matter what your vitamin D was with your GP a year ago.

Also if you are critically ill, yes you will get all your tests again! You need CURRENT information to treat effectively. Your platelets a month ago don't matter if you are bleeding now. Your rivaroxiban level last week doesn't matter. Your haemoglobin an hour ago doesn't matter. You WILL get a basic panel of tests looking for reversible causes, and that will show up a great number of things.

Once you are stable then yes, we will start looking for other history to assist in your management. But there are several ways to get this history. I found many patients keep a list of their medications and relevant history, folded up in their wallet. I still like this method!

I don't see this stopping very many pathology tests to be honest. A lot of values aren't really comparible between laboratories, so it will need to be done again anyway if you move to somewhere that uses a different system (with notable exclusions - INR for example, or genetic tests that are just "detected" or "not detected" which don't change over time).

There is simply not enough time in medicine to spend looking up things in these coughbersome systems.
 
Government says ‘trust us’. In itself that’s a reason to run away.
 
drron said:
A little more study has convinced me to opt out.There is no security.The records don't have to be hacked as amendments to the Act give police,security agencies and the ATO the ability to get warrantless access to these records.
An article by Kerryn Phelps-
As a doctor, here’s why My Health Record worries me
Click to expand...

I never thought I'd see "Kerryn Phelps" and "drron" within a mile of each other, in any context :)
 
Interesting to hear on AM this morning.

6 million MHRs in existence, system running for 6 years.

I look forward to seeing my own MHR posted up on the internet if all this paranoia about 'security' is true. Enjoy.
 
Exclusive offer: Citi Prestige Credit Card
EXCLUSIVE OFFER - Offer expires: 20 Jan 2025

- Earn up to 200,000 bonus Velocity Points*
- Enjoy unlimited complimentary access to Priority Pass lounges worldwide
- Earn up to 3 Citi reward Points per dollar uncapped

*Terms And Conditions Apply

AFF Supporters can remove this and all advertisements

Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 206 (members: 4, guests: 202)
Back
Top