This is perhaps one of the most interesting articles I’ve ever conducted research for, due to the constantly evolving nature of not knowing what information the media will release each day, and by the twists and turns in official narratives!
Hopefully by now, most of you have at least heard of the ‘MyHealthRecord’ saga, which is finally getting the much needed attention it deserves.
I mean, one of the most private things we own, our personal medical records, has to be worthy of public debate right?
The key messages communicated through this article:
- What is MyHealthRecord?
- Should we be concerned about our privacy?
- Why is the same individual who failed to implement the exact same system in the UK, now in charge of doing so in Australia?
- What lessons can we learn from previous failed attempts?
- Can we trust Health Insurers and ‘others’ with our data?
- Do you have enough information to make an informed decision?
What is MyHealthRecord?
The Australian Government has announced its plan to digitise all health records, allowing for the centralised storage and access of your medical history to health care professionals and ‘other providers’. The initiative is designed to provide safer, faster and more efficient access to your health information in an emergency, which has the support of Australia’s peak health bodies, including the Australian Medical Association, the Royal Australian College of GPs and the Pharmacy Guild of Australia. There’s many obvious benefits such as reducing unnecessary tests, medication history, avoiding medical errors and assisting in emergency situations.
What’s fascinating, is the Government has gone with an ‘all or nothing’ approach, meaning on the 13 November 2018, all Australia’s will automatically be ‘opted in’ to the service and have a digital health record created.
All Australians currently have a three month window, until 15 October to OPT OUT!
Whilst the government touts “multi-layered and strong safeguards are in place to protect your information privacy”; the sheer irony of the MyHealthRecord website crashing last Monday 16 July, when ‘opt out’ period began, highlights the current level of confidence and trust Australian citizens have towards their own government! Some 20,000 Australians opted out on Monday morning causing the system to crash!
Several high profile politicians have commented;
- Federal Liberal Politician, Tim Wilson; “My instinctive position should always be, as a liberal, that systems should be opt-in”. (Listen to the podcast I did with Tim Wilson here)
- Former Queensland Premier Campbell Newman; “The idea that public servants and other departments and statutory bodies should be able to get into your information is completely unacceptable, it is just not on”
- Labor frontbencher Ed Husic;“If at the end of the three months the government hasn’t been able to convince people that this is something that is worth staying in, I’ll certainly opt out at the end of that if we don’t see evidence that they’ve improved it,”
- Human Rights Commissioner, Edward Santow; “I think we can do better. We definitely are saying that there are problems with My Health Record”
MyHealthRecord is watching you!
The biggest concern echoed by most people is the lack of trust in the government’s ability to securely protect your private information.
Even before official launch, it’s been discovered several companies (Telstra, HealthEngine, Tyde and Healthi) already have backdoor access to MyHealthRecord, through third party app integration. It’s believed these companies can view ‘medicare records, test results, scans and prescriptions, for their app users to view on mobile phones’.
Bernard Robertson-Dunn, from the Australian Privacy Foundation, described it as an “uncontrolled, uncurated, data dump”. He said sensitive information could be shared with irrelevant people. “Better sharing of health data among health professional is a good thing – as long as it is done in a controlled manner,” he said. “But if somebody has mental health issues, you don’t want that shared with a dentist or someone who looks at your feet”.
Ralph Holz, an expert in cybersecurity from the University of Sydney, said “We always see a problem when we keep data in one place, especially if it is data that is a complete profile. There is a saying in computer science: once the data is out, it’s out. You can never get it back. The danger in building such systems is that it’s enough if they fail once.”
Who currently has access under ‘My Health Records Act 2012’?
- 12,920 Health Care Organisations (900,000+ individual health workers) with registered access
- Police (without a warrant)
- Courts (and consequently the Australian Tax Office and other government bodies)
- Any ‘prescribed entity’ – how’s that for convoluted legal jargon!
- Any entity for the purposes of upholding the law or protecting public revenue
- Third party ‘contractors’ and ‘participants’ (certain third party apps already have access)
Here’s a quick snapshot of a few recent blunders in privacy breaches:
- In 2016, the Australian Bureau of Statistics’ National Census was hacked, with main website being shut down for over 40 hours
- In 2014, Australian Immigration Department accidentally released the personal details of 31 world leaders attending the G20 summit and failed to communicate the breach with these individuals. Interesting to note, even world leaders weren’t informed of data breaches!
- Australian Medicare data is already being sold illegally on the ‘dark-net’ due to hackers exploiting vulnerabilities in government systems
- Earlier this month (July 2018), SingHealth, Singapore’s largest group of healthcare institutions, were hacked, with the data of 1.5 million patients being stolen, including Singapore’s own Prime Minister, Lee Hsien Loong
- Camridge Analytica – data of up to 87 million Facebook users breached, for the manipulation of US election
“Those who cannot remember the past are condemned to repeat it”
Lessons from History
First announced in 2013 by the National Health Service (NHS) in the UK, ‘care.data’, was an initiative to take data from existing GP and hospital records and upload to a centralised national database.
The NHS said: “care.data will help find more effective ways of preventing or managing illness; monitor the risk of disease spread; streamline inefficiencies and drive economic growth. The data will be updated each month and will be taken automatically from every patient in England, unless you explicitly opt out”.
Less than two years after its introduction and trial run, and having been put on hold several times for further investigations, the ‘care.data’ initiative was cancelled by the NHS, due to privacy concerns, lack of transparency and public trust. Interestingly, Doctors and Ministers raised concerns the public weren’t properly informed on how such data would be used prior to introduction.
One of the most prestigious peer-reviewed medical journals in the world, British Medical Journal, noted; “what is needed, including better technology standards, proper marketing of the benefits, an easy opt-out procedure, and a “dynamic consent” process”.
The Telegraph reports the main reason ‘care.data’ initiative failed was because of how the message was sold and communicated to the public and the importance of the scheme, with both Doctors and Patients furious over being kept in the dark over its introduction and public understanding.
Dame Fiona Caldicott, a British psychiatrist and
psychotherapist, played an instrumental role in the NHS’s decision to
cancel the ‘care.data’ program based on her 60 page review of Data Security, Consent and Opt-Outs for Health Care. Another full review with recommendations post ‘care.data’ was completed by Tech Science and can be viewed here.
Makes me wonder whether the Australian government even read these reports prior to implementing MyHealthRecord, as key recommendations for future initiatives are explicitly detailed, all of which appear to have been overlooked or disregarded!
Want to know the most disturbing part?
Tim Kelsey, CEO of Australian Digital Health Agency, who’s in charge of implementing MyHealthRecord here in Australia, is the same individual who set up the failed ‘care.data’ in the UK. As we would say in plain English; “What the F**K!”.
Commenting on the failed privacy breached in the UK
and its similarities to MyHealthRecord in Australia, the coordinator of
British privacy group Medconfidential, Phil Booth, said:
“The parallels are incredible, it looks like it is repeating itself, almost like a rewind or a replay. The context has changed but what is plainly obvious to us from the other side of the planet, is that this system seems to be the 2018 replica of the 2014 care.data”.
Booth said the same stringent privacy protections and frameworks existed in the UK and did not work; “We had the same promise, exactly the same promise, not used for solely commercial purposes. It’s bullshit!”.
Last but not least, it was discovered that insurance and pharmaceutical companies were eligible to buy anonymised patient information from the NHS database; including mental health conditions and diseases such as cancer, as well as smoking and drinking habits.
Big kids in a candy store
We’ve all heard the expression; “like a kid in a candy store”. That immense sense of excitement, dilated pupils, big ecstatic smile and the feeling as if all your wildest dreams are coming true!
That’s the exact feeling being experienced by Health Insurance companies in Australia at the moment!Image: Who Ate All The Pies
Let’s start with a quick explanation of how Health Insurance companies make their money. Their revenue comes primarily through: (1) charging ongoing premiums to existing customers and (2) sourcing new customers. Another key aspect of their business model is minimising expenses, which occurs through reducing the total amount of claims paid out.
“We desperately need this data”; proclaims Mark Fitzgibbon, Chief Executive of NIB, one of the country’s largest Health Insurers.
Mr Fitzgibbon is desperately hoping to get permission from NIB’s 1.5 million customers to access their digital health record, despite fears of data privacy and security.
The SMH reports: “Private health insurers say this data could be a way to manage higher health insurance claims being made by an ageing population and associated rising premiums, while critics warn the data may result in more exclusions and less access”.
The Utopian benefits of Health Insurers having access to your medical history are fairly evident, however in the United States, pricing and health discrimination on insurance plans still exist. Arguably the most prestigious medical journal in the world, The New England Medical Journal, found many insurers may be using benefit design to dissuade sicker people from choosing their plans by having a ‘tiered system’ for access to higher cost medications.
What’s also alarming is ‘the chief executive of peak body Private Healthcare Australia, Rachel David, said Health Minister Greg Hunt had agreed to discuss the framework with the sector’.
Regardless of the fact that at this present moment (26 July 2018), Health Insurers have no access to your health records, it will only be a matter of time before the government gives in to pressure and grants access. Interestingly with the way the MyHealthRecords Act 2012 is worded, it leaves the door wide open for what they call ‘participants’ to be granted authorised access.
Let’s future pace for a minute and hypothetically glimpse into a few possible (likely) dystopian scenarios where Health Insurers and other parties have access to your health record:
- Someone who may be slow to pay a healthcare bill could have this data stored on their My Health Record and used against them for debt collection agencies to pursue. As expressed by Australian Human Rights Commissioner
Endless discrimination based on personal health
(think job opportunities if they discover your mental health record or a
prior injury, criminal and civil legal battles, custody disputes
- this leads to potentially withholding critical health information to medical professionals for fear of future discrimination (already expressed by Australian Sex Workers)
- Recipients of government assistance (pension, Centrelink, disability) may have handouts altered due to health history
- Your health and biological data being bio-hacked (blood type, DNA) and weaponized against you (think personalised viruses & gene editing through CRISPR – YES this ‘sci-fi’ technology already exists!)
- Children who aren’t up to date with vaccinations will be refused entry to schools and other punitive or financial measures placed on parents (already happening in Australia with ‘no jab, no play’ policy)
- Health Insurers altering premiums (as evidenced in US) based on medical history, and refusing to payout claims
- Health insurers trawling your shopping history and consumption habits through rewards data (FlyBys, Woolworths Rewards, Qantas Frequency Flyer) to determine your health
- Maybe I could be wrong and it turns out insurers are purely benevolent organisations and will genuinely use this data to reduce our premiums (their revenue) and payout claims, due to providing superior health care, therefore almost eliminating the need for it in the first place?
This article merely scratches the surface with regards to current information available to the public to become well informed prior to OPT OUT period closing on 15 October.
I sincerely hope you consider the implications of automatically having a permanent MyHealthRecord created, and should you wish to OPT OUT, please click here.
Watch this space for more to come on the impact this will have on patients psychological safety!