Every Australian will soon have a My Health Record — an online summary of their health information — unless they opt out before November 15. Brisbane LGBTIQ health specialist and QNews Magazine contributor Dr Fiona Bisshop has put a series of questions about privacy, consent and security to My Health Record and you can read their responses below.
Can doctors access My Health Record without specific consent from the patient?
The My Health Record System was designed with the highest level of security and privacy to protect your health information. Only registered healthcare organisations involved in your care, registered with the My Health Record System Operator, are allowed by law to access My Health Records.
Data cannot be accessed by insurance companies. Nor can patient’s data cannot be sold.
A healthcare provider can activate emergency access when there is a serious threat to the individual’s life, health or safety and their consent cannot be obtained (for example, due to being unconscious).
Every time your My Health Record is accessed, it is recorded in an access history which you can view by logging into your My Health Record. You can set up automatic notifications to receive an email or text any time a new healthcare organisation accesses your My Health Record, including in an emergency.
The System Operator cyber security team constantly monitors system access. There are strict penalties for unlawful access.
Can Centrelink and other government agencies access the MHR without consent?
The Australia Digital Health Agency has not and will not release any documents without a court/coronial or similar order.
No documents have been released in the last six years and none will be released in the future without a court order.
Additionally, no other Government agencies have direct access to the My Health Record system.
Could a court subpoena the contents of the MHR without having to go through the original custodian i.e. GP?
The System Operator is authorised to disclose information within a My Health Record if subpoenaed by the court.
On 31 July 2018 the Minister for Health announced his intention to strengthen the MHR Act to make clear that information will not be released without a court order.
How secure is the data? A recent data breach in Singapore suggests that this kind of technology is vulnerable to hacking.
The My Health Record system has the highest level of security and meets the strictest cyber security standards.
The MHR system has robust multi-tiered security controls to protect the system from malicious attack.
The system has been built and tested to Australian Government standards to protect the confidentiality, integrity, and availability of the health records.
The MHR system has been certified and accredited under the Australian Government Information Security Manual.
In 6 years of operation, there has never been a security breach of the My Health Record.
Additionally, only authorised health providers can access the system through secure conformant software.
In addition to these protections, individuals can also have control over what goes into their record and who can access it and when.
Individuals can put a Record access code across the whole record or on individual documents so only those with your pin code can see them.
Individuals can choose to set up alerts and be notified by a text message or an email if their record is accessed by a new provider.
There is a complete audit log for every My Health Record.
Regarding the Singapore Data Breach: The Singapore Ministry of Health stated that the Singapore National eHealth Record (NEHR) system was not compromised.
This has been confirmed by the Integrated Health Information Systems (IHiS), which runs the IT systems of public health institutions.
What if data is mistakenly entered, e.g. a doctor enters a misdiagnosis into your record? Is there a way of removing this?
The MHR is an easier and more convenient way to record and track your health information over time.
Previously it would be much harder to know what information was being compiled by any of the healthcare providers you see.
By allowing your doctors to upload, view and share documents in your My Health Record, they will have a more detailed picture with which to make decisions, diagnose and provide treatment to you.
You can also ask providers not to upload documents to your record.
Should you see information in your MHR that is incorrect you can remove these documents from your MHR.
Please see the My Health Record website for further information and a step by step guide.
For more about My Health Record, pick up issue 465 of Qnews Magazine, out this Friday. To find a copy near you, see here.