Police and law enforcement agencies will be able to access the sensitive medical data contained on the My Health Record system without a warrant or court order, according to a new legal analysis.
People’s medical records will be stored on a national database under the federal government scheme, to be viewed by patients, GPs, specialists, pharmacists and hospital staff, with every Australian set to be added to the scheme automatically unless they choose to “opt out” by October 15.
While individual security controls can be put on the data, the ability of authorities to override the privacy settings and access the data without a court order has concerned advocates of people living with HIV and sex workers. They say members of marginalised communities who don’t opt out of the system will be put at risk of criminalisation and prosecution.
Last week, Health Minister Greg Hunt said it was “incorrect” to say law enforcement agencies could access the data, and he and the Australian Digital Health Agency (ADHA) both said that the ADHA “will not release any documents without a court/coronial or similar order” and to do so was against the agency’s operating policy.
But an analysis by the Parliamentary Library pointed out the legislation “does not mandate this and it does not appear that the ADHA’s operating policy is supported by any rule or regulation.”
The My Health Record Act 2012 legislation only requires law enforcement agencies to have a “reasonable belief” that a person’s data could be “reasonably necessary to prevent, detect, investigate or prosecute a criminal offence” for them to access the data, according to the analysis.
“As legislation would normally take precedence over an agency’s operating policy, this means that unless the ADHA has deemed a request unreasonable, it cannot routinely require a law enforcement body to get a warrant, and its operating policy can be ignored or changed at any time,” the analysis reads.
This represented “a significant reduction” in the legal threshold for the release of private medical information to law enforcement, according to the analysis.
Australian Medical Association (AMA) president Dr Tony Bartone said on Wednesday he was seeking urgent clarification from Health Minister Greg Hunt and the Australian Digital Health Agency around the legislation to ensure police and government agencies don’t have warrantless access to the My Health Record data.
Dr Bartone told the National Press Club he would do “whatever it takes” to remove any “ambiguity” surrounding the disclosure of data and would go as far as asking the minister to change the legislation.
He said the security and privacy of patients’ medical records were “paramount” and AMA members would not accept them being released without a court order.
Former AMA president Dr Kerryn Phelps suggested on Tuesday that GP’s may refuse to upload their patients’ data to the system if the privacy concerns weren’t addressed.
“Many of my colleagues that I’ve spoken to, particularly in general practice, are deeply concerned,” Dr Phelps told Fairfax Media.
“They’re very worried about privacy and intruding into the doctor-patient relationship.
“Anything that is not in the patient’s interest, should not be in the legislation.”
The Australian Federation of AIDS Organisations and the National Association of People With HIV Australia (NAPWHA) have produced fact sheets about the My Health Record system and called on people to consider the benefits and risks before the end of the opt-out period.
The information in a person’s My Health Record will be held for 30 years after their death. If that date isn’t known, the data is kept for 130 years after their birth.
To find out more about the My Health Record or to opt out, visit the website or call 1800 723 471.