Kissing goodbye to your health privacy? Governments must work harder.

This week ID information from the financial records of over 120 million people in the United States was hacked – the latest reminder that IT security failure is a global epidemic.
Health records are just as valuable to hackers. The current system for storing and using health records in Australia is hopelessly deficient. But with lousy data security, and a world where data breaches are a daily event, the Australian Government’s reluctance to fix this problem is looking negligent!
The Australian Privacy Foundation (APF) highlights the need for law reform and effective administration in order to protect the health records of all Australians.
It has just filed its submission to the Independent Review of Accessibility by Health Providers of Medicare Card Numbers, established  following reports that Medicare Numbers are being sold on the Dark Web.
This problem must be fixed. It can be fixed by long overdue law reform, and by changes to the way health identifiers are handled by the private sector and our Government.
David Vaile, chair of APF, today said “These changes are now urgent because Australia is establishing the billion dollar MyHR program, intended to create electronic access to the medical records of most people across Australia.”
“There needs to be a full independent review of the whole controversial MyHR program, given the widespread concerns by health, information technology and legal specialists that its design, security model and implementation is fundamentally flawed” said Mr Vaile.

“Trust is the basis of effective medicine, and the clinical relationship at the heart of it, but there is no trust in My Health Record’s defective design and inadequate operation. The Government system is so inadequate that Australians’ health records will be a click away from being stolen.”
Mr Vaile called for establishment of a ‘Privacy Tort’, i.e. a national law providing a right to compensation for anyone who has experienced a serious breach of privacy. The Tort has been recommended by Commonwealth, state and territory law reform commissions and parliamentary committees over the last decade, after the High Court found there was no existing remedy and called for Parliament to address it. A Privacy Tort is a common sense solution to a problem that will not go away.

A Privacy Tort exists in most major economies. Australians are now almost alone in remaining exposed to massive privacy breaches without any enforceable legal remedy. Australia is increasingly isolated by its failure to offer this basic self-help protection for citizens’ rights in the digital age.
The Foundation also calls for strengthening of the Office of the Australian Information Commissioner, the under-fed national privacy watchdog.
There needs to be greater transparency in disclosure by government of data breaches, particularly those relating to health records, said Mr Vaile . “We should not rely on journalists to discover that our privacy has been breached.”
The Foundation opposes calls for establishment of a multi-purpose national identity card – a new Australia Card – to replace the Medicare Card or Medicare Number. Such a card will not meaningfully inhibit identity crime. It will require resources that are more usefully invested in public health. It will not be a trustworthy solution. It will erode the privacy of all Australians.

Media contact:
David Vaile, Chair, Australian Privacy Foundation