The Australian Privacy Foundation fully supports recent calls by the Opposition Parties, Dr Kerryn Phelps, lawyers, clinicians, educators and others to extend the period when people can opt-out of being registered for a government owned and controlled My Health Record.
There is obvious broad disquiet and substantive community concern: over a million people have opted out; there have been reports of recurrent crashes of the opt-out web site and helpdesk; and the number of people wanting to opt-out seems to have jumped, in line with the recent increased publicity.
This disquiet and concern can largely be attributed to the paucity of information about the opt-out campaign and the lack of balanced information of My Health Record on the government’s websites which only spruik claimed benefits. People have not been given all the information they need on which to make an informed decision.
The recent Senate Inquiry into My Health Record and the opt-out initiative received over 110 submissions. The Inquiry’s recommendations that raise this and other issues have largely been ignored and dismissed by the government. The Health Minister’s attempts to “strengthen” the legislation protecting the privacy and security of the system are akin to putting a band-aid on a train wreck.
It is not widely known but the original design of the My Health Record had a requirement that all health providers (currently estimated to be about a million) who are able to use the system were to have a smart card that controlled access, identified them and allowed proper auditing of access to a patient’s health data.
This was never implemented. One can only wonder why. Whether it was cost-cutting, the need to meet a deadline, or a desire NOT to transparently record which individuals have accessed your information, the result is a remarkable security implementation failure.
The consequences of this decision mean that the protections built into the My Health Record are second class, as is the use of legislation to protect privacy. Legislation does not stop bad and inappropriate behaviour; at best all it does is punish those who get caught; if they get caught.
The Australian people cannot rely on this or any future government to properly protect the privacy and security of their health data. Legislated protections can be increased and, just as easily, weakened.
The APF calls upon the government to extend the opt-out period, not just to better inform Australians about this system (as recommended by the Senate Inquiry) but to properly and fully assess the actual benefits, the costs and risks.
My Health Record should be treated in exactly the same way as any other medical procedure, protocol or treatment. The system should be subjected to scrutiny and assessment by a wide range of independent experts to fully identify and validate the benefits, costs and risks. This is something that has never been done but, after over six years in operation, should be done. It should be completed and the results published before finalising the automatic registration process; hence the need to extend the opt-out period.
The government should stop treating itself as some sort of privileged player in the health care industry and obey the same rules as everyone else.
The extraordinary but so far unjustified and sometimes misleading claims made by the government need extraordinary evidence or, to use the vernacular, they should put up or shut up.
For more information about our views and links to other coverage of My Health Record during the opt-out period (over 200 links) see:
Dr Bernard Robertson-Dunn
|0411 157 113||Bernard.Robertson-Dunn@privacy.org.au|