MEDIA RELEASE: The government stores all your medical records

A Department of Health funded project is copying medical records from GP databases into a central repository.
The Primary Health Insights (PHI) project has loaded the medical records of as many as 25 million Australians into “the Cloud”.

This is being done under the pretext of improving healthcare.

Detail includes medications and prescribing dates, including opioids, antidepressants, antipsychotics, MBS items, allergies, alcohol consumption, diagnoses, pathology dates and results, including STIs, chlamydia, gonorrhea, syphilis, hepatitis, HIV, HPV, pap smear information- up to 400 medical data items per patient.

Most Australians may be unaware they are giving consent to their data upload when they sign the patient registration form.

This form may state that they consent to the disclosure “of de-identified information for research”.
Information is considered “de-identified” for the purposes of PHI if key identifiers like name, address and Medicare number have been removed.

But the data is easily identified by medication and prescribing dates, for example: Researchers at The University of Melbourne showed it was possible to identify doctors and patients in data of 3 million Australians from an ‘Open Data’ dump published by the Department of Health on their website for download in August 2016.

The Department said in a statement, “Patients and providers cannot be re-identified.”

The data was downloaded more than 1,000 times before it was withdrawn.

Sharing of PHI information is controlled by the Australian Institute of Health and Welfare (AIHW).

Individual patients can apparently request exemption from the data upload by contacting their GP practice.

We have requested comment and asked about ways people can delete the data already uploaded to the AIHW centralised storage.

An APF Backgrounder unravelling the complex issue of using patient data without consent is published at https://privacy.org.au/wp-content/uploads/2021/04/MB-GovtGPsPatientData-210401.pdf.

Reference links:
  1. https://www.pencs.com.au/wp-content/uploads/2019/12/PenCS-CAT4-Deidentified-Data-Dictionary.pdf
  2. https://www.itnews.com.au/news/govt-releases-billion-line-de-identified-health-dataset-433814
  3. https://www.oaic.gov.au/privacy/privacy-decisions/investigation-reports/mbspbs-data-publication
  4. https://www.hisa.org.au/slides/hda/18/ChrisPearce.pdf
  5. https://privacy.org.au/wp-content/uploads/2021/04/MB-GovtGPsPatientData-210401.pdf
Media Contacts for Australian Privacy Foundation board members:

Juanita Fernando, Health Committee

0408 131 535juanita.fernando@privacy.org.au
Media Backgrounder: Federal Government quietly reward GPs for patient health data without getting informed consent

Press Release in PDF format