There is obvious broad disquiet and substantive community concern: over a million people have opted out; there have been reports of recurrent crashes of the opt-out web site and helpdesk; and the number of people wanting to opt-out seems to have jumped, in line with the recent increased publicity.

This disquiet and concern can largely be attributed to the paucity of information about the opt-out campaign and the lack of balanced information of My Health Record on the government’s websites which only spruik claimed benefits. People have not been given all the information they need on which to make an informed decision.

The recent Senate Inquiry into My Health Record and the opt-out initiative received over 110 submissions. The Inquiry’s recommendations that raise this and other issues have largely been ignored and dismissed by the government. The Health Minister’s attempts to “strengthen” the legislation protecting the privacy and security of the system are akin to putting a band-aid on a train wreck.

It is not widely known but the original design of the My Health Record had a requirement that all health providers (currently estimated to be about a million) who are able to use the system were to have a smart card that controlled access, identified them and allowed proper auditing of access to a patient’s health data.

This was never implemented. One can only wonder why. Whether it was cost-cutting, the need to meet a deadline, or a desire NOT to transparently record which individuals have accessed your information, the result is a remarkable security implementation failure.

The consequences of this decision mean that the protections built into the My Health Record are second class, as is the use of legislation to protect privacy. Legislation does not stop bad and inappropriate behaviour; at best all it does is punish those who get caught; if they get caught.

The Australian people cannot rely on this or any future government to properly protect the privacy and security of their health data. Legislated protections can be increased and, just as easily, weakened.

The APF calls upon the government to extend the opt-out period, not just to better inform Australians about this system (as recommended by the Senate Inquiry) but to properly and fully assess the actual benefits, the costs and risks.

My Health Record should be treated in exactly the same way as any other medical procedure, protocol or treatment. The system should be subjected to scrutiny and assessment by a wide range of independent experts to fully identify and validate the benefits, costs and risks. This is something that has never been done but, after over six years in operation, should be done. It should be completed and the results published before finalising the automatic registration process; hence the need to extend the opt-out period.

The government should stop treating itself as some sort of privileged player in the health care industry and obey the same rules as everyone else.

The extraordinary but so far unjustified and sometimes misleading claims made by the government need extraordinary evidence or, to use the vernacular, they should put up or shut up.

For more information about our views and links to other coverage of My Health Record during the opt-out period (over 200 links) see:

My Health Record

Contacts:

It has been removed from the Library’s website. This is taken from a cached copy available on Google:

Law enforcement access to My Health Record data
Posted 23/07/2018 by Nigel Brew

Parliamentary Library

My Health Record (MHR) was introduced in June 2012 by the Gillard Labor Government originally as an opt-in system known as the Personally Controlled Electronic Health Record (PCEHR) before legislative amendments in 2015 introduced by the Abbott Coalition Government renamed it and laid the groundwork for it to become an opt-out system. Law enforcement access to MHR data is among the privacy concerns raised about the program, but this provision was in the original legislation and received little attention when the Bill was debated.

The PCEHR/MHR has been operating for six years now since July 2012 and was characterised in 2015 by Labor politicians as a ‘proud Labor reform’ and a ‘natural extension’ of Medicare. The MHR system is operated by the Australian Digital Health Agency (ADHA) as a ‘secure online summary of an individual’s health information’. However, under certain circumstances, MHR data may be provided to an ‘enforcement body’ for purposes unrelated to a person’s healthcare. An ‘enforcement body’ is defined in section 6 of the Privacy Act 1988 as the Australian Federal Police, the Immigration Department, financial regulatory authorities, crime commissions, any state or territory police force, anti-corruption bodies, and any federal or state/territory agency responsible for administering a law that imposes a penalty or sanction or a prescribed law, or a law relating to the protection of the public revenue.

Section 70 of the My Health Records Act 2012 enables the System Operator (ADHA) to ‘use or disclose health information’ contained in an individual’s My Health Record if the ADHA ‘reasonably believes that the use or disclosure is reasonably necessary’ to, among other things, prevent, detect, investigate or prosecute any criminal offence, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; protect the public revenue; or prevent, detect, investigate or remedy ‘seriously improper conduct’. Although ‘protection of the public revenue’ is not explained, it is reasonable to assume that this might include investigations into potential fraud and other financial offences involving agencies such as Centrelink, Medicare, or the Australian Tax Office. The general wording of section 70 is a fairly standard formulation common to various legislation—such as the Telecommunications Act 1997—which appears to provide broad access to a wide range of agencies for a wide range of purposes. 

While this should mean that requests for data by police, Home Affairs and other authorities will be individually assessed, and that any disclosure will be limited to the minimum necessary to satisfy the request, it represents a significant reduction in the legal threshold for the release of private medical information to law enforcement. Currently, unless a patient consents to the release of their medical records, or disclosure is required to meet a doctor’s mandatory reporting obligations (e.g. in cases of suspected child sexual abuse), law enforcement agencies can only access a person’s records (via their doctor) with a warrant, subpoena or court order.

The Australian Medical Association’s existing Ethical Guidelines for Doctors on Disclosing Medical Records to Third Parties 2010 (revised 2015) note:

It seems unlikely that this level of protection and obligation afforded to medical records by the doctor-patient relationship will be maintained, or that a doctor’s judgement will be accommodated, once a patient’s medical record is uploaded to My Health Record and subject to section 70 of the My Health Records Act 2012. The AMA’s Guide to Medical Practitioners on the use of the Personally Controlled Electronic Health Record System (from 2012) does not clarify the situation.

Although it has been reported that the ADHA’s ‘operating policy is to release information only where the request is subject to judicial oversight’, the My Health Records Act 2012 does not mandate this and it does not appear that the ADHA’s operating policy is supported by any rule or regulation. As legislation would normally take precedence over an agency’s ‘operating policy’, this means that unless the ADHA has deemed a request unreasonable, it cannot routinely require a law enforcement body to get a warrant, and its operating policy can be ignored or changed at any time.

The Health Minister’s assertions that no one’s data can be used to ‘criminalise’ them and that ‘the Digital Health Agency has again reaffirmed today that material … can only be accessed with a court order’ seem at odds with the legislation which only requires a reasonable belief that disclosure of a person’s data is reasonably necessary to prevent, detect, investigate or prosecute a criminal offence.

This uncertainty has left different advocacy groups concerned. The Chief Executive Officer of the Sex Workers Outreach project has been reported saying that warrantless law enforcement access to medical records was the main reason sex workers were concerned about MHR, pointing out that ‘“Sex work is criminalised in a number of states … So, if I’m in the ACT and somebody suspects me of sex working, and they go into my medical record and that proves it, I can end up in jail”’. Similarly, while the Federation of Ethnic Communities’ Councils of Australia supports the MHR, it was reported that ‘it hopes My Health Record information will not be used for the purposes of immigration enforcement or decisions’. Such fears are possibly not without foundation. Until recently, data-sharing arrangements in the UK between the National Health Service and the Home Office meant that medical records were being used to track down illegal immigrants:

It is interesting to note that while disclosure of personal information under Australian social security law for the purpose of enforcing the law must satisfy a higher bar compared with the My Health Records Act 2012, the provisions permitting disclosure of Medicare information for the purpose of enforcing the law are actually broader than the My Health Records Act 2012.

Although the disclosure provisions of different agencies may be more or less strict than those of the ADHA and the My Health Records Act 2012, the problem with the MHR system is the nature of the data itself. As the Law Council of Australia notes, ‘the information held on a healthcare recipient’s My Health Record is regarded by many individuals as highly sensitive and intimate’. The National Association of People with HIV Australia has suggested that ‘the department needs to ensure that an individual’s My Health Record is bound to similar privacy protections as existing laws relating to the privacy of health records’. Arguably, therefore, an alternative to the approach of the current scheme would be for medical records registered in the MHR system to be legally protected from access by law enforcement agencies to at least the same degree as records held by a doctor.

These two facts are enough to demand the current My Health Record opt-out program be suspended and the data currently in it deleted. It is the only way that Australians can be assured that this and future governments will not abuse our health data and our trust.

Contacts:

References:

1. Implementing the Framework to guide the secondary use of My Health Record system data Page 7, “out of scope”
   
   
2. Law enforcement access to My Health Record data

My Health Record (formerly known as the PCEHR) has been working since July 2012. Initially it was hardly used, which raises the question – if it’s so good why was it not promoted and used by GPs? Rather than address the many failings of the system the government decided to do two other things:

The first was to change it from an opt-in system to an opt-out. That means rather than you choosing to be registered, the government would do it for you unless you decided you didn’t want to be registered. They have also changed the need to first obtain your consent to register you and to gather and store your health data. The government hopes that if more people are registered GPs will use it. This is a strange argument, considering its lack of usefulness.

The second was to try and buy health data from your GP. The government’s spin is that it is a part of the Practice Improvement Program (the ePIP). GPs must upload a certain number of Sheared Health Summaries each three month period to get paid. The government claims it only takes a few seconds and a couple of clicks, but this does not comply with the obligations the AMA say GPs have when managing eHealth Record. If it is quick and easy to do, it probably isn’t worth much. The government is paying for bulk, not quality. They don’t want it for providing health care; they want it in order to link it to other data and to monitor health providers.

The RACGP are in favour of GP’s being given an “incentive”, although they are not particularly happy with the ePIP mechanism. There is also a Medicare code that GPs can use to get paid for the time they spend gathering and uploading your data; not treating the patient. All this takes time out of the consultation; time that could be better used treating your condition.

Let us tell it like it is: GPs are being asked to sell your health data to the government. You give it away hoping to get good health care. If a tradesperson were to claim they were not selling a service to their customers, they were merely reacting to an “incentive”, it is doubtful the ATO would agree. Why should the government get away with calling payment for a data transfer transaction something other than it really is – buying your health data?

There is evidence that paying for a patient’s health data doesn’t actually work very well. In a recent article [1] it’s argued that “Put simply, if you pay people to do something, the vast majority of them will do the bare minimum required to get paid.”

For a GP to be able to sell your health data to the government you need to be registered for a My Health Record, so if you don’t have one you are probably safe. As soon as you are “given” one, your data may end up in the government’s database and it will stay there until well after you die. You can’t delete your record (only de-activate it) and you can’t delete any of the data in it.

There is a good case to be made for government collecting performance and aggregate data so that they can make better decisions regarding health funding and health care policy. However, this data is significantly different from an individual’s personal health data. The government has not provided a satisfactory answer to the question “what are the health benefits for a patient to give their health data to the government?”

Do you really believe the government when they say it is “your” health record? It’s about you; you just don’t own it. Your health record is not your property in Australia. Legally, it is your doctor’s record, not yours. The Productivity Commissioner has proposed that this be altered, to form a joint record. [2] Don’t expect that to happen any time now.

This push to buy your health data has a lot in common with other attempts to get at and use your data:

Other examples include Health Engine selling patient details to law firms; Facebook selling data to Cambridge Analytica to influence elections and the Brexit vote; Ancestry.com making available your DNA and family history to police departments and other companies. It is not clear if the police are paying for this access but they are still getting at it, without your knowledge and/or explicit consent.

The reality is that your health data is being used for far more than your health. In the trade this is known as monetising your data. Your data has become a commodity but it is unlikely you will get paid for it. It is even more unlikely you will know much about it or have any say in it.

This is having major negative effects. Trust is out the window. Can you trust your doctor has your best interest at heart when they are selling your data to the government? Can you trust the government not to misuse your data? Can you trust the system to keep your data safe and private? The system is more than just My Health Record, which is designed to permit data to be downloaded to GP and other systems.

The government will be obtaining your health data from more than just your GP and will be doing it without your explicit consent – it will be assumed. The government will be telling you that there are many professional and health related institutions that are behind this scheme. Ask yourself why? The simple answer is because they want to get at your data. In some cases it could be because it will improve your health care. In others it won’t.

Who do you trust to tell you the truth?

Do you trust a government prepared to buy your health data to tell you all you should know about My Health Record. Look at the material they make available about opting out. Apart from the glowing claims about benefits, do they talk about the costs, the risks and the fact that they are paying for your data to be uploaded?

Are you really convinced that you understand my health record well enough to realise the risks to your privacy?

If the answer is yes; do nothing; your GP and the government will do the rest. You don’t have to know what’s going on, and you probably won’t be able to find out.

If you don’t, follow the advice of Positive Life NSW – if in doubt opt-out. You can do this from 16 July – if we can trust the government to be telling us the truth.

Contacts:

References:

1. Why Paying Health Providers for Improved Data Quality Won’t Work http://www.semanticconsulting.com.au/2018/03/20/why-paying-health-providers-for-improved-data-quality-wont-work/
2. Data, the European Union General Data Protection Regulation (GDPR) and Australia’s New Consumer Right http://www.pc.gov.au/news-media/speeches/data-protection

EFA, Future Wise and APF today denounced the actions of HealthEngine and its doctor appointment booking system which has been sharing patient data with law firms, marketers, and other entities with the flimsiest pretense of patient consent.

“If this ethically dubious behaviour is technically legal, then Australia’s privacy legislation must be changed,” said Justin Warren, Electronic Frontiers Australia board member.

“People have made it clear time and time again that information about their health is extremely personal and private and they expect it to be kept secure, not shared with all and sundry,” he said. “I cannot understand how any doctor would allow their patients’ trust to be abused in this way.”

Dr Trent Yarwood, health spokesperson for Future Wise and a medical specialist, said “Making access to healthcare easier for people is critical. However, practice managers and healthcare professionals must understand the privacy implications of how they do this.”

“Too many services are set up with the primary aim of selling personal data to advertisers, and providing ‘convenient’ services to people purely as a hook to get this data,” he concluded.

The original ABC report noted that “HealthEngine also has a data-sharing arrangement with the Federal Government’s My Health Record (MyHR) digital medical record system.” The precise nature of this data-sharing arrangement must be made public immediately. The government is making MyHR mandatory, save for a short once-only opt-out period, and the public must know what our health data is going to be used for if we are to have confidence in this system.

Kat Lane, vice chair of Australian Privacy Foundation, said “Data in the government’s MyHR can be downloaded to a GP system and is then freely available—no controls, no audit trail—including potentially to apps such as HealthEngine, without proper informed consent. This is a warning about serious issues of transparency and consent with such apps and MyHR.”

The law must be changed to provide robust privacy protections for all Australians, such as by finally giving us the right to sue for breach of privacy, requiring explicit consent for each disclosure of medical or health data to a third party, and proper auditing of record-access that is visible to the patient. The current system is too easy to bypass for unscrupulous operators looking to make a fast buck.

Download the media release:

Doctors, Lawyers, and Privacy Experts Denounce HealthEngine Sharing Patient Health Data With Non-GPs Joint Response to HealthEngine Data Sharing

About EFA

Electronic Frontiers Australia is the premier voice for digital rights in Australia. Established in 1994, EFA is independently funded by members and donations. For more information about EFA, see https://www.efa.org.au

About Future Wise

Future Wise is an independent policy and advocacy organisation, focusing on technology, health, and education; and is a strong voice for digital privacy in Australia. Further information about Future Wise is available at their website: https://futurewise.org.au

About APF

The Australian Privacy Foundation is the primary association dedicated to protecting the privacy rights of Australians. The Foundation aims to focus public attention on emerging issues which pose a threat to the freedom and privacy of Australians. For additional information about APF see https://privacy.org.au

MEDIA CONTACTS
For Electronic Frontiers Australia
Email: media@efa.org.au
Twitter: @efa_oz
Phone: Justin Warren – 0412 668 526

For Future Wise
Email: trent@futurewise.org.au
Twitter: @FutureWiseAU
Phone: Trent Yarwood – 0403 819 234

For Australian Privacy Foundation
Email: kat.lane@privacy.org.au
Twitter: @apf_oz
Kat Lane – 0447 620 694
Or
Email: Bernard.Robertson-Dunn@privacy.org.au
Bernard Robertson-Dunn – 0411 157 113

Our advice on My Health Record, like that of Dr Katherine Kemp, a specialist in data privacy [1], is to Opt-Out while you still can: we now know that your once-off chance to protect your medical confidentiality begins on 16 July and expires on 15 October 2018.

Just say “No” to this Clayton’s ‘consent’, this attack on the clinical relationship of trust. Tell the government: “Come back when you can ask nicely!”

The Health Minister, Greg Hunt’s recent announcement [2] of the closing date for your once-off chance to “Opt-Out” of the government’s My Health Record is remarkable not for what it says, but what it doesn’t say. There is no mention that:

• My Health Record was first released in July 2012 as “opt-in” (like all other forms of proper consent in the medical area, you must be explicitly asked for your permission before it happens, and be told what it is, what the proven benefits are, and what your risks are).
• When given a chance to Opt-In, few Australian did so, apparently not convinced of either any necessary benefit to them, or that it’s bypassing of medical confidentiality is trustworthy.
• Although there are over 5.77 million registrations, only 1.7 million Shared Health Summaries have ever been uploaded, including updates. Those My Health Records that do exist have hardly, if ever, been used, perhaps because it is a mere grab bag of fragmentary extracts, not a usable or reliable clinical record.
• To try to get around this rejection by those asked for proper consent they changed the “consent” procedure to a consumer-hostile “Opt-Out” approach, so you will be registered for a My Health Record without your express or active consent.

This is the ‘nanny state’ gone mad, a huge and risky invasion of your privacy. The government cannot persuade Australians and their GPs that creating a My Health Record is useful or safe (possibly because there is good reason to conclude it is neither), so they cheat by just giving themselves the right to do it anyway, unless you say no before the looming, newly announced date.

A major worry is that there is no mention of the costs or the risks to you of the government (and those to whom it is happy to disclose, whether in full or as easily re-identifiable ‘open data’) having bits of your health information. It’s like leaving out a full explanation of the possible side effects.

There is little evidence that an unreliable, incomplete, out of date summary health record system will be of any value to health professionals. The vast majority of doctors and clinicians already keep reliable electronic medical records for their patients – records they actually use daily to provide care, and can rely on for life and death decisions. The My Health Record is not for use as a medical record, it is designed for other purposes for third party users. In most clinical circumstances, the My Health Record creates an increased workload and a useless duplication, without solving the real problem of interoperable, highly secure, trustworthy clinical records. As a patient, watch your GP next time you have a consultation and observe just how much time the GP spends on their computer. My Health Record will just make this worse, without offering anything reliable or useful for clinical practice, and expose you to risk.

The Health minister doesn’t mention many key facts. This omission undermines the degree to which a decision to Opt Out by 15 October can be properly “informed”. For instance, he doesn’t mention:

1. The government advises health professionals not to rely on data in My Health Record; it is an adjunct to clinical systems, not a replacement. Its primary purpose is to enable those not in the clinical relationship of trust to access your medical information, not to help doctors and patients in the treatment setting.
2. Once government has your health data, you cannot delete it. If you don’t Opt-Out now, you lose you chance forever. If you wish to change what you have added, a new copy is uploaded, but the old data stays in the system. If you want to cancel your My Health Record, all that will happen is that your record is deactivated (and perhaps hidden from you), but will still exist. This is social media’s idea of pseudo-deletion, not a proper right to withdraw your data from them.
3. Data put into My Health Record by health providers may be incorrect or inaccurate, but the author of the documents is the only one who can alter it. It is up to you to check the accuracy of the data (how could most people do this?), and chase up those who uploaded it and ask politely if they will correct it. They are under no obligation to do so. In other words, any idea you own or control your data in My Health Record is an exaggeration. You control anything you add yourself, but that’s about it. It is not YOUR health record, the record belongs to the government, and the data is controlled by whoever entered it, and the government.
4. Your GP will need to spend time summarising your health data, ensuring that it is consistent with what is already in your my health record before uploading it; time that could be better spent managing your health or the actual clinical record, not this unreliable duplicate.
5. Some communities (e.g. those with mental health issues, drug abuse problems, the LGBTI community) have expressed concerns that there are risks of their health treatment information being readily available to a wide range of health care professionals. The My Health Record system does not deal with security, privacy, sensitivity or risk of excessive use.
6. When Your health data are legally available from, or downloaded to, other systems they are not covered by the My Health Record legislation. And if they are abused, there is still no right to sue for breach of privacy in Australia.
7. You can only see which institution has accessed your record, not which individual – a major flaw in auditing, security and accountability. The minister doesn’t mention that ‘the institution’ could be a medical centre, a large hospital group, a pathology company or a pharmacy chain, with potentially hundreds or thousands of people able to access your record under the one name of that organisation.
8. You (and everyone else) have to keep your health data up to date, or it may become inaccurate or out of date and potentially unsafe. This is a major design flaw – the whole point of reliable electronic health records is that they should solve the currency problem. My Health Record hides it and makes it worse, so it is potentially unsafe.
9. Your health information may be linked with data from other government agencies looking for evidence of fraud or malpractice, or as the legislation says “the protection of the public revenue”.
10. What happens after the three month “Opt-Out” period for people who have been abroad – students, returning off-shore workers, new citizens, or people who have no idea this record process is happening because they aren’t currently living here? (They lose their one chance.)
11. After the Opt-Out period, newborn babies will be given a My Health Record unless their parents opt them out. That child will then have a My Health Record for life, and will never have been given the opportunity not to have one.
12. Any large-scale database of health information will be a highly attractive target to hackers. IT security can no longer be assumed to be able to repel a sufficiently motivated intruder. My Health Record creates a massive honeypot of duplicate data, a sitting duck.
13. There are significant risks to patient privacy, and you need to assess that risk according to the benefits and costs or risks relevant to your specific circumstances. For most people, the breach of the clinical relationship of confidentiality and the lifelong loss of control of your data will not be worth any minor benefits – we believe this is why most people did not give consent when they were asked properly (the former Opt-In approach).

We have yet to see what information the government provides as part of its awareness-raising campaign so everyone knows the government will make a permanent My Health Record about them if they do no Opt Out by 15 October, and the full story so people can make a proper informed choice. The clock is already ticking, but the assumption is that they hope most people do not become aware of the looming deadline of your once-off chance to protect your medical information from a Cambridge Analytica-style data heist, or of the facts suggesting the limited benefit and clear risks of letting the moment pass. They will later be able to insist, like Google and Facebook (but with less cause) that it’s your problem now: silence means consent, so by doing nothing you have legally agreed to let them do it.

In the meantime, you should go to <https://www.myhealthrecord.gov.au> and register to be informed when and how to Opt-Out. The direct link is:
<https://www.myhealthrecord.gov.au/for-you-your-family/howtos/opt-out>

Contacts:

References:

1. ABC. The World Today Data privacy expert recommends opting out of proposed e-health scheme http://www.abc.net.au/radio/adelaide/programs/worldtoday/data-privacy-expert-would-opt-outof-proposed-e-health-scheme/9762820
2. Media release – My Health Record opt out date announced https://www.digitalhealth.gov.au/news-and-events/news/media-release-my-health-record-opt-outdate-announced

The inadequacy of Australia’s current health data privacy framework – inadequate risk assessment, inadequate law, inadequate enforcement – was demonstrated recently by a major independent study from Chris Culnane, Benjamin Rubinstein and Vanessa Teague at Melbourne University, released in the last days of 2017. [1]

In 2016 the Australian government released a large-scale data set relating to the health of many Australians, under the fashionable rubric of ‘Open Data’. [2] This 10% sample included all publicly reimbursed medical and pharmaceutical bills for selected patients spanning the thirty years from 1984 to 2014. The data as released was meant to be ‘de-identified’, meaning that it supposedly could not be linked to a particular individual: and since it would thus raise no privacy issues, it could be released ‘into the wild’, without controls.

Unfortunately, the government got it wrong: this weak protection can be breached. The IT security researchers demonstrated that this sensitive health data can be reidentified: with minimal effort it may be possible to get a picture of the health of prominent Australians, or of you and your neighbours. The research follows similar studies in the United States and Europe demonstrating the unreliability of existing ‘de-identification’ techniques in the face of rapidly-evolving artificial intelligence ‘machine learning’, and Big Data tools. It must be taken seriously.

In response to that earlier study, the Office of the Australian Information Commissioner’s Office (OAIC), the national privacy watchdog formerly known as the Privacy Commissioner, announced that it is “investigating the publication of the Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Scheme (PBS) datasets”. OAIC has been investigating since September 2016, after the same researchers initially revealed problems with the data by demonstrating it was possible to re-identify practitioner records. [3]

More than a year later, in 2018 the OAIC is still investigating.

• There has been no public report, nor warning about the bug in ‘Open Data’.
• There is no indication of when the report will be released.
• There has been no indication of whether the report will be released in full rather than in the usual redacted version.
• There has been no requirement to reconsider the misplaced trust in ‘deidentification’ of ‘Open Data’ in the face of evidence of its unreliability.

You should be able to trust governments to care for sensitive personal data about yourself and your family. Clearly some of those who are handling this data either lack expertise, or are careless: it appears that ‘Open Data’ protections can be breached.

The Health Department and its Minister should be held to account. Overseas governments have responded effectively to similar problems: for example, the major Caldicott reports in the UK saw the end of the ‘Care.Data’ plan to sell the health records of most people in Britain. (The architect of that plan is now the CEO of the Australian Digital Health Agency.)

The OAIC should also be held to account. The delay of more than a year is unacceptable. So is the fact there is no end in sight, and the fundamental, controversial flaw in the rhetoric about the claimed safety of ‘Open Data’ remains unrecognised.

It may be that the OAIC lacks expertise and other resources. That is no excuse. (Extensive research work done by NICTA, and by independent university researchers like those at Melbourne and other institutions internationally, identifies the growing risks to ‘de-identification’ as a safe basis for the release of data derived from personal information into a hostile global environment. Efforts by proponents of ‘Open Data’ to promote the safety of de-identification must be met with a more sceptical view.)

It is time for the new Attorney General to provide adequate resources for the national privacy watchdog, so Australians can expect them to investigate the fundamental risks in ‘Open Data’ properly, independently, and promptly.

The OAIC should act like a watchdog, not like a rather timid snail.

Media contacts:

Sources:

My Health Record is designed to store data on government servers about your medical treatment. As Mr Kelsey, the CEO of the Australian Digital Health Agency, who is responsible for running My Health Record, is quoted [2] as saying:

They will keep this data effectively forever.

In spite of what the government claims about My Health Record, you do not own the data in it.

If you cannot delete or change data in My Health Record, in what sense do you own it? Let’s face it, you don’t. It is the government’s to do with as they see fit. And improving your health care is not one of those things. Matching your data with other data sets the government already holds is their stated aim.

A recent report [4] suggests that GPs and hospitals claim that My Health Record is not fit for purpose and that its use is “alarmingly low”. So not only is it highly intrusive and health carers see no use for it but the Federal government is attempting to quietly force this system on as many Australians as it possibly can.

There is no valid clinical reason why your medical data should be shared with the Federal Government. The only people who should see it are you and your health care professionals.

The government killed off real patient control over medical confidentiality, but without solving the need for a safe, clinically-usable medical record system. Now they plan to railroad everyone into giving up their medical treatment data without first asking or explaining the future risks. Perhaps they hope they can get away with it before anyone catches on – once they’ve got your data, it will be too late to get back control.

This is not informed consent; this is more like a sneaky, secretive back-door data grab.

This is no way to deal with your most sensitive personal information. It is not worth risking a breach of the essential trust between doctors and their patients for this sort of dangerous, already-obsolete Big Data train smash waiting to happen.

After spending an estimated $2 billion or so for no good purpose, the government should shut this system down and delete everything in it.

Media Contact:
Dr Bernard Robertson-Dunn
Chair Health Committee
Australian Privacy Foundation
Mobile 0411 157 113
Bernard.Robertson-Dunn@privacy.org.au

[1] Privacy groups outraged over failure to inform Aussies about a new government health record
Daily Telegraph, 25 November 2017
https://www.dailytelegraph.com.au/lifestyle/health/privacy-groups-outraged-over-failure-toinform-aussies-about-a-new-government-health-record/newsstory/5d1c7f980de28966d3ede764ae875cb6
[2] http://opengovasia.com/articles/how-the-australian-digital-health-agency-is-helping-create-aseamlessly-connected-digital-healthcare-system-for-australia
[3] https://myhealthrecord.gov.au/internet/mhr/publishing.nsf/Content/news-025
[4] http://www.healthcareit.com.au/article/gps-and-hospitals-claim-my-health-record-not-fitpurpose-alarmingly-low-usage-figures-are

And, surprise, surprise, neither the data nor the software are good enough to support the process.

As a result, thousands of people have received demands for copies of old documents, and have been wrongly subjected to ham-fisted actions by commercial debt-collectors.

Buoyed by this ‘success’, the Department of Health is now asking the Parliament, through whoever is Minister for Health at the time, to authorise it to perform automated decision-making.

The public service is moving in the direction of robot-government, abandoning human-managed business processes in favour of supposedly Artificial Intelligent systems. As the Centrelink debacle has demonstrated, automated decision-making cannot be trusted without direct human oversight.

It is vital that the public stand up right now, and defeat these attempts by the bureaucracy to subject people to decisions based on bad data and badly-designed computer software.

The public service and business alike must be under legal obligations to:

• act responsibly
• design business processes to reflect the fact that all results of data matching, and all automated processes, inherently involve errors of fact and judgement, and sometimes of law as well
• check the output from computer-based systems before acting on it
• ensure that there is sound evidence supporting all actions taken
• take no action harmful to the individual until after notice has been given and an appropriate opportunity has been provided for the individual to contest the matter
• provide copies of the relevant evidence, on request
• where the individual contests the matter, investigate the concerns and respond to the individual
• take no action harmful to the individual while the matter remains contested
• inform the individual about their dispute rights and where to seek advice

Government agencies must not be permitted the freedom to be irresponsible.

________________________

The Australian Government Bill

National Health Amendment (Pharmaceutical Benefits) Bill 2016

cl.101B

Computer programs for administrative action by Minister

(1) The Minister may arrange for the use, under the Secretary’s control, of computer programs for any purposes for which the Minister may or must take administrative action under this Part or a legislative instrument made for the purposes of this Part.

Definitions

(6) In this section:
administrative action:
each of the following constitutes taking administrative action for the purposes of this section:
(a) making a decision;
(b) exercising any power or complying with any obligation;
(c) doing anything else related to making a decision or exercising a power or complying with an obligation.

Note that, contrary to the misleading tone of the ‘Explanatory Memorandum’, the provision is not restricted to minor administrative matters, but has broad scope.

Further, the standard technique used by the bureaucracy is to establish a beachhead, and then argue that precedents exist, and that no-one should have any problems with additional applications of the same old idea. It is vital that the public recognise the Bill’s provision as a ‘thin end of the wedge’ manoeuvre.

The European Provisions

EU GDPR

Automated individual decision-making, including profiling

Art 22.1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

This is subject to qualifications in Art 22.2, but those qualifications are themselves subject to further qualifications in Arts 21.4 and 9.

However, the effect is that decision-making involving health data in particular is subject to considerable restrictions, and all such automation is subject to the overriding requirement for “appropriate safeguards for the fundamental rights and the interests of the data subject”.