What we and others think of My Health Record
The Australian Privacy Foundation recognises that electronic records, carefully designed and implemented to support clinicians, can assist with health care.
These record systems need to enable health professionals to make better decisions, be intuitive to use, be adaptable and in no way make their jobs harder than they are already.
There are two major problems with My Health Record that are insurmountable i.e. the basic design is flawed. The first is that it is government owned, the second is that governments of the future can change the laws regarding the use of My Health Record Data. See our media release . This is a good article that describes these risks 
Unfortunately, simplistic IT solutions that gather large amounts of raw, un-managed patient data, which can be matched with other data sources, which are onerous to use, and which are easily accessible over the internet, potentially by hackers, can create far more insidious problems than they solve. In our opinion the My Health Record falls into all these categories.
It is also worth noting that My Health Record is a summary system, is not a real health record like the ones your GP and hospital might hold. It is like comparing a bicycle with a 4+4 SUV. Both will get you to the local shops and back for a paper, but the SUV does far more.
Furthermore, the gung-ho attitude of technology specialists and the politically driven decision to make the My Health Record opt-out means that patient trust, patient choice and patient care are being put at major risk.
The risks to your privacy, confidentiality and information security need to be balanced by the value of your health records to you and your health care providers. In our assessment, because it is not really your health record but a less-reliable copy, the My Health Record has little value for either your clinicians or you as a patient: you both need the real thing. This means the risks to you may be high enough to question whether My Health Record is worth it.
In an article in the Guardian,  Julia Powles currently visiting UWA Law School says “legal authority does not necessarily command social legitimacy,” as explained in a superb analysis in the Journal of Medical Ethics. “A parliamentary majority may allow legislation to be passed,” the authors state, “but that does not equate to a societal seal of approval or to securing the trust and confidence of patients, citizens, healthcare professionals and researchers.” In other words, the government has not earned the right or trust to implement such a privacy invasive system.
Most clinicians already use an electronic medical record system. These can be improved by better communication between existing systems, not by introducing another, less useful, less secure copy in a system that has some of the hallmarks of a scheme designed for surveillance and less-controlled disclosure, rather than your healthcare.
It is not generally known but the government has several mechanisms by which they they pay GPs to upload your health data. In other words, GPs are selling your health data to the government. They do this at the expense of time available to attend to your needs you during consultations. Just watch your GP next time you see them and observe how much time they spend with their eyes on their computer screen and not you. Do you feel like a patient or a product being sold?
There are many other things the government is not being open and transparent about. If you look at their advertising material or the government’s website myhealthrecord.gov.au there are many claims about the alleged benefits of having a My Health Record. What you won’t find is anything about the costs and risks.
Neither will you see anything that tells you that your are responsible for your My Health Record – nobody else is. It is up to you to ensure that it is accurate, up-to-date and fit for purpose – i.e. it does what you want it to do. If you are not comfortable taking on this responsibility, or are not able because of a lack of internet access or skills and doing it for the rest of your life. Then you would be well advised to seriously consider opting-out.
How to opt-out of My Health Record.
You will need:
Your Medicare card or a Department of Veterans’ Affairs (DVA) card; and
One of the following forms of current Australian identification:
- your Driver licence, or
- your Passport, or
- your ImmiCard
If you don’t have these, but still want to stop a My Health Record from being automatically created, you can call the Help line on 1800 723 471.
Why you might consider opting out:
The government is giving every impression of only being interested in getting its registration numbers up so it can claim it is a success. It is not concerned with the My Health Record being useful or being given to people who should really think carefully before allowing their details to be included.
Nowhere does it discuss reasons why you may be better off not having one, or at least why you should think about not having one.
Here are some reason why you should think twice about becoming involved:
- You do not feel comfortable, or are not able to, take responsibility for ensuring your My Health Record is accurate, up-to-date and fit for purpose;
- If you have a medical condition that can lead to discrimination (STI, AIDS, Depression / Mental Illness, Diabetes etc);
- Where you wish to keep your contact details confidential.This might be from someone who might do you harm if they know where you live. e.g. an abusive partner, someone subject to an AVO etc.It could also be because of your employment – a policeman/woman a government official etc;
- If you have, or have had, a medical condition that could cause embarrassment;
- If you are being treated for an addiction that might cause law enforcement agencies to investigate you.
- If you are a public figure and do not want your health and/or personal details made available;
- If there is a risk that an insurance company may wish to obtain your complete medical history;
- Where you feel you cannot properly manage your health record because of age, ability or economic circumstances; and
- If you believe that the government may link your health data, your census data and/or your telecommunication meta data.
The Flight Safety Group of VIPA, representing pilots from the Virgin Group (Virgin Australia Airlines, Tiger Airways and Virgin Australia Regional Airlines) has “issued a warning to all pilots to not participate in the My Health Record” 
Hepatitis NSW say :
Some people may find their My Health Record places them at risk of stigma and discrimination or may cause safety issues.
You may wish to carefully consider whether you want your health records held or shared if you:
- have a criminal record or are affected by the criminal justice system
- use or have used drugs
- live with a lifelong transmissible condition such as HIV or hepatitis B
- have or had hepatitis C
- are not on treatment after it was recommended
- are sexually active and test regularly for STIs
- are or have been a sex worker
- are transgender or intersex
- are bisexual, lesbian or gay
- have lived with mental health issues
- have been pregnant or terminated a pregnancy
- are a health care worker.
Not everyone believes the government’s claims regarding the security of My Health Record.
Media reports have the (Health) minister (Greg Hunt) assuring Australians that the national online health records database features “military-grade security”, but there’s no such thing as “military-grade security” 
Whatever the term might mean, it surely can’t take into account several aspects of My Health Record. Would the military countenance millions of potentially insecure end points? Who says every doctor observes good security practices? Or that all hospitals have state-of-the-art antivirus software? Or that Jane Public knows how to keep log-in credentials safe?
“Nigel Phair, Director of the UNSW’s Canberra Cyber told nine.com.au while the site itself might have the latest security, it’s the people using it who could be the problem.”
“The real issues come around things like, I go to my GP and there might be two receptionists and five or six doctors. The front desk isn’t always occupied – there might be a post-it note on the screen with log in details which I can look at,” he said.
“Hospitals is the next thing, particularly when you start looking a mobile devices, and lastly phishing where criminals spoof the website and get people to divulge their username and passwords.
“There’s nothing more sensitive in life than your health records.”
“You don’t want them falling into criminals’ hands but you also don’t want them to fall into the hands of insurance companies.” 
“The best security is to prevent it from accumulating information on you in the first place. Then there’s none to steal or to misuse. Opting out of My Health Record is the only sensible option.”  (Bernard Keene, Crikey)
These are dubious at best. They are hard to set, especially if you are not familiar with technology. You can only put privacy controls on a document once it has been uploaded, so there may well be a gap between the document being uploaded and you discovering it and putting controls on it.
As soon as your data is downloaded to other systems, any privacy controls you may have set in My Health Record are no longer in force.
Access by the Government
And then there is the government’s access to your health data: “there are a wide range of circumstances in which any privacy controls you set can be overridden without your consent, meaning that data can be disclosed without your knowledge. These include making information available to third parties for purposes that are unrelated to healthcare — such as law enforcement.”
Information shared without your consent
The move to opt-out has meant that the government no longer has to get your informed consent to register you and to acquire and share your health data.
“(Consumers of Mental Health WA) has found My Health Record may not benefit everyone equally. There are a number of unresolved issues that raise concerns for people’s rights and may cause unintended consequences including people’s information being shared without their knowledge and consent.” 
The legal basis of My Health Record
“It may be surprising to some that, in Australia at least, there is no fundamental right to privacy. There are laws that protect aspects of your confidential information, including the Privacy Act 1988 (Cth) and associated Privacy Principles, that impose sanctions on those who fail to properly deal with private data. Common law remedies also exist in theory, however there is no readily accessible statutory cause of action that allows a privacy breach victim to claim their emotional distress and other damages. This gap in our law was the subject of a 2014 Australian Law Reform Commission Report, to which the Australian government has never formally responded.
Instead, since late February 2018 we now have a mandatory requirement for various entities including government and larger businesses, to report breaches of privacy. If your data is compromised (accessed by those who are not authorised), you must be notified and suggestions offered on ways to mitigate any impact. If your credit card details are leaked, for example, a suggestion might be to cancel those cards to prevent unauthorised use.
Under this new law, you will know exactly when your privacy was compromised. Cold comfort perhaps, however the intent is that a process of reporting will ultimately lead to better protections.
Of course, not all private information is the same. It is hard to imagine what should be done to mitigate the impact of a breach of personal medical information. Once disclosed, such information cannot simply be cancelled – it remains true, sensitive and open to abuse no matter what is done in response.
One thing is clear: the law is not able to physically protect your private information. It can only respond to breaches that have already occurred. Allowing your private information to exist outside of your direct personal control then becomes a question of risk versus benefit.”
For more information about the legal issues of My Health Record see here: The law and My Health Record
Links to resources that you may use to decide if you wish to opt-out
The government is only giving you one side of My Health Record – what they think the benefits are. Have a look at what they tell you about the costs, risks and potential disadvantages to minority communities in Australia. Can you find anything? No. There isn’t anything.
To help you make an informed choice, here is more information to balance out the government’s spin.
Australian Privacy Foundation Material
- A summary of My Health Record APF
- For Sale – Your Privacy and Your Health Data APF Media Release
- The law and My Health Record APF
- The truth about My Health Record APF
- My Health Record: on a path to nowhere? APF
- The biggest risk to My Health Record – the government APF Media Release
- Privacy, Trust and My Health Record, or The Spy in The Consulting Room APF
- My Health Record an ‘abuse of trust’ InnovationAus
- Privacy in digital health: Matters of trust in a scandal-plagued era HealthCareIT
- ‘You can’t undo that damage’: How safe is your health data? SMH
- Important Overview Of The Pros, Cons And Questions About My Health Record Croakey
- PLHIV & My Health Record Positive Life NSW (an HIV support group)
- Cyber security experts warn patients over online medical record plan for all Aussies 9news
- My Health Record could be our worst government data breach yet Crikey
- My Health Record National Association of People with HIV Australia
- Message from the CEO of Consumers of Mental Health WA COMHWA
- My Health Record Information Brief for Sex Workers Scarlet Alliance
- Virgin Australia Pilot’s Unions Concerned Over Data Breach medianet
- My Health Record: information about your options Hepatitis NSW
- What patients want from Digital Health APF
- If in doubt, opt OUT. My Health Record warning issued by leading mental health peak bodies
- The latest health data breach is one reason why I’ll be opting out of MyHealthRecord
- Union may urge e-health system withdrawal SBS
- Why I’m opting out of the government’s digital health record and you should too SMH
- My Health Record – Opting out counterAct
- Top 10 most awkward questions about the MHR Medical Republic
- My Health Record opt-out debate is getting silly but government is at fault
- There is no social licence for My Health Record. Australians should reject it The Guardian
- ‘Once You’re On The System, You’re On There For Good’: My Health Record 101 an LGBTI on-line publication
- An Attempt At Nuance Regarding MyHealthRecord Justin Warren’s blog
- A digest of Trent Yarwood’s Twitter activity and articles (some overlap with links, above)
- ‘Errors and incompetence’: Australians split over government’s opt-out digital health records
- Why I am opting out of MyHealthRecord – for now. Kangaroo Island doctor blogging about Rural Medicine in Australia
- People Keep Finding They Have Online Health Records They Never Signed Up For BuzzFeed News
- My Health Record ‘identical’ to failed UK scheme, privacy expert says The Guardian
- ‘Zero confidence’: Labor MP in push for opt-in digital health records SMH
- Opt out of the national My Health Record database or face the consequences. Greg Barnes (Lawyer) The Mercury
- As a doctor, here’s why My Health Record worries me Dr Kerryn Phelps, ex president AMA
- Liberal Tim Wilson opts out of My Health Record and says it should be opt-in The Guardian
- The My Health Record story no politician should miss ZDNet
- My Health Record bombed by Singapore hack Medical Republic
- When nudge comes to shove: making e-health opt-out was always a risky venture The Manderin
- Why My Health Record can’t have ‘military-grade’ security Australian Financial Review
- MHR legislation contradicts agency InnovationAus
- Blind and low vision community neglected in My Health Record opt-out process Vision Australia
- ‘Significant privacy concerns’ over myHealth Record system Parliamentary joint committee on human rights (2015)
- Australian Women’s Abortion Data At Risk Whimn
- ‘Serious’ risks of domestic violence in new online health system Brisbane Times
- Turnbull Government misinformation on My Health Record data. Independent Australia
- Privacy concerns on My Health Record need to be addressed. The Manderin
- Shetler: How to fix the MHR InnovationAus
- What could a My Health Record data breach look like? The Conversation
- My Health Record: it’s worse than you think Liberty Works
- My Health Record: Greg Hunt’s warrant claims contradicted by police union The Guardian
- GPs and social service providers demand My Health Record protections The Guardian
- My Health Record needs privacy improvements to restore public confidence: Human Rights Commissioner, Edward Santow
- My Health Record – Do the Risks Outweigh the Advantages? Matthew Setter. Security Researcher
- Freezing out the folks: default My Health Record settings don’t protect teens’ privacy The Conversation
- My Health Record – An Ethical Quagmire The Philososphere blog. Carley Tonoli
- My Health Record – More time, better information Inclusion Australia. The voice of those with an intellectual disability.
- The Data Sharing and Release Act is coming for your data Rosie Williams, investigative/data journalist
- To stay in or to opt out? That is the question! Grey Nomads
- A surgeon’s very real concerns about My Health Record Women’s Agenda
- My Health Record: former privacy head warned of dangers six years ago The Guardian
- Poor patching, lack of guidance leaving Australian healthcare data exposed CSO Magazine
- Canberra still in denial over My Health Record concerns ZDNet (Stilgherrian)
- Patients trust their secrets to doctors, not the government or the tax office The Guardian
- Majority of doctors say they won’t use My Health Record for their own care: survey Australian Doctor
- Don’t fall for My Health Record data binge Eureka Street
- Health Minister backs down on My Health Record SMH
- My Health Record a new battleground in family disputes SMH
- My Health Record: Deleting personal information from databases is harder than it sounds The Conversation
- E-health records opt out period extended news.com.au
- My Health concessions ‘woefully inadequate’, says former AMA president Kerryn Phelps. SMH
- The My Health Record debacle and the need for trust in communications Mumbrella
- Thriving on Dark Web: The My Health Record and Data Insecurity Dr Binoy Kampmark
- Alarming new My Health Record privacy flaw Daily Telegraph
- Doctor-patient privilege dies with My Health Record News Weekly
- My Health Record: Canberra is still missing the point ZDNet (Stilgherrian)
- Chronic care patients forced to have My Health Records to access government’s Health Care Homes program HealthcareIT
- The positives and perils of My Health Record The Saturday Paper
- My Health Record can store genomic data but critics say it’s not ready SMH
- We need new ways to protect people in the digital era SMH
- My Health Privacy Changes ‘Just A Few Band-Aids’, More Needed Ten Daily
- Security fears are still too high, so I’m opting out of My Health Record Australian Financial Review
- ‘At Risk’ Australians Blocked From My Health Opt-Out Ten Daily
- The troubling implications of My Health’s genetic info plans SMH
- Turning your health data into a “wellness score” might not be good for you The Conversation
- My Health Record – a flawed initiative Information Technology Professionals Association
- MyHealthRecord raises data privacy bar The Warren Centre
- Healthcare IT Security Worst of Any Sector With External Threats Health IT Security
- Cyber Insurance Recommended for All Physician Practices Physicians briefing
- The healthcare industry is in a world of cybersecurity hurt TechCrunch
- My Health Record: A further erosion of civil liberties? The Big Smoke Australia
- GP fed up with health record says ‘bring in a USB’ Gladstone Observer
- Patients And The Data Breach Notification Maze Dr Megan Prictor, University of Melbourne
- Former Pentagon cyber chief says hackers will exploit My Health Record flaws The Financial Review
- Labor promises inquiry into My Health Record ZDNet
- New data access bill shows we need to get serious about privacy with independent oversight of the law The Conversation
- Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018? North Coast Voices
- Five lessons from the #MyHealthRecord discussion for #PrecisionMedicine Declan Kuch. Medium
- Privacy concerns go beyond just My Health Record Medical Republic
- Firearms Registries, External data storage & MyHealthRecord Law Abiding Firearm Owners Inc
- My Health Record expansion: Why citizens’ data must be protected Australian Business Review
- MHR now set to face a Senate inquiry Medical Republic
The Parliamentary Paper
- Law enforcement access to My Health Record data Parliamentary Library Paper Original Version
- Law enforcement access to My Health Record data Revised Parliamentary Library Paper Revised Version
- Down The Memory Hole Trent Yarwood’s Comparison
Alternative Solutions/Approaches to My Health Record
- Apple says iOS Health Records has over 75 backers, uses open standards
- Patient-Online UK
- Coordinate My Care UK
- Patient Portals to GP systems New Zealand
The Chaser Team deserve their own section:
- MyHealth data to be stored on a highly-secure state-of-the-art Commodore 64
- An important update about your embarrassing rash
- This web page is down
- Health Minister Assures Local Man That The My Health Record System Is Secure, And Wishes Him Well For His Upcoming Genital Herpes Treatment
And we can’t forget the odd political cartoon
Hacked – Matt Golding
Government accused of not doing enough to persuade people to remain on My Health Report
ABC Radio National Breakfast
Wednesday 18 July 2018 6:51AM
Government accused of encouraging doctors to “sell” confidential patient data
By George Roberts on ABC PM
Mon 16 Jul 2018, 5:02pm
For the best source of current, well informed opinions and information on Digital Health and My Health Record in particular, go to the blog of Dr David More: Australian Health Information Technology. The comments are particularly useful as they give a voice to people with deep knowledge but who are not in a position to express their opinions publicly.
Dr Bernard Robertson-Dunn
Chair, Health Committee
Australian Privacy Foundation
Mobile 0411 157 113